Wishlist

  1. Add to Cart
View All Wish List
You have no items in your wish list.
My Cart 0

Privacy Policy

Privacy Policy

Preamble

The following privacy policy is intended to inform you about the types of personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

As of: June 12, 2024

Table of contents

Table of Contents

 

      • Preamble
      • Responsible Party
      • Overview of Processing Activities
      • Relevant Legal Bases
      • Security Measures
      • Transfer of Personal Data
      • International Data Transfers
      • General Information on Data Storage and Deletion
      • Rights of Data Subjects
      • Business Services
      • Business Processes and Procedures
      • Providers and services used in the course of business activities
      • Payment procedures
      • Provision of online services and web hosting
      • Use of cookies
      • Registration, login, and user account
      • Contact and inquiry management
      • Newsletters and electronic notifications
      • Prize draws and competitions
      • Web analysis, monitoring, and optimization
      • Online marketing
      • Presence on social networks (social media)
      • Plug-ins and embedded functions and content
      • Changes and updates
      • Definition of terms

Data controller

My Solo OG
Stubenring 20/VI
1010 Vienna
Austria

Email address: office@mysolo.at

Phone number: +436605585588

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of processed data

        • Inventory data.
        • Employee data.
        • Payment data.
        • Location data.
        • Contact data.
        • Content data.
        • Contract data.
        • Usage data.
        • Meta, communication, and procedural data.
        • Log data.
        • Creditworthiness data.

Categories of persons concerned

          • Service recipients and clients.
          • Employees.
          • Potential customers.
          • Communication partners.
          • Users.
          • Competition and contest participants.
          • Business and contractual partners.
          • Third parties.
          • Customers.

Purposes of processing

            • Provision of contractual services and fulfillment of contractual obligations.
            • Communication.
            • Security measures.
            • Direct marketing.
            • Range measurement.
            • Tracking.
            • Office and organizational procedures.
            • Conversion measurement.
            • Target group formation.
            • Organizational and administrative procedures.
            • Conducting prize draws and competitions.
            • Feedback.
            • Marketing.
            • Profiles with user-related information.
            • Provision of our online offering and user-friendliness.
            • Assessment of creditworthiness and credit rating.
            • Information technology infrastructure.
            • Finance and payment management.
            • Public relations.
            • Sales promotion.
            • Business processes and commercial/operational management procedures.

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of this in the privacy policy.

 

            • Consent(Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
            • Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
            • Legal obligation (Art. 6 (1) (c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
            • Legitimate interests (Art. 6(1)(f) GDPR) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Austria. These include, in particular, the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains, in particular, special regulations on the right to information, the right to rectification or erasure, the processing of special categories of personal data, processing for other purposes and transfer, and automated decision-making in individual cases.

Note on the applicability of the GDPR and Swiss DSG: This privacy policy serves to provide information in accordance with both the Swiss DSG and the General Data Protection Regulation (GDPR). For this reason, please note that the terms used in the GDPR are used due to their broader geographical application and comprehensibility. In particular, instead of the terms “processing” of “personal data,” “overriding interest,” and “sensitive personal data” used in the Swiss FADP, the terms ‘processing’ of “personal data,” “legitimate interest,” and “special categories of data” used in the GDPR are used. However, the legal meaning of the terms will continue to be determined in accordance with the Swiss DSG within the scope of the Swiss DSG.

Security measures

In accordance with legal requirements, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of threats to the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, availability, and separation. Furthermore, we have established procedures that guarantee the exercise of data subjects' rights, the deletion of data, and responses to data breaches. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Securing online connections with TLS/SSL encryption technology (HTTPS): We use TLS/SSL encryption technology to protect user data transmitted via our online services from unauthorized access. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transfer of personal data

In the course of our processing of personal data, it may happen that this data is transferred to or disclosed to other bodies, companies, legally independent organizational units, or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

International data transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place in connection with the use of third-party services or the disclosure or transfer of data to other persons, bodies, or companies, this will only be done in accordance with the legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers will only take place if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46 (2) (c) GDPR), express consent, or in the case of contractual or legally required transfers (Art. 49 (1) GDPR). In addition, we will inform you of the basis for third-country transfers for individual providers from third countries, whereby adequacy decisions take precedence as the basis. Information on third-country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection for certain US companies as adequate within the framework of the adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ . We will inform you in our privacy policy which service providers we use are certified under the Data Privacy Framework.

General information on data storage and deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consent is revoked or there is no further legal basis for processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection information contains additional information on the storage and deletion of data that applies specifically to certain processing procedures.If there are several specifications regarding the storage period or deletion periods for a piece of data, the longest period shall always apply.

If a period does not expressly begin on a specific date and lasts at least one year, it shall automatically commence at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the period shall be the date on which the termination or other termination of the legal relationship takes effect.

We process data that is no longer required for its original purpose but is retained due to legal requirements or other reasons exclusively for the reasons that justify its retention.

Further information on processing procedures, methods, and services:

            • Retention and deletion of data: The following general periods apply to retention and archiving in accordance with Austrian law:

 

              • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting vouchers, and invoices, as well as all necessary work instructions and other organizational documents (Federal Tax Code (BAO §132), Commercial Code (UGB §§190-212)). 6 years – Other business documents: Commercial or business letters received, copies of commercial or business letters sent, and other documents, provided they are relevant for tax purposes. These include, for example, hourly wage slips, operating statements, calculation documents, price tags, and payroll documents, unless they are already accounting documents and cash register receipts (Federal Tax Code (BAO §132), Commercial Code (UGB §§190-212)).
              • 3 years - Data required to consider potential warranty and damage claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and customary industry practices, is stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).

 

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

            • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
            • Right to withdraw consent: You have the right to withdraw your consent at any time.
            • Right to information: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with the legal requirements.
            • Right to rectification: In accordance with the legal requirements, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
            • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be erased immediately or, alternatively, in accordance with legal requirements, to request that the processing of the data be restricted.
            • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format in accordance with legal requirements, or to request that it be transferred to another controller.
            • Complaint to supervisory authority: In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State in which you usually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

Business services

We process data relating to our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships and associated measures, and with regard to communication with contractual partners (or pre-contractual), for example to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies in the event of warranty and other service disruptions. In addition, we use the data to protect our rights and for the purposes of administrative tasks associated with these obligations and for company organization. We also process the data on the basis of our legitimate interests in both proper and economic business management and in security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., for the involvement of telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, such as for marketing purposes, within the framework of this privacy policy.

We inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special markings (e.g. colors) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, e.g. as long as it must be retained for archiving for legal reasons (e.g. for tax purposes, usually ten years). We delete data disclosed to us by the contractual partner within the scope of an order in accordance with the specifications and, as a rule, after the end of the order.

              • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or telephone numbers); contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
              • Data subjects: Service recipients and clients; interested parties. Business and contractual partners.
              • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures. Business processes and business management procedures.
              • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.”
              • Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR); legal obligation (Art. 6 (1) (c) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, methods, and services:

              • Online shop, order forms, e-commerce, and delivery: We process our customers' data to enable them to select, purchase, or order the selected products, goods, and related services, as well as to enable payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, freight forwarding, and shipping companies, to carry out the delivery or execution for our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such in the context of the order or comparable purchase process and includes the information required for delivery or provision and billing, as well as contact information for the purpose of consultation;legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Business processes and procedures

Personal data of service recipients and clients—including customers, clients, or, in special cases, patients, business partners, and other third parties—is processed within the framework of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business processes in areas such as customer management, sales, payment transactions, accounting, and project management.

The data collected is used to fulfill contractual obligations and to organize operational processes efficiently. This includes processing business transactions, managing customer relationships, optimizing sales strategies, and ensuring internal billing and financial processes. In addition, the data supports the protection of the rights of the controller and facilitates administrative tasks and the organization of the company.

Personal data may be disclosed to third parties if this is necessary to fulfill the aforementioned purposes or legal obligations. The data will be deleted after the expiry of the statutory retention periods or when the purpose of the processing no longer applies. This also includes data that must be stored for longer periods due to tax and legal documentation requirements.

              • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., text or image messages and posts, as well as information relating to them, such as details of authorship or time of creation); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved); Log data (e.g., log files relating to logins or the retrieval of data or access times); Creditworthiness data (e.g., credit score received, estimated probability of default, risk rating based on this, historical payment behavior); Location data (information about the geographical position of a device or person). Employee data (information about employees and other persons in an employment relationship).
              • Data subjects: Service recipients and clients; interested parties; communication partners; business and contractual partners; customers; third parties; users (e.g., website visitors, users of online services). Employees (e.g., employees, applicants, temporary staff, and other staff).
              • Purposes of processing:Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and business management procedures; security measures; provision of our online services and user-friendliness; communication; marketing; sales promotion; public relations; assessment of creditworthiness and credit rating; financial and payment management. Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)).
              • Storage and deletion: LDeletion in accordance with the information in the section “General information on data storage and deletion.”
              • Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR); legitimate interests (Art. 6 (1) (f) GDPR). Legal obligation (Art. 6 (1) (c) GDPR).

Further information on processing operations, procedures, and services:

              • Customer management and customer relationship management (CRM): Procedures required in the context of customer management and customer relationship management (CRM) (e.g., customer acquisition in compliance with data protection requirements, measures to promote customer retention and loyalty, effective customer communication, complaint management and customer service with consideration of data protection, data management and analysis to support customer relationships, administration of CRM systems, secure account management, customer segmentation and target group formation); Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).
              • Contact management and contact maintenance: Procedures required in the course of organizing, maintaining, and safeguarding contact information (e.g., the establishment and maintenance of a central contact database, regular updates of contact information, monitoring data integrity, implementation of data protection measures, ensuring access controls, performing backups and restorations of contact data, training employees in the effective use of contact management software, regular review of communication histories, and adjustment of contact strategies); Legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
              • Customer account: Customers may create an account within our online offering (e.g., a customer or user account, hereinafter referred to as a “customer account”). If registration of a customer account is required, customers will be informed accordingly, as well as about the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration process, as well as subsequent logins and use of the customer account, we store customers’ IP addresses together with the times of access in order to be able to verify the registration and to prevent potential misuse of the customer account. If the customer account is terminated, the data of the customer account will be deleted after the time of termination, unless such data are retained for purposes other than provision within the customer account or must be retained for legal reasons (e.g., internal storage of customer data, orders, or invoices). It is the responsibility of customers to back up their data upon termination of the customer account; Legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
              • Customer loyalty program / customer card: Within the scope of the customer loyalty program, the controller processes the data of participating customers for the purpose of providing the services offered under this program. For this purpose, the controller stores the information provided by customers, insofar as it is necessary and identified as such, in a customer profile. This profile also contains information on the use of the customer loyalty program as well as on the use of the associated services and benefits. Such information is disclosed to third parties (e.g., service providers involved in execution) only where necessary for the aforementioned purposes. Customer profiles are deleted after participation in the program has ended. Archiving of the respective data takes place only to the extent necessary for statutory retention purposes or for the fulfillment of statutory (up to eleven years for tax-related information from the end of the year in which it arose) or contractual claims (up to three years from the end of the year in which the participation ended). This is documented in the record of processing activities; Legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
              • General payment processing: Procedures required for the execution of payment transactions, monitoring of bank accounts, and control of payment flows (e.g., preparation and review of transfers, processing of direct debit transactions, review of account statements, monitoring of incoming and outgoing payments, chargeback management, account reconciliation, cash management); Legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
              • Accounting, accounts payable, accounts receivable: Procedures required for the recording, processing, and control of business transactions in the area of accounts payable and accounts receivable (e.g., preparation and review of incoming and outgoing invoices, monitoring and management of outstanding items, execution of payment transactions, handling of dunning processes, account reconciliation in connection with receivables and liabilities, accounts payable accounting and accounts receivable accounting); Legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), compliance with a legal obligation (Art. 6(1) sentence 1 lit. c GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
              • Financial accounting and taxes: Procedures required for the recording, management, and control of financially relevant business transactions as well as for the calculation, reporting, and payment of taxes (e.g., account assignment and posting of business transactions, preparation of quarterly and annual financial statements, execution of payment transactions, handling of dunning processes, account reconciliation, tax consulting, preparation and submission of tax returns, handling of tax matters); Legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), compliance with a legal obligation (Art. 6(1) sentence 1 lit. c GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
              • Procurement: Procedures required for the procurement of goods, raw materials, or services (e.g., supplier selection and evaluation, price negotiations, placement and monitoring of orders, review and control of deliveries, invoice verification, order management, inventory management, and the creation and maintenance of procurement policies);Legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
              • Sales: Procedures required for the planning, execution, and control of measures for the marketing and sale of products or services (e.g., customer acquisition, preparation and follow-up of offers, order processing, customer consulting and support, sales promotion, product training, sales controlling and analysis, management of sales channels); Legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
              • Marketing, advertising, and sales promotion: Procedures required in the context of marketing, advertising, and sales promotion (e.g., market analysis and target group definition, development of marketing strategies, planning and execution of advertising campaigns, design and production of advertising materials, online marketing including SEO and social media campaigns, event marketing and trade fair participation, customer loyalty programs, sales promotion measures, performance measurement and optimization of marketing activities, budget management and cost control); Legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
              • Public relations: Procedures required in the context of public relations and communications (e.g., development and implementation of communication strategies, planning and execution of PR campaigns, preparation and dissemination of press releases, maintenance of media contacts, monitoring and analysis of media coverage, organization of press conferences and public events, crisis communication, creation of content for social media and corporate websites, management of corporate branding); Legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Service providers and services used in the course of business activities

In the course of our business activities, and in compliance with statutory requirements, we use additional services, platforms, interfaces, or plug-ins provided by third parties (collectively referred to as “services”). Their use is based on our interests in the proper, lawful, and economically efficient operation of our business and our internal organization.

              • Categories of data processed: Identification data (e.g., full name, residential address, contact details, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or the time of creation); contract data (e.g., subject matter of the contract, term, customer category).
              • Data subjects: Recipients of services and clients; prospective customers; business and contractual partners.
              • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and commercial/operational management procedures.
              • Storage and deletion: Deletion in accordance with the information set out in the section “General information on data storage and deletion.”
              • Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Payment procedures

In the context of contractual and other legal relationships, on the basis of statutory obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and, for this purpose, engage additional service providers alongside banks and credit institutions (collectively referred to as “payment service providers”).

The data processed by the payment service providers include identification data, such as name and address; banking data, such as account numbers or credit card numbers; passwords, TANs, and checksums; as well as contract-related, amount-related, and recipient-related information. This information is required in order to carry out the transactions. However, the data entered are processed and stored exclusively by the payment service providers. This means that we do not receive any account- or credit-card-related information, but only information confirming or rejecting a payment.

In some cases, the payment service providers may transmit data to credit reference agencies. Such transmission serves the purpose of identity and creditworthiness checks. In this regard, we refer to the general terms and conditions and the data protection notices of the respective payment service providers.The terms and conditions and the data protection notices of the respective payment service providers apply to payment transactions and can be accessed on their respective websites or transaction applications. We also refer to these for further information and for the exercise of rights of withdrawal, rights of access, and other data subject rights.

              • Categories of data processed: Identification data (e. g., full name, residential address, contact details, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contract data (e. g., subject matter of the contract, term, customer category); usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); metadata, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
              • Data subjects: Recipients of services and clients; business and contractual partners; prospective customers.
              • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; business processes and commercial/operational management procedures.
              • Storage and deletion:Deletion in accordance with the information set out in the section “General information on data storage and deletion.”
              • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

              • Stripe: Payment services (technical integration of online payment methods); service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR);; Website: https://stripe.comPrivacy Policy: https://stripe.com/de/privacyBasis for third-country transfers: Data Privacy Framework (DPF).

Provision of the online offering and web hosting

We process users’ data in order to provide our online services to them. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the users’ browser or end device.

              • Categories of data processed: Usage data (e. g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); metadata, communication, and procedural data (e. g., IP addresses, timestamps, identification numbers, involved persons); log data (e. g., log files relating to logins or the retrieval of data or access times).
              • Data subjects: Users (e. g., website visitors, users of online services).
              • Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); security measures.
              • Storage and deletion: Deletion in accordance with the information set out in the section “General information on data storage and deletion.”.
              • Legal basis:Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

              • Provision of the online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a suitable server provider (also referred to as a “web host”);Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
              • Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files.” The server log files may include the address and name of the retrieved websites and files, the date and time of retrieval, the volume of data transferred, a message indicating successful retrieval, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (in particular in the event of abusive attacks, so-called DDoS attacks), and, on the other hand, to ensure server utilization and stability; Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR). Deletion of data: Log file information is stored for a maximum period of 30 days and is then deleted or anonymized. Data whose further retention is required for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.

Use of cookies

Cookies are small text files or other storage records that store information on end devices and read information from them. For example, they are used to store the login status in a user account, the contents of a shopping cart in an online shop, or the content accessed or functions used within an online offering. Cookies may also be used for various other purposes, such as ensuring functionality, security, and convenience of online offerings, as well as for analyzing visitor traffic.

Information on consent: We use cookies in accordance with statutory provisions. Therefore, we obtain prior consent from users unless such consent is not required by law. In particular, consent is not required where the storage and retrieval of information, including cookies, is strictly necessary in order to provide users with a telemedia service expressly requested by them (i. e., our online offering). Revocable consent is clearly communicated to users and includes information on the respective cookie usage.

Information on data protection legal bases: The legal basis under data protection law on which we process users’ personal data using cookies depends on whether we request consent. If users give their consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed using cookies are processed on the basis of our legitimate interests (e. g., in the economically efficient operation of our online offering and the improvement of its usability) or, where processing takes place in the context of fulfilling our contractual obligations, where the use of cookies is necessary in order to meet those contractual obligations. The purposes for which we use cookies are explained in the course of this privacy policy or within our consent and processing procedures.

Storage duration: With regard to storage duration, the following types of cookies are distinguished:

              • Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest once a user leaves an online offering and closes their end device (e. g., browser or mobile application).
              • Persistent cookies: Persistent cookies remain stored even after the end device has been closed. For example, the login status may be saved and preferred content may be displayed directly when the user revisits a website. Likewise, usage data collected using cookies may be used for reach measurement. Unless we provide users with explicit information regarding the type and storage duration of cookies (e. g., when obtaining consent), users should assume that cookies are persistent and that the storage duration may be up to two years.

General information on withdrawal and objection (opt-out): Users may withdraw any consent they have given at any time and may also object to processing in accordance with statutory requirements, including by using their browser’s privacy settings.

              • Categories of data processed: Metadata, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
              • Data subjects: Users (e. g., website visitors, users of online services).
              • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); consent (Art. 6(1) sentence 1 lit. a GDPR).

Further information on processing operations, procedures, and services

              • Processing of cookie data based on consent We use a consent management solution to obtain users’ consent for the use of cookies or for the procedures and providers specified within the consent management solution. This procedure serves to obtain, document, manage, and revoke consent, in particular with regard to the use of cookies and comparable technologies used to store, retrieve, and process information on users’ end devices. Within this procedure, users’ consent is obtained for the use of cookies and the associated processing of information, including the specific processing operations and providers named within the consent management procedure. Users also have the option to manage and withdraw their consent. Consent declarations are stored in order to avoid repeated requests and to provide proof of consent in accordance with statutory requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies, in order to associate consent with a specific user or their device.If no specific information on the providers of consent management services is available, the following general information applies: consent is stored for up to two years. A pseudonymous user identifier is created and stored together with the time of consent, information on the scope of consent (e. g., relevant categories of cookies and/or service providers), as well as information about the browser, system, and end device used; Legal basis: consent (Art. 6(1) sentence 1 lit. a GDPR).

Registration, login, and user account

Users may create a user account. As part of the registration process, users are informed of the required mandatory information, which is processed for the purpose of providing the user account on the basis of the performance of contractual obligations. The data processed include, in particular, login information (username, password, and an email address).

In the course of using our registration and login functions as well as the user account, we store the IP address and the time of the respective user action. Storage takes place on the basis of our legitimate interests and those of the users in protecting against misuse and other unauthorized use. As a rule, these data are not disclosed to third parties unless such disclosure is necessary for the assertion of our claims or we are legally obliged to do so.

Users may be informed by email about processes relevant to their user account, such as technical changes.

              • Categories of data processed: Identification data (e. g., full name, residential address, contact details, customer number, etc.); contact data (e. g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and contributions as well as related information, such as authorship details or time of creation); usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); log data (e. g., log files relating to logins, data retrieval, or access times).
              • Data subjects: Users (e. g., website visitors, users of online services).
              • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; organizational and administrative procedures; provision of our online offering and user-friendliness.
              • Storage and deletion: Deletion in accordance with the information set out in the section “General information on data storage and deletion.” Deletion takes place after termination of the user account.
              • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

              • Deletion of data after termination: If users terminate their user account, their data relating to the user account will be deleted, subject to statutory permission, obligation, or the users’ consent;Legal basis: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
              • No data retention obligation: It is the responsibility of users to back up their data prior to termination and before the end of the contractual relationship. We are entitled to irreversibly delete all data stored during the term of the contract; Legal basis: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Contact and inquiry management

When contacting us (e. g., by post, contact form, email, telephone, or via social media), as well as within the scope of existing user and business relationships, the information provided by the inquiring persons is processed insofar as this is necessary to respond to contact requests and any requested measures.

              • Categories of data processed: Identification data (e. g., full name, residential address, contact details, customer number, etc.); contact data (e. g., postal and email addresses or telephone numbers); content data (e. g., textual or visual messages and contributions as well as related information, such as authorship details or time of creation); usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); metadata, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
              • Data subjects: Communication partners.
              • Purposes of processing: Communication; organizational and administrative procedures; feedback (e. g., collection of feedback via online forms); provision of our online offering and user-friendliness.
              • Storage and deletion: Deletion in accordance with the information set out in the section “General information on data storage and deletion.”
              • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Further information on processing operations, procedures, and services:

              • Contact form: When contacting us via our contact form, by email, or through other communication channels, we process the personal data transmitted to us for the purpose of responding to and handling the respective request. This generally includes information such as name, contact details, and, where applicable, additional information provided to us that is necessary for appropriate handling. We use these data exclusively for the stated purpose of contact and communication; Legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Newsletters and electronic notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) exclusively with the recipients’ consent or on the basis of a statutory legal basis. Where the content of the newsletter is specified at the time of subscription, such content is decisive for the users’ consent. As a rule, providing an email address is sufficient to subscribe to our newsletter. However, in order to offer a personalized service, we may ask for the user’s name for personal addressing in the newsletter or for additional information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove that consent was previously given. Processing of these data is restricted to the purpose of potentially defending legal claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a suppression list (so-called “blocklist”). vor.

The logging of the subscription process is carried out on the basis of our legitimate interests for the purpose of proving its proper execution. Where we engage a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure delivery system.

Content:

 

Information about us, our services, promotions, and offers.

              • Categories of data processed: Identification data (e. g., full name, residential address, contact details, customer number, etc.); contact data (e. g., postal and email addresses or telephone numbers); metadata, communication, and procedural data (e. g., IP addresses, timestamps, identification numbers, involved persons); usage data (e. g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
              • Data subjects: Communication partners.
              • Purposes of processing: Direct marketing (e.g., by email or post).
              • Storage and deletion: 3 years – contractual claims (Austria): Data required to consider potential warranty and damage claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and customary industry practice, are stored for the regular statutory limitation period of three years (§§ 1478, 1480 ABGB). 10 years – contractual claims (Switzerland): Data required to consider potential damage claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and customary industry practice, are stored for the statutory limitation period of ten years, unless a shorter period of five years applies in specific cases (Art. 127, 130 Swiss Code of Obligations).
              • Legal basis: Consent (Art. 6(1) sentence 1 lit. a GDPR).
              • Right to object (opt-out): You may unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe can be found at the end of each newsletter, or you may alternatively use one of the contact options listed above, preferably by email.

Further information on processing operations, procedures, and services:

              • Measurement of open and click rates: The newsletters contain so-called web beacons, i.e., pixel-sized files that are retrieved from our server or, where we use a mailing service provider, from their server when the newsletter is opened. In the course of this retrieval, technical information such as details about the browser and system used, as well as the IP address and the time of retrieval, are initially collected. This information is used to technically improve our newsletter based on technical data or on target groups and their reading behavior, taking into account their access locations (which can be determined using the IP address) or access times. This analysis also includes determining whether and when newsletters are opened and which links are clicked. The information is assigned to individual newsletter recipients and stored in their profiles until deletion. The evaluations serve to recognize our users’ reading habits and to adapt our content to them or to send different content according to users’ interests. The measurement of open and click rates, the storage of measurement results in users’ profiles, and their further processing are carried out on the basis of users’ consent. Separate withdrawal of consent for performance measurement is not possible; in this case, the entire newsletter subscription must be cancelled or objected to. In such cases, the stored profile information will be deleted; Legal basis: consent (Art. 6(1) sentence 1 lit. a GDPR).
              • Order process reminder emails: If users do not complete an order process, we may remind them of the order process by email and send them a link to continue it. This function may be useful, for example, if the purchase process could not be continued due to a browser crash, oversight, or forgetfulness. Dispatch is carried out on the basis of consent, which users may withdraw at any time; Legal basis: consent (Art. 6(1) sentence 1 lit. a GDPR).

Prize draws and competitions

We process the personal data of participants in prize draws and competitions only in compliance with the applicable data protection provisions, insofar as the processing is contractually required for the provision, implementation, and administration of the prize draw, the participants have consented to the processing, or the processing serves our legitimate interests (e.g., in ensuring the security of the prize draw or protecting our interests against misuse, such as by collecting IP addresses when submitting prize draw entries).

If participants’ submissions are published as part of the prize draw (e.g., as part of a vote, the presentation of prize draw entries or winners, or reporting on the prize draw), we point out that participants’ names may also be published in this context. Participants may object to this at any time.

If the prize draw takes place within an online platform or a social network (e.g., Facebook or Instagram, hereinafter referred to as an “online platform”), the terms of use and data protection provisions of the respective platforms apply in addition. In such cases, we point out that we are responsible for the information provided by participants in the context of the prize draw, and that inquiries relating to the prize draw should be addressed to us.

Participants’ data are deleted as soon as the prize draw or competition has ended and the data are no longer required to notify the winners or because no further inquiries regarding the prize draw are to be expected. As a rule, participants’ data are deleted no later than six months after the end of the prize draw. Data relating to winners may be retained for a longer period, for example in order to respond to inquiries regarding prizes or to fulfill prize obligations; in such cases, the retention period depends on the type of prize and may amount to up to three years for goods or services, for example, in order to process warranty claims. In addition, participants’ data may be stored for a longer period, for example in the form of reporting on the prize draw in online and offline media.

If data are collected in the context of the prize draw for other purposes as well, their processing and retention period are governed by the data protection information applicable to such use (e.g., in the case of newsletter registration as part of a prize draw).

              • Categories of data processed: Identification data (e.g., full name, residential address, contact details, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or time of creation).
              • Data subjects: Participants in prize draws and competitions.
              • Purposes of processing: Conducting prize draws and competitions.
              • Storage and deletion: Deletion in accordance with the information set out in the section “General information on data storage and deletion.”
              • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Web analytics, monitoring, and optimization

Web analytics (also referred to as “reach measurement”) is used to evaluate visitor traffic to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, in the form of pseudonymous values. By means of reach analysis, we can, for example, determine at what times our online offering or its functions or content are most frequently used, or encourage reuse. Likewise, we are able to identify which areas require optimization.

In addition to web analytics, we may also use testing procedures, for example to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles—i.e., data aggregated for a specific usage process—may be created for these purposes, and information may be stored in and subsequently read from a browser or an end device. The data collected include, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data vis-à-vis us or the providers of the services we use, the processing of location data is also possible.

In addition, users’ IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users. In general, no clear personal data of users (such as email addresses or names) are stored within the scope of web analytics, A/B testing, and optimization; instead, pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of users, but only the information stored in their profiles for the purposes of the respective procedures.

Information on legal bases: Where we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, users’ data are processed on the basis of our legitimate interests (i.e., our interest in providing efficient, cost-effective, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

              • Categories of data processed: Usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); metadata, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
              • Data subjects: Users (e.g., website visitors, users of online services).
              • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); provision of our online offering and user-friendliness.
              • Storage and deletion: Deletion in accordance with the information set out in the section “General information on data storage and deletion.” Cookies may be stored for up to two years (unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of up to two years).
              • Security measures: IP masking (pseudonymization of the IP address).
              • Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

              • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any clear personal data such as names or email addresses. It is used to assign analysis information to an end device in order to determine which content users have accessed within one or more usage processes, which search terms they have used, whether they have accessed content again, or how they have interacted with our online offering. In addition, the time and duration of use are stored, as well as the sources from which users are referred to our online offering and technical aspects of their end devices and browsers.
                Pseudonymous user profiles are created using information from the use of different devices, and cookies may be used for this purpose. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, and subcontinent (and ID-based equivalents). For EU data traffic, IP address data are used exclusively for this derivation of geolocation data and are deleted immediately thereafter. They are not logged, are not accessible, and are not used for any other purposes. When Google Analytics collects measurement data, all IP queries are carried out on EU-based servers before the traffic is forwarded to Analytics servers for processing.Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO); Website: https://marketingplatform.google.com/intl/de/about/analytics/Security measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacyData processing agreement:: https://business.safety.google/adsprocessorterms/Basis for third-country transfers: Data Privacy Framework (DPF); Right to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de,  Ad personalization settings: https://myadcenter.google.com/personalizationoffFurther information: https://business.safety.google/adsservices/ (Types of processing and data processed).
              • Google Tag Manager We use Google Tag Manager, a software solution provided by Google that enables us to centrally manage so-called website tags via a user interface. Tags are small code elements on our website used to record and analyze visitor activity. This technology helps us improve our website and the content offered on it. Google Tag Manager itself does not create user profiles, does not store cookies with user profiles, and does not perform any independent analyses. Its function is limited to facilitating and streamlining the integration and management of tools and services that we use on our website. Nevertheless, when using Google Tag Manager, users’ IP addresses are transmitted to Google for technical reasons, as this is necessary to implement the services we use. Cookies may also be set in this context. However, this data processing only takes place if services are integrated via the Tag Manager. For further details on these services and their data processing, we refer to the relevant sections of this privacy policy. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://marketingplatform.google.comPrivacy Policy: https://policies.google.com/privacyData processing agreement:
                https://business.safety.google/adsprocessortermsBasis for third-country transfers: Data Privacy Framework (DPF).

Online marketing

We process personal data for the purposes of online marketing, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on users’ potential interests, as well as the measurement of the effectiveness of such content.

For these purposes, so-called user profiles are created and stored in a file (the so-called “cookie”) or similar procedures are used by means of which information relevant to the display of the aforementioned content is stored about the user. This may include, for example, content viewed, websites visited, online networks used, as well as communication partners and technical information such as the browser used, the computer system used, and information on usage times and functions used. If users have consented to the collection of their location data, such data may also be processed.

In addition, users’ IP addresses are stored. However, we use available IP masking procedures (i.e., pseudonymization by truncating the IP address) to protect users. As a rule, no clear personal data of users (such as email addresses or names) are stored within the scope of online marketing procedures; instead, pseudonyms are used. This means that neither we nor the providers of the online marketing procedures know the users’ actual identities, but only the information stored in their profiles.

The information contained in the profiles is generally stored in cookies or by means of similar procedures. These cookies may subsequently also be read on other websites that use the same online marketing procedures, analyzed for the purpose of displaying content, supplemented with additional data, and stored on the servers of the respective online marketing service providers.

By way of exception, it may be possible to associate clear personal data with profiles, primarily where users are, for example, members of a social network whose online marketing procedures we use and where the network links the user profiles with the aforementioned information. Please note that users may enter into additional agreements with the providers, for example by giving consent during registration.

As a rule, we only receive access to aggregated information about the success of our advertisements. However, within the scope of so-called conversion tracking, we can determine which of our online marketing measures have led to a so-called conversion, i.e., for example, the conclusion of a contract with us. Conversion tracking is used solely for the purpose of analyzing the effectiveness of our marketing measures.

Unless otherwise stated, please assume that the cookies used are stored for a period of up to two years.

Information on legal bases: Where we ask users for their consent to the use of third-party providers, consent constitutes the legal basis for data processing. Otherwise, users’ data are processed on the basis of our legitimate interests (i.e., our interest in providing efficient, cost-effective, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

Information on withdrawal and objection (opt-out)

We refer to the data protection notices of the respective providers and the opt-out options specified for each provider. If no explicit opt-out option is specified, users may, on the one hand, disable cookies in their browser settings. However, this may restrict the functionality of our online offering. We therefore additionally recommend the following opt-out options, which are offered collectively by region:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) United States: https://www.aboutads.info/choices.

d) Cross-regional: https://optout.aboutads.info.

              • Categories of data processed: Usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); metadata, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
              • Data subjects: Users (e.g., website visitors, users of online services).
              • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest- and behavior-based profiling, use of cookies); audience building; marketing; profiles with user-related information (creation of user profiles); conversion tracking (measurement of the effectiveness of marketing measures).
              • Storage and deletion: Deletion in accordance with the information set out in the section “General information on data storage and deletion.” Cookies may be stored for up to two years (unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of up to two years).
              • Security measures: IP masking (pseudonymization of the IP address).
              • Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

              • Google Ads and conversion tracking: Online marketing procedures for the purpose of placing content and advertisements within the advertising network of the service provider (e.g., in search results, videos, on websites, etc.), so that they are displayed to users who are presumed to have an interest in the advertisements. In addition, we measure the conversion of advertisements, i.e., whether users have used the advertisements as an opportunity to interact with them and to make use of the advertised offers (so-called conversions). However, we only receive anonymized information and no personal information about individual users. Dienstanbieter: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal bases: consent (Art. 6(1) sentence 1 lit. a GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://marketingplatform.google.comPrivacy Policy: https://policies.google.com/privacyBasis for third-country transfers: Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Controller-to-controller data processing terms and standard contractual clauses for third-country transfers: https://business.safety.google/adscontrollerterms.

Presences on social networks (social media)

We maintain online presences within social networks and, in this context, process user data in order to communicate with users active there or to provide information about us.

We note that user data may be processed outside the European Union. This may result in risks for users, as, for example, the enforcement of users’ rights may be made more difficult.

Furthermore, users’ data within social networks are generally processed for market research and advertising purposes. For example, usage profiles may be created on the basis of users’ usage behavior and the interests resulting therefrom. These profiles may in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to users’ interests. For this purpose, cookies are generally stored on users’ devices, in which usage behavior and users’ interests are stored. In addition, data may also be stored in the usage profiles independently of the devices used by the users (in particular if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we also note that these can be exercised most effectively with the respective providers. Only they have direct access to the user data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you may contact us.

              • Categories of data processed: Contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and posts as well as related information such as authorship details or time of creation); usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
              • Data subjects: Users (e.g., website visitors, users of online services).
              • Purposes of processing:Communication; feedback (e.g., collection of feedback via online forms); public relations.
              • Storage and deletion: Deletion in accordance with the information set out in the section “General information on data storage and deletion.”
              • Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

              • Instagram: Social network enabling the sharing of photos and videos, commenting on and liking posts, sending messages, and subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;; Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.instagram.comPrivacy Policy: https://privacycenter.instagram.com/policy/Basis for third-country transfers: Data Privacy Framework (DPF).
              • Facebook pages: Profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data of visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or actions they take (see “Things you and others do and provide” in Facebook’s Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device information” in Facebook’s Data Policy: https://www.facebook.com/privacy/policy/). As explained in Facebook’s Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights”, to page operators so that they can gain insights into how people interact with their pages and associated content. We have entered into a specific agreement with Facebook (“Page Insights Information”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular the security measures Facebook must observe and under which Facebook agrees to fulfill data subject rights (i.e., users may, for example, submit requests for information or deletion directly to Facebook). Users’ rights (in particular the right of access, deletion, objection, and the right to lodge a complaint with the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Page Insights Information” (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint controllership is limited to the collection of and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which includes in particular the transfer of data to its parent company Meta Platforms, Inc. in the United States; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;; Legal basis: /b> legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: Data Privacy Framework (DPF).
              • TikTok: Social network enabling the sharing of photos and videos, commenting on and liking posts, sending messages, and subscribing to accounts; Service providers: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.tiktok.com. Privacy Policy: https://www.tiktok.com/de/privacy-policy.

Plug-ins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or maps (collectively referred to below as “content”).

Integration always requires that the third-party providers of this content process users’ IP addresses, as they would otherwise be unable to deliver the content to users’ browsers. The IP address is therefore necessary for the display of such content or functions. We endeavor to use only content whose respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Through such pixel tags, information such as visitor traffic on the pages of this website may be evaluated. The pseudonymous information may also be stored in cookies on users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit times, and other information on the use of our online offering, and may also be combined with such information from other sources.

Information on legal bases: Where we ask users for their consent to the use of third-party providers, consent constitutes the legal basis for data processing. Otherwise, users’ data are processed on the basis of our legitimate interests (i.e., our interest in providing efficient, cost-effective, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Categories of data processed: Usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); metadata, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information set out in the section “General information on data storage and deletion.” Cookies may be stored for up to two years (unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of up to two years).
  • Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Font Awesome (fonts loaded from the provider’s servers): Provision of fonts (and icons) for the purpose of technically secure, maintenance-free, and efficient use of fonts and icons with regard to up-to-dateness and loading times, their consistent display, and the consideration of possible licensing restrictions. The font provider is provided with the user’s IP address in order to make the fonts available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for providing the fonts depending on the devices used and the technical environment; Service provider: Fonticons, Inc. ,6 Porter Road Apartment 3R, Cambridge, MA 02140, USA; Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://fontawesome.com/Privacy Policy: https://fontawesome.com/privacy.

Amendment and update

We ask you to regularly review the content of our privacy policy. We adapt this privacy policy as soon as changes to the data processing activities carried out by us make this necessary. We will inform you if the changes require any action on your part (e.g., consent) or any other individual notification.

Where we provide addresses and contact details of companies and organizations in this privacy policy, please note that such addresses may change over time and ask that you verify the information before making contact.

Definitions

  • This section provides an overview of the terms used in this privacy policy. Where terms are defined by law, the statutory definitions apply. The following explanations are intended primarily to aid understanding.

     

    • Employees: Employees are persons who are in an employment relationship, whether as workers, employees, or in similar positions. An employment relationship is a legal relationship between an employer and an employee, established by an employment contract or agreement. It includes the employer’s obligation to pay remuneration while the employee performs their work. The employment relationship comprises various phases, including its establishment (conclusion of the employment contract), its performance (the employee carrying out their work), and its termination, whether by notice, termination agreement, or otherwise. Employee data are all information relating to such persons in the context of their employment. This includes aspects such as personal identification data, identification numbers, salary and bank details, working hours, leave entitlements, health data, and performance evaluations.
    • Identification data: Identification data comprise essential information required to identify and manage contractual partners, user accounts, profiles, and similar assignments. Such data may include, among other things, personal and demographic information such as names, contact details (addresses, telephone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Identification data form the basis for any formal interaction between individuals and services, institutions, or systems by enabling clear attribution and communication.
    • Content data: Content data comprise information generated in the course of creating, editing, and publishing content of any kind. This category may include texts, images, videos, audio files, and other multimedia content published across various platforms and media. Content data are not limited to the content itself but also include metadata providing information about the content, such as tags, descriptions, authorship information, and publication dates.
    • Contact data: Contact data are essential information enabling communication with individuals or organizations. They include, among other things, telephone numbers, postal addresses, and email addresses, as well as communication identifiers such as social media handles and instant messaging identifiers.
    • Conversion tracking: Conversion tracking (also referred to as “visit action analysis”) is a method used to determine the effectiveness of marketing measures. As a rule, a cookie is stored on users’ devices on websites where marketing measures take place and is subsequently retrieved again on the target website. For example, this allows us to determine whether advertisements placed by us on other websites were successful.
    • Metadata, communication, and procedural data: Metadata, communication, and procedural data are categories that contain information about how data are processed, transmitted, and managed. Metadata (data about data) include information describing the context, origin, and structure of other data, such as file size, creation date, document author, and modification history. Communication data record the exchange of information between users via various channels, such as email correspondence, call logs, messages in social networks, and chat histories, including the parties involved, timestamps, and transmission channels. Procedural data describe processes and workflows within systems or organizations, including workflow documentation, transaction and activity logs, and audit logs used for tracking and verification purposes.
    • Usage data: Usage data refer to information that records how users interact with digital products, services, or platforms. These data include a wide range of information showing how users use applications, which functions they prefer, how long they stay on specific pages, and which paths they take through an application. Usage data may also include frequency of use, activity timestamps, IP addresses, device information, and location data. They are particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. In addition, usage data play a crucial role in identifying trends, preferences, and potential problem areas within digital offerings.
    • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
    • Profiles with user-related information: The processing of “profiles with user-related information,” or “profiles” for short, comprises any form of automated processing of personal data consisting of the use of such personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person. Depending on the type of profiling, this may include various information relating to demographics, behavior, and interests (e.g., interaction with websites and their content). Profiling is often carried out using cookies and web beacons.
    • Log data: Log data are information about events or activities that have been logged in a system or network. These data typically include timestamps, IP addresses, user actions, error messages, and other details relating to the use or operation of a system. Log data are often used to analyze system issues, monitor security, or generate performance reports.
    • Reach measurement: Reach measurement (also referred to as web analytics) is used to evaluate visitor traffic to an online offering and may include users’ behavior or interests in specific information, such as website content. By means of reach analysis, operators of online offerings can, for example, determine when users visit their websites and which content they are interested in, allowing them to better tailor content to users’ needs. Pseudonymous cookies and web beacons are often used for reach measurement in order to recognize returning visitors and enable more precise analyses of the use of an online offering.
    • Location data: Location data arise when a mobile device (or another device with technical location-determination capabilities) connects to a radio cell, a Wi-Fi network, or similar technical means and location-determination functions. Location data indicate the geographically determinable position on Earth at which the respective device is located. Location data may be used, for example, to display map functions or other location-dependent information.
    • Tracking: “Tracking” refers to the ability to trace users’ behavior across multiple online offerings. As a rule, behavioral and interest-related information concerning the online offerings used is stored in cookies or on servers of tracking technology providers (so-called profiling). This information may subsequently be used, for example, to display advertisements to users that are likely to correspond to their interests.
    • Controller: A “controller” is the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.
    • Processing: “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, including collection, analysis, storage, transmission, or deletion.
    • Contract data: Contract data are specific information relating to the formalization of an agreement between two or more parties. They document the conditions under which services or products are provided, exchanged, or sold. This category of data is essential for managing and fulfilling contractual obligations and includes both identification of the contracting parties and the specific terms and conditions of the agreement. Contract data may include contract start and end dates, the type of agreed services or products, pricing arrangements, payment terms, termination rights, renewal options, and special terms or clauses. They serve as the legal basis for the relationship between the parties and are crucial for clarifying rights and obligations, enforcing claims, and resolving disputes.
    • Payment data: Payment data include all information required to process payment transactions between buyers and sellers. These data are of critical importance for e-commerce, online banking, and any other form of financial transaction. They include details such as credit card numbers, bank account details, payment amounts, transaction data, verification numbers, and invoicing information. Payment data may also include information on payment status, chargebacks, authorizations, and fees.
    • Audience building: Audience building (English: “custom audiences”) refers to the creation of target groups for advertising purposes, such as the display of advertisements. For example, based on a user’s interest in certain products or topics on the internet, it may be inferred that the user is interested in advertisements for similar products or for the online shop in which the products were viewed. “Lookalike audiences” (or similar audiences) refer to the display of content to users whose profiles or interests are presumed to be similar to those of users for whom profiles have been created. Cookies and web beacons are generally used for the creation of custom audiences and lookalike audiences.