Imprint / Privacy Policy

Information requirements according to §5 E-Commerce Act, §14 Company Code, §63 Trade Regulation Act and disclosure requirements according to §25 Media Act.

Connexurban GmbH

Koppelstatt 1,

4656 Kirchham,
Austria
Company purpose: Trade
UID number: ATU68132237
GLN: 9110018116028
GISA: 16010314
Commercial register number: FN402219zz
Commercial register court: Gmunden
Tel.: +43 (0)76138895
E-Mail: info@vonda.at
Member of: WKO OÖ
Professional law: Trade Regulation Act: www.ris.bka.gv.at
Supervisory authority/Trade authority: BH Gmunden
Professional title: Commercial trade with the exception of regulated commercial trades and commercial agent
State of award: Austria
Managing Director
DI (FH) Peter Groiss
Contact details of the person responsible for data protection
If you have any questions about data protection, you will find the contact details of the responsible person or entity below:
DI (FH) Peter Groiss
Koppelstatt 1
4656 Kirchham
E-mail address: info@vonda.at
Phone: 0043(0)7613/8894
Imprint: https://vonda.at/pages/impressum

 

Liability for content on this website

We are constantly developing the content of this website and strive to provide correct and up-to-date information. Unfortunately, we cannot assume liability for the correctness of all content on this website, especially for that provided by third parties. As a service provider, we are not obliged to monitor information transmitted or stored by them or to investigate circumstances that indicate illegal activity.
Our obligations to remove information or to block the use of information under general laws due to judicial or official orders remain unaffected even in the event of our non-responsibility.
If you notice any problematic or illegal content, please contact us immediately so that we can remove the illegal content. You can find the contact details in the imprint.

 

Liability for links on this website

Our website contains links to other websites for whose content we are not responsible. We are not liable for linked websites, as we had and have no knowledge of illegal activities, such illegalities have not come to our attention so far, and we would immediately remove links if illegalities became known to us.
If you notice any illegal links on our website, please contact us. You can find the contact details in the imprint.

 

Copyright notice

All content on this website (images, photos, texts, videos) is subject to copyright. Please ask us before you distribute, reproduce or exploit the content of this website, for example by re-publishing it on other websites. If necessary, we will legally pursue the unauthorized use of parts of the content of our site.
If you find any content on this website that violates copyright, please contact us.

 

Image credits

The images, photos and graphics on this website are protected by copyright.
The image rights belong to the following photographers and companies:

• Fredrik Linner
• Manfred Kramberger
• Peter Groiss
• connexurban GmbH

All texts are protected by copyright.

 

Privacy Policy

Introduction and overview

We have prepared this privacy policy (version 20.12.2021-121902973) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as data) we – as the controller – and the processors commissioned by us (e.g. providers) process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.
Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important things to you as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a user-friendly manner, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that we only process personal data within the scope of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides extremely concise, unclear, and legally technical explanations, as is often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps some of the information will be new to you.
If you still have questions, we ask you to contact the responsible body mentioned below or in the imprint, follow the available links, and view further information on third-party sites. Our contact details can, of course, also be found in the imprint.

 

Scope

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• social media presences and email communication
• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas where personal data is processed in a structured manner within the company via the channels mentioned. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

 

Legal bases

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which allow us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A2016R0679.
We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a sales contract with you, we require personal information beforehand.
3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and cost-effectively. This processing is therefore a legitimate interest.

Other conditions, such as the performance of tasks carried out in the public interest and the exercise of official authority, as well as the protection of vital interests, do not generally apply to us. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.
In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Data Protection Act), abbreviated DSG.
• In Germany, the Federal Data Protection Act, abbreviated BDSG, applies.

If further regional or national laws apply, we will inform you about them in the following sections.

 

Contact details of the controller

If you have any questions about data protection, you will find the contact details of the responsible person or entity below:
DI (FH) Peter Groiss
Koppelstatt 1
4656 Kirchham
Email: info@vonda.at
Phone: 0043(0)7613/8894
Imprint: https://vonda.at/pages/impressum

 

Storage period

The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
Should you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and as far as there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below, if we have further information on it.

 

Rights according to the General Data Protection Regulation

According to Article 13 GDPR, you have the following rights to ensure fair and transparent data processing:

• According to Article 15 GDPR, you have the right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and to know the following information:
  • the purpose for which we carry out the processing;
  • the categories, i.e., the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we have not collected it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to arrive at a personal profile of you.
• According to Article 16 GDPR, you have a right to rectification of data, which means that we must correct data if you find errors.
• According to Article 17 GDPR, you have the right to erasure ("right to be forgotten"), which specifically means that you can request the deletion of your data.
• According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
• According to Article 19 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
• According to Article 21 GDPR, you have a right to object, which leads to a change in processing after enforcement.
  • If the processing of your data is based on Article 6 para. 1 lit. e (public interest, exercise of official authority) or Article 6 para. 1 lit. f (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
  • If data is used for direct marketing, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  • If data is used for profiling, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
• According to Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing (e.g., profiling) in certain circumstances.

In short: You have rights – do not hesitate to contact the responsible body listed above!
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
All texts are protected by copyright.

 

Privacy Policy

Introduction and overview

We have prepared this Privacy Policy (Version 20.12.2021-111902914) to explain, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter "data") we as controllers – and the processors commissioned by us (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.

In short: We provide comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that we only process personal data within the scope of our business activities if there is an appropriate legal basis. This is certainly not possible if one provides explanations that are as concise, unclear, and legally technical as they often are on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or two pieces of information that you were not yet aware of.

If you still have questions, we kindly ask you to contact the responsible body mentioned below or in the imprint, follow the existing links, and review further information on third-party sites. Our contact details can, of course, also be found in the imprint.

Scope

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate

• social media presences and email communication

• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas where personal data is processed in a structured manner within the company through the aforementioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Basis

In the following privacy policy, we provide transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which allow us to process personal data.

Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679 .

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.

2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase agreement with you, we need personal information in advance.

3. Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.

4. Legitimate Interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions, such as the performance of tasks carried out in the public interest and the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. Should such a legal basis nevertheless be relevant, it will be indicated at the appropriate point.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Datenschutzgesetz), or DSG for short.

• In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If further regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Controller

If you have any questions about data protection, you will find the contact details of the responsible person or entity below:

DI (FH) Peter Groiss
Koppelstatt 1
4656 Kirchham

Email: info@vonda.at

Phone: +43 76138895

Imprint: https://www.vonda.at/pages/impressum

Storage Duration

That we only store personal data for as long as is absolutely necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example for accounting purposes.

Should you wish for your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and to the extent that there is no obligation to store it.

We will inform you below about the specific duration of the respective data processing, provided we have further information on it.

Rights According to the General Data Protection Regulation

According to Article 13 GDPR, you have the following rights to ensure fair and transparent data processing:

• According to Article 15 GDPR, you have the right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and to know the following information:

  • for what purpose we carry out the processing;

  • the categories, i.e., the types of data that are processed;

  • who receives this data and, if the data is transmitted to third countries, how security can be guaranteed;

  • how long the data is stored;

  • the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;

  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);

  • the origin of the data, if we have not collected it from you;

  • whether profiling is carried out, i.e., whether data is automatically evaluated to arrive at a personal profile of you.

• According to Article 16 GDPR, you have a right to rectification of data, which means that we must correct data if you find errors.

• According to Article 17 GDPR, you have the right to erasure ("right to be forgotten"), which specifically means that you may request the erasure of your data.

• According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.

• According to Article 19 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.

• According to Article 21 GDPR, you have a right to object, which, once exercised, leads to a change in processing.

  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest) GDPR, you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.

  • If data is used for direct marketing, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.

  • If data is used for profiling, you can object to this type of data processing at any time. We may then no longer use your data for profiling.

• According to Article 22 GDPR, you have the right, in certain circumstances, not to be subject to a decision based solely on automated processing (e.g., profiling).

In short: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/ . In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) . The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Processing Security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our capabilities, for third parties to infer personal information from our data.

Art. 25 GDPR speaks of "data protection by design and by default" and means that security is always considered and appropriate measures are taken for both software (e.g., forms) and hardware (e.g., access to the server room). In the following, we will go into specific measures, if necessary.

TLS encryption with https

TLS, encryption and https sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.

This means that the entire transmission of all data from your browser to our web server is secured – no one can "eavesdrop".

We have thus introduced an additional layer of security and fulfill data protection by design (Article 25 paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.

You can recognize the use of this data transmission security by the small padlock symbol  in the upper left of the browser, to the left of the internet address (e.g., examplepage.de) and the use of the https scheme (instead of http) as part of our internet address.

If you want to know more about encryption, we recommend searching Google for "Hypertext Transfer Protocol Secure wiki" to find good links to further information.

Communication

Communication Summary 👥 Data subjects: Everyone who communicates with us by phone, email, or online form 📓 Processed data: e.g., phone number, name, email address, entered form data. More details can be found for each contact method used 🤝 Purpose: Processing communication with customers, business partners, etc. 📅 Storage duration: Duration of the business case and legal requirements ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests)

If you contact us and communicate by phone, email, or online form, personal data may be processed.

The data will be processed for the handling and processing of your query and the related business transaction. The data will be stored for as long as necessary or as required by law.

Affected Persons

All persons who seek contact with us through the communication channels we provide are affected by the aforementioned processes.

Telephone

When you call us, the call data is stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by email and stored for answering the inquiry. The data will be deleted as soon as the business case has been completed and legal requirements permit.

Email

If you communicate with us via e-mail, data may be stored on the respective end device (computer, laptop, smartphone,...) and data will be stored on the e-mail server. The data will be deleted as soon as the business case has been concluded and legal requirements allow it.

Online Forms

If you communicate with us via online form, data will be stored on our web server and, if necessary, forwarded to one of our e-mail addresses. The data will be deleted as soon as the business case has been concluded and legal requirements allow it.

Legal basis

The processing of data is based on the following legal grounds:

• Art. 6 para. 1 lit. a GDPR (consent): You give us consent to store your data and to use it further for purposes related to the business case;

• Art. 6 para. 1 lit. b GDPR (contract): There is a necessity for the fulfillment of a contract with you or a data processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;

• Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to conduct customer inquiries and business communication in a professional setting. This requires certain technical facilities such as e-mail programs, Exchange servers and mobile network operators to enable efficient communication.

Cookies

Cookies Summary 👥 Data subjects: Website visitors 🤝 Purpose: depends on the respective cookie. More details can be found below or with the software manufacturer that sets the cookie. 📓 Processed data: Depends on the cookie used. More details can be found below or with the software manufacturer that sets the cookie. 📅 Storage duration: depends on the respective cookie, can vary from hours to years ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.

In the following, we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you surf the internet, you use a browser. Well-known browsers are, for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are really useful helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, which is basically the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "malware". Cookies cannot access information on your PC either.

For example, cookie data can look like this:

Name: _ga

Value: GA1.2.1326744211.152111902914-9

Purpose: Distinguishing website visitors

Expiration date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie

• At least 50 cookies per domain

• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we specifically use depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

One can distinguish 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed if a user places a product in the shopping cart, then continues browsing on other pages, and only later proceeds to checkout. Through these cookies, the shopping cart is not deleted, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are used to measure the loading time and the behavior of the website in different browsers.

Targeted Cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are stored.

Advertising Cookies
These cookies are also called targeting cookies. They are used to deliver individually customized advertising to the user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you will be asked which of these cookie types you want to allow. And of course, this decision will also be stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) named "HTTP State Management Mechanism".

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. More details can be found below or with the manufacturer of the software that sets the cookie.

Which data is processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data in the course of the following privacy policy.

Storage period of cookies

The storage period depends on the respective cookie and will be specified below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You also have an influence on the storage period yourself. You can manually delete all cookies at any time via your browser (see also "Right to object" below). Furthermore, cookies that are based on consent will be deleted at the latest after revocation of your consent, whereby the legality of the storage up to that point remains unaffected.

Right to object – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option to delete, deactivate or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Clear, enable, and manage cookies in Chrome

Safari: Manage cookies and website data in Safari

Firefox: Clear cookies and site data in Firefox

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set your browser so that it always informs you when a cookie is to be set. This way you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It is best to search for instructions in Google with the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.

Legal basis

Since 2009, there have been so-called "Cookie Directives". These stipulate that the storage of cookies requires your consent (Article 6 Para. 1 lit. a GDPR). However, there are still very different reactions to these directives within EU countries. In Austria, however, this directive was implemented in § 96 Para. 3 of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, this directive was largely implemented in § 15 Para. 3 of the Telemedia Act (TMG).

For absolutely necessary cookies, even if no consent is given, there are legitimate interests (Article 6 Para. 1 lit. f GDPR), which in most cases are of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often absolutely necessary for this.

Insofar as non-essential cookies are used, this only happens with your consent. The legal basis in this respect is Art. 6 Para. 1 lit. a GDPR.

In the following sections, you will be informed in more detail about the use of cookies, provided that the software used employs cookies.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Evaluation of visitor information to optimize the web offering. 📓 Processed data: Access statistics, which include data such as access locations, device data, access duration and time, navigation behavior, click behavior and IP addresses. More details can be found further down in this privacy policy. 📅 Storage duration: depends on the properties used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

We use the analysis tracking tool Google Analytics (GA) from the American company Google Inc. on our website. For the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. With the help of the reports we receive from Google Analytics, we can adapt our website and our service better to your wishes. In the following, we will go into more detail about the tracking tool and inform you about what data is stored and how you can prevent it.

Google Analytics is a tracking tool used for traffic analysis on our website. For Google Analytics to work, a tracking code is embedded in our website's code. When you visit our website, this code records various actions you perform on our website. As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports on your user behavior. These reports may include, among others:

• Audience reports: Audience reports help us get to know our users better and understand more precisely who is interested in our service.

• Ad reports: Ad reports allow us to easily analyze and improve our online advertising.

• Acquisition reports: Acquisition reports provide us with helpful information on how we can attract more people to our service.

• Behavior reports: Here we learn how you interact with our website. We can track your path through our site and which links you click.

• Conversion reports: A conversion is an action you take as a result of a marketing message. For example, when you go from being a mere website visitor to a buyer or newsletter subscriber. With the help of these reports, we learn more about how our marketing measures are received by you. This is how we want to increase our conversion rate.

• Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are currently reading this text.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it is more easily found on Google by interested people. On the other hand, the data helps us to better understand you as a visitor. This way, we know exactly what we need to improve on our website to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This way, Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a "returning" user. All collected data is stored together with this user ID. This is the only way to evaluate pseudonymous user profiles.

In order to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each new property created, the Google Analytics 4 property is the default. Alternatively, however, the Universal Analytics property can also be created. Depending on the property used, data is stored for different lengths of time.

Your interactions on our website are measured by identifiers such as cookies and app instance IDs. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google Account), data generated via Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if required by law.

The following cookies are used by Google Analytics:

Name: _ga

Value: 2.1326744211.152111902914-5

Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is primarily used to distinguish between website visitors.

Expiration date: after 2 years

Name: _gid

Value: 2.1687193234.152111902914-1

Purpose: This cookie is also used to distinguish between website visitors.

Expiration date: after 24 hours

Name: _gat_gtag_UA_<property-id>

Value: 1

Purpose: Used to reduce the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.

Expiration date: after 1 minute

Name: AMP_TOKEN

Value: not specified

Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP Client ID service. Other possible values indicate a logout, a request, or an error.

Expiration date: from 30 seconds to one year

Name: __utma

Value: 1564498958.1564498958.1564498958.1

Purpose: This cookie allows tracking your behavior on the website and measuring performance. The cookie is updated every time information is sent to Google Analytics.

Expiration date: after 2 years

Name: __utmt

Value: 1

Purpose: Like _gat_gtag_UA_<property-id>, this cookie is used to throttle the request rate.

Expiration date: after 10 minutes

Name: __utmb

Value: 3.10.1564498958

Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.

Expiration date: after 30 minutes

Name: __utmc

Value: 167421564

Purpose: This cookie is used to establish new sessions for returning visitors. It is a session cookie and is stored only until you close the browser again.

Expiration date: After browser close

Name: __utmz

Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/

Purpose: The cookie is used to identify the source of traffic to our website. This means the cookie stores where you came from to our website. This could have been another page or an advertisement.

Expiration date: after 6 months

Name: __utmv

Value: not specified

Purpose: The cookie is used to store custom user data. It is always updated when information is sent to Google Analytics.

Expiration date: after 2 years

Note: This list is not exhaustive, as Google frequently changes its cookie selection.

Here is an overview of the most important data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly which areas you click on. This gives us information about where you are "moving" on our site.

Session duration: Google defines session duration as the time you spend on our site without leaving it. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce occurs when you view only one page on our website and then leave our website again.

Account creation: If you create an account or place an order on our website, Google Analytics collects this data.

IP address: The IP address is only displayed in abbreviated form so that no unique assignment is possible.

Location: The IP address can be used to determine the country and your approximate location. This process is also known as IP geo-location.

Technical information: Technical information includes, among other things, your browser type, your internet service provider, or your screen resolution.

Source of origin: Google Analytics, and therefore us, is naturally also interested in which website or advertisement led you to our site.

Further data includes contact data, any ratings, media playback (e.g., if you play a video via our site), sharing content via social media, or adding to your favorites. This list is not exhaustive and is intended only as a general guide to data storage by Google Analytics.

How long and where is the data stored?

Google has its servers distributed all over the world. Most servers are located in America, and consequently, your data is usually stored on American servers. You can find out exactly where Google's data centers are located here: https://www.google.com/about/datacenters/inside/locations/?hl=de

Your data is distributed across various physical data carriers. This has the advantage that the data can be accessed faster and is better protected against manipulation. Each Google data center has corresponding emergency programs for your data. For example, if Google's hardware fails or natural disasters paralyze servers, the risk of service interruption at Google remains low.

The data retention period depends on the properties used. When using the newer Google Analytics 4 properties, the retention period for your user data is fixed at 14 months. For other so-called event data, we have the option to choose a retention period of 2 months or 14 months.

For Universal Analytics properties, Google Analytics has a standard retention period of 26 months for your user data. After this, your user data is deleted. However, we have the option to choose the retention period for user data ourselves. Five options are available to us:

• Deletion after 14 months

• Deletion after 26 months

• Deletion after 38 months

• Deletion after 50 months

• No automatic deletion

Additionally, there is also the option that data will only be deleted if you no longer visit our website within the period we have chosen. In this case, the retention period is reset each time you revisit our website within the specified period.

Once the specified period has expired, data is deleted once a month. This retention period applies to your data linked to cookies, user identification, and advertising IDs (e.g., DoubleClick domain cookies). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data is a consolidation of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to obtain information about your data, update it, delete it, or restrict its processing. By using the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js), you prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de . Please note that this add-on only deactivates data collection by Google Analytics.

If you generally want to deactivate, delete, or manage cookies (regardless of Google Analytics), there are separate instructions for each browser:

Chrome: Clear, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove information websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

Legal Basis

The use of Google Analytics requires your consent, which we obtained with our cookie pop-up. This consent constitutes the legal basis for the processing of personal data, as may occur with web analytics tools, according to Art. 6 para. 1 lit. a GDPR (Consent) .

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to technically and economically improve our offer. With the help of Google Analytics, we can identify website errors, detect attacks, and improve economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). However, we only use Google Analytics if you have given your consent.

Google also processes your data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks for the lawfulness and security of data processing.

As a basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., particularly in the USA) or for data transfer there, Google uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are template clauses provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through these clauses, Google undertakes to comply with the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which correspond to the standard contractual clauses and also apply to Google Analytics, can be found at https://business.safety.google/adsprocessorterms/.

We hope we have been able to provide you with the most important information regarding data processing by Google Analytics. If you want to learn more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.

Google Analytics reports on demographics and interests

We have enabled the advertising report features in Google Analytics. The demographic and interest reports contain information on age, gender, and interests. This allows us to gain a better understanding of our users, without being able to assign this data to individual persons. You can find out more about advertising functions at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can stop the use of your Google Account's activity and information by checking the box under "Ad Settings" at https://adssettings.google.com/authenticated .

Payment provider introduction

Payment Provider Privacy Policy Summary 👥 Data Subjects: Website visitors 🤝 Purpose: Enabling and optimizing the payment process on our website 📓 Processed data: Data such as name, address, banking details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data More details can be found with the respective payment provider tool. 📅 Storage duration: depends on the payment provider used ⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract)

What is a payment provider?

On our website, we use online payment systems that enable a secure and smooth payment process for us and for you. In doing so, personal data may also be sent, stored, and processed by the respective payment provider. Payment providers are online payment systems that allow you to place an order via online banking. The payment processing is carried out by the payment provider you choose. We then receive information about the payment made. This method can be used by anyone with an active online banking account with a PIN and TAN. There are hardly any banks left that do not offer or accept such payment methods.

Why do we use payment providers on our website?

We naturally want our website and integrated online shop to offer the best possible service so that you feel comfortable on our site and use our offers. We know that your time is valuable and that payment processing in particular needs to be fast and smooth. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual manner.

What data is processed?

What data is processed exactly depends on the respective payment provider. However, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are generally stored. This is necessary data in order to be able to carry out a transaction at all. In addition, any contract data and user data, such as when you visit our website, what content you are interested in or which subpages you click on, can also be stored. Your IP address and information about the computer you are using are also stored by most payment providers.

The data is usually stored and processed on the servers of the payment providers. We, as the website operator, do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, payment providers may transfer data to the relevant authority. For all payment transactions, the terms and conditions and privacy policies of the respective provider always apply. Therefore, please always check the general terms and conditions and the privacy policy of the payment provider. You also have the right at any time, for example, to have data deleted or corrected. Please contact the respective service provider regarding your rights (right of withdrawal, right to information and right of access).

Duration of data processing

We will inform you about the duration of data processing below if we have further information about it. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is legally required, for example in the case of accounting, this storage period can be exceeded. For example, we retain booking receipts (invoices, contract documents, bank statements, etc.) belonging to a contract for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they arise.

Right to object

You always have the right to access, rectify and delete your personal data. If you have any questions, you can also contact the persons responsible for the payment provider used at any time. Contact details can be found either in our specific privacy policy or on the website of the respective payment provider.

You can delete, deactivate or manage cookies that payment providers use for their functions in your browser. Depending on the browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.

Legal basis

Thus, for the processing of contractual or legal relationships (Art. 6 Para. 1 lit. b GDPR) we offer other payment service providers in addition to traditional banking/credit institutions. The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) provide you with a precise overview of data processing and data storage. In addition, you can always contact the responsible parties if you have any questions about data protection-related topics.

Information about the specific payment providers can be found - if available - in the following sections.

American Express Privacy Policy

On our website, we use American Express, a globally active financial service provider. The service provider is the American company American Express Company. For the European region, the company American Express Europe S.A. (Avenida Partenón 12-14, 28042, Madrid, Spain) is responsible.

American Express also processes data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks for the legality and security of data processing.

As a basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. especially in the USA) or a data transfer there, American Express uses standard contractual clauses approved by the EU Commission (= Art. 46 (2) and (3) GDPR). These clauses oblige American Express to comply with the EU data protection level when processing relevant data even outside the EU. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

You can find out more about the data processed by using American Express in the Privacy Policy at https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Mastercard Privacy Policy

We use the payment service provider Mastercard on our website. The service provider is the American company Mastercard Inc. Mastercard Europe SA (Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium) is responsible for the European region.

Mastercard also processes data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks for the legality and security of data processing.

As a basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. especially in the USA) or a data transfer there, Mastercard uses standard contractual clauses approved by the EU Commission (= Art. 46 (2) and (3) GDPR). These clauses oblige Mastercard to comply with the EU data protection level when processing relevant data even outside the EU. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

You can find out more about the data processed by using Mastercard in the Privacy Policy at https://www.mastercard.de/de-de/datenschutz.html.

PayPal Privacy Policy

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.

PayPal processes your data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks for the legality and security of data processing.

As a basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. especially in the USA) or a data transfer there, PayPal uses so-called standard contractual clauses (= Art. 46 Para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal commits to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information about the standard contractual clauses and about the data processed by using PayPal Marketing Solutions can be found in the Privacy Policy at https://www.paypal.com/c2/webapps/mpp/ua/privacy-full.

Sofortüberweisung Privacy Policy

Sofortüberweisung Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data More details can be found further down in the privacy policy 📅 Storage duration: Data is stored within the legal retention period ⚖️ Legal bases: Art. 6 para. 1 lit. c GDPR (legal obligation), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is a "Sofortüberweisung" (instant transfer)?

On our website, we offer the "Sofortüberweisung" payment method from Sofort GmbH for cashless payments. Sofort GmbH has been part of the Swedish company Klarna since 2014, but its headquarters are in Germany, Theresienhöhe 12, 80339 Munich.

If you choose this payment method, personal data will also be transmitted, stored, and processed by Sofort GmbH or Klarna. With this privacy text, we provide you with an overview of the data processing by Sofort GmbH.

Sofortüberweisung is an online payment system that allows you to complete an order via online banking. The payment processing is carried out by Sofort GmbH, and we immediately receive information about the payment made. This method can be used by any user who has an active online banking account with a PIN and TAN. Only a few banks do not yet support this payment method.

Why do we use "Sofortüberweisung" on our website?

Our goal with our website and integrated online shop is to offer you the best possible service. In addition to the overall website experience and our offers, this also includes smooth, fast, and secure payment processing for your orders. To ensure this, we use "Sofortüberweisung" as a payment system.

What data is stored by "Sofortüberweisung"?

If you make an instant transfer via the Sofort/Klarna service, data such as name, account number, bank code, subject, amount and date are stored on the company's servers. We also receive this information via the payment confirmation.

As part of the account balance check, Sofort GmbH verifies whether your account balance and overdraft credit line cover the payment amount. In some cases, it also checks whether instant transfers have been successfully carried out in the last 30 days. Furthermore, your user identification (such as user number or contract number) in abbreviated ("hashed") form and your IP address are collected and stored. For SEPA transfers, BIC and IBAN are also stored.

According to the company, no other personal data (such as account balances, sales data, credit limits, account lists, mobile phone number, authentication certificates, security codes or PIN/TAN) are collected, stored or passed on to third parties.

Sofortüberweisung also uses cookies to make its own service more user-friendly. If you order a product, you will be redirected to the Sofort or Klarna website. After successful payment, you will be redirected to our thank you page. The following three cookies are set here:

Name: SOFUEB

Value: e8cipp378mdscn9e17kajlfhv7111902914-5

Purpose: This cookie stores your session ID.

Expiration date: after ending the browser session

Name: User[user_cookie_rules]

Value: 1

Purpose: This cookie stores your consent to the use of cookies.

Expiration date: after 10 years

Name: _ga

Value: GA1.2.69759879.1589470706

Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Essentially, it serves to distinguish between website visitors. This is a Google Analytics cookie.

Expiration date: after 2 years

Note: The cookies listed here are not exhaustive. It is always possible that Sofortüberweisung also uses other cookies.

How long and where is the data stored?

All collected data is stored within the legal retention period. This obligation can last between three and ten years.

Klarna/Sofort GmbH tries to store data only within the EU or the European Economic Area (EEA). If data is transferred outside the EU/EEA, data protection must comply with the GDPR and the country must be subject to an adequacy decision by the EU.

How can I delete my data or prevent data storage?

You can withdraw your consent for Klarna to process personal data at any time. You also always have the right to information, rectification and deletion of your personal data. To do this, you can simply contact the company's data protection team by email at datenschutz@sofort.com.

You can manage, delete or deactivate possible cookies used by Sofortüberweisung in your browser. Depending on your preferred browser, this works in different ways. The following instructions show you how to manage cookies in the most common browsers:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

Legal basis

In addition to traditional banks/credit institutions, we also offer the payment service provider Sofortüberweisung for the processing of contractual or legal relationships  (Art. 6 (1) (b) GDPR) . The successful use of the service also requires your consent  (Art. 6 (1) (a) GDPR) , insofar as the use requires the acceptance of cookies.

If you would like to know more about data processing by "Sofortüberweisung" from Sofort GmbH, we recommend reading the privacy policy at  https://www.sofort.de/datenschutz.html.

Visa Privacy Policy

We use Visa, a globally active payment provider, on our website. The service provider is the American company Visa Inc. For the European region, the responsible company is Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, Great Britain).

Visa processes your data, among other things, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks for the legality and security of data processing.

As a basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., particularly in the USA) or for data transfer to such countries, Visa uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, Visa undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses, among others, here:  https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information about the standard contractual clauses at Visa can be found at  https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

You can find more about the data processed by using Visa in the Privacy Policy at  https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

YouTube Privacy Policy

YouTube Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimisation of our services 📓 Processed data: Data such as contact details, user behavior data, information about your device, and your IP address may be stored. More details can be found further down in this privacy policy. 📅 Storage duration: Data is generally stored as long as necessary for the purpose of the service ⚖️ Legal bases: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is YouTube?

We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. Various data is transmitted (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all data processing in Europe.

Below, we will explain in more detail which data is processed, why we have embedded YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the past few years, YouTube has become one of the most important social media channels worldwide. To display videos on our website, YouTube provides a code snippet that we have embedded on our page.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And, of course, interesting videos should not be missing. With the help of our embedded videos, we provide you with additional helpful content alongside our texts and images. In addition, our website is more easily found on the Google search engine due to the embedded videos. Even when we place ads via Google Ads, Google can – thanks to the data collected – show these ads only to people who are interested in our offers.

What data is stored by YouTube?

As soon as you visit one of our pages that has an embedded YouTube video, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually associate your interactions on our website with your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution, or your internet provider. Further data may include contact details, any ratings, sharing of content via social media, or adding to your favorites on YouTube.

If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier associated with your device, browser, or app. For example, your preferred language setting will be retained. However, many interaction data cannot be stored because fewer cookies are set.

In the following list, we show cookies that were set in a test in the browser. We show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be complete because user data always depends on interactions on YouTube.

Name: YSC

Value: b9-CV6ojI5Y111902914-1

Purpose: This cookie registers a unique ID to store statistics of the viewed video.

Expiry date: after session end

Name: PREF

Value: f1=50000000

Purpose: This cookie also registers your unique ID. Google receives statistics via PREF on how you use YouTube videos on our website.

Expiry date: after 8 months

Name: GPS

Value: 1

Purpose: This cookie registers your unique ID on mobile devices to track the GPS location.

Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE

Value: 95Chz8bagyU

Purpose: This cookie attempts to estimate the user's bandwidth on our websites (with embedded YouTube video).

Expiry date: after 8 months

Further cookies that are set when you are logged into your YouTube account:

Name: APISID

Value: zILlvClZSkqGsSwI/AU1aZI6HY7111902914-

Purpose: This cookie is used to create a profile about your interests. The data is used for personalized advertisements.

Expiry date: after 2 years

Name: CONSENT

Value: YES+AT.de+20150628-20-0

Purpose: The cookie stores the status of a user's consent to the use of various Google services. CONSENT also serves security purposes to verify users and protect user data from unauthorized attacks.

Expiry date: after 19 years

Name: HSID

Value: AcRwpgUik9Dveht0I

Purpose: This cookie is used to create a profile about your interests. This data helps to display personalized advertising.

Expiry date: after 2 years

Name: LOGIN_INFO

Value: AFmmF2swRQIhALl6aL…

Purpose: This cookie stores information about your login data.

Expiry date: after 2 years

Name: SAPISID

Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM

Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile about your interests.

Expiry date: after 2 years

Name: SID

Value: oQfNKjAsI111902914-

Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.

Expiry date: after 2 years

Name: SIDCC

Value: AN0-TYuqub2JOcDTyL

Purpose: This cookie stores information about how you use the website and what advertising you may have seen before visiting our site.

Expiry date: after 3 months

How long and where is the data stored?

The data that YouTube receives and processes from you is stored on Google servers. Most of these servers are located in America. You can see exactly where Google's data centers are located at  https://www.google.com/about/datacenters/inside/locations/?hl=de  . Your data is distributed across the servers. This makes the data retrievable faster and better protected against manipulation.

Google stores the collected data for different lengths of time. Some data you can delete at any time, others are automatically deleted after a limited period, and still others are stored by Google for a longer period. Some data (such as items from "My Activity," photos, or documents, products) stored in your Google Account remain stored until you delete them. Even if you are not logged into a Google Account, you can delete some data associated with your device, browser, or app.

How can I delete my data or prevent data storage?

Generally, you can manually delete data in your Google Account. With the automatic deletion function for location and activity data introduced in 2019, information is stored for either 3 or 18 months, depending on your decision, and then deleted.

Regardless of whether you have a Google Account or not, you can configure your browser to delete or disable Google cookies. The method varies depending on the browser you use. The following instructions show how to manage cookies in your browser:

Chrome: Clear, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser to always inform you when a cookie is to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal basis

If you have consented to your data being processed and stored by embedded YouTube elements, this consent serves as the legal basis for data processing  (Art. 6 (1) (a) GDPR). In principle, your data is also stored and processed based on our legitimate interest  (Art. 6 (1) (f) GDPR)  in fast and good communication with you or other customers and business partners. Nevertheless, we only use the embedded YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy text about cookies and review the privacy policy or cookie policies of the respective service provider.

YouTube processes data, among other things, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks for the legality and security of data processing.

As a basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., particularly in the USA) or for data transfer to such countries, YouTube uses standard contractual clauses approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR). These clauses oblige YouTube to comply with the EU data protection level when processing relevant data even outside the EU. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the clauses, among others, here:  https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

Since YouTube is a subsidiary of Google, there is a common privacy policy. If you want to know more about how your data is handled, we recommend reading the privacy policy at  https://policies.google.com/privacy?hl=de.

Miscellaneous Introduction

Other Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Improving user experience 📓 Processed data: The data processed depends heavily on the services used. Most often, this involves IP addresses and/or technical data. More details can be found for each tool used. 📅 Storage duration: depends on the tools used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What falls under "Other"?

The "Other" category includes services that do not fit into any of the categories listed above. These are usually various plugins and embedded elements that enhance our website. As a rule, these functions are obtained from third-party providers and integrated into our website. Examples include web search services such as Algolia Place, Giphy, Programmable Search Engine, or online services for weather data such as OpenWeather.

Why do we use other third-party providers?

With our website, we want to offer you the best web presence in our industry. For a long time, a website has been more than just a simple business card for companies. Rather, it is a place that should help you find what you are looking for. To constantly make our website even more interesting and helpful for you, we use various third-party services.

What data is processed?

Whenever elements are embedded in our website, your IP address is transmitted, stored, and processed by the respective provider. This is necessary because otherwise, the content cannot be sent to your browser and consequently cannot be displayed correctly. It can also happen that service providers use pixel tags or web beacons. These are small graphics on websites that record a log file and can also create analyses of this file. With the information obtained, providers can improve their own marketing measures. In addition to pixel tags, such information (such as which button you click or when you visit which page) can also be stored in cookies. In addition to analysis data about your web behavior, technical information such as your browser type or operating system can also be stored there. Some providers can also link the collected data with other internal services or even with third-party providers. Each provider handles your data differently. Therefore, we recommend that you carefully read the privacy policies of the respective services. We generally strive to use only services that handle data protection very carefully.

Duration of data processing

We will inform you below about the duration of data processing, if we have further information on it. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products.

Legal basis

If we ask for your consent and you agree that we may use the service, this serves as the legal basis for processing your data (Art. 6 para. 1 lit. a GDPR). In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus technically and economically improving our offering. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use the tools if you have given your consent.

Information on specific tools can be found – if available – in the following sections.

Google Fonts Privacy Policy

Google Fonts Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of our services 📓 Processed data: Data such as IP address and CSS and font requests More details can be found further down in this privacy policy. 📅 Storage duration: Font files are stored by Google for one year ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What are Google Fonts?

We use Google Fonts on our website. These are the "Google fonts" from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

You do not need to register or provide a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don't need to worry about your Google account data being transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will examine in detail how data storage works.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge.

Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website without having to upload them to our own server. Google Fonts is an important component for maintaining the high quality of our website. All Google fonts are automatically optimized for the web, which saves data volume and is a great advantage, especially for use on mobile devices. When you visit our site, the small file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems, and mobile devices can lead to errors. Such errors can sometimes distort texts or entire web pages visually. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts to present our entire online service as beautifully and uniformly as possible.

What data is stored by Google?

When you visit our website, the fonts are reloaded via a Google server. Through this external call, data is transmitted to Google servers. This way, Google also recognizes that you or your IP address has visited our website. The Google Fonts API was designed to reduce the use, storage, and collection of end-user data to what is necessary for the proper provision of fonts. By the way, API stands for "Application Programming Interface" and serves, among other things, as a data transmitter in the software sector.

Google Fonts securely stores CSS and font requests with Google, thus protecting them. Through the collected usage figures, Google can determine how popular individual fonts are. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in Google Fonts' BigQuery database. Businesses and developers use Google's web service BigQuery to examine and move large amounts of data.

However, it should also be noted that with every Google Font request, information such as language settings, IP address, browser version, browser screen resolution, and browser name are automatically transmitted to Google servers. Whether this data is also stored is not clearly ascertainable and is not explicitly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets on its servers for one day, which are primarily located outside the EU. This allows us to use the fonts with the help of a Google stylesheet. A stylesheet is a template that allows you to easily and quickly change, for example, the design or font of a website.

The font files are stored by Google for one year. Google's goal is to generally improve the loading time of websites. If millions of websites refer to the same fonts, they are cached after the first visit and appear immediately on all other subsequently visited websites. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for one day or one year cannot be easily deleted. The data is automatically transmitted to Google when the page is accessed. To be able to delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=de&tid=111902914. In this case, you can only prevent data storage by not visiting our site.

Unlike other web fonts, Google allows us unlimited access to all fonts. This means we can access an unlimited sea of fonts and thus get the optimal result for our website. More about Google Fonts and other questions can be found at https://developers.google.com/fonts/faq?tid=111902914. While Google addresses data protection relevant matters there, it does not contain really detailed information about data storage. It is relatively difficult to get truly precise information about stored data from Google.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by Google Fonts.

Furthermore, we have a legitimate interest in using Google Fonts to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use Google Fonts if you have given your consent.

Google also processes data from you, among other things, in the USA. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks for the lawfulness and security of data processing.

As a basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., particularly in the USA) or for data transfer there, Google uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which also correspond to the standard contractual clauses for Google Fonts, can be found at https://business.safety.google/adsprocessorterms/.

You can also read what data Google generally collects and for what purpose this data is used at https://www.google.com/intl/de/policies/privacy/.

Google Maps Privacy Policy

Google Maps Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimizing our service 📓 Processed data: Data such as entered search terms, your IP address, and latitude/longitude coordinates. More details can be found further down in this privacy policy. 📅 Storage duration: dependent on the stored data ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is Google Maps?

We use Google Maps from Google Inc. on our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps, we can better show you locations and thus adapt our service to your needs. By using Google Maps, data is transferred to Google and stored on Google servers. Here we want to explain in more detail what Google Maps is, why we use this Google service, what data is stored, and how you can prevent this.

Google Maps is an internet map service from Google. With Google Maps, you can search online for precise locations of cities, sights, accommodations, or businesses via a PC, tablet, or app. If businesses are listed on Google My Business, additional information about the company is displayed in addition to the location. To show directions, map sections of a location can be embedded on a website using HTML code. Google Maps displays the earth's surface as a road map or as an aerial or satellite image. Thanks to Street View images and high-quality satellite images, very precise representations are possible.

Why do we use Google Maps on our website?

All our efforts on this site are aimed at providing you with a useful and meaningful experience on our website. By integrating Google Maps, we can provide you with the most important information about various locations. You can see at a glance where our company headquarters are located. The directions always show you the best or fastest way to us. You can get directions for routes by car, public transport, on foot, or by bicycle. For us, providing Google Maps is part of our customer service.

What data is stored by Google Maps?

For Google Maps to fully offer its service, the company must collect and store data from you. This includes, among other things, the entered search terms, your IP address, and also the latitude and longitude coordinates. If you use the route planner function, the entered starting address is also stored. However, this data storage occurs on Google Maps' websites. We can only inform you about this but cannot influence it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google primarily uses this data to optimize its own services and to provide individual, personalized advertising for you.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID

Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ111902914-5

Purpose: NID is used by Google to tailor advertisements to your Google searches. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interaction with ads. This way, you always receive customized advertisements. The cookie contains a unique ID that Google uses to collect your personal preferences for advertising purposes.

Expiration date: after 6 months

Note: We cannot guarantee the completeness of the stored data. Especially when using cookies, changes can never be ruled out. To identify the NID cookie, a separate test page was created, where only Google Maps was integrated.

How long and where is the data stored?

Google servers are located in data centers all over the world. However, most servers are located in America. For this reason, your data is increasingly stored in the USA. Here you can read exactly where Google's data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de

Google distributes data across various storage media. This makes the data accessible faster and better protected from any manipulation attempts. Each data center also has special emergency programs. For example, if there are problems with Google hardware or a natural disaster paralyzes the servers, the data is still fairly certainly protected.

Some data Google stores for a specified period. For other data, Google only offers the option to delete it manually. Furthermore, the company also anonymizes information (such as advertising data) in server logs by deleting a portion of the IP address and cookie information after 9 or 18 months.

How can I delete my data or prevent data storage?

With the automatic deletion function for location and activity data introduced in 2019, location data and web/app activity information – depending on your decision – is stored for either 3 or 18 months and then deleted. In addition, this data can also be manually deleted from the history at any time via your Google account. If you want to completely prevent your location tracking, you must pause the "Web & App Activity" section in your Google account. Click "Data & Personalization" and then select the "Activity controls" option. Here you can turn activities on or off.

In your browser, you can also deactivate, delete or manage individual cookies. Depending on the browser you use, this always works a little differently. The following instructions show how to manage cookies in your browser:

Chrome: Clear, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Clear cookies and site data to remove information websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not.

Please note that when using this tool, your data may also be stored and processed outside the EU. Most third countries (including the USA) are currently considered insecure under European data protection law. Data to insecure third countries may therefore not simply be transferred, stored, and processed there, unless there are suitable guarantees (such as EU standard contractual clauses) between us and the non-European service provider.

Legal basis

If you have consented to the use of Google Maps, the legal basis for the corresponding data processing is this consent. This consent, according to Art. 6 para. 1 lit. a GDPR (Consent), constitutes the legal basis for the processing of personal data that may occur during collection by Google Maps.

Furthermore, we have a legitimate interest in using Google Maps to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use Google Maps if you have given your consent.

Google also processes your data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks for the legality and security of data processing.

As the basis for data processing involving recipients in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., particularly in the USA) or a data transfer there, Google uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are template clauses provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, Google commits to maintaining the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which correspond to the standard contractual clauses, can be found at https://business.safety.google/adsprocessorterms/.

If you want to learn more about Google's data processing, we recommend the company's own privacy policy at https://policies.google.com/privacy?hl=de.

All texts are protected by copyright.