Privacy Policy

Introduction and Overview

We have created this privacy policy (version 28.06.2023-112528539) to provide you with information, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, regarding which personal data (hereinafter referred to as data) we process as the data controller and which data processors (e.g., providers) process on our behalf, and what legal options you have. The terms used are intended to be gender-neutral.

Privacy policies are usually very technical and use legal jargon. This privacy policy aims to explain the most important aspects in a simple and transparent way. Where beneficial to transparency, technical terms are explained in a user-friendly manner, links to additional information are provided, and graphics are used. We aim to communicate in clear and simple language that we process personal data within the scope of our business activities only when there is a legal basis to do so. This is not possible with overly concise, unclear, and legal-technical explanations, as often seen online in the context of privacy policies. We hope you find the following explanations interesting and informative, and perhaps you will discover some information you didn’t know before.
If you still have questions, we kindly ask you to contact the responsible party listed below or in the imprint, follow the provided links, and review additional information on third-party websites. Our contact details can also be found in the imprint.

Scope of Application

This privacy policy applies to all personal data processed by us within our company and to all personal data processed by companies commissioned by us (data processors). By personal data, we mean information as defined in Article 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:

  • All online presences (websites, online shops) operated by us
  • Social media presences and email communication
  • Mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas where personal data is processed within the company through the channels mentioned. If we establish legal relationships with you outside these channels, we will inform you separately if necessary.

In the following privacy policy, we provide transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, that allow us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can review this General Data Protection Regulation of the EU online on EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions is met:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you entered into a contact form.
  2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase agreement with you, we need personal information beforehand.
  3. Legal Obligation (Article 6(1)(c) GDPR): If we are legally obligated to process your data, we do so. For instance, we are required by law to retain invoices for accounting purposes. These invoices usually contain personal data.
  4. Legitimate Interests (Article 6(1)(f) GDPR): In cases of legitimate interests that do not override your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically. This processing constitutes a legitimate interest.

Other conditions, such as the performance of tasks carried out in the public interest or the protection of vital interests, typically do not apply to us. If such a legal basis is relevant, it will be specified in the corresponding section.

In addition to the EU regulation, the following national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Data Protection Act, or DSG).
  • In Germany, the Federal Data Protection Act, or BDSG, applies.

Should additional regional or national laws apply, we will inform you in the following sections.

Contact Details of the Controller

If you have questions about data protection or the processing of personal data, you can find the contact details of the responsible person or entity below:
XCESS-TEAM Martin Harrer
Stadtplatz 34/2, 4070 Eferding, Austria
Email: office@mathe-star.net

Storage Duration

We store personal data only as long as it is absolutely necessary for providing our services and products. This is our general policy. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally required to retain certain data even after the original purpose has been fulfilled, such as for accounting purposes.

If you wish to have your data deleted or to withdraw your consent for data processing, the data will be deleted as soon as possible, provided there is no obligation to retain it.

We will inform you about the specific duration of data processing further below if we have more information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights that you are entitled to in order to ensure fair and transparent data processing:

  • According to Article 15 of the GDPR, you have the right to obtain information about whether we process data about you. If this is the case, you have the right to receive a copy of the data and to be informed of the following details:
    • the purpose of the processing;
    • the categories, i.e., types of data processed;
    • who receives this data and how security can be guaranteed if the data is transferred to third countries;
    • how long the data will be stored;
    • the existence of the right to rectification, erasure, or restriction of processing, and the right to object to the processing;
    • that you can file a complaint with a supervisory authority (links to these authorities are provided further below);
    • the origin of the data, if we did not collect it from you;
    • whether profiling is being conducted, i.e., whether data is being automatically evaluated to create a personal profile of you.
  • According to Article 16 of the GDPR, you have the right to rectify your data, meaning we must correct data if you find errors.
  • According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request the deletion of your data.
  • According to Article 18 of the GDPR, you have the right to restrict processing, meaning we may only store the data but not use it further.
  • According to Article 20 of the GDPR, you have the right to data portability, meaning we will provide you with your data in a commonly used format upon request.
  • According to Article 21 of the GDPR, you have the right to object, which, if upheld, will result in a change in the processing of your data.
    • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interests), you can object to the processing. We will then assess whether we can legally comply with your objection as quickly as possible.
    • If data is used for direct marketing, you can object at any time to this type of data processing. We will no longer use your data for direct marketing.
    • If data is used for profiling, you can object at any time to this type of data processing. We will no longer use your data for profiling.
  • According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
  • According to Article 77 of the GDPR, you have the right to complain. This means you can file a complaint with the data protection authority if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated, you can file a complaint with the supervisory authority. In Austria, the relevant authority is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, each federal state has its own data protection officer. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austria Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone number: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if it is legally required, or if it is contractually necessary, and in any case only to the extent that it is generally allowed. Your consent is the primary reason for processing data in third countries in most cases. The processing of personal data in third countries, such as the USA, where many software providers offer services and have server locations, may mean that personal data is processed and stored in unexpected ways.

We expressly point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may result in data being processed and stored in a non-anonymized manner. Additionally, US authorities may access certain data. Moreover, collected data may be linked with data from other services provided by the same provider if you have a corresponding user account. Whenever possible, we try to use server locations within the EU, if offered.

We will inform you in the appropriate sections of this privacy policy about data transfers to third countries if applicable.

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Whenever possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to deduce personal information from our data.

Article 25 of the GDPR refers to “data protection through technology design and by default” and means that security should be considered when designing both software (e.g., forms) and hardware (e.g., access to server rooms), and appropriate measures should be implemented. Below, if necessary, we will outline specific measures taken.

Communication

Communication Summary
👥 Affected Parties: All who communicate with us via phone, email, or online form
📓 Processed Data: e.g., phone number, name, email address, form data entered. More details can be found in the respective contact method used
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Retention Period: Duration of the business case and legal requirements
⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract), Art. 6(1)(f) GDPR (Legitimate Interests)

If you contact us and communicate via phone, email, or online form, personal data may be processed.

The data is processed for handling and processing your inquiry and the associated business transaction. The data will be stored as long as necessary or as required by law.

Affected Persons

All individuals who contact us via the communication channels we provide are affected by these processes.

Phone

If you call us, call data will be pseudonymized and stored on the respective device and by the telecommunications provider used. Additionally, data such as your name and phone number may be sent by email and stored for responding to your inquiry. The data will be deleted once the business case is concluded and as soon as legal requirements allow.

Email

If you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and may be stored on the email server. The data will be deleted once the business case is concluded and as soon as legal requirements allow.

Online Forms

If you communicate with us using an online form, the data will be stored on our web server and possibly forwarded to one of our email addresses. The data will be deleted once the business case is concluded and as soon as legal requirements allow.

Legal Bases

The processing of data is based on the following legal grounds:

  • Article 6(1)(a) GDPR (Consent): You give us consent to store your data and use it for purposes related to the business transaction;
  • Article 6(1)(b) GDPR (Contract): It is necessary for fulfilling a contract with you or a data processor, such as a phone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
  • Article 6(1)(f) GDPR (Legitimate Interests): We want to handle customer inquiries and business communication in a professional manner. This requires certain technical tools such as email programs, Exchange servers, and mobile network providers to operate the communication efficiently.

Cookies

Cookies Summary
👥 Affected Parties: Website visitors
🤝 Purpose: Depending on the specific cookie. More details can be found below or with the software provider setting the cookie.
📓 Processed Data: Depending on the specific cookie. More details can be found below or with the software provider setting the cookie.
📅 Retention Period: Depending on the specific cookie, it can vary from hours to years
⚖️ Legal Grounds: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used so that you can better understand this privacy statement.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are really useful helpers. Almost all websites use cookies. More specifically, these are HTTP cookies, as there are also other types of cookies for different applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, essentially the „brain“ of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as language or personal page settings. When you revisit our site, your browser sends back the „user-related“ information to our site. Thanks to cookies, our website knows who you are and offers you the settings you’re familiar with. In some browsers, each cookie has its own file, while in others, like Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. The web browser requests a website and receives a cookie from the server, which the browser then reuses when requesting another page.

HTTP Cookie Interaction between Browser and Web Server

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be assessed individually as each stores different data. The expiration time of a cookie also varies, ranging from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other „pests.“ Cookies also cannot access information on your computer.

What Types of Cookies Are There?

The question of which cookies we specifically use depends on the services used, and this will be clarified in the following sections of the privacy statement. At this point, we would like to briefly address the different types of HTTP cookies.

There are 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure the basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, browses other pages, and later proceeds to checkout. These cookies prevent the cart from being emptied, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure website load times and performance across different browsers.

Targeted Cookies
These cookies enhance user-friendliness. For example, they store input locations, font sizes, or form data.

Advertising Cookies
These cookies are also known as targeting cookies. They are used to deliver personalized advertising to the user. This can be very convenient, but also quite annoying.

Typically, you will be asked on your first visit to a website which types of cookies you wish to allow. This decision will also be stored in a cookie.

If you want to learn more about cookies and don’t mind technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) titled „HTTP State Management Mechanism.“

Purpose of Processing via Cookies

The purpose ultimately depends on the specific cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

What Data is Processed?

Cookies are small helpers for various tasks. The type of data stored in cookies cannot be generalized, but we will inform you within this privacy policy about the data processed or stored.

Storage Duration of Cookies

The storage duration depends on the specific cookie and is detailed further below. Some cookies are deleted in less than an hour, while others may remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also „Right to Object“ below). Furthermore, cookies based on consent are deleted no later than after the withdrawal of your consent, with the legality of storage until then remaining unaffected.

Right to Object – How to Delete Cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option to delete, disable, or allow cookies partially. For instance, you can block third-party cookies while allowing all other cookies.

If you want to check which cookies are stored in your browser, or if you wish to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove information websites have stored

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want to have cookies, you can configure your browser to notify you whenever a cookie is set. This allows you to decide on a case-by-case basis whether to allow the cookie. The procedure varies depending on the browser. It’s best to search Google for instructions with terms like „delete cookies Chrome“ or „disable cookies Chrome“ for Chrome browsers.

Legal Basis

Since 2009, the so-called „Cookie Directive“ has been in effect. It states that storing cookies requires your consent (Article 6(1)(a) GDPR). However, EU countries have responded very differently to this directive. In Austria, this directive was implemented in Section 96(3) of the Telecommunications Act (TKG). In Germany, the cookie directive was not implemented as national law. Instead, it was largely incorporated into Section 15(3) of the Telemedia Act (TMG).

For strictly necessary cookies, even without consent, there are legitimate interests (Article 6(1)(f) GDPR), which are often of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often essential for that.

For non-essential cookies, they are used only with your consent. The legal basis in this case is Article 6(1)(a) GDPR.

In the following sections, you will find more detailed information about the use of cookies if the software used employs them.

Web Hosting Introduction

Web Hosting Summary
👥 Affected parties: Website visitors
🤝 Purpose: Professional hosting of the website and ensuring operational security
📓 Processed data: IP address, time of website visit, browser used, and more details below or with the respective web hosting provider.
📅 Storage duration: Depends on the provider, usually 2 weeks
⚖️ Legal basis: Article 6(1)(f) GDPR (Legitimate Interests)

What is Web Hosting?

When you visit websites today, certain information – including personal data – is automatically created and stored, even on this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all web pages under a domain, i.e., everything from the homepage to the very last subpage (like this one). By domain, we mean examples like example.com or mysite.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We refer to them simply as browsers or web browsers.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complex and resource-intensive task, which is why it is usually handled by professional providers, the hosting providers. These offer web hosting services and ensure reliable and error-free storage of website data. A lot of technical terms, but please stay with us – it gets better!

When the browser on your computer (desktop, laptop, tablet, or smartphone) connects and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also temporarily store data to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.

Browser and Web Server

Why Do We Process Personal Data?

The purposes of data processing are:

  1. Professional hosting of the website and ensuring operational security
  2. Maintaining operational and IT security
  3. Anonymous analysis of access behavior to improve our offerings and, if necessary, for law enforcement or claim assertion

What Data is Processed?

Even as you visit our website, our web server – the computer on which this website is stored – typically automatically stores data such as:

  • The full internet address (URL) of the accessed web page
  • Browser and browser version (e.g., Chrome 87)
  • The operating system used (e.g., Windows 10)
  • The address (URL) of the previously visited page (Referrer URL) (e.g., https://www.example.com/sourcepage/)
  • The hostname and IP address of the device accessing (e.g., COMPUTERNAME and 194.23.43.121)
  • Date and time
  • In files called web server log files

How Long is Data Stored?

Typically, the data mentioned above is stored for two weeks and then automatically deleted. We do not share this data, but we cannot exclude that this data may be accessed by authorities in case of illegal activity.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not share your data without your consent!

Legal Basis

The lawfulness of processing personal data within the scope of web hosting arises from Article 6(1)(f) GDPR (protection of legitimate interests), as using professional hosting with a provider is necessary to present the company securely and user-friendly on the internet and to pursue attacks and claims arising therefrom.

There is usually a contract for order processing between us and the hosting provider under Article 28 GDPR, ensuring compliance with data protection and guaranteeing data security.

1&1 IONOS Web Hosting Privacy Policy

To host our website, we use the web hosting services of IONOS by 1&1. In Germany, 1&1 IONOS SE is located at Elgendorfer Str. 57 in 56410 Montabaur. In Austria, 1&1 IONOS SE is located at Gumpendorfer Str. 142/PF 266 in 1060 Vienna.

What is 1&1 IONOS Web Hosting?

IONOS offers the following web hosting services: Domain, Website & Shop, Hosting & WordPress, Marketing, Email & Office, IONOS Cloud, and Servers. With over 22 million domains, almost 9 million customer contracts, and 100,000 servers, IONOS is one of the largest German players in the web hosting sector.
As mentioned in our introduction to web hosting, data from you or your device is stored on IONOS servers. Most notably, your IP address, which is considered personal data, is stored. Additionally, technical data such as the URL of our website, your browser name, or the operating system you use is also stored.

Why Do We Use 1&1 IONOS Web Hosting?

IONOS was founded in 1988 in Germany, and thus has over 30 years of experience. However, this does not mean the company has stopped developing technologically. This combination of experience and innovation offers a solid foundation for our website. After all, we want our website to function smoothly 24/7 while ensuring a high level of security. Since IONOS does not limit monthly data traffic and provides ample storage space, our website remains high-performing even with many visitors. We are very satisfied with the website’s speed and the price-performance ratio currently meets our needs.

For more information about data protection at IONOS, you can refer to their privacy policy at https://www.ionos.de/terms-gtc/datenschutzerklaerung/. If you have further questions about data protection, you can also contact IONOS’s data protection team via email at datenschutz@ionos.de.

Web Analytics Introduction

Web Analytics Privacy Policy Summary
👥 Affected Parties: Website visitors
🤝 Purpose: Analyzing visitor information to optimize the web offering.
📓 Processed Data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found in the specific web analytics tool used.
📅 Retention Period: Depends on the web analytics tool used
⚖️ Legal Grounds: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Web Analytics?

We use software on our website to analyze the behavior of website visitors, also known as Web Analytics. Data is collected and stored, managed, and processed by the analytics tool provider (also referred to as a tracking tool). This data is used to create analyses about user behavior on our website, which are then made available to us as the website operator. Additionally, most tools offer various testing options. For instance, we can test which offers or content resonate best with our visitors. To do this, we show you two different offers for a limited period (A/B test), and after the test, we know which product or content our visitors find more interesting. User profiles can be created for such test procedures, and the data may be stored in cookies.

Why Do We Use Web Analytics?

We have a clear goal with our website: to provide the best web offering in our industry. To achieve this goal, we want to offer the best and most interesting services while ensuring that you feel completely comfortable on our website. With the help of web analytics tools, we can closely examine the behavior of our website visitors and then improve our web offering for both you and us. For example, we can find out the average age of our visitors, where they come from, when our website is visited the most, or which content or products are particularly popular. All this information helps us optimize the website and tailor it to your needs, interests, and desires.

Which Data is Processed?

The specific data stored depends on the analytics tools used. However, it is generally stored, for example, what content you view on our website, which buttons or links you click, when you visit a page, which browser you use, what device (PC, tablet, smartphone, etc.) you visit the website from, or which computer system you use. If you consented to location data collection, this may also be processed by the web analytics tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is usually stored in a pseudonymized (i.e., obfuscated and shortened) form. For testing, web analysis, and web optimization purposes, no direct personal data such as your name, age, address, or email address are typically stored. If such data is collected, it will be pseudonymized so that you cannot be personally identified.

The following example schematically shows how Google Analytics works as an example of client-based web tracking with JavaScript code.

Schematic Data Flow in Google Analytics

The duration for which data is stored depends on the provider. Some cookies store data only for a few minutes or until you leave the website, while others can store data for several years.

Data Processing Duration

We will inform you about the duration of data processing further below if we have more information. In general, we process personal data only as long as necessary to provide our services and products. If required by law, such as for accounting purposes, the storage period may be exceeded.

Right to Object

You also have the right to withdraw your consent to the use of cookies or third-party services at any time. You can do this via our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis

The use of web analytics tools requires your consent, which we have obtained through our cookie popup. This consent, according to Article 6(1)(a) GDPR (Consent), serves as the legal basis for processing personal data as part of the web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors to improve our offering technically and economically. With the help of web analytics, we can identify website errors, detect attacks, and improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). We use the tools only to the extent that consent has been granted.

Since web analytics tools use cookies, we also recommend reading our general cookie privacy policy. To learn exactly what data is stored and processed, you should review the privacy policies of the respective tools.

For information on specific web analytics tools, you will find further details in the following sections, if available.

Social Media Introduction

Social Media Privacy Policy Summary
👥 Affected Parties: Website visitors
🤝 Purpose: Presenting and optimizing our services, contacting visitors, advertising
📓 Processed Data: Data such as phone numbers, email addresses, contact details, user behavior data, device information, and IP addresses.
More details can be found in the specific social media tool used.
📅 Retention Period: Depending on the social media platforms used
⚖️ Legal Grounds: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Social Media?

In addition to our website, we are also active on various social media platforms. User data may be processed to target users who are interested in us via these social networks. Additionally, elements from social media platforms may be embedded directly into our website. This occurs when you click a social button on our site and are redirected to our social media presence. Social media refers to websites and apps through which registered members can produce content, share content openly or in specific groups, and network with other members.

In exceptional cases, unique data (names, email addresses, etc.) can also be stored in user profiles. This occurs, for example, if you are a member of a social media channel that we use for our online marketing efforts, and the network links previously collected data to the user profile.

For all advertising tools we use that store data about you on their servers, we only receive aggregated information and never data that identifies you as an individual. The data merely shows how effective our advertising measures are. For example, we can see which actions prompted you or other users to visit our website and purchase a service or product. Based on the analyses, we can improve our advertising offerings in the future and tailor them even more precisely to the needs and wishes of interested individuals.

Duration of Data Processing

We inform you about the duration of data processing further below, provided we have additional information on this. In general, we process personal data only as long as it is absolutely necessary to provide our services and products. Data stored in cookies is retained for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others can remain stored in your browser for several years. The respective data protection statements of individual providers usually provide precise information about the cookies used.

Right to Object

You also have the right and the opportunity at any time to withdraw your consent to the use of cookies or third-party providers. This can be done via our cookie management tool or other opt-out functions. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser. The legality of processing up to the withdrawal remains unaffected.

Since online marketing tools often use cookies, we also recommend reviewing our general privacy policy on cookies. To find out which data about you is stored and processed, you should read the privacy policies of the respective tools.

Legal Basis

If you have given your consent for third-party providers to be used, the legal basis for the corresponding data processing is this consent. According to Art. 6(1)(a) GDPR (Consent), this consent serves as the legal basis for the processing of personal data, as can occur when data is collected via online marketing tools.

We also have a legitimate interest in measuring online marketing activities in an anonymized manner to optimize our offerings and measures using the data obtained. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the tools if you have given your consent.

Information about specific online marketing tools is provided – if available – in the following sections.

Cookie Consent Management Platform Summary
👥 Affected parties: Website visitors
🤝 Purpose: Obtaining and managing consent for certain cookies and tools
📓 Processed data: Data for managing cookie settings such as IP address, time of consent, type of consent, individual consents. More details can be found with the respective tool.
📅 Storage duration: Depends on the tool used; durations of several years should be expected
⚖️ Legal bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is a Cookie Consent Management Platform?

We use consent management platform (CMP) software on our website to simplify and ensure the correct handling of scripts and cookies. The software automatically generates a cookie popup, scans and controls all scripts and cookies, offers legally required cookie consent, and helps both us and you keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. You, as a website visitor, can then decide for yourself which scripts and cookies to allow or disallow. The following graphic illustrates the relationship between the browser, web server, and CMP.

Consent Management Platform Overview

Why Do We Use a Cookie Management Tool?

Our goal is to provide you with the highest possible transparency in the area of data protection. Additionally, we are legally required to do so. We want to inform you about all tools and cookies that can store and process data about you as comprehensively as possible. It is also your right to decide which cookies to accept or reject. To grant you this right, we must first identify which cookies are on our website. Thanks to a cookie management tool, which regularly scans the website for all existing cookies, we know all about the cookies used and can provide GDPR-compliant information. You can then accept or reject cookies via the consent system.

What Data is Processed?

Within the scope of our cookie management tool, you can manage each cookie yourself and have full control over the storage and processing of your data. Your consent declaration is stored so that we do not have to ask you again on every new visit to our website and so that we can provide proof of your consent if legally required. This is stored either in an opt-in cookie or on a server. Depending on the cookie management tool provider, the storage duration of your cookie consent varies. Typically, this data (e.g., pseudonymous user ID, consent timestamp, details of cookie categories or tools, browser, device information) is stored for up to two years.

Duration of Data Processing

We inform you about the duration of data processing further below, provided we have additional information on this. In general, we process personal data only as long as it is absolutely necessary to provide our services and products. Data stored in cookies is retained for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others can remain stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, durations of several years should be expected. The respective data protection statements of individual providers usually provide precise information about the duration of data processing.

Right to Object

You also have the right and the opportunity at any time to withdraw your consent to the use of cookies. This can be done via our cookie management tool or other opt-out functions. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Information about specific cookie management tools is provided – if available – in the following sections.

Legal Basis

If you consent to cookies, personal data about you will be processed and stored via these cookies. If we are allowed to use cookies based on your consent (Article 6(1)(a) GDPR), this consent also serves as the legal basis for using cookies and processing your data. To manage cookie consent and enable you to provide it, cookie consent management platform software is used. This software allows us to operate the website efficiently and in compliance with legal regulations, which constitutes a legitimate interest (Article 6(1)(f) GDPR).

Security & Anti-Spam

We have embedded audio and video elements on our website to allow you to watch videos or listen to music/podcasts directly on our site. The content is provided by service providers, and all content is retrieved from the respective provider’s servers.

These are embedded functional elements from platforms such as YouTube, Vimeo, or Spotify. The use of these platforms is generally free, but paid content may also be published. With the help of these embedded elements, you can listen to or watch the respective content directly on our website.

If you use audio or video elements on our website, personal data may be transmitted, processed, and stored by the service providers.

Why Do We Use Audio & Video Elements on Our Website?

Of course, we want to offer you the best experience on our website. We are aware that content is no longer only conveyed through text and static images. Instead of just giving you a link to a video, we offer audio and video formats directly on our website that are entertaining or informative, and ideally, both. This expands our service and makes it easier for you to access interesting content. So, in addition to our texts and images, we also offer video and/or audio content.

Which Data is Stored by Audio & Video Elements?

When you visit a page on our website that has an embedded video, your server connects to the service provider’s server. During this process, data is transmitted to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your device. Additionally, most providers collect information about your web activity, such as session duration, bounce rate, which buttons you clicked, or through which website you are using the service. All of this information is typically stored using cookies or pixel tags (also called web beacons). Pseudonymized data is usually stored in cookies in your browser. The exact data stored and processed can always be found in the privacy policy of the respective provider.

Duration of Data Processing

The duration for which the data is stored on third-party servers is typically detailed in the privacy policy of the respective tool or the provider’s privacy policy. Generally, personal data is only processed as long as necessary to provide our services or products. This also applies to third-party providers. You can usually expect certain data to be stored on the third-party servers for several years. Data, especially in cookies, can be stored for varying lengths of time. Some cookies are deleted once you leave the website, while others can remain in your browser for several years.

Right to Object

You also have the right and the possibility to withdraw your consent to the use of cookies or third-party providers at any time. This can be done via our cookie management tool or other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser. The lawfulness of processing up until the withdrawal remains unaffected.

Since embedded audio and video functions on our site usually use cookies, you should also read our general privacy policy regarding cookies. The privacy policies of the respective third-party providers will provide more details about how your data is handled and stored.

Legal Basis

If you have consented to the processing and storage of data by embedded audio and video elements, this consent serves as the legal basis for data processing (Article 6(1)(a) GDPR). In general, your data is also processed and stored on the basis of our legitimate interest (Article 6(1)(f) GDPR) in effective communication with you or other customers and business partners. We only use the embedded audio and video elements to the extent that you have given your consent.

Review Platforms Introduction

Review Platforms Summary
👥 Affected Parties: Visitors of the website or a review platform
🤝 Purpose: Feedback on our products and/or services
📓 Processed Data: Includes IP address, email address, name. More details can be found below or in the respective review platforms.
📅 Retention Period: Depends on the respective platform
⚖️ Legal Grounds: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What are Review Platforms?

On various review platforms, you can rate our products or services. We participate in some of these platforms to receive feedback from you and optimize our offerings. When you rate us through a review platform, the privacy policy and terms and conditions of the respective review service apply. You will often be required to register before submitting a review. Review technologies (widgets) may also be embedded in our website. By using such embedded tools, data is transmitted to the respective provider, processed, and stored.

Many of these embedded programs work on a similar principle. After you have purchased a product or used a service, you will typically be asked to leave a review via email or on the website. You will usually be redirected to a review page through a link and can easily and quickly submit a review. Some review systems also offer an interface to various social media channels to share feedback with a wider audience.

Why Do We Use Review Platforms?

Review platforms collect feedback and ratings about our offerings. Your ratings provide us with quick feedback, allowing us to improve our products and/or services more efficiently. The reviews help us optimize our offerings and give both you and all future customers a good overview of the quality of our products and services.

Which Data is Processed?

With your consent, we transmit information about you and the services you have used to the respective review platform. We do this to ensure that you have actually used one of our services, as only then can you provide valid feedback. The transmitted data is solely for user identification purposes. The exact data stored and processed depends on the providers used. Usually, personal data such as IP address, email address, or your name is provided to the review platforms. After submitting your review, order information such as the order number of a purchased item is also forwarded to the respective platform. If your email address is transmitted, this is done so that the review platform can send you an email after purchasing a product. To include your review on our website, we also provide the provider with the information that you visited our site. The review platform is responsible for the personal data collected.

How Long and Where is the Data Stored?

For more details on the duration of data processing, you will find further information in the privacy policy of the respective provider, if available. In general, we process personal data only as long as necessary to provide our services and products. Personal data mentioned in a review is usually anonymized by the platform’s staff and is only visible to administrators of the company. The collected data is stored on the provider’s servers and deleted by most providers once the contract ends.

Right to Object

You also have the right and the possibility to withdraw your consent to the use of cookies or third-party providers at any time. This can be done via our cookie management tool or other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis

If you have consented to the use of a review platform, the legal basis for the respective data processing is your consent. This consent, according to Article 6(1)(a) GDPR (Consent), serves as the legal basis for processing personal data as may occur during the collection by a review platform.

Additionally, we have a legitimate interest in using a review platform to optimize our online service. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). We use a review platform only if you have given your consent.

We hope we have provided you with the most important general information regarding data processing by review platforms. More information can be found further below in the privacy texts or in the linked privacy policies of the company.

Anmerkung: Wenn wir in unserer Datenschutzerklärung von Verarbeitung sprechen, meinen wir damit jegliche Art von Datenverarbeitung. Dazu zählt, wie oben in der originalen DSGVO-Erklärung erwähnt, nicht nur das Erheben sondern auch das Speichern und Verarbeiten von Daten.