Skip to main content

Privacy Policy

Privacy Policy

Last updated: October 3, 2024

Table of Contents

Data Controller

Ralf Kerkhoff
Heide 62

46286 Dorsten

Authorized representatives: Ralf Kerkhoff

Email address: ralf.kerkhoff@ralf-kerkhoff.de

Legal Notice: https://en.ralf-kerkhoff-bilderwelten.de/pages/impressum/
Contact Form: https://en.ralf-kerkhoff-bilderwelten.de/page/contact/

Overview of Data Processing

The following overview summarizes the types of data processed and the purposes of such processing, and identifies the data subjects.

Types of Data Processed

  • Master data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication, and process data.
  • Event data (Facebook).
  • Log data.

Categories of Data Subjects

  • Communication partners.
  • Users.

Purposes of processing

  • Communication.
  • Security measures.
  • Direct marketing.
  • Audience measurement.
  • Organizational and Administrative Procedures.
  • Feedback.
  • Marketing.
  • Profiles containing user-related information.
  • Provision of our online services and user-friendliness.
  • IT infrastructure.
  • Public relations.

Relevant Legal Bases

Applicable Legal Bases Under the GDPR: Below is an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your country of residence or our country of residence or registered office. Should more specific legal bases apply in individual cases, we will inform you of these in the Privacy Policy.

  • Consent (Art. 6(1), sentence 1, lit. a) GDPR) - The data subject has given consent to the processing of personal data concerning him or her for a specific purpose or for several specific purposes.
  • Performance of a Contract and Pre-Contractual Inquiries (Art. 6(1), sentence 1, lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the data subject’s request.
  • Legitimate interests (Art. 6(1), first sentence, lit. f) GDPR) - The processing is necessary to safeguard the legitimate interests of the controller or of a third party, provided that the interests, fundamental rights, and fundamental freedoms of the data subject that require the protection of personal data do not take precedence.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against the Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and the transfer of data, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on the Applicability of the GDPR and the Swiss Data Protection Act (DSG): This privacy notice serves to provide information in accordance with both the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). For this reason, please note that the terms used in the GDPR are employed here due to its broader geographical scope and clarity. In particular, instead of the terms “processing” of “personal data,” “overriding interest,” and “personal data requiring special protection” used in the Swiss Data Protection Act (DSG), the terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” used in the GDPR are employed. However, the legal meaning of these terms continues to be determined in accordance with the Swiss Data Protection Act (DSG) within the scope of its applicability.

Security Measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing, as well as the varying likelihoods and severity of threats to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, and disclosure of the data, ensuring its availability, and maintaining its separation. Furthermore, we have established procedures that ensure the exercise of data subjects’ rights, the erasure of data, and responses to data breaches. In addition, we take the protection of personal data into account from the very beginning of the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and through privacy-friendly default settings.

IP Address Truncation: If IP addresses are processed by us or by the service providers and technologies we use, and the processing of a full IP address is not necessary, the IP address is truncated (also referred to as “IP masking”). In this process, the last two digits or the last part of the IP address after a period are removed or replaced with placeholders. The purpose of truncating the IP address is to prevent or significantly hinder the identification of a person based on their IP address.

Securing Online Connections Using TLS/SSL Encryption Technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we rely on TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of “HTTPS” in the URL. This serves as an indicator to users that their data is being transmitted securely and in encrypted form.

Transfer of Personal Data

As part of our processing of personal data, it may occur that such data is transferred to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if processing takes place in connection with the use of third-party services or the disclosure or transfer of data to other individuals, agencies, or companies, this is done only in accordance with legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. In all other cases, data transfers take place only if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in the case of transfers required by contract or law (Art. 49(1) GDPR). In addition, we will inform you of the legal basis for transfers to third countries for each individual provider located in a third country, whereby adequacy decisions take precedence as the legal basis. Information on transfers to third countries and existing adequacy decisions can be found on the European Commission’s website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de. As part of the so-called “Data Privacy Framework” (DPF), the European Commission has also recognized the level of data protection provided by certain U.S. companies as adequate under the Adequacy Decision of July 10, 2023. You can find the list of certified companies as well as further information on the DPF on the U.S. Department of Commerce’s website at https://www.dataprivacyframework.gov/ (in English). We provide information in our Privacy Policy regarding which service providers we use that are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete the personal data we process in accordance with legal requirements as soon as the underlying consents are revoked or there are no longer any legal grounds for processing. This applies to cases where the original purpose of processing no longer applies or the data is no longer needed. Exceptions to this rule apply if legal obligations or specific interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal proceedings or to protect the rights of other natural or legal persons, must be archived accordingly.

Our privacy policy contains additional information on the retention and deletion of data that applies specifically to certain processing operations.

If there are multiple specifications regarding the retention period or deletion deadlines for a particular piece of data, the longest period shall always apply.

If a period does not expressly begin on a specific date and is at least one year in duration, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships under which data is stored, the event triggering the period is the date on which the termination or other termination of the legal relationship takes effect.

We process data that is no longer retained for its originally intended purpose—but rather due to legal requirements or other reasons—exclusively for the purposes that justify its retention.

Further information on processing procedures, processes, and services:

  • Data Retention and Deletion: The following general retention periods apply to data retention and archiving under German law:
    • 10 years—retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the work instructions and other organizational documents necessary for their understanding, accounting documents, and invoices (Section 147(3) in conjunction with (1) Nos. 1, 4, and 4a of the German Fiscal Code (AO), § 14b(1) of the Value-Added Tax Act (UStG), § 257(1) Nos. 1 and 4, (4) of the Commercial Code (HGB)).
    • 6 years – Other business records: received commercial or business correspondence, copies of sent commercial or business correspondence, and other documents to the extent they are relevant for tax purposes, e.g., hourly wage slips, operating statement forms, cost calculation documents, price tags, as well as payroll documents, provided they are not already accounting vouchers, and cash register receipts (Section 147(3) in conjunction with (1)(2), 3, 5 AO, Section 257(1)(2) and (3), (4) HGB).
    • 3 years—Data necessary to address potential warranty and damage claims or similar contractual claims and rights, as well as to process related inquiries, based on past business experience and standard industry practices, is stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 BGB).

Rights of Data Subjects

Rights of Data Subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 through 21 of the GDPR:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right to Access: You have the right to request confirmation as to whether data concerning you is being processed, as well as access to this data, further information, and a copy of the data in accordance with legal requirements.
  • Right to Rectification: In accordance with legal requirements, you have the right to request that data concerning you be completed or that inaccurate data concerning you be corrected.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be erased without delay or, alternatively, to request a restriction on the processing of the data in accordance with legal requirements.
  • Right to data portability: You have the right, in accordance with legal requirements, to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another controller.
  • Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the provisions of the GDPR.

Provision of the Online Service and Web Hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

  • Types of data processed: Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved); Log data (e.g., log files regarding logins, data retrieval, or access times); Content data (e.g., textual or visual messages and posts, as well as related information such as details on authorship or the time of creation).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)). Security measures.
  • Retention and deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

  • Provision of Online Services on Leased Storage Space: To provide our online services, we use storage space, computing capacity, and software that we lease or otherwise obtain from a server provider (also known as a “web host”); Legal bases: Legitimate interests (Art. 6(1), sentence 1, letter f) of the GDPR).
  • Collection of access data and log files: Access to our online service is logged in the form of so-called “server log files.” Server log files may include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, a notification of successful access, browser type and version, the user’s operating system, the referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. The server log files may be used, on the one hand, for security purposes—for example, to prevent server overload (particularly in the event of malicious attacks, known as DDoS attacks)—and, on the other hand, to ensure server capacity and stability; Legal basis: Legitimate interests (Art. 6(1), sentence 1, lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and is then deleted or anonymized. Data that must be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.
  • Email Transmission and Hosting: The web hosting services we use also include the transmission, receipt, and storage of emails. For these purposes, the addresses of the recipients and senders, as well as other information regarding email transmission (e.g., the providers involved) and the contents of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails are generally not sent in encrypted form over the Internet. While emails are typically encrypted during transmission, they are not encrypted on the servers from which they are sent and received (unless a so-called end-to-end encryption method is used). We therefore cannot assume any responsibility for the transmission of emails between the sender and our server; Legal basis: Legitimate interests (Art. 6(1), sentence 1, lit. f) GDPR).
  • Content Delivery Network: We use a “Content Delivery Network” (CDN). A CDN is a service that enables the content of an online offering—in particular large media files such as graphics or program scripts—to be delivered more quickly and securely using servers distributed regionally and connected via the Internet; Legal basis: Legitimate interests (Art. 6(1), sentence 1, letter f) GDPR).
  • Alfahosting: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: Alfahosting GmbH, Ankerstraße 3b, 06108 Halle (Saale), Germany; Legal basis: Legitimate interests (Art. 6(1), first sentence, lit. f) GDPR); Website: https://alfahosting.de; Privacy Policy: https://alfahosting.de/datenschutz/. Data Processing Agreement: Provided by the service provider.

Use of Cookies

Cookies are small text files or other storage markers that store and retrieve information on end devices. For example, to save the login status in a user account, the contents of a shopping cart in an online store, the content accessed, or the features used on a website. Cookies may also be used for various purposes, such as ensuring the functionality, security, and convenience of websites, as well as analyzing visitor traffic.

Information on Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless it is not required by law. In particular, consent is not required if the storage and retrieval of information—including cookies—are absolutely necessary to provide users with a telemedia service (i.e., our online service) that they have expressly requested. The revocable consent is clearly communicated to users and includes information regarding the specific use of cookies.

Information on the legal basis for data protection: The legal basis under data protection law on which we process users’ personal data using cookies depends on whether we request their consent. If users accept, the legal basis for the processing of their data is their explicit consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g., in the business operation of our online service and the improvement of its usability) or, if this occurs in the context of fulfilling our contractual obligations, when the use of cookies is necessary to fulfill our contractual obligations. We explain the purposes for which we use cookies in this Privacy Policy or as part of our consent and processing procedures.

Retention period: With regard to the retention period, the following types of cookies are distinguished:

  • Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
  • Persistent cookies: Persistent cookies remain stored even after the device is turned off. This allows, for example, the login status to be saved and preferred content to be displayed immediately when the user visits a website again. Likewise, user data collected via cookies may be used for audience measurement. Unless we provide users with explicit information regarding the type and storage duration of cookies (e.g., when obtaining consent), they should assume that these cookies are persistent and may be stored for up to two years.

General Information on Withdrawal of Consent and Objection (Opt-out): Users may withdraw their consent at any time and may also object to the processing of their data in accordance with legal requirements, including through their browser’s privacy settings.

  • Types of data processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Further information on processing operations, procedures, and services:

  • Processing of cookie data based on consent: We use a consent management solution to obtain users’ consent to the use of cookies or to the procedures and providers specified within the consent management solution. This procedure serves to obtain, log, manage, and revoke consents, particularly with regard to the use of cookies and comparable technologies used to store, read, and process information on users’ end devices. As part of this process, users’ consent is obtained for the use of cookies and the associated processing of information, including the specific processing activities and providers mentioned in the consent management process. Users also have the option to manage and revoke their consents. The consent declarations are stored to avoid repeated requests and to maintain proof of consent in accordance with legal requirements. Storage takes place on the server and/or in a cookie (a so-called opt-in cookie) or via comparable technologies to enable the consent to be assigned to a specific user or their device. Unless specific information regarding the providers of consent management services is available, the following general guidelines apply: Consent is stored for up to two years. A pseudonymous user identifier is created for this purpose, which is stored together with the time of consent, details regarding the scope of consent (e.g., relevant categories of cookies and/or service providers), and information about the browser, the system, and the end device used; Legal basis: Consent (Art. 6(1), sentence 1, lit. a) GDPR).

Blogs and Publication Media

We use blogs or similar means of online communication and publication (hereinafter “publication medium”). Readers’ data is processed for the purposes of the publication medium only to the extent necessary for its presentation and for communication between authors and readers, or for security reasons. For further details, please refer to the information regarding the processing of visitors to our publication medium as set forth in this Privacy Policy.

  • Types of data processed: Master data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image-based messages and posts, as well as related information such as details regarding authorship or the time of creation); Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, individuals involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Feedback (e.g., collecting feedback via an online form); provision of our online services and user-friendliness; communication; organizational and administrative procedures; security measures.
  • Retention and deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
  • Legal bases: Legitimate interests (Art. 6(1), sentence 1, lit. f) GDPR). Consent (Art. 6(1), sentence 1, lit. a) GDPR).

Further information on processing operations, procedures, and services:

  • Comments and Posts: When users leave comments or other posts, their IP addresses may be stored based on our legitimate interests. This is done for our protection in case someone posts unlawful content in comments or posts (insults, prohibited political propaganda, etc.). In such cases, we could be held liable for the comment or post ourselves and are therefore interested in the author’s identity.

    Furthermore, based on our legitimate interests, we reserve the right to process users’ data for the purpose of spam detection.

    On the same legal basis, we reserve the right, in the case of surveys, to store users’ IP addresses for the duration of the survey and to use cookies to prevent multiple votes.

    The personal information provided in comments and posts, including any contact and website information, as well as the content itself, will be stored permanently by us until the user objects; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Comment Subscriptions: Users may subscribe to follow-up comments with their consent. Users will receive a confirmation email to verify that they are the owners of the email address provided. Users may unsubscribe from active comment subscriptions at any time. The confirmation email will contain information on how to withdraw consent. For the purpose of verifying user consent, we store the time of registration along with the user’s IP address and delete this information when users unsubscribe.

    You can cancel your subscription to our service at any time, i.e., revoke your consent. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the prior existence of consent is confirmed at the same time; Legal basis: Consent (Art. 6(1)(a) GDPR).
  • Gravatar profile pictures: Profile pictures – We use the Gravatar service within our online offering and, in particular, on our blog.

    Gravatar is a service where users can register and store profile pictures and their email addresses. When users post entries or comments on other websites (primarily blogs) using the respective email address, their profile pictures may be displayed alongside the entries or comments. For this purpose, the email address provided by the users is transmitted to Gravatar in encrypted form to verify whether a profile is associated with it. This is the sole purpose of transmitting the email address. It is not used for any other purpose and is deleted afterward.

    The use of Gravatar is based on our legitimate interests, as we use Gravatar to offer post and comment authors the opportunity to personalize their posts with a profile picture.

    When images are displayed, Gravatar obtains the user’s IP address, as this is necessary for communication between a browser and an online service.

    If users do not want a profile picture linked to their email address on Gravatar to appear in the comments, they should use an email address that is not registered with Gravatar when commenting. We also note that it is possible to use an anonymous email address or no email address at all if users do not wish to have their email address sent to Gravatar. Users can completely prevent the transfer of data by not using our comment system; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://automattic.com; Privacy Policy: https://automattic.com/privacy. Basis for transfers to third countries: Data Privacy Framework (DPF).

Contact and Inquiry Management

When you contact us (e.g., by mail, contact form, email, phone, or social media), as well as in the context of existing user and business relationships, the information provided by the inquiring individuals is processed to the extent necessary to respond to contact inquiries and any requested actions.

  • Types of data processed: Master data (e.g., full name, home address, contact information, customer number, etc.); contact information (e.g., mailing and email addresses or phone numbers); Content data (e.g., text or image-based messages and posts, as well as related information such as details regarding authorship or the time of creation); usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, individuals involved).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via an online form). Provision of our online services and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
  • Legal bases: Legitimate interests (Art. 6(1), sentence 1, lit. f) GDPR). Performance of a contract and pre-contractual inquiries (Art. 6(1), sentence 1, lit. b) GDPR).

Further information on processing operations, procedures, and services:

  • Contact Form: When you contact us via our contact form, by email, or through other communication channels, we process the personal data you provide to respond to and handle your inquiry. This typically includes information such as your name, contact details, and, if applicable, additional information provided to us that is necessary for proper processing. We use this data exclusively for the stated purpose of establishing contact and communication; Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) exclusively with the recipients’ consent or on a legal basis. If the content of the newsletter is specified during the subscription process, this content is decisive for the users’ consent. To subscribe to our newsletter, providing your email address is usually sufficient. However, in order to offer you a personalized service, we may ask you to provide your name so we can address you personally in the newsletter, or to provide additional information if it is necessary for the purpose of the newsletter.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the prior existence of consent is confirmed at the same time. In the event of obligations to permanently honor objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The registration process is logged based on our legitimate interests for the purpose of verifying that it was carried out properly. To the extent that we engage a service provider to send emails, this is done based on our legitimate interests in an efficient and secure delivery system.

Content:

Information about us, our services, promotions, and offers.

  • Types of data processed: Master data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, individuals involved). Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via email or mail).
  • Retention and deletion: 3 years - Contractual claims (AT) (Data required to address potential warranty and damage claims or similar contractual claims and rights, as well as to process related inquiries, based on past business experience and standard industry practices, is stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).) 10 years – Contractual claims (CH) (Data necessary to address potential claims for damages or similar contractual claims and rights, as well as to process related inquiries, based on past business experience and standard industry practices, is retained for the statutory limitation period of ten years, unless a shorter period of 5 years applies, which is relevant in certain cases (Art. 127, 130 OR)).
  • Legal basis: Consent (Art. 6(1), sentence 1, lit. a) GDPR).
  • Right to Object (Opt-Out): You may unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to receiving further newsletters. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you may use one of the contact options listed above, preferably email, for this purpose.

Further information on processing activities, procedures, and services:

  • Measuring open and click-through rates: The newsletters contain so-called “web beacons,” i.e., a pixel-sized file that is retrieved from our server—or the server of our mailing service provider, if we use one—when the newsletter is opened. As part of this retrieval, technical information—such as details about your browser and system—as well as your IP address and the time of retrieval are initially collected. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior, determined by their location (which can be identified using the IP address) or access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The information is assigned to individual newsletter recipients and stored in their profiles until it is deleted. The analyses serve to identify our users’ reading habits and tailor our content to them, or to send different content based on our users’ interests. Legal basis: Consent (Art. 6(1)(a) GDPR).

Web Analytics, Monitoring, and Optimization

Web analytics (also referred to as “reach measurement”) is used to analyze visitor traffic to our online offering and may include pseudonymized data on visitors’ behavior, interests, or demographic information, such as age or gender. With the help of reach analysis, we can, for example, determine at what times our online offering or its features and content are used most frequently, or encourage repeat visits. It also allows us to identify which areas require optimization.

In addition to web analytics, we may also use testing methods to, for example, test and optimize different versions of our online offering or its components.

Unless otherwise specified below, profiles—that is, data aggregated for a specific usage session—may be created for these purposes, and information may be stored in a browser or on a device and subsequently retrieved. The data collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and details regarding usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, the processing of location data is also possible.

In addition, users’ IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users. In general, no personally identifiable user data (such as email addresses or names) is stored in the context of web analytics, A/B testing, and optimization; instead, pseudonyms are used. This means that neither we nor the providers of the software we use know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective processes.

Information on Legal Bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., our interest in providing efficient, cost-effective, and user-friendly services). In this context, we would also like to draw your attention to the information regarding the use of cookies in this Privacy Policy.

  • Types of data processed: Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, individuals involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Audience measurement (e.g., access statistics, identification of returning visitors). Profiles containing user-related information (creation of user profiles).
  • Retention and deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.” Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users’ devices for a period of two years.).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

No visitor analysis is conducted beyond the anonymized IP addresses already available on the server side

  • Matomo (without cookies): Matomo is a privacy-friendly web analytics software that operates without cookies and identifies returning users using a so-called “digital fingerprint,” which is stored anonymously and updated every 24 hours; With the “digital fingerprint,” user activity within our online offering is tracked using pseudonymized IP addresses in combination with the user’s browser settings in such a way that it is not possible to draw conclusions about the identity of individual users. The user data collected through the use of Matomo is processed solely by us and is not shared with third parties; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://matomo.org/.
  • Matomo: Matomo is software used for web analytics and audience measurement. When using Matomo, cookies are generated and stored on users’ devices. The user data collected through the use of Matomo is processed solely by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal basis: Consent (Art. 6(1)(a) GDPR). Data deletion: Cookies are stored for a maximum of 13 months.

Note: We use Matomo without cookies!

 

Social Media Presence

We maintain online presences on social media platforms and, in this context, process user data to communicate with users active on those platforms or to provide information about us.

Please note that user data may be processed outside the European Union in this context. This may pose risks to users, as it could, for example, make it more difficult to enforce user rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created based on users’ behavior and the resulting interests. These profiles may in turn be used, for instance, to display advertisements within and outside the networks that are presumed to correspond to users’ interests. For this reason, cookies are typically stored on users’ computers to record their usage behavior and interests. In addition, usage profiles may also store data regardless of the devices used by users (particularly if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the options for opting out, please refer to the privacy policies and information provided by the operators of the respective networks.

We also note that requests for information and the exercise of data subject rights are most effectively handled directly with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. If you still need assistance, however, you may contact us.

  • Types of data processed: Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image-based messages and posts, as well as related information such as details regarding authorship or the time of creation); Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Communication; feedback (e.g., collecting feedback via an online form). Public relations.
  • Retention and deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
  • Legal bases: Legitimate interests (Art. 6(1), sentence 1, lit. f) GDPR).

Further information on processing operations, procedures, and services:

  • Instagram: Social network that allows users to share photos and videos, comment on and like posts, send messages, and follow profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for transfers to third countries: Data Privacy Framework (DPF).
  • Facebook Pages: Profiles within the Facebook social network—We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (known as a “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see “Things You and Others Do and Share” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights,” to page administrators so they can gain insights into how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook (“Information on Page Insights,” https://www.facebook.com/legal/terms/page_controller_addendum), which specifically outlines the security measures Facebook must adhere to and in which Facebook has agreed to comply with data subject rights (i.e., users can, for example, submit requests for information or deletion directly to Facebook). Users’ rights (in particular the rights to access, erasure, objection, and filing a complaint with the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Page Insights Information” (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, particularly with regard to the transfer of data to the parent company Meta Platforms, Inc. in the United States; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for transfers to third countries: Data Privacy Framework (DPF).
  • LinkedIn: Social Network – Together with LinkedIn Ireland Unlimited Company, we are responsible for the collection (but not the further processing) of visitor data generated for the purpose of creating “Page Insights” (statistics) for our LinkedIn profiles.
    This data includes information about the types of content users view or interact with, or the actions they take, as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data) and details from users’ profiles, such as job title, country, industry, hierarchical level, company size, and employment status. Privacy information regarding LinkedIn’s processing of user data can be found in LinkedIn’s Privacy Policy: https://www.linkedin.com/legal/privacy-policy
    We have entered into a specific agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum” (the “Addendum”), https://legal.linkedin.com/pages-joint-controller-addendum), which specifically sets forth the security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, submit requests for information or deletion directly to LinkedIn). Users’ rights (in particular the rights to access, erasure, objection, and filing a complaint with the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint controllership is limited to the collection of data by and its transfer to Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of Ireland Unlimited Company, particularly with regard to the transfer of data to the parent company, LinkedIn Corporation, in the United States; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for transfers to third countries: Data Privacy Framework (DPF). Right to Object (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Pinterest: Social network that allows users to share photos, comment on, favorite, and curate posts, send messages, and follow profiles; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.pinterest.com. Privacy Policy: https://policy.pinterest.com/de/privacy-policy.
  • Snapchat: Social network that allows users to share photos and videos, comment on and favorite posts, send messages, and follow profiles and pages; Service provider: Snap Inc., 3000 31st Street, Santa Monica, California 90405, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.snapchat.com/; Privacy Policy: https://www.snap.com/de-DE/privacy/privacy-policy. Legal basis for transfers to third countries: Standard contractual clauses (https://www.snap.com/en-US/terms/standard-contractual-clauses).
  • X: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://x.com. Privacy Policy: https://x.com/de/privacy.
  • YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1), sentence 1, lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for transfers to third countries: Data Privacy Framework (DPF). Right to object (opt-out): https://myadcenter.google.com/personalizationoff.
  • Xing: Social network; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.xing.com/. Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

Plug-ins, Embedded Features, and Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as “content”).

This integration always requires that the third-party providers of this content process the users’ IP addresses, as they would be unable to send the content to the users’ browsers without an IP address. The IP address is therefore necessary for the display of this content or these features. We strive to use only content whose respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These “pixel tags” allow information—such as visitor traffic on the pages of this website—to be analyzed. This pseudonymous information may also be stored in cookies on the user’s device and may include, among other things, technical information about the browser and operating system, referring websites, the time of the visit, and other details regarding the use of our online service; it may also be linked to such information from other sources.

Information on Legal Bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is this consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., our interest in providing efficient, cost-effective, and user-friendly services). In this context, we would also like to draw your attention to the information regarding the use of cookies in this Privacy Policy.

  • Types of data processed: Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, individuals involved); Master data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image-based messages and posts, as well as related information such as details regarding authorship or the time of creation); Event data (Facebook) (“Event data” refers to information sent to the provider Meta—for example, via Meta Pixels (whether through apps or other channels)—that relates to individuals or their actions. This data includes, for example, details about website visits, interactions with content and features, app installations, and product purchases. Event data is processed for the purpose of creating target audiences for content and advertising messages (Custom Audiences). It is important to note that Event Data does not include actual content such as written comments, login information, or contact information such as names, email addresses, or phone numbers. “Event Data” is deleted by Meta after a maximum of two years, and the target audiences created from it are deleted when our Meta user accounts are deleted.).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness; marketing; profiles containing user-related information (creation of user profiles); feedback (e.g., collection of feedback via online forms).
  • Retention and deletion: Deletion in accordance with the information in the section “General Information on Data Storage and Deletion.” Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users’ devices for a period of two years.).
  • Legal bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

  • Integration of third-party software, scripts, or frameworks (e.g., jQuery): We integrate software into our online offering that we retrieve from servers operated by other providers (e.g., function libraries that we use to enhance the presentation or user-friendliness of our online offering). In doing so, the respective providers collect users’ IP addresses and may process them for the purpose of transmitting the software to users’ browsers, for security purposes, and for the evaluation and optimization of their services. - We integrate software into our online offering that we retrieve from servers operated by third-party providers (e.g., function libraries that we use to enhance the presentation or user-friendliness of our online offering). In doing so, the respective providers collect users’ IP addresses and may process them for the purpose of transmitting the software to the user’s browser, for security purposes, and for the evaluation and optimization of their services; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Facebook Plugins and Content: Facebook Social Plugins and Content—This may include, for example, content such as images, videos, or text, as well as buttons that allow users to share content from this online offering on Facebook. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/ - We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt—as part of a transfer (but not the further processing)—of “event data” that Facebook collects via the Facebook social plugins (and content embedding features) running on our online service or receives as part of a transfer for the following purposes: a) Displaying content and advertising information that corresponds to users’ presumed interests; b) Delivering commercial and transaction-related messages (e.g., contacting users via Facebook Messenger); c) Improving ad delivery and personalizing features and content (e.g., improving the ability to identify which content or advertising information is likely to match users’ interests). We have entered into a special agreement with Facebook (“Addendum for Controllers,” https://www.facebook.com/legal/controller_addendum), which specifically governs the security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can, for example, submit requests for information or deletion directly to Facebook). Note: When Facebook provides us with metrics, analyses, and reports (which are aggregated—i.e., do not contain information about individual users and are anonymous to us), this processing does not take place under joint controllership but rather on the basis of a data processing agreement (“Data Processing Terms,” https://www.facebook.com/legal/terms/dataprocessing) and the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the U.S., on the basis of standard contractual clauses ("Facebook-EU Data Transfer Addendum," https://www.facebook.com/legal/EU_data_transfer_addendum). Users’ rights (in particular the right to access, erasure, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Legal basis for transfers to third countries: Data Privacy Framework (DPF).
  • Google Fonts (hosted on our own server): Provision of font files to ensure a user-friendly display of our online content; Service provider: Google Fonts are hosted on our server; no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Google Fonts (Retrieval from Google’s server): Retrieval of fonts (and icons) for the purpose of ensuring technically secure, maintenance-free, and efficient use of fonts and icons with regard to up-to-date content and loading times, their consistent display, and compliance with any applicable licensing restrictions. The font provider is provided with the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted, which is necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server belonging to the font provider in the United States. When users visit our website, their browsers send HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and, subsequently, the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the User-Agent, which describes the browser and operating system versions of website visitors, as well as the referrer URL (i.e., the webpage on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wishes to load fonts. This data is logged so that Google can determine how often a specific font family is requested. With the Google Fonts Web API, the user-agent must match the font generated for the respective browser type. The user-agent is primarily logged for debugging purposes and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and to generate an aggregated report on the top integrations based on the number of font requests. According to Google, it does not use any of the information collected by Google Fonts to create profiles of end users or to serve targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for transfers to third countries: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.
  • Font Awesome (hosted on our own server): Display of fonts and icons; Service provider: The Font Awesome icons are hosted on our server; no data is transmitted to the provider of Font Awesome; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Instagram Plugins and Content: Instagram Plugins and Content — This may include, for example, content such as images, videos, or text, as well as buttons that allow users to share content from this online service within Instagram. - We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt—as part of a transfer (but not the further processing)—of “event data” that Facebook collects via Instagram features (e.g., content embedding features) that are executed on our online service, or that it receives as part of a transfer for the following purposes: a) displaying content and advertising information that corresponds to users’ presumed interests; b) delivering commercial and transaction-related messages (e.g., contacting users via Facebook Messenger); c) Improving ad delivery and personalizing features and content (e.g., improving the ability to identify which content or advertising information is likely to match users’ interests). We have entered into a special agreement with Facebook (“Addendum for Controllers,” https://www.facebook.com/legal/controller_addendum), which specifically governs the security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can, for example, submit requests for information or deletion directly to Facebook). Note: When Facebook provides us with metrics, analyses, and reports (which are aggregated—i.e., do not contain information about individual users and are anonymous to us), this processing does not take place under joint controllership but rather on the basis of a data processing agreement (“Data Processing Terms,” https://www.facebook.com/legal/terms/dataprocessing) and the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the U.S., on the basis of standard contractual clauses ("Facebook-EU Data Transfer Addendum," https://www.facebook.com/legal/EU_data_transfer_addendum). Users’ rights (in particular the right to access, erasure, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.instagram.com. Privacy Policy: https://privacycenter.instagram.com/policy/.
  • LinkedIn plugins and content: LinkedIn plugins and content—this may include, for example, content such as images, videos, or text, as well as buttons that allow users to share content from this online offering within LinkedIn; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement: https://legal.linkedin.com/dpa; Legal Basis for Transfers to Third Countries: Data Privacy Framework (DPF). Right to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • OpenStreetMap: We integrate maps from the "OpenStreetMap" service, which are provided by the OpenStreetMap Foundation (OSMF) under the Open Data Commons Open Database License (ODbL). OpenStreetMap uses user data exclusively for the purpose of displaying map functions and temporarily storing selected settings. This data may include, in particular, users’ IP addresses and location data; however, this data is not collected without their consent (which is typically provided through the settings on their devices or browsers); Service provider: OpenStreetMap Foundation (OSMF); Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.openstreetmap.de. Privacy Policy: https://osmfoundation.org/wiki/Privacy_Policy.
  • Pinterest Plugins and Content: Pinterest Plugins and Content – This may include, for example, content such as images, videos, or text, as well as buttons that allow users to share content from this website on Pinterest; Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.pinterest.com. Privacy Policy: https://policy.pinterest.com/de/privacy-policy.
  • Shariff: We use the privacy-friendly "Shariff" buttons. "Shariff" was developed to enable greater privacy online and to replace the standard "Share" buttons used by social networks. In this process, it is not the user’s browser but the server hosting this website that establishes a connection with the server of the respective social media platform and retrieves information such as the number of likes. The user remains anonymous. For more information on the Shariff project, please visit the developers at c’t magazine: https://www.heise.de/hintergrund/Ein-Shariff-fuer-mehr-Datenschutz-2467514.html; Service provider: Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hannover, Germany; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html. Privacy Policy: https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html.
  • X Plugins and Content: Plugins and buttons from the "X" platform—this may include, for example, content such as images, videos, or text, as well as buttons that allow users to share content from this online service within X; Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR); Website: https://x.com/de; Privacy Policy: https://x.com/de/privacy, (Settings: https://x.com/personalization); Data Processing Agreement: https://privacy.x.com/en/for-our-partners/global-dpa. Legal basis for transfers to third countries: Standard contractual clauses (https://privacy.x.com/en/for-our-partners/global-dpa).
  • YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Legal basis for transfers to third countries: Data Privacy Framework (DPF). Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff.
  • YouTube videos: Video content; YouTube videos are embedded via a special domain (identifiable by the "youtube-nocookie" component) in what is known as "Enhanced Privacy Mode," which prevents cookies from being collected regarding user activity for the purpose of personalizing video playback. However, information regarding user interaction with the video (e.g., remembering the last playback position) may be stored; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy. Basis for transfers to third countries: Data Privacy Framework (DPF).
  • Xing Plugins and Buttons: Xing Plugins and Buttons – These may include, for example, content such as images, videos, or text, as well as buttons that allow users to share content from this website within Xing; Service Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.xing.com. Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

Definitions

This section provides an overview of the terms used in this Privacy Policy. Where these terms are defined by law, their legal definitions apply. The explanations below, however, are primarily intended to aid understanding.

  • Master Data: Master data includes essential information necessary for the identification and management of contractual partners, user accounts, profiles, and similar assignments. This data may include, among other things, personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Master data forms the basis for any formal interaction between individuals and services, institutions, or systems by enabling unique identification and communication.
  • Content data: Content data encompasses information generated during the creation, editing, and publication of all types of content. This category of data may include text, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not limited to the actual content itself but also includes metadata that provides information about the content, such as tags, descriptions, author information, and publication dates
  • Contact data: Contact data is essential information that enables communication with individuals or organizations. It includes, among other things, phone numbers, mailing addresses, and email addresses, as well as communication channels such as social media handles and instant messaging identifiers.
  • Meta, communication, and process data: Meta, communication, and process data are categories that contain information about how data is processed, transmitted, and managed. Meta data, also known as data about data, includes information that describes the context, origin, and structure of other data. It may include details on file size, creation date, the author of a document, and revision histories. Communication data captures the exchange of information between users via various channels, such as email correspondence, call logs, social media messages, and chat histories, including the individuals involved, timestamps, and transmission methods. Process data describes the processes and procedures within systems or organizations, including workflow documentation, transaction and activity logs, as well as audit logs used to track and verify operations.
  • Usage data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This data encompasses a wide range of information that reveals how users utilize applications, which features they prefer, how long they stay on specific pages, and the paths they take when navigating through an application. Usage data may also include frequency of use, timestamps of activities, IP addresses, device information, and location data. It is particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. Furthermore, usage data plays a crucial role in identifying trends, preferences, and potential problem areas within digital offerings
  • Personal Data: “Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or one or more specific characteristics that reflect the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiles containing user-related information: The processing of “profiles containing user-related information,” or “profiles” for short, encompasses any form of automated processing of personal data that involves using such personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include various information regarding demographics, behavior, and interests, such as interaction with websites and their content, etc.), or to predict them (e.g., interests in specific content or products, click behavior on a website, or location). Cookies and web beacons are frequently used for profiling purposes.
  • Log data: Log data consists of information about events or activities that have been logged in a system or network. This data typically includes information such as timestamps, IP addresses, user actions, error messages, and other details regarding the use or operation of a system. Log data is often used to analyze system issues, for security monitoring, or to generate performance reports.
  • Audience measurement: Audience measurement (also known as web analytics) is used to evaluate visitor traffic to an online service and may include the behavior or interests of visitors regarding specific information, such as website content. With the help of web analytics, operators of online services can, for example, determine at what times users visit their websites and what content they are interested in. This allows them, for example, to better tailor the content of their websites to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to identify returning visitors and thus obtain more accurate analyses of the use of an online service.
  • Controller: The term “controller” refers to the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, whether it involves collection, evaluation, storage, transmission, or deletion.

Created using the free Datenschutz-Generator.de by Dr. Thomas Schwenke

Translated with DeepL.com (free version)