Blog About Privacy Policy Terms and Conditions
English
English
English
English
Deutsch
Deutsch

Privacy Policy

.

Privacy Policy

Preamble With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data"), the purposes for which they are processed, and the extent of such processing. This privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Last updated: December 27, 2024

Table of Contents

  • Preamble
  • Controller
  • Overview of Processing Activities
  • Relevant Legal Bases
  • Security Measures
  • Transfer of Personal Data
  • International Data Transfers
  • General Information on Data Storage and Deletion
  • Rights of Data Subjects
  • Business Services
  • Provision of the Online Offering and Web Hosting
  • Use of Cookies
  • Blogs and Publication Media
  • Contact and Inquiry Management
  • Newsletters and Electronic Notifications
  • Web Analytics, Monitoring, and Optimization
  • Online Marketing
  • Affiliate Programs and Affiliate Links
  • Social Media Presence
  • Plugins and Embedded Functions and Content
  • Changes and Updates
  • Definitions

Controller

Felix Schmid
Samstraße 8
85232 Bergkirchen
Email: info@rexpositor.com
Imprint: rexpositor.com/impressum

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of their processing, and the categories of data subjects.

Types of Processed Data

  • Inventory data
  • Payment data
  • Location data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta, communication, and procedural data
  • Log data

Categories of Data Subjects

  • Service recipients and clients
  • Interested parties
  • Communication partners
  • Users
  • Business and contract partners

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Security measures
  • Direct marketing
  • Reach measurement
  • Tracking
  • Office and organizational procedures
  • Conversion measurement
  • Audience targeting
  • Affiliate tracking
  • Organizational and administrative procedures
  • Feedback
  • Marketing
  • User-profile-based personalization
  • Provision of our online offering and user-friendliness
  • IT infrastructure
  • Public relations
  • Business processes and economic procedures

Relevant Legal Bases

Legal Bases under the GDPR

Below is an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the GDPR regulations, national data protection provisions may apply in your or our country of residence. If more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that such interests are not overridden by the interests, fundamental rights, and freedoms of the data subject requiring the protection of personal data.

National Data Protection Regulations in Germany

In addition to the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), which contains specific provisions on the right to information, the right to deletion, the right to object, processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of individual federal states may apply.

Privacy Notice on the Applicability of the GDPR and Swiss Data Protection Act (DSG)

These privacy notices serve to provide information in accordance with both the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). For broader applicability and comprehensibility, the terms used in this notice align with those in the GDPR. Specifically, instead of the terms used in the Swiss DSG such as "processing" of "personal data," "overriding interest," and "particularly sensitive personal data," we use the GDPR terms "processing" of "personal data," "legitimate interest," and "special categories of data." However, the legal meaning of these terms remains determined by the Swiss DSG where applicable.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihoods and severity of risks to the rights and freedoms of natural persons, to ensure an adequate level of protection.

These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling both physical and electronic access to the data, as well as controlling access, input, transfer, availability, and separation of the data. Furthermore, we have established procedures to ensure data subject rights, data deletion, and responses to data breaches. Additionally, we consider data protection during the development or selection of hardware, software, and procedures, following the principles of privacy by design and privacy by default.

Securing Online Connections with TLS/SSL Encryption Technology (HTTPS)

To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), ensuring the data remains protected from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transmissions comply with the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by HTTPS in the URL, signaling to users that their data is securely and encryptedly transmitted.

Transfer of Personal Data

In the course of our processing of personal data, it may be transmitted to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, service providers responsible for IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and conclude appropriate agreements or contracts with the recipients of your data to protect your information.

International Data Transfers

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if data processing takes place through the use of third-party services, disclosure, or transfer of data to other persons, entities, or companies, this occurs only in compliance with legal requirements. If the level of data protection in the third country has been recognized through an adequacy decision (Art. 45 GDPR), this serves as the legal basis for the data transfer. Otherwise, data transfers occur only if the level of data protection is otherwise ensured, particularly through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in cases of contractual or legally required transfer (Art. 49(1) GDPR). We inform you of the specific legal basis for third-country transfers with individual third-party providers, with adequacy decisions taking precedence. Information on third-country transfers and existing adequacy decisions can be found on the European Commission’s website: EU Commission - International Data Protection.

As part of the so-called "Data Privacy Framework" (DPF), the EU Commission also recognized the data protection level of certain companies in the USA as secure under its adequacy decision dated July 10, 2023. The list of certified companies and additional information about the DPF can be found on the U.S. Department of Commerce website at Data Privacy Framework (in English). We inform you in our privacy notices about which service providers we use are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or there are no further legal grounds for processing. This applies in cases where the original processing purpose no longer exists or the data is no longer needed. Exceptions to this rule exist when legal obligations or specific interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax reasons, or data whose storage is necessary for legal claims or the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices include additional information on the retention and deletion of data that apply specifically to certain processing activities.

If multiple retention periods or deletion deadlines exist for the same data, the longest period applies. If a period does not explicitly begin on a specific date and lasts at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. For ongoing contractual relationships where data is stored, the triggering event is the date of termination or other cessation of the legal relationship.

Data that is no longer required for its original purpose but is retained due to legal requirements or other reasons is processed exclusively for the reasons justifying its retention.

Additional Information on Processing Procedures, Methods, and Services:

• Data Retention and Deletion:
The following general time periods apply for the retention and archiving of data under German law:

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as work instructions and other organizational documents required for understanding them, accounting records, and invoices (§ 147 para. 3 in conjunction with para. 1 nos. 1, 4, and 4a AO; § 14b para. 1 UStG; § 257 para. 1 nos. 1 and 4, para. 4 HGB).
  • 6 years – Other business documents: received commercial or business letters, copies of dispatched commercial or business letters, and other documents relevant for taxation, such as hourly wage slips, cost allocation sheets, calculation documents, price markings, as well as payroll documents not already classified as accounting records, and cash register receipts (§ 147 para. 3 in conjunction with para. 1 nos. 2, 3, and 5 AO; § 257 para. 1 nos. 2 and 3, para. 4 HGB).
  • 3 years – Data required to consider potential warranty and compensation claims or similar contractual claims and rights, and to process related inquiries, based on past business experience and customary industry practices, will be stored for the regular statutory limitation period of three years (§§ 195, 199 BGB).

 

Rights of Data Subjects

Rights of Data Subjects under the GDPR:
As a data subject, you have various rights under the GDPR, particularly arising from Articles 15 to 21 GDPR:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right of Access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and if so, access to the data and further information, including a copy of the data, in accordance with legal requirements.
  • Right to Rectification: You have the right to request the completion or correction of your personal data in accordance with legal requirements.
  • Right to Erasure and Restriction of Processing: You have the right, in accordance with legal requirements, to request the immediate deletion of your data, or alternatively, to request the restriction of processing.
  • Right to Data Portability: You have the right to receive personal data you provided to us in a structured, commonly used, and machine-readable format, or to request transmission to another controller, as permitted by law.
  • Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority—without prejudice to any other administrative or judicial remedy—particularly in the member state of your habitual residence, workplace, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

 

Business Services

We process data of our contractual and business partners, such as customers and prospects (collectively referred to as "contractual partners"), in the context of contractual and comparable legal relationships, related measures, and communication (including pre-contractual), such as responding to inquiries.

We use this data to fulfill our contractual obligations, including the provision of agreed services, necessary updates, and handling of warranty or other service issues. We also use the data to protect our rights and for administrative and organizational purposes related to these obligations. Additionally, we process data based on our legitimate interest in proper and efficient business management and implementing security measures to protect our partners and business operations from misuse, data breaches, or violations of confidentiality, information, and rights (e.g., involving telecommunications, transport, subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities).

We disclose the data of our contractual partners to third parties only as necessary for the aforementioned purposes or to comply with legal obligations. Any additional forms of processing, such as for marketing purposes, will be disclosed to the contractual partners in this privacy notice.

Which data is required for the aforementioned purposes will be communicated to the contractual partners before or during data collection—for example, via online forms, specific markings (e.g., color coding), symbols (e.g., asterisks), or in person.

We delete the data after the expiration of legal warranty or similar obligations, usually after four years, unless the data is stored in a customer account (e.g., for tax purposes—usually ten years). Data disclosed to us as part of an order will be deleted in accordance with contractual instructions and generally after the completion of the order.

 

  • Types of Data Processed: Master data (e.g., full name, home address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact details (e.g., postal and email addresses or phone numbers); contract data (e.g., subject of the contract, duration, customer category).
  • Data Subjects: Service recipients and clients; prospects; business and contractual partners.
  • Purposes of Processing: Fulfillment of contractual services and obligations; communication; office and organizational procedures; business processes and administrative procedures.
  • Data Retention and Deletion: In accordance with the section “General Information on Data Retention and Deletion.”
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

 

Provision of the Online Offer and Web Hosting
We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to deliver the content and functions of our online services to the user's browser or device.
Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved); Log data (e.g., log files concerning logins or data retrieval or access times).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Provision of our online offer and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.
Retention and deletion: Deletion according to the information in the section "General Information on Data Storage and Deletion".
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further Information on Processing Procedures, Methods and Services:
Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files." These may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes (e.g., to prevent server overloads, especially in the case of abusive attacks such as DDoS attacks) and to ensure the stability and load capacity of the servers.
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidentiary purposes is excluded from deletion until the respective incident is fully resolved.

 

Use of Cookies
The term "cookies" refers to functions that store and retrieve information on users’ end devices. Cookies can be used for various purposes, such as enabling functionality, security, user convenience, and analyzing visitor traffic. We use cookies in accordance with legal requirements. Where necessary, we obtain the user's prior consent. If consent is not required, we rely on our legitimate interests. This applies when storing and accessing information is essential to provide explicitly requested content and features. This includes storing settings or ensuring the functionality and security of our online offer. Consent can be withdrawn at any time. We provide clear information on the scope of consent and which cookies are used.

Notes on Legal Bases under Data Protection Law:
Whether we process personal data using cookies depends on user consent. If consent is given, it serves as the legal basis. If no consent is provided, we rely on our legitimate interests as described in this section and in the context of specific services and procedures.

Storage Duration:
The following types of cookies are distinguished based on their storage duration:
Temporary cookies (also: session cookies): These are deleted at the latest after the user leaves an online offer and closes their device (e.g., browser or mobile app).
Permanent cookies: These remain stored even after the device is closed. For example, login status can be saved and preferred content can be displayed when the user visits the site again. Data collected via cookies can also be used for reach measurement. Unless we provide users with specific information on the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and can be stored for up to two years.

General Notes on Revocation and Objection (Opt-Out):
Users may withdraw consent at any time and object to processing according to legal provisions, including via their browser privacy settings.

Types of data processed: Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
Data subjects: Users (e.g., website visitors, users of online services).
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

 

Further Information on Processing Procedures, Methods and Services:
Processing of cookie data based on consent: We use a consent management solution in which users’ consent for the use of cookies or the processing procedures and providers mentioned in the consent management tool is obtained. This process involves collecting, logging, managing, and allowing the revocation of consents, particularly for the use of cookies and similar technologies that store, read, and process information on user devices.

The users can also manage and revoke their consents. Consent declarations are stored to avoid re-prompting and to document the consent in accordance with legal requirements. Storage is done server-side and/or in a cookie (so-called opt-in cookie) or using similar technologies, in order to assign the consent to a specific user or device.

If no specific information is provided about consent management providers, the following applies: Consent is stored for up to two years. A pseudonymous user identifier is created and stored along with the time of consent, details about the scope of consent (e.g., cookie categories and/or service providers), and information about the browser, system, and device used.
Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR

 

Blogs and Publication Media
We use blogs or comparable means of online communication and publication (hereinafter referred to as “publication media”). The data of readers is only processed for the purposes of the publication media to the extent necessary for its presentation, communication between authors and readers, or for security reasons. Furthermore, we refer to the information on the processing of visitors to our publication media within the scope of this privacy notice.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact details, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or visual messages and posts as well as information related to them such as authorship or creation time); Usage data (e.g., page views and visit duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness; Fulfillment of contractual services and obligations.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.”
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Additional notes on processing operations, procedures, and services:

 

Contact and Request Management
When contacting us (e.g., by mail, contact form, email, telephone, or via social media) and within the context of existing user and business relationships, we process the information provided by the requesting individuals to the extent necessary to respond to contact inquiries and any requested measures.

  • Types of data processed: Inventory data; Contact data; Content data; Usage data; Meta, communication, and procedural data.
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback; provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.”
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Additional notes:

  • Contact form: When contacting us via our contact form, email, or other communication methods, we process the personal data provided to us in order to respond to and handle the respective concern. This typically includes information such as name, contact details, and other information required for appropriate handling. This data is used exclusively for the stated purpose of communication;
    • Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
 

Newsletters and Electronic Notifications
We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipients or based on a legal basis. If the contents of the newsletter are specified in the context of a subscription, these contents are decisive for the user’s consent. Usually, providing your email address is sufficient to sign up for our newsletter. However, to provide a personalized service, we may request your name for personalized addressing or other information necessary for the newsletter’s purpose.

Deletion and restriction of processing:
We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, to prove prior consent. The processing of this data is limited to defending against potential claims. An individual deletion request is possible at any time, provided the previous existence of consent is confirmed. In the event of a permanent objection, we may retain the email address in a “blocklist” solely for this purpose.

The logging of the subscription process is based on our legitimate interests in proving the proper process. If we commission a service provider with the dispatch of emails, this is done on the basis of our legitimate interest in an efficient and secure mailing system.

Contents:
Information about us, our services, promotions, and offers.

  • Types of data processed: Inventory data; Contact data; Meta, communication, and procedural data; Usage data.
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via email or postal).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
  • Opt-out: You may cancel the newsletter subscription at any time, i.e., revoke your consent or object to further receipt. A link to cancel is included at the end of each newsletter, or you can contact us using the methods listed above, preferably via email.

Additional notes on processing:

  • Tracking of open and click rates: Newsletters contain a so-called “web beacon,” i.e., a pixel-sized file retrieved when opening the newsletter from our or our provider’s server. Technical information (such as browser, system, IP address, and retrieval time) is collected during this process. This data is used to improve the newsletter based on technical performance or reading behavior. This includes identifying whether and when newsletters are opened and which links are clicked. The data is associated with individual recipients and stored in their profiles until deletion. The evaluations help us understand reading habits and tailor content or send different content based on user interests.
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

 

Web Analysis, Monitoring and Optimization
Web analysis (also referred to as "audience measurement") is used to evaluate the visitor flows of our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. Audience measurement allows us to, for example, identify when our online offering or its functions or content are most frequently used or invite reuse. It also enables us to determine which areas require optimization.

In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles may be created for these purposes, i.e., data grouped together for a usage process, and information may be stored in a browser or device and then read. The collected data includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system employed, and usage times. If users have consented to the collection of their location data—either to us or to the providers of the services we use—location data may also be processed.

Furthermore, users' IP addresses are stored. However, we use IP masking (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no plain user data (e.g., email addresses or names) is stored during web analysis, A/B testing, and optimization, but pseudonymous data. This means neither we nor the software providers know users' actual identities, only the information stored in their profiles for these purposes.

Legal Basis Information: If we ask users for consent to use third-party providers, the legal basis for processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Audience measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creating user profiles); provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion in accordance with the "General Information on Data Storage and Deletion" section. Cookies and similar technologies may be stored on users’ devices for up to 2 years unless stated otherwise.
  • Security measures: IP masking (pseudonymization of IP address).
  • Legal bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing operations, procedures, and services:

  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This ID contains no personally identifiable information, such as names or email addresses. It serves to associate analytical data with a device to recognize which content users accessed during one or multiple usage processes, which search terms were used, whether content was revisited, or how users interacted with our online offering. The time and duration of use, as well as referrer sources and technical details about users’ devices and browsers, are also stored.

Pseudonymous user profiles may be created across multiple devices using cookies. Google Analytics does not log or store individual IP addresses for EU users. Instead, it provides approximate geographic location based on metadata: city (and derived latitude/longitude), continent, country, region, subcontinent (and ID-based equivalents). For EU traffic, IP address data is used solely to derive geolocation, then immediately deleted. It is neither logged nor accessible, nor used for other purposes. All IP lookups occur on EU-based servers before traffic is routed to Analytics servers for processing.

  • Google Tag Manager: We use Google Tag Manager, a tool from Google that allows us to manage website tags centrally via a user interface. Tags are small code elements on our website that help us track and analyze visitor activity. This technology helps us improve our website and its content. Google Tag Manager itself does not create user profiles, store cookies with user profiles, or conduct independent analyses. It only facilitates the integration and management of the tools and services we use on our site. However, using Google Tag Manager transmits users’ IP addresses to Google for technical reasons to implement the services we use. Cookies may also be set. This data processing only occurs when services are embedded via Tag Manager. For more information about these services and their data processing, see the respective sections of this privacy policy.

 

Online Marketing
We process personal data for the purpose of online marketing. This includes, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on potential user interests, as well as measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (a "cookie") or similar procedures are used, by which information relevant to the display of the aforementioned content is stored. This can include viewed content, visited websites, used online networks, as well as communication partners and technical information, such as the browser used, the computer system employed, and details about usage times and utilized features. If users have consented to the collection of their location data, this data may also be processed.

Additionally, users' IP addresses are stored. However, we use available IP masking techniques (i.e., pseudonymization by shortening the IP address) to protect users. Generally, clear data such as email addresses or names are not stored within online marketing procedures—only pseudonymous data. This means that neither we nor the providers of the online marketing procedures know the users' actual identities, only the data stored in their profiles.

The information in these profiles is typically stored in cookies or similar methods. These cookies can generally also be read on other websites that use the same online marketing process, analyzed for content display purposes, and supplemented with further data and stored on the provider's server.

In exceptional cases, it is possible for clear data to be assigned to profiles, primarily if users are members of a social network whose online marketing process we use and the network links the user profiles with the above-mentioned information. Please note that users may enter into additional agreements with the providers, for example, by giving consent as part of the registration process.

In general, we only receive access to aggregated information about the success of our advertisements. However, we can analyze which of our online marketing methods have led to a so-called conversion (e.g., a contract conclusion with us) as part of so-called conversion tracking. Conversion tracking is used solely to evaluate the effectiveness of our marketing activities.

Unless otherwise stated, please assume that the cookies used are stored for a period of two years.

Legal Basis Notes:
If we ask users for consent to the use of third-party providers, this constitutes the legal basis for data processing. Otherwise, the data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, please also refer to the information on the use of cookies in this privacy policy.

Notes on Withdrawal and Objection:
Please refer to the data protection notices of the respective providers and the opt-out options provided by them. If no explicit opt-out option has been specified, you can disable cookies in your browser settings. However, this may limit the functionality of our online services. We therefore also recommend the following opt-out options that are provided regionally: a) Europe: https://www.youronlinechoices.eu
b) Canada: https://www.youradchoices.ca/choices
c) USA: https://www.aboutads.info/choices
d) Cross-region: https://optout.aboutads.info

  • Types of data processed: Usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions), meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest/behavior-based profiling, use of cookies); audience formation; marketing; profiling with user-related information. Conversion tracking (measurement of marketing effectiveness).
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion". Cookies may be stored on users' devices for up to 2 years (unless otherwise stated).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).
 

Further notes on processing operations, procedures, and services:

  • Google Ads and Conversion Tracking:
    Online marketing method for placing content and ads within the provider's advertising network (e.g., in search results, videos, websites) to show them to users who are presumed to be interested in the ads. Additionally, we measure ad conversions (i.e., whether users interact with the ads and use the advertised offers). We only receive anonymous data and no personal user information.
    Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Legal basis: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR)
    Website: https://marketingplatform.google.com
    Privacy Policy: https://policies.google.com/privacy
    Third-country transfer basis: Data Privacy Framework (DPF)
    More information: https://business.safety.google/adsservices
    Controller terms: https://business.safety.google/adscontrollerterms
  • Google AdSense with personalized ads:
    We integrate Google AdSense to place personalized ads. Google analyzes user behavior and uses this data to serve interest-based ads. We receive financial compensation for displaying or otherwise using these ads.
    Provider: Google Ireland Limited
    Same legal basis, privacy policy, and info as above
  • Google AdSense with non-personalized ads:
    We also use Google AdSense to display non-personalized ads based on general criteria (e.g., page content or rough geographical location).
    Provider: Google Ireland Limited
    Same legal basis, privacy policy, and info as above
 

Affiliate Programs and Affiliate Links
We include affiliate links or other references (e.g., search masks, widgets, discount codes) to third-party services and offers in our online offering (collectively referred to as "affiliate links"). If users follow these affiliate links and take up the offer, we may receive a commission or other benefit (collectively referred to as "commission").

To determine whether users took up an offer via one of our affiliate links, the third-party providers must know that users followed the link from our online offering. This assignment of affiliate links to specific transactions or actions (e.g., purchases) is solely for commission billing and is deleted when no longer necessary.

Affiliate links may contain parameters or be stored via cookies to track the origin (e.g., referring page, timestamp, online identifier of the referring website operator or the user, etc.).

Legal Basis Notes:
If we ask for user consent for third-party use, the legal basis is consent. Otherwise, data is processed based on legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services).

  • Types of data processed: Contract data (e.g., contract subject, duration, customer category), usage data (e.g., page views, dwell time, click paths, intensity, and frequency), meta, communication and procedural data (e.g., IP addresses, timestamps, IDs).
  • Affected persons: Interested parties, users
  • Purpose: Affiliate tracking
  • Retention and deletion: As outlined under "General Information on Data Storage and Deletion"
  • Legal basis: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR)

 

Further Services:

 

Presence on Social Networks (Social Media)
We maintain online presences within social networks and, in this context, process user data in order to communicate with users active there or to provide information about us.

Please note that user data may be processed outside the European Union. This may result in risks for users, for example, because the enforcement of user rights may be more difficult.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on usage behavior and resulting interests. These profiles may be used to place advertisements inside and outside the networks that are presumably aligned with users' interests. For this purpose, cookies are generally stored on users' devices, in which usage behavior and interests are saved. Moreover, data can also be stored in the usage profiles across devices (especially if users are members of the respective platforms and are logged in).

For a detailed description of the respective forms of processing and the opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

In the case of information requests and the assertion of data subject rights, we also point out that these can most effectively be asserted with the providers. Only the providers have access to the user data and can directly take appropriate measures and provide information. If you still need assistance, you can contact us.

  • Types of data processed: Contact data (e.g. postal and email addresses or phone numbers); content data (e.g. textual or visual messages and posts, as well as related information such as authorship or time of creation); usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Communication; feedback (e.g. collecting feedback via online form); public relations.
  • Storage and deletion: Deletion in accordance with the section "General Information on Data Storage and Deletion".
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing, procedures, and services:

  • Instagram: Social network enabling sharing of photos and videos, commenting, liking posts, messaging, and following profiles and pages.
  • YouTube: Social network and video platform
 

Plugins and Embedded Features and Content
We integrate function and content elements into our online offering that are retrieved from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content").

The integration always requires that the third-party providers process users’ IP addresses, as they could not send the content to the users’ browsers without it. The IP address is therefore required to display this content or functionality. We strive to only use content whose providers use the IP address solely for content delivery purposes. Third-party providers may also use pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. These pixel tags can be used to analyze visitor traffic on this website. Pseudonymous information may also be stored in cookies on users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit time, and other details about the use of our online offering. This information may also be combined with such data from other sources.

Legal basis information: If we ask users for their consent to use third-party providers, the legal basis for processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e. interest in efficient, economic, and recipient-friendly services). In this context, please also refer to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); metadata, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, involved persons); location data (information about the geographic position of a device or person).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest-/behavior-based profiling, use of cookies); audience segmentation; marketing; profiles with user-related information (creating user profiles).
  • Storage and deletion: Deletion in accordance with the section "General Information on Data Storage and Deletion". Cookies may be stored on users’ devices for up to 2 years (unless otherwise specified).
  • Legal basis: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR)

Further information on processing, procedures, and services:

  • Integration of third-party software, scripts, or frameworks (e.g. jQuery): We integrate software into our online offering that we retrieve from the servers of other providers (e.g. function libraries used for display or user-friendliness). The respective providers collect users' IP addresses and may process them for the purpose of delivering the software to users' browsers, for security purposes, and for analysis and optimization of their offerings.
    • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
  • Google Maps: We integrate maps from the "Google Maps" service provided by Google. Processed data may include IP addresses and location data of users.
  • Instagram Plugins and Content: This may include content such as images, videos, or texts and buttons that allow users to share content from this online offering within Instagram.
    • We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt (but not further processing) of "event data" that Facebook collects via Instagram features (e.g. content embedding) implemented on our online offering. These event data may be used for purposes such as:
      a) displaying content and ads aligned with user interests
      b) delivering commercial and transactional messages (e.g. contacting users via Facebook Messenger)
      c) improving ad delivery and personalization of content and features.
    • We have concluded a special agreement with Facebook ("Controller Addendum", https://www.facebook.com/legal/controller_addendum), which sets out security measures and acknowledges Facebook’s responsibility to uphold data subject rights.
    • If Facebook provides us with metrics, analytics, and reports (which are aggregated and anonymized), this is not within the scope of joint responsibility, but based on a data processing agreement ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing), including security terms and standard contractual clauses for data transfers to the U.S. ("Facebook-EU Data Transfer Addendum", https://www.facebook.com/legal/EU_data_transfer_addendum).
    • Data subject rights (especially access, deletion, objection, and complaints to supervisory authorities) are not affected.
    • Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
    • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
    • Website: https://www.instagram.com
    • Privacy Policy: https://privacycenter.instagram.com/policy/
  • YouTube Videos: Video content

 

Changes and Updates
We kindly ask you to regularly review the contents of our privacy policy. We adapt the privacy policy as soon as changes in the data processing we carry out make it necessary. We will inform you if these changes require an act of cooperation on your part (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time. We kindly ask you to verify the information before contacting them.

Definitions of Terms
This section provides an overview of the terminology used in this privacy policy. Where terms are defined by law, their legal definitions apply. The following explanations are intended primarily to enhance understanding.

  • Affiliate Tracking: As part of affiliate tracking, links are recorded that refer users from linking websites to websites with product or other offers. Operators of the respective linking websites may receive a commission if users follow these so-called affiliate links and then make use of the offers (e.g., purchase goods or use services). This requires that providers can track whether users who are interested in certain offers subsequently act on the affiliate links. Therefore, for affiliate links to function, they must include certain values that become part of the link or are otherwise stored, e.g., in a cookie. These values typically include the referring website, timestamp, an online identifier of the website operator where the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as ad ID, partner ID, and categorizations.
  • Inventory Data: Inventory data includes essential information required to identify and manage contractual partners, user accounts, profiles, and similar assignments. These data may include personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Inventory data form the basis for any formal interaction between individuals and services, institutions, or systems by enabling clear assignment and communication.
  • Content Data: Content data includes information generated during the creation, editing, and publication of all types of content. This category may include texts, images, videos, audio files, and other multimedia content published on various platforms and media. Content data also includes metadata, such as tags, descriptions, author information, and publication dates.
  • Contact Data: Contact data are essential pieces of information that enable communication with individuals or organizations. These include phone numbers, postal addresses, email addresses, as well as social media handles and instant messaging identifiers.
  • Conversion Measurement: Conversion measurement (also known as "visit action evaluation") is a method to determine the effectiveness of marketing activities. A cookie is typically stored on the user’s device on the websites where marketing measures take place and is later retrieved on the target website. This allows us to determine whether the ads we placed on other websites were successful.
  • Meta, Communication, and Process Data: These categories contain information about how data is processed, transmitted, and managed. Metadata, or data about data, describe the context, origin, and structure of other data and may include file size, creation date, document authors, and change history. Communication data record the exchange of information between users via various channels, including emails, call logs, social media messages, and chat histories, along with participants, timestamps, and transmission paths. Process data describe workflows and activities within systems or organizations, such as workflow documentation, transaction logs, and audit logs used for tracking and verification.
  • Usage Data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This includes data on how users use applications, which features they prefer, how long they stay on specific pages, and the paths they take through an application. Usage data can also include frequency of use, activity timestamps, IP addresses, device information, and location data. These are valuable for analyzing user behavior, optimizing user experience, personalizing content, improving products or services, and identifying trends, preferences, and potential problem areas.
  • Personal Data: "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiles with User-Related Information: The processing of "profiles with user-related information" or simply "profiles" includes any automated processing of personal data used to analyze, evaluate, or predict aspects of a natural person’s interests, behavior, or preferences (e.g., interactions with websites or content). Cookies and web beacons are frequently used for profiling purposes.
  • Log Data: Log data refers to information about events or activities that have been recorded in a system or network. These typically include timestamps, IP addresses, user actions, error messages, and other details concerning the use or operation of a system. Log data is often used for system troubleshooting, security monitoring, or performance reporting.
  • Reach Measurement: Reach measurement (also known as web analytics) serves to evaluate the flow of visitors to an online offering and may include analyzing user behavior or interest in certain content. It helps operators of online offerings understand when users visit their websites and what content they are interested in. This allows better alignment of web content to user needs. Pseudonymous cookies and web beacons are often used to identify repeat visitors for more accurate usage analysis.
  • Location Data: Location data is generated when a mobile device (or any other device capable of determining its location) connects to a cell tower, Wi-Fi, or other technical means of location determination. These data indicate the geographically identifiable position of the device on Earth. Location data can be used to display map functions or other location-based information.
  • Tracking: "Tracking" refers to the ability to monitor user behavior across multiple online services. Typically, behavioral and interest-related information is stored in cookies or on the servers of tracking technology providers (known as profiling). This information may then be used to display ads presumed to match users’ interests.
  • Controller: A "controller" is a natural or legal person, authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
  • Processing: "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. This includes collecting, analyzing, storing, transmitting, or deleting data.
  • Contract Data: Contract data refers to information related to the formalization of agreements between two or more parties. They document the terms under which services or products are provided, exchanged, or sold. This includes the identification of contracting parties, specific terms, conditions, start and end dates, types of services or products agreed upon, pricing, payment terms, termination rights, renewal options, and special clauses.
  • Payment Data: Payment data includes all information required to process payment transactions between buyers and sellers. These are critical for e-commerce, online banking, and other forms of financial transactions and include credit card numbers, bank details, payment amounts, transaction dates, verification codes, and billing information. They may also contain payment status, chargebacks, authorizations, and fees.
  • Audience Building: "Audience building" (also known as "Custom Audiences") refers to defining target groups for advertising purposes, e.g., displaying ads. Based on a user's interest in certain products or topics, it may be assumed that the user is interested in similar products or the online shop where the products were viewed. "Lookalike Audiences" are users whose profiles or interests presumably match those of the users for whom the profiles were originally created. Cookies and web beacons are typically used for building Custom Audiences and Lookalike Audiences.

Created using the free Datenschutz-Generator.de by Dr. Thomas Schwenke

 

 

We use cookies to personalize your experience. By continuing to visit this website you agree to our use of cookies

More