Privacy

Introduction and Overview

We have written this privacy statement (version 29.12.2024-312925868) in order to provide you with information in accordance with the requirements of General Data Protection Regulation (EU) 20 16/679 and applicable national laws, to explain which personal data (data for short) we as the controller – and the processors commissioned by us (e.g. providers) – process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, on the other hand, is intended to describe the most important things as simply and transparently as possible. Wherever it serves the cause of transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. We are using clear and simple language to inform you that we only process personal data in the course of our business activities if there is a corresponding legal basis for doing so. This is certainly not possible if you provide the briefest, most unclear and legally technical explanations possible, as is often the standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is some information that you did not know.
If you still have questions, please contact the responsible office named below or in the imprint, follow the links provided and view further information on third-party sites. Of course, you can also find our contact details in the imprint.

Scope

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this data protection declaration includes:

• all online presences (websites, online shops) that we operate

• social media presences and e-mail communication

• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas in which personal data is processed in a structured manner in the company via the channels mentioned. Should we enter into a legal relationship with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following data protection declaration, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. This EU General Data Protection Regulation can of course be accessed online at EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We will only process your data if at least one of the following conditions applies:

1. Consent (Article 6 (1) (a) GDPR): You have given us your consent to process data for a specific purpose. An example would be to store the data you entered in a contact form.

2. Contract (Article 6 (1) (b) GDPR): We process your data in order to fulfil a contract or pre-contractual obligations with you. For example, if we enter into a purchase agreement with you, we require personal information in advance.

3. Legal obligation (Article 6 (1) (c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.

4. Legitimate interests (Article 6 (1) (f) GDPR): We reserve the right to process personal data in the case of legitimate interests that do not restrict your fundamental rights. For example, we have to process certain data in order to operate our website securely and in an economically efficient manner. This processing is therefore a legitimate interest.

As a rule, we do not encounter other conditions such as the exercise of public interest recordings and the exercise of official authority, as well as the protection of vital interests. However, if such a legal basis should be relevant, it will be indicated at the appropriate point.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Data Protection Act), or DSG for short.

• In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the person responsible

Should you have any questions regarding data protection or the processing of personal data, you will find the contact details of the controller in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR) below:
Sven Sachs
Im Hof 9, 51766 Engelskirchen, Germany
Authorised to represent: Sven Sachs
E-mail: sachs.pal@gmail.com
Imprint: https://www.sachspal.de/impressum/

Contact details of the data protection officer

Please find below the contact details of the data protection officer:

Responsabe for Data Protection
Sven Sachs
Im Hof 9, 51766 Engelskirchen, Germany

Storage duration

We apply the general criterion of only storing personal data for as long as is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose no longer applies, for example for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and insofar as there is no obligation to store it.

We will inform you below about the specific duration of the respective data processing, provided that we have further information.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we are informing you of the following rights to which you are entitled to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to obtain information about whether we are processing your data. If this is the case, you have the right to receive a copy of the data and to learn the following information:

  • the purpose for which we are processing the data;

  • the categories, i.e. the types of data being processed;

  • who receives the data and, if the data is transferred to third countries, how security can be guaranteed;

  • how long the data is stored;

  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

  • the right to lodge a complaint with a supervisory authority (links to these authorities can be found below);

  • the origin of the data if we have not collected it from you;

  • whether profiling is carried out, i.e. whether data is automatically evaluated to create a personal profile of you.

• According to Article 16 of the GDPR, you have the right to have your data rectified, which means that we must correct data if you find any errors.

• According to Article 17 of the GDPR, you have the right to erasure (‘right to be forgotten’), which specifically means that you may request the deletion of your data.

• According to Article 18 of the GDPR, you have the right to restrict processing, which means that we are only allowed to store the data but not to use it further.

• According to Article 20 of the GDPR, you have the right to data portability, which means that we are obliged to provide you with your data in a commonly used format upon request.

• According to Article 21 of the GDPR, you have the right to object, which, if exercised, will result in a change in the processing.

  • If the processing of your data is based on Article 6 (1) (e) (public interest, exercise of official authority) or Article 6 (1) (f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.

  • If data is used for direct marketing, you can object to this type of data processing at any time. We are then no longer allowed to use your data for direct marketing.

  • If data is used for profiling, you can object to this type of data processing at any time. We will then no longer be allowed to use your data for profiling.

• According to Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing (e.g. profiling).

• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In summary: You have rights – do not hesitate to contact the controller listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI)

Web Analytics Introduction

Web Analytics Privacy Statement Summary

Affected parties: visitors to the website

Purpose: evaluation of visitor information to optimise the website.

Processed data: access statistics containing data such as access locations, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. You can find more details about this in the web analytics tool used.

Storage duration: depending on the web analytics tool used

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is web analytics?

We use software on our website to analyse the behaviour of website visitors, known as web analytics or web analysis for short. This involves collecting data that the respective analytic tool provider (also known as a tracking tool) stores, manages and processes. The data is used to create analyses of user behaviour on our website and made available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors. To do this, we show you two different offers for a limited period of time. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why do we use web analytics?

We have a clear goal in mind with our website: we want to provide the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting range of products on the one hand, while also making sure that you feel completely at home on our website on the other. With the help of web analysis tools, we can take a closer look at the behaviour of our website visitors and then improve our website for you and us accordingly. For example, we can see the average age of our visitors, where they come from, when our website is most frequently visited or which content or products are particularly popular. All this information helps us to optimise the website and thus adapt it to your needs, interests and wishes in the best possible way.

What data is processed?

Exactly which data is stored depends, of course, on the analysis tools used. But as a rule, for example, the content you view on our website, the buttons or links you click on, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or which computer system you use. If you have given your consent for location data to be collected, this too can be processed by the web analysis tool provider.

In addition, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in pseudonymised form (i.e. in an unrecognisable and abbreviated form). In principle, no direct data, such as your name, age, address or email address, is stored for the purposes of testing, web analysis and web optimisation. All this data, if collected at all, is stored in pseudonymised form. This means that you cannot be identified as a person.

The following example shows how Google Analytics works as an example of client-based web tracking with JavaScript code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

We will provide you with information about the duration of the data processing below, provided that we have further information. In general, we process personal data only for as long as it is absolutely necessary for the provision of our services and products. If it is legally required, as for example in the case of accounting, this storage period can also be exceeded.

Right to object

You also have the right and the option at any time to revoke your consent to the use of cookies or third-party providers. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent is the legal basis for the processing of personal data, as may occur when it is collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of our website visitors in order to improve our services from both a technical and a commercial perspective. With the help of web analytics, we can detect website errors, identify attacks and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). We only use the tools if you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general data protection declaration on cookies. To find out exactly which of your data are stored and processed, you should read the data protection declarations of the respective tools.

Information on specific web analytics tools, if available, can be found in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary

Affected parties: visitors to the website

Purpose: to evaluate visitor information in order to optimise the website.

Processed data: access statistics that include data such as access locations, device data, access duration and time, navigation behaviour and click behaviour. You can find more details on this below in this data protection declaration.

Storage duration: individually adjustable, by default Google Analytics stores 4 data for 14 months

Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

We use the analysis tracking tool Google Analytics in the Google Analytics 4 (GA4) version on our website. This is provided by the American company Google Inc. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. Google Analytics collects data about your actions on our website. Through the combination of various technologies such as cookies, device IDs and login information, you as a user can be identified across different devices. This means that your actions can also be analysed across platforms.

For example, when you click on a link, this event is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us to better tailor our website and services to your needs. In the following, we will discuss the tracking tool in more detail and, in particular, inform you about what data is processed and how you can prevent this.

Google Analytics is a tracking tool that is used to analyse the data traffic on our website. These measurements and analyses are based on a pseudonymous user identification number. This number does not contain any personal data such as your name or address, but is used to assign events to a device. GA4 uses an event-based model that collects detailed information on user interactions such as page views, clicks, scrolling and conversion events. In addition, various machine learning functions have been built into GA4 to better understand user behaviour and certain trends. GA4 uses machine learning functions for modelling. This means that missing data can be extrapolated on the basis of the collected data in order to optimise the analysis and also to be able to make forecasts.

To make Google Analytics work, a tracking code is built into the code of our website. When you visit our website, this code records various events that you perform on our website. With the event-based data model of GA4, we as website operators can define and track specific events to obtain analyses of user interactions. This means that, in addition to general information such as clicks or page views, specific events that are important for our business can also be tracked. Such special events can be, for example, sending a contact form or purchasing a product.

As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports about your user behaviour. These reports may include the following:

• Target group reports: Target group reports help us to get to know our users better and to understand more about who is interested in our service.

• Display reports: Display reports help us to analyse and improve our online advertising.

• Acquisition reports: Acquisition reports provide us with helpful information on how we can attract more people to our service.

• Behavioural reports: These reports tell us how you interact with our website. We can see the path you take on our site and which links you click on.

• Conversions reports: A conversion is a process in which you perform a desired action based on a marketing message. For example, when you go from being a mere website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing efforts reach you. This way, we want to increase our conversion rate.

• Real-time reports: These always tell us immediately what is happening on our website. For example, we can see how many users are currently reading this text.

In addition to the above-mentioned analysis reports, Google Analytics 4 also offers the following functions, among others:

• Event-based data model: This model records very specific events that may take place on our website. For example, playing a video, purchasing a product or registering for our newsletter.

• Advanced analytics: These features help us to better understand your behaviour on our website or certain general trends. For example, we can segment user groups, compare target groups or track your path on our website.

• Predictive modelling: Based on collected data, machine learning can be used to extrapolate missing data that predicts future events and trends. This can help us develop better marketing strategies.

• Cross-platform analysis: Data can be collected and analysed from both websites and apps. This offers us the opportunity to analyse user behaviour across platforms, provided that you have consented to the data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal.

The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimise our site so that it is easier for interested people to find on Google. On the other hand, the data helps us to better understand you as a visitor. This means we know exactly what we need to improve on our website to offer you the best possible service. The data also helps us to make our advertising and marketing measures more individual and cost-effective. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID that is associated with your browser cookie. This is how Google Analytics recognises you as a new user and assigns you a user ID. The next time you visit our site, you will be recognised as a ‘returning’ user. All collected data is stored together with this user ID. This is the only way to evaluate pseudonymous user profiles.

To analyse our website with Google Analytics, a property ID must be added to the tracking code. The data is then saved in the corresponding property. Google Analytics is set up by default for each new property. Depending on the property used, data is stored for different lengths of time.

Your interactions are measured across platforms through identifiers such as cookies, app instance IDs, user IDs or custom event parameters, provided you have given your consent. Interactions are all types of actions that you perform on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics can be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorise it. Exceptions may apply if required by law.

According to Google, IP addresses are not logged or stored in Google Analytics 4. However, Google uses the IP address data to derive location data and deletes it immediately afterwards. All IP addresses collected from users in the EU are therefore deleted before the data is stored in a data centre or on a server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies than previous versions (such as Google Universal Analytics). Nevertheless, there are some specific cookies that are used by GA4. These include, for example:

Name: _ga
value: 2.1326744211.152312925868-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. In principle, it is used to distinguish between website visitors.
Expiry date: after 2 years

Name: _gid
Value: 2.1687193234.152312925868-1
Purpose: The cookie is also used to distinguish between website visitors
Expiry date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to lower the request rate. If Google Analytics is provided through Google Tag Manager, this cookie is named _dc_gtm_ . Expiration date: after 1 minute

Note: This list cannot claim to be complete, as Google repeatedly changes the choice of its cookies. The aim of GA4 is also to improve data protection. Therefore, the tool offers some options for controlling data collection. For example, we can define the storage period ourselves and also control data collection.

Here is an overview of the main types of data collected by Google Analytics:

Heatmaps: Google creates so-called heatmaps. Heatmaps show you exactly the areas you click on. This is how we get information about where you are on our site.

Session duration: Google defines session duration as the time you spend on our site without leaving it. If you are inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce occurs when you view only one page on our website and then leave our website.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, shortly before the IP address is deleted, derivations are used for location data.

Technical information: Technical information includes, among other things, your browser type, your internet service provider or your screen resolution.

Source: Google Analytics and we are, of course, also interested in which website or which advertisement you used to come to our site.

Other data includes contact details, any ratings, playing media (e.g. if you play a video on our site), sharing content via social media or adding to your favourites. This list is not exhaustive and is only intended to provide a general overview of how Google Analytics stores data.

How long and where is the data stored?

Google has servers all over the world. You can find out exactly where Google's data centres are located here: https://www.google.com/about/datacenters/locations/?hl=de

Your data is distributed across various physical data carriers. This has the advantage that the data can be retrieved more quickly and is better protected against manipulation. Each Google data centre has appropriate emergency programmes for your data. If, for example, Google's hardware fails or natural disasters cripple servers, the risk of service interruption at Google remains low.

The retention period for the data depends on the properties used. The storage period is always defined separately for each individual property. Google Analytics offers us four options for controlling the storage period:

• 2 months: this is the shortest storage period.

• 14 months: by default, GA4 stores the data for 14 months.

• 26 months: you can also store the data for 26 months.

• Data will only be deleted if we delete it manually.

In addition, there is also the option that data will only be deleted if you no longer visit our website within the period we have selected. In this case, the retention period is reset each time you visit our website again within the specified period.

Once the specified time period has passed, the data is deleted once a month. This retention period applies to your data associated with cookies, user identification, and advertising IDs (e.g. cookies from the DoubleClick domain). Reporting results are based on aggregated data and stored independently of user data. Aggregated data is a merging of individual data into a larger unit.

How can I delete my data or prevent it from being stored?

Under European Union data protection law, you have the right to request access to, update, delete or restrict the use of your information. You can prevent Google Analytics 4 from using your information by using the browser add-on to disable Google Analytics JavaScript (analytics.js, gtag.js). You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates data collection by Google Analytics.

If you generally wish to deactivate, delete or manage cookies, you will find the relevant links to the instructions for the most popular browsers under the ‘Cookies’ section.

Legal basis

The use of Google Analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent is the legal basis for the processing of personal data, as may occur when it is collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of our website visitors in order to improve our services from a technical and economic perspective. With the help of Google Analytics, we can detect website errors, identify attacks and improve efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Google Analytics if you have given your consent.

Google processes your data in the United States, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the United States. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses standard contractual clauses (SCC) (Art. 46 (2) and (3) GDPR). These are templates provided by the EU Commission to ensure that your data also meets European data protection standards when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google is obliged to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we have been able to provide you with the most important information about Google Analytics data processing. If you would like to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

If you would like to learn more about data processing, please use the Google data protection declaration at Google Site Kit Privacy Policy

Google Site Kit Privacy Policy Summary

Affected: Visitors to the website

Purpose: To evaluate visitor information to optimise the website.
Processed data: Access statistics that include data such as access locations, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. More details can be found below and in the Google Analytics privacy policy.
Storage duration: depends on the properties used
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests).

What is Google Site Kit?

We have integrated the Google Site Kit WordPress plugin from the American company Google Inc. into our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. Google Site Kit allows us to quickly and easily view statistics from various Google products, such as Google Analytics, directly in our WordPress dashboard. The tool or the tools integrated into Google Site Kit also collect personal data from you, among other things. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored, and what other privacy texts are relevant for you in this context.

Google Site Kit is a plugin for the WordPress content management system. This plugin allows us to view important website analysis statistics directly in our dashboard. These are statistics that are collected by other Google products. First and foremost, Google Analytics. In addition to Google Analytics, the services Google Search Console, Page Speed Insight, Google AdSense, Google Optimize and Google Tag Manager can also be linked to Google Site Kit.

Why do we use Google Site Kit on our website?

As a service provider, it is our job to offer you the best possible experience on our website. We want you to feel comfortable on our website and to find exactly what you are looking for quickly and easily. Statistical evaluations help us to get to know you better and to adapt our offer to your wishes and interests. We use various Google tools for these evaluations. Site Kit makes our work a lot easier in this regard because we can view and analyse the statistics of Google products directly in the dashboard. This means that we no longer have to register separately for each tool. Site Kit thus always provides a good overview of the most important analysis data.

What data is stored by Google Site Kit?

If you have actively consented to tracking tools in the cookie notice (also known as a script or banner), Google products such as Google Analytics will set cookies and send data about you, such as your user behaviour, to Google, where it will be stored and processed. This also includes personal data such as your IP address.

For more detailed information on the individual services, we have separate text sections in this privacy policy. For example, take a look at our privacy policy for Google Analytics. Here we go into great detail about the data collected. You will learn how long Google Analytics stores, manages and processes data, which cookies may be used and how you can prevent data storage. We have also prepared separate data protection statements with comprehensive information for other Google services, such as Google Tag Manager or Google AdSense.

Below, we show you examples of Google Analytics cookies that may be set in your browser if you have consented to data processing by Google in principle. Please note that these cookies are only a selection:

Name: _ga
Value:2.1326744211.152312925868-2
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. This is used to distinguish between website visitors.
Expiry date: after 2 years

Name: _gid
Value:2.1687193234.152312925868-7
Purpose: This cookie is also used to distinguish between website visitors.
Expiry date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: This cookie is used to lower the request rate.
Expiry date: after 1 minute

How long and where is the data stored?

Google stores the data collected on its own Google servers, which are distributed worldwide. Most of the servers are located in the United States, so it is quite possible that your data will also be stored there. At https://www.google.com/about/datacenters/locations/?hl=de, you can see exactly where the company provides servers.

Data collected by Google Analytics is stored for a standard period of 26 months. After that, your user data is deleted. The retention period applies to all data associated with cookies, user recognition and advertising IDs.

How can I delete my data or prevent it from being stored?

You always have the right to request information about your data and to have it deleted, corrected or restricted. You can also disable, delete or manage cookies in your browser at any time.

If you wish to disable, delete or manage cookies in general, you will find the relevant links to the instructions for the most popular browsers under the ‘Cookies’ section.

Legal basis

The use of Google Site Kit requires your consent, which we have obtained with our cookie popup. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent is the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our services from a technical and economic point of view. With the help of Google Site Kit, we can detect website errors, identify attacks and improve efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Google Site Kit if you have given your consent.

Google processes your data in the United States, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the United States. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses standard contractual clauses (SCC) (Art. 46 (2) and (3) GDPR). These are templates provided by the EU Commission to ensure that your data also meets European data protection standards when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google is obliged to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

To learn more about how Google processes data, we recommend that you read Google's comprehensive privacy policy at https://policies.google.com/privacy?hl=de.

Social Media Introduction

Social Media Privacy Policy Summary

Data subjects: visitors to the website

Purposes: to present and optimise our services, to contact visitors and prospects, etc., to advertise

Processed data: Data such as phone numbers, email addresses, contact details, user behaviour data, information about your device and your IP address.

You can find more details about this at the respective social media tool used.

Storage duration: depending on the social media platforms used

Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests)

What is social media?

In addition to our website, we are also active on various social media platforms. This means that user data may be processed so that we can address users who are interested in us via social networks. Furthermore, elements of a social media platform can be embedded directly into our website. This is the case, for example, if you click on a so-called social button on our website and are redirected directly to our social media site. Social media refers to websites and apps that registered members can use to produce content, exchange content openly or in specific groups, and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. Our social media sites allow us to showcase our products and services to interested parties. The social media elements integrated into our website help you to quickly and easily switch to our social media content.

The data stored and processed through your use of a social media channel is primarily used for the purpose of conducting web analytics. The aim of these analyses is to develop more accurate and personalised marketing and advertising strategies. Depending on your behaviour on a social media platform, the evaluated data can be used to draw appropriate conclusions about your interests and create so-called user profiles. This also enables the platforms to present you with customised advertisements. In most cases, cookies are set in your browser for this purpose, which store data on your usage behaviour.

We generally assume that we remain responsible under data protection law even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform can be jointly responsible with us within the meaning of Art. 26 GDPR. Insofar as this is the case, we will point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is then given below for the platform concerned.

Please note that when you use social media platforms or our integrated elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may make it more difficult for you to exercise or enforce your rights with respect to your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective social media platform provider. But usually it is data such as phone numbers, email addresses, data that you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. In particular, if you have a profile on the social media channel you are visiting and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers' servers. This means that only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly what data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the company's privacy policy. If you have any questions about data storage and data processing or if you want to assert corresponding rights, we recommend that you contact the provider directly.

Duration of data processing

We will provide you with information below about the duration of data processing if we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is compared with your own user data is deleted within two days. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. If it is legally required, as for example in the case of accounting, this storage period can also be exceeded.

Right of objection

You also have the right and the option at any time to revoke your consent to the use of cookies or third-party providers such as embedded social media elements. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend our general privacy policy regarding cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the processing and storage of your data by integrated social media elements, this consent is the legal basis for the data processing (Art. 6 (1) (a) GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners if you have given your consent. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our data protection text about cookies carefully and take a look at the data protection declaration or cookie guidelines of the respective service provider.

Information on specific social media platforms can be found – if available – in the following sections.

Facebook Privacy Policy

Facebook Privacy Policy Summary

Affected parties: visitors to the website

Purpose: optimising our services

Processed data: data such as customer data, data on user behaviour, information on your device and your IP address.

More details can be found below in the data protection declaration.

Storage duration: until the data is no longer useful for Facebook's purposes

Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests)

What are Facebook tools?

We use selected Facebook tools on our website. Facebook is a social media network operated by Meta Platforms Inc. and, for the European area, by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools enable us to offer you and people who are interested in our products and services the best possible offer.

If data about you is collected and forwarded via our embedded Facebook elements or our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook alone is responsible for the further processing of this data. Our joint obligations have also been set out in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum. This states, for example, that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are integrated into our website in a manner that is secure under data protection law. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and processing by Facebook, you can contact the company directly. If you address the question to us, we are obliged to forward it to Facebook.

In the following, we will give you an overview of the various Facebook tools, what data is sent to Facebook and how you can delete this data.

Among many other products, Facebook also offers the so-called ‘Facebook Business Tools’. This is the official name given by Facebook. However, since the term is hardly known, we have decided to simply call them Facebook tools. These include, among other things:

• Facebook pixel

• social plug-ins (such as the ‘Like’ or ‘Share’ buttons)

• Facebook Login

• Account Kit

• APIs (programming interface)

• SDKs (collection of programming tools)

• platform integrations

• plugins

• codes

• Specifications

• Documentation

• Technologies and services

These tools enable Facebook to expand its services and allow it to obtain information about user activities outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who are really interested in them. With the help of advertisements (Facebook ads), we can reach precisely these people. However, in order to show users appropriate advertising, Facebook needs information about people's wants and needs. This is how information about user behaviour (and contact data) on our website is made available to the company. This enables Facebook to collect better user data and display the appropriate advertising about our products or services to interested people. The tools thus enable customised advertising campaigns on Facebook.

Facebook calls data about your behaviour on our website ‘event data’. This is also used for measurement and analysis services. Facebook can thus create ‘campaign reports’ about the effect of our advertising campaigns on our behalf. Furthermore, the analyses help us to gain a better insight into how you use our services, website or products. This means that we can use some of these tools to optimise your user experience on our website. For example, you can use the social plug-ins to share content on our site directly on Facebook.

What data is stored by Facebook tools?

When you use individual Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number and IP address may be sent.

Facebook uses this information to compare it with the data it has about you (if you are a Facebook member). Before customer data is transmitted to Facebook, it is subjected to a process known as ‘hashing’. This means that a data set of any size is transformed into a character string. This also serves to encrypt data.

In addition to contact data, ‘event data’ is also transmitted. ‘Event data’ refers to the information we receive about you on our website. For example, which sub-pages you visit or which products you purchase from us. Facebook does not share the information it receives with third parties (such as advertisers) unless it has explicit permission or is legally required to do so. ‘Event data’ can also be linked to contact data. This enables Facebook to offer better personalised advertising. After the aforementioned matching process, Facebook deletes the contact data.

In order to deliver optimised ads, Facebook only uses event data if it has been combined with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files that are used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, a different number of cookies will be created in your browser. We describe the individual Facebook cookies in more detail in the descriptions of the individual Facebook tools. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.

How long and where is the data stored?

In principle, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has distributed servers around the world where its data is stored. However, customer data is deleted within 48 hours after it has been compared with your own user data.

How can I delete my data or prevent it from being stored?

In accordance with the General Data Protection Regulation, you have the right to access, rectify, transfer and delete your data.

A complete deletion of the data will only take place if you completely delete your Facebook account. And this is how you delete your Facebook account:

1) Click on Settings on the right side of Facebook.

2) Then click on ‘Your Facebook Information’ in the left-hand column.

3) Now click on ‘Deactivation and Deletion’.

4) Now select ‘Delete account’ and then click on ‘Continue and delete account’.

5) Now enter your password, click on ‘Continue’ and then on ‘Delete account’.

The data that Facebook receives via our page is stored, among other things, using cookies (e.g. for social plugins). You can disable, delete or manage individual or all cookies in your browser. Depending on which browser you use, this works in different ways. You can find the relevant links to the instructions for the most common browsers under the ‘Cookies’ section.

If you do not want any cookies whatsoever, you can set up your browser to always notify you when a cookie is about to be placed. This way, you can decide for each cookie whether to allow it or not.

Legal basis

If you have given your consent for your data to be processed and stored by integrated Facebook tools, this consent is the legal basis for the data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in communicating quickly and effectively with you or other customers and business partners. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our data protection text about cookies carefully and view Facebook's data protection declaration or cookie guidelines.

Facebook also processes your data in the United States, among other places. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the United States. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Facebook uses standard contractual clauses (SCCs) (Art. 46 (2) and (3) GDPR). These are templates provided by the EU Commission to ensure that your data also meets European data protection standards when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the standard contractual clauses, Facebook is obliged to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the United States. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing condition, which refers to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

We hope we have provided you with the most important information about how Facebook tools are used and how data is processed. If you would like more information about how Facebook uses your data, we recommend you read the data policy at https://www.facebook.com/privacy/policy/.

Instagram Privacy Policy

Instagram Privacy Policy Summary

Affected parties: visitors to the website

Purpose: optimising our services

Processed data: data such as user behaviour data, information about your device and your IP address.

More details can be found below in the privacy policy.

Storage duration: until Instagram no longer needs the data for its purposes

Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests).

What is Instagram?

We have integrated Instagram functions into our website. Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is one of the Facebook products. The embedding of Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you visit pages on our site that have integrated an Instagram feature, data is transmitted to Instagram, stored and processed. Instagram uses the same systems and technologies as Facebook. Your data is thus processed across all Facebook companies.

In the following, we would like to give you a more detailed insight into why Instagram collects data, what kind of data it is and how you can largely control the data processing. Since Instagram belongs to Meta Platforms Inc., we obtain our information from the Instagram guidelines on the one hand, but also from the Meta privacy policy itself.

Instagram is one of the most well-known social media networks worldwide. Instagram combines the advantages of a blog with the advantages of audiovisual platforms such as YouTube or Vimeo. You can upload photos and short videos to ‘Insta’ (as many of the users casually call the platform), edit them with various filters and also distribute them in other social networks. And if you don't want to be active yourself, you can just follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really taken off in recent years. And of course we have responded to this boom. We want you to feel as comfortable as possible on our website. That is why we naturally present our content in a varied way. The embedded Instagram functions allow us to enrich our content with helpful, funny or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be used for personalised advertising on Facebook. This means that our ads are only shown to people who are really interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive summarised statistics that give us more insight into your wishes and interests. It is important to note that these reports do not personally identify you.

What data is stored by Instagram?

If you come across one of our pages that has integrated Instagram features (such as Instagram images or plug-ins), your browser will automatically contact Instagram's servers. In doing so, data is sent to Instagram, stored and processed. And this happens regardless of whether you have an Instagram account or not. This includes information about our website, about your computer, about purchases made, about advertisements you see and how you use our offer. Furthermore, the date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook differentiates between customer data and event data. We assume that this is also the case with Instagram. Customer data includes, for example, name, address, telephone number and IP address. This customer data is only transmitted to Instagram if it has been ‘hashed’ beforehand. Hashing means that a data record is converted into a character string. This allows contact data to be encrypted. In addition, the ‘event data’ mentioned above is also transmitted. By ‘event data’, Facebook – and consequently also Instagram – understands data about your user behaviour. It may also happen that contact data is combined with event data. The contact data collected is compared with the data that Instagram already has about you.

The collected data is transmitted to Facebook via small text files (cookies), which are usually placed in your browser. Depending on the Instagram functions used and whether you have an Instagram account yourself, different amounts of data are stored.

We assume that Instagram's data processing works the same way as Facebook's. This means that if you have an Instagram account or have visited www.instagram.com, Instagram has set at least one cookie. If that is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram function. This data is deleted or anonymised after 90 days at the latest (after matching). Although we have intensively studied Instagram's data processing, we cannot say exactly which data Instagram collects and stores.

In the following, we will show you the minimum cookies that are set in your browser when you click on an Instagram function (such as a button or an Insta picture). For our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies will of course be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent falsification of requests. However, we could not find out more about this.
Expiry date: after one year

Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimise its own services and offers on and off Instagram. The cookie sets a unique user ID.
Expiry date: at the end of the session

Name: fbsr_312925868124024
Value: not provided
Purpose: This cookie stores the login request for Instagram app users.
Expiry date: at the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date: after the end of the session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe312925868”
Purpose: This cookie is used for Instagram's marketing purposes.
Expiry date: after the end of the session

Note: We cannot claim that this list is complete. Which cookies are set in an individual case depends on the embedded functions and how you use Instagram.

How long and where is the data stored?

Instagram shares the information it receives between Facebook companies with external partners and with people you connect with worldwide. The data processing is carried out in accordance with our own data policy. Your data is distributed across Facebook servers around the world, including for security reasons. Most of these servers are located in the United States.

How can I delete my data or prevent it from being stored?

Thanks to the General Data Protection Regulation, you have the right to access, transfer, correct and delete your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you have to permanently delete your Instagram account.

And this is how to delete your Instagram account:

First, open the Instagram app. On your profile page, scroll down and click on ‘Help Center’. This will take you to the company's website. Click on ‘Manage Account’ and then on ‘Delete Your Account’.

When you delete your account, Instagram deletes posts such as your photos and status updates. Information that other people have shared about you is not part of your account and is therefore not deleted.

As mentioned above, Instagram primarily stores your data using cookies. You can manage, disable or delete these cookies in your browser. The management process varies slightly depending on your browser. You can find links to instructions for the most common browsers under the ‘Cookies’ section.

You can also set up your browser so that you are always informed when a cookie is about to be placed. You can then decide each time whether you want to allow the cookie or not.

Legal basis

If you have consented to the processing and storage of your data by integrated social media elements, this consent is the legal basis for the data processing (Art. 6 (1) (a) GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in communicating quickly and effectively with you or other customers and business partners. However, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our data protection text about cookies carefully and view the data protection declaration or cookie guidelines of the respective service provider.

Instagram also processes your data in the United States. Instagram, or rather Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the United States. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Instagram uses what are known as standard contractual clauses (Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCC) are model clauses provided by the EU Commission and are designed to ensure that your data still meets European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the standard contractual clauses, Instagram is obliged to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We have tried to provide you with the most important information about data processing by Instagram. You can find out more about Instagram's data policy at https://privacycenter.instagram.com/policy/

X (formerly: Twitter) Privacy Policy

X (formerly: Twitter) Privacy Policy Summary

Data subjects: visitors to the website

Purpose: optimising our services

Data processed: data such as data on user behaviour, information about your device and your IP address. You can find more details below in the privacy policy. Data collected by other websites is deleted by X after 30 days at the latest. Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is X?

We have integrated functions of X into our website. These include embedded tweets, timelines, buttons or hashtags. X is a short message service and a social media platform of the American company X Corp., 1355 Market Street, Suite 900 San Francisco, CA 94103, USA. For the European area, the company Twitter International Unlimited Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland) is responsible for processing personal data.

To the best of our knowledge, the mere integration of X functions in the European Economic Area and Switzerland does not yet result in the transfer of personal data or data about your web activities to X. Only when you interact with the X functions, for example by clicking a button, can data be sent to X, where it is stored and processed. We have no influence over this data processing and bear no responsibility for it. In the context of this privacy policy, we want to give you an overview of what data X stores, what X does with this data and how you can protect yourself to a large extent from data transmission.

For some, X is a news service, for others a social media platform and still others speak of a microblogging service. All these designations have their justification and mean more or less the same.

Both private individuals and companies use X to communicate with interested parties via short messages. X only allows 280 characters per message. These messages are called ‘tweets’. Unlike Facebook, for example, the service does not focus on building a network for ‘friends’, but wants to be seen as a global and open news platform. You can also have an anonymous account on X and tweets can be deleted by the company on the one hand, and by the users themselves on the other.

Why do we use X on our website?

Like many other websites and companies, we try to offer our services and communicate with our customers through a variety of channels. We have grown to appreciate X (probably better known to many as Twitter) as a useful ‘little’ messaging service. We regularly tweet or retweet exciting, funny or interesting content. We understand that you can't follow every channel separately. After all, you have other things to do. That's why we have integrated X functions on our website. You can experience our X activity ‘on site’ or come to our X page via a direct link. By integrating it, we want to strengthen our service and the user-friendliness of our website.

What data is stored by X?

You will find the integrated X functions on some of our sub-pages. When you interact with the X content, for example by clicking on a button, X can collect and store data. This also happens if you do not have an X account yourself. X calls this data ‘log data’. This includes demographic data, browser cookie IDs, your phone's ID, hashed email addresses, and information about which pages you've visited on X and what actions you've taken. Of course, X stores more data if you have an X account and are logged in. Until now, this storage was done via cookies. Cookies are small text files that are usually stored in your browser and transmit various information to X.

We will now show you which cookies are set when you are not logged in to X but visit a website with built-in X functions. Please consider this list an example. We cannot guarantee completeness here in any case, since the choice of cookies is always changing and depends on your individual actions with the X content.

These cookies were used in our test:

Name: personalization_id
Value: “v1_cSJIsogU51SeE312925868”
Purpose: This cookie stores information about how you use the website and which advertisements may have brought you to X.
Expiry date: after 2 years

Name: lang
Value: de
Purpose: This cookie stores your default or preferred language.
Expiry date: after the end of the

session

Name: guest_id
Value: 312925868v1%3A157132626
Purpose: This cookie is set to identify you as a guest.
Expiry date: after 2 years

Name: fm
Value: 0
Purpose: Unfortunately, we were unable to determine the purpose of this cookie.
Expiry date: After the end of the

session

Name: external_referer
Value: 3129258682beTA0sf5lkMrlGt
Purpose: This cookie collects anonymous data, such as how often you visit X and how long you visit X.
Expiry date: After 6 days

Name: eu_cn
Value: 1
Purpose: This cookie stores user activity and is used for various advertising purposes by X.
Expiry date: After one year

Name: ct0
Value: c1179f07163a365d2ed7aad84c99d966
Purpose: Unfortunately, we have not found any information about this cookie.
Expiry date: after 6 hours

Name: _twitter_sess
Value: 53D%253D–dd0248312925868-
Purpose: This cookie allows you to use functions within the X website.
Expiry date: after the session

Note: X also works with third-party providers. That is why we also recognised the three Google Analytics cookies _ga, _gat, _gid during our test.

X uses the data collected to better understand user behaviour and thus improve its own services and advertising offers, but the data also serves internal security measures.

How long and where is the data stored?

When X collects data from other websites, it is deleted, summarised or otherwise obscured after a maximum of 30 days. The X servers are located at various server centres in the United States. Accordingly, it can be assumed that the collected data is collected and stored in America. Based on our research, we have not been able to determine conclusively whether X also has its own servers in Europe. In principle, X can store the collected data until it is no longer useful to the company, you delete the data or a legal deletion period applies.

How can I delete my data or prevent it from being stored?

X emphasises in its privacy policy that it does not store data from external website visits if you or your browser is located in the European Economic Area or Switzerland. However, if you interact with X directly, X will of course also store data about you.

If you have an X account, you can manage your data by clicking on ‘More’ under the ‘Profile’ button. Then click on ‘Settings and Privacy.’ Here you can manage the data processing individually.

If you do not have an X-account, you can go to twitter.com and then click on ‘Personalisation’. You can manage the data collected about you under ‘Personalisation and data’.

As mentioned above, most of the data is stored via cookies and you can manage, deactivate or delete these in your browser. Please note that you can only edit cookies in the browser you have selected. This means that if you use a different browser in the future, you will have to manage your cookies there again according to your preferences. You can find the relevant links to the instructions for the most popular browsers in the ‘Cookies’ section.

You can also set your browser to notify you for each individual cookie. This way, you can always decide individually whether you want to allow a cookie or not.

X also uses the data for personalised advertising within and outside of X. You can switch off personalised advertising in the settings under ‘Customisation and data’. If you use X on a browser, you can disable personalised advertising at https://optout.aboutads.info/?c=2&lang=EN.

Legal basis

If you have consented to the processing and storage of your data by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. However, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text about cookies carefully and take a look at the data protection declaration or cookie guidelines of the respective service provider.

X also processes your data in the United States, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transferred to the United States. This may entail various risks for the lawfulness and security of the data processing.

X uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for the transfer of data to such recipients. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also meets European data protection standards when it is transferred to and stored in third countries (such as the USA). These clauses oblige X to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information about the standard contractual clauses at X at https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

We hope we have given you a basic overview of the data processing by X. We do not receive any data from X and are not responsible for what X does with your data. If you have any further questions about this topic, we recommend you read X's privacy policy at https://twitter.com/de/privacy.

Cloud services

Cloud services Privacy Policy Summary

Data subjects: we as the website operator and you as the website visitor

Purpose: security and data storage

Processed data: Data such as your IP address, name or technical data such as browser version

You can find more details below and in the individual data protection texts or in the providers' data protection declarations

Storage period: in most cases, the data is stored until it is no longer needed to provide the service

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What are cloud services?

Cloud services provide us, as a website operator, with storage space and computing power over the internet. Data can be transferred to an external system, processed and stored over the internet. The corresponding cloud provider is responsible for managing this data. Depending on the requirements, an individual or a company can select the storage space or computing power. Cloud storage is accessed via an API or storage protocols. API stands for Application Programming Interface and refers to a programming interface that connects software with hardware components.

Why do we use cloud services?

We use cloud services for a number of reasons. A cloud service offers us the opportunity to store our data securely. In addition, we have access to the data from different locations and devices, which gives us more flexibility and simplifies our work processes. Cloud storage also saves us costs because we do not have to set up and manage our own infrastructure for data storage and security. Centralised data storage in the cloud also allows us to expand our fields of application and manage our information much better.

We as a website operator or as a company primarily use cloud services for our own purposes. For example, we use the services to manage our calendar and to store documents or other important information in the cloud. However, this may also involve the storage of your personal data. This is the case, for example, if you provide us with your contact details (such as your name and email address) and we store our customer data with a cloud provider. Consequently, the data that we process about you may also be stored and processed on external servers. If we offer certain forms or content from cloud services on our website, cookies may also be set for web analysis and advertising purposes. Furthermore, such cookies remember your settings (such as the language used) so that you will find your familiar web environment when you next visit our website.

What data is processed by cloud services?

Much of the data we store in the cloud is not personally identifiable, but some data is considered personal data under the GDPR. This is often customer data such as name, address, IP address or telephone number, or technical device information. The cloud can also be used to store videos, images and audio files. Exactly how the data is collected and stored depends on the service. We try to use only services that handle data in a highly trustworthy and professional manner. In principle, the services, such as Amazon Drive, have access to the stored files in order to be able to offer their own service accordingly. However, the services require authorisations such as the right to copy files for security reasons. These data are processed and managed within the framework of the services and in compliance with the applicable laws. This also includes the GDPR for US providers (via the standard contractual clauses). These cloud services also work in some cases with third-party providers, who may process data under instruction and in accordance with data protection guidelines and other security measures. We would like to emphasise again at this point that all known cloud services (such as Amazon Drive, Google Drive or Microsoft Onedrive) obtain the right to have access to stored content in order to be able to offer and optimise their own services accordingly.

Duration of data processing

We will provide you with information below about the duration of data processing, provided that we have further information. In general, cloud services store data until you or we revoke the data storage or delete the data again. In general, personal data is only stored for as long as is absolutely necessary to provide the services. However, a final deletion of data from the cloud can take several months. This is because the data is usually not only stored on one server, but is distributed across different servers.

Right of objection

You also have the right and the option at any time to revoke your consent to data storage in a cloud. If cookies are used, you also have a right of revocation here. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. We also recommend our general data protection declaration regarding cookies. To find out exactly which of your data are stored and processed, you should read the data protection declarations of the respective cloud providers.

Legal basis

We use cloud services primarily on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) in a good security and storage system.

Certain processing, in particular the use of cookies and the use of storage functions, requires your consent. If you have consented to your data being processed and stored by cloud services, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the services we use set cookies in your browser to store data. Therefore, we recommend that you read our data protection text about cookies carefully and view the data protection declaration or cookie guidelines of the respective service provider.

Information on special tools – if available – can be found in the following sections.

Google Cloud Privacy Policy

Our website uses Google Cloud, an online storage service for files, photos and videos. The service provider is the American company Google Inc. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.

Google also processes your data in the United States, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the United States. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses standard contractual clauses (SCC) (Art. 46 (2) and (3) GDPR). These are templates provided by the EU Commission to ensure that your data also meets European data protection standards when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google is obliged to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Google has a contract for commissioned data processing available in accordance with Art. 28 GDPR, which serves as the data protection basis for our customer relationship with Google. This refers to the EU standard contractual clauses. You can find the terms and conditions for processing orders here: https://business.safety.google/intl/de/adsprocessorterms/

You can find out more about the data processed through the use of Google Cloud in the privacy policy at https://policies.google.com/privacy?hl=de.

All texts are protected by copyright.

Source: Privacy Policy created using the Privacy Policy Generator for Germany by AdSimple. Please also take a look at our sample data protection declaration. This text was translated from German by using Deepl translator.