Imprint & Data Security

The table below provides a breakdown of the types of data we collect, the purpose of the processing, and the individuals affected.

Categories of Processed Data

• Inventory data.
• Location data.
• Contact data.
• Content data.
• Usage data.
• Meta, communication and process data.
• Event Data (Facebook).
• Log data.

Categories of Data Subjects

• Users.
• People who enter our giveaways, sweepstakes, or competitions.

Purposes of Processing

• To deliver services agreed upon in a contract and fulfill our legal obligations.
• Communication.
• Security measures.
• Web Analytics.
• Targeting.
• Remarketing.
• Conversion tracking.
• Affiliate Tracking.
• To manage and run contests and sweepstakes.
• Feedback.
• Marketing.
• User accounts containing personalized information.
• To maintain our online services and ensure a smooth user experience.
• Management and maintenance of our IT infrastructure.
• Public relations.

Legal Framework under GDPR: Below is a summary of the GDPR legal bases we rely on to process personal data. Please keep in mind that besides the GDPR, local data protection laws from your country or ours may also apply. Should any specific legal requirements arise for particular cases, we will detail them within this privacy statement.Relevant legal bases according to the GDPR: In the following, you will find an overview of the legal basis of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may apply. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

• Consent (Art. 6 (1) (a) GDPR) – This applies when the individual has explicitly agreed to have their data processed for one or more specific reasons.Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
• Contractual Necessity (Art. 6 (1) (b) GDPR) – Processing is required to fulfill a contract with the individual or to take preliminary steps before a contract is signed at their request.Performance of a contract and prior requests (Article 6 (1) (b) GDPR) - Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legitimate Interests (Art. 6 (1) (f) GDPR) – Processing is necessary to protect the legitimate interests of the company or a third party, provided these do not outweigh the individual's fundamental rights and privacy freedoms.Legitimate Interests (Article 6 (1) (f) GDPR) - the processing is necessary for the protection of the legitimate interests of the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject, which require the protection of personal data, do not prevail.

German National Law: In addition to the GDPR, data protection in Germany is governed by national laws, specifically the Federal Data Protection Act (BDSG). The BDSG provides detailed rules on the right to access, erase, or object to data processing, as well as the handling of sensitive data, automated decision-making, and profiling. Depending on the case, state-level data protection laws may also apply.National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations apply to data protection in Germany. This includes in particular the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making, including profiling. Furthermore, data protection laws of the individual federal states may apply.

GDPR and Swiss DPA Alignment: This policy is intended to comply with both the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP). For the sake of clarity and consistency, we use GDPR terminology throughout this document. For example, we use \"processing of personal data,\" \"legitimate interest,\" and \"special categories of data\" instead of the specific terms used in the Swiss FADP. However, the legal interpretation of these terms will still follow the Swiss FADP wherever it applies.Reference to the applicability of the GDPR and the Swiss DPA: These privacy policy serves both to provide information pursuant to the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that due to the broader spatial application and comprehensibility, the terms used in the GDPR are applied. In particular, instead of the terms used in the Swiss FADP such as "processing" of "personal data", "predominant interest", and "particularly sensitive personal data", the terms used in the GDPR, namely "processing" of "personal data", as well as "legitimate interest" and "special categories of data" are used. However, the legal meaning of these terms will continue to be determined according to the Swiss FADP within its scope of application.

To keep your information secure, we implement a variety of technical and organizational safeguards. These measures are tailored to the current state of technology, the cost of implementation, and the specific nature and risks associated with the data we process, ensuring a security level that is proportionate to the potential risk to individuals.

Specifically, we protect the confidentiality, integrity, and availability of data by strictly controlling who can access, enter, transfer, and store it. We have also put protocols in place to honor user rights, handle data deletion, and react swiftly to security threats. Furthermore, we follow 'privacy by design' and 'privacy by default' principles, meaning data protection is integrated into our software and hardware from the very start.

IP Address Masking: When we or our partners process IP addresses, we mask them if the full address isn't strictly necessary. This involves removing or replacing the final digits or the last segment of the IP. This step is taken to make it significantly harder, or impossible, to identify a specific person via their IP address.

Secure Connections via TLS/SSL (HTTPS): We use TLS/SSL encryption to prevent unauthorized parties from intercepting data sent through our online services. These technologies encrypt the communication between your browser (or server) and our website/app. TLS is the modern, more secure successor to SSL, ensuring top-tier security standards. You can verify this security by looking for 'HTTPS' in your browser's address bar, which confirms your connection is encrypted.

During our data processing, we may occasionally share information with third-party companies, independent organizational units, or individuals. This might include IT service providers or content partners integrated into our site. In all such instances, we strictly adhere to legal requirements and sign data protection agreements to ensure your information remains safe.

Intra-Group Data Transfers: We may share personal data with other companies within our corporate group to support our business operations. This is done to improve internal processes, streamline communication, optimize our resources, and make better-informed business decisions. In some cases, this sharing is required to fulfill a contract, based on user consent, or allowed by law.

Internal Organizational Transfers: Personal data may be shared between different departments or units within our own organization. If this is done for administrative reasons, it is justified by our legitimate business interests, contractual obligations, user consent, or legal requirements.

We delete personal data once the legal basis for keeping it expires—for example, if consent is withdrawn or the original purpose for collecting the data has been fulfilled. However, we may keep data longer if we are legally required to do so or if there is a compelling legitimate interest in archiving it.

Specifically, we must archive data that is required for tax or commercial law purposes, or data that is necessary for legal defense or to protect the rights of others.

You can find more specific details about retention and deletion periods for particular types of processing within our detailed privacy notices.

If different retention periods apply to the same piece of data, the longest period will always take precedence.

Any data retained beyond its original purpose (due to legal requirements) will be processed exclusively for those specific reasons.

Data Retention and Deletion: According to German law, the following general archiving and retention deadlines apply:

• 10 Years — Under the Fiscal and Commercial Codes, we retain essential records for a decade. This includes annual financial statements, books and records, inventories, management reports, and opening balance sheets, along with internal organizational documents and work instructions. This adheres to Section 147(1) No. 1 and (3) of the German General Tax Code (AO), Section 14b(1) of the German VAT Act (UStG), and Section 257(1) No. 1 and (4) of the German Commercial Code (HGB).
• 8 Years — Accounting documentation, such as invoices and various booking or expense receipts, is kept for eight years, as required by Section 147(1) No. 4 and 4a (3) of the German General Tax Code (AO) and Section 257(1) No. 4 (4) of the German Commercial Code (HGB).
• 6 Years — Other business-related materials are stored for six years. This category covers incoming and outgoing commercial correspondence, as well as any documents relevant to taxation—such as hourly wage records, price tags, calculation sheets, operating accounts, and payroll documents (unless they serve as accounting vouchers) and cash register tapes. This is based on Section 147(1) No. 2, 3, and 5 (3) of the German General Tax Code (AO) and Section 257(1) No. 2 and 3 (4) of the German Commercial Code (HGB).
• 3 Years — To handle potential warranty claims, compensation requests, or other contractual disputes, we store relevant data for the standard three-year statutory limitation period. This timeline is based on industry standards and previous experience, starting from the end of the calendar year in which the transaction occurred or the contract was terminated (pursuant to Sections 195 and 199 of the German Civil Code).

Your Rights under the GDPR: As a data subject, you are protected by the General Data Protection Regulation. Specifically, Articles 15 through 21 grant you the following rights regarding your personal information:

• Right to Object: Depending on your specific circumstances, you may object at any time to the processing of your data if it is based on Article 6(1)(e) or (f) of the GDPR, including any profiling conducted under these rules. If we use your data for direct marketing, you have an absolute right to object to such processing and any related profiling at any time.Right to Object: You have the right, on grounds arising from your particular situation, to object at any time to the processing of your personal data which is based on letter (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right to Withdraw Consent: If you have given us permission to process your data, you are free to revoke that consent at any moment.Right of withdrawal for consents: You have the right to revoke consents at any time.
• Right of Access: You can ask us to confirm whether we are processing your personal data. If so, you are entitled to see that data and receive a copy of it, along with further details, as permitted by law.Right of access: You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with the provisions of the law.
• Right to Rectification: Should your personal information be inaccurate or incomplete, you have the legal right to request that we correct or update it.Right to rectification: You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of the incorrect data concerning you.
• Right to Erasure and Restriction: Depending on the legal grounds, you may demand that we delete your personal data immediately or, alternatively, limit the way we process that information.Right to Erasure and Right to Restriction of Processing: In accordance with the statutory provisions, you have the right to demand that the relevant data be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.
• Right to Data Portability: You can request a copy of the data you provided to us in a structured, commonly used, and machine-readable format. You also have the option to ask us to transfer this data directly to another service provider.Right to data portability: You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.
• Right to Lodge a Complaint: If you believe we have mishandled your data in violation of the GDPR, you have the right to contact a data protection authority. This can be the authority in the country where you live, where you work, or where the infringement took place, without affecting any other legal remedies you may have.Complaint to the supervisory authority: In accordance with the law and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you habitually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

To provide our online services effectively, we need to process certain user data. This includes your IP address, which is essential for delivering the website's content and features to your specific browser or device.

• Types of Data Processed: We collect usage data (such as how long you visit, which pages you view, your click path, frequency of use, and the device or OS you are using), as well as meta, communication, and process data (including IP addresses, timestamps, and IDs). We also maintain log files regarding access times and logins.Processed data types: Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties). Log data (e.g. log files concerning logins or data retrieval or access times.).
• Who is affected: These measures apply to all users, including general website visitors and those utilizing our online tools.Data subjects: Users (e.g. website visitors, users of online services).
• Why we process this data: Our goals are to ensure the availability and usability of our online services, maintain our IT infrastructure (including servers and hardware), and implement necessary security protocols.Purposes of processing: Provision of our online services and usability; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.)). Security measures.
• Data Retention: We delete this information according to the guidelines outlined in the \"General Information on Data Retention and Deletion\" section.Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
• Legal Basis: This processing is carried out based on our legitimate interests, as defined in Article 6(1)(f) of the GDPR.Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Additional details on our processing methods and tools:Further information on processing methods, procedures and services used:

• Hosting of Online Offers: Our online services are hosted on rented server space. This means we use computing power and software provided by a third-party web host. This is done based on our legitimate interests (Article 6(1)(f) GDPR).Provision of online offer on rented hosting space: For the provision of our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a "web hoster"); Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
• Access Logs and Server Data: When you use our services, the system automatically generates \"server log files.\" These logs capture the pages visited, the time and date of access, the volume of data transferred, your browser version, operating system, the referring URL, and your IP address. We use these logs to maintain stability and prevent server overloads or malicious attacks (like DDoS). This is based on our legitimate interests (Article 6(1)(f) GDPR). Most log data is deleted or anonymized after 30 days, though we may keep specific data longer if it is needed as evidence for a security incident.Collection of Access Data and Log Files: Access to our online service is logged in the form of so-called "server log files". Server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, notification of successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, known as DDoS attacks), and to ensure server load management and stability; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Retention period: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.

We use \"cookies,\" which are small files stored on your device to help the website function better, enhance security, and analyze traffic. We follow all legal requirements when using them: we ask for your consent whenever necessary, or we rely on our legitimate interests if the cookies are essential for the service you specifically requested (like saving your settings). You can change your mind and withdraw your consent at any time, and we will be transparent about which cookies are being used and why.

Legal grounds for cookies: The processing of your data via cookies depends on your choice. If you consent, that is our legal basis. Otherwise, we process this data based on our legitimate interests, provided it is necessary for the specific service mentioned in this section.Information on legal data protection bases: Whether we process personal data using cookies depends on users' consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, as outlined in this section and in the context of the respective services and procedures.

How long cookies are stored: We categorize cookies by their lifespan:Storage duration: The following types of cookies are distinguished based on their storage duration:

• Session Cookies: These are temporary and are automatically deleted once you close your browser or exit the application.Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
• Persistent Cookies: These stay on your device after you close the session. They are used for things like remembering your login status or displaying your preferred content upon return. They can also be used for audience analysis. Unless we specify otherwise during the consent process, you should assume these can last for up to two years.Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved, and preferred content can be displayed directly when the user revisits a website. Additionally, the user data collected with cookies may be used for audience measurement. Unless we provide explicit information to users about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that these are permanent and may have a storage duration of up to two years.

Opt-out and Withdrawal: You can revoke your consent or object to data processing at any time. This can be done through our settings or by adjusting your browser's privacy preferences.General information on withdrawal and objection (opt-out): Users can withdraw their consent at any time and also object to the processing according to legal regulations, including through the privacy settings of their browser.

• Data types involved: We process meta, communication, and process data, such as IP addresses, identification numbers, and timestamps.Processed data types: Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).
• Who is affected: These measures apply to all users, including general website visitors and those utilizing our online tools.Data subjects: Users (e.g. website visitors, users of online services).
• Legal Basis: Processing is based on either your explicit consent (Article 6(1)(a) GDPR) or our legitimate interests (Article 6(1)(f) GDPR).Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Consent (Article 6 (1) (a) GDPR).

Additional details on our processing methods and tools:Further information on processing methods, procedures and services used:

• Handling Cookie Data via Consent: To manage how we use cookies and other similar tracking technologies, we use a dedicated consent management system. This tool allows us to ask users for permission, record their choices, and give them an easy way to change or withdraw their consent at any time. When you agree, we can store and access information on your device to provide specific services or work with the providers listed in our consent tool. To avoid asking you every time you visit, we save your preference—either on our server or via an 'opt-in' cookie—linking the decision to your specific device or profile. If no specific provider is named for this service, please note that consent records are typically kept for up to two years. We store a pseudonymous ID along with the timestamp, the specific categories of cookies accepted, and basic technical details about your browser and device. Legal Basis: Consent (Article 6 (1) (a) GDPR).Processing Cookie Data on the Basis of Consent: We implement a consent management solution that obtains users' consent for the use of cookies or for the processes and providers mentioned within the consent management framework. This procedure is designed to solicit, log, manage, and revoke consents, particularly regarding the use of cookies and similar technologies employed to store, read from, and process information on users' devices. As part of this procedure, user consents are obtained for the use of cookies and the associated processing of information, including specific processing and providers named in the consent management process. Users also have the option to manage and withdraw their consents. Consent declarations are stored to avoid repeated queries and to provide proof of consent according to legal requirements. The storage is carried out server-side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies in order to associate the consent with a specific user or their device.If no specific details about the providers of consent management services are provided, the following general notes apply: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, details on the scope of consent (e.g., relevant categories of cookies and/or service providers), as well as information about the browser, system, and device used; Legal Basis: Consent (Article 6 (1) (a) GDPR).
• Usercentrics: We use Usercentrics GmbH (located at Sendlinger Strasse 7, 80331 Munich, Germany) to handle our cookie consent process. They provide the infrastructure to request, log, and manage user permissions for data storage and processing on user devices. You can find more details on their website at https://usercentrics.com/ and review their privacy practices at https://usercentrics.com/privacy-policy crystallinity.Usercentrics: Cookie Consent Management: Procedures for obtaining, recording, managing, and revoking consents, particularly for the use of cookies and similar technologies for storing, accessing, and processing information on users' devices as well as their processing; Service provider: Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich, Germany; Website: https://usercentrics.com/. Privacy Policy: https://usercentrics.com/privacy-policy/.

Managing Competition Data: Whether it is a contest, a raffle, or a sweepstakes, we only process the personal data of participants when it is legally permitted. This usually happens if the data is necessary to run the competition (contractual necessity), if the participant has given us explicit permission, or if we have a legitimate reason to do so—for example, recording IP addresses to prevent fraud and ensure the security of the draw.

Publicity in Contests: Please be aware that if a competition involves public voting, showcasing entries, or announcing winners, we may publish the names of the participants. If you do not wish for your name to be made public, you can object to this at any time.

Third-Party Platforms: When we host competitions on social media or other online platforms (like Instagram or Facebook), those platforms' own data protection and usage rules also apply. While the platform hosts the contest, we remain the point of contact for the competition itself and are responsible for the information participants provide to us.

Data Retention for Contests: We don't keep participant data longer than necessary. Once the competition is over and the winners have been notified, we typically delete the data within six months. However, we may hold onto winners' information for longer—up to three years—to handle prize delivery or manage warranty claims. Additionally, some data might persist in the form of archived media coverage about the event.

Additional Data Collection: If you provide information for other purposes during a competition—for instance, if you sign up for our newsletter while entering a draw—that specific data will be handled according to the privacy rules governing that separate service.

• Types of Data Processed: We collect basic identity and contact details (such as full names, addresses, emails, phone numbers, and customer IDs), as well as content-related data (such as the actual entries, photos, messages, and the time they were created).Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or phone numbers). Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.).
• Who is affected: Anyone who enters our sweepstakes or competitions.Data subjects: Participants in sweepstakes and competitions.
• Why we process this data: To organize and execute our various contests and prize draws.Purposes of processing: Conducting sweepstakes and contests.
• Data Retention: We delete this information according to the guidelines outlined in the \"General Information on Data Retention and Deletion\" section.Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
• Legal Basis: This processing is based on the necessity to fulfill a contract or respond to a request (Article 6 (1) (b) GDPR), as well as our legitimate business interests (Article 6 (1) (f) GDPR).Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Using Web Analytics: We use reach measurement tools to analyze how people move through our website. This involves collecting pseudonymous data regarding visitor interests and demographics (like age or gender). This helps us understand which features are most popular, when people visit most often, and which parts of our site need improvement to create a better user experience.

Optimization Testing: Beyond standard analytics, we occasionally use A/B testing or similar methods to try out different versions of our site and see which one works best for our users.

Profiling and Technical Tracking: Unless mentioned otherwise, we may create usage profiles by combining data from your browsing session. This includes tracking which pages you visit, which elements you click, and technical details like your operating system and browser. If you grant us or our partners permission to access your location, we may also process that data.

IP Protection and Anonymity: To protect your privacy, we use IP masking, which shortens your IP address so you cannot be personally identified. We avoid storing clear identifiers like names or email addresses for analytics and testing; instead, we use pseudonyms. This ensures that neither we nor our software providers know exactly who you are, only the behavior associated with your anonymous profile.

Legal Foundation for Analytics: If we use third-party tools that require your permission, the legal basis is your consent. Otherwise, we process this data based on our legitimate interest in maintaining an efficient and user-friendly website. For more details, please refer to the cookie section of this policy.

• Types of Data Processed: We collect usage data (such as time spent on pages, click paths, frequency of visits, and device types) as well as communication and process metadata (like masked IP addresses, timestamps, and system IDs).Processed data types: Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).
• Who is affected: These measures apply to all users, including general website visitors and those utilizing our online tools.Data subjects: Users (e.g. website visitors, users of online services).
• Processing Goals: Our goals include generating traffic statistics, recognizing returning visitors, creating user profiles for better targeting, remarketing, and overall improving the usability of our online services.Purposes of processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (Creating user profiles); Remarketing; Provision of our online services and usability. Targeting (e.g. profiling based on interests and behaviour, use of cookies).
• Storage and Deletion: Data is deleted according to our general retention guidelines. Unless specified otherwise, cookies and similar tracking tools remain on your device for up to two years.Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years.).
• Security Measure: We employ IP Masking to ensure the pseudonymization of user IP addresses.Security measures: IP Masking (Pseudonymization of the IP address).
• Legal Basis: This is conducted based on User Consent (Article 6 (1) (a) GDPR) or our Legitimate Interests (Article 6 (1) (f) GDPR).Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Additional details on our processing methods and tools:Further information on processing methods, procedures and services used:

• Google Analytics: We employ Google Analytics to evaluate and analyze how people interact with our digital services. To do this, we use a pseudonymous ID that doesn't include personal details like your name or email address. This ID allows us to link activity to a specific device, helping us understand which pages you visit, the search terms you use, and how you navigate our site. We also track the duration of your visits, where you came from, and the technical specifications of your browser and device. This data helps us build pseudonymous user profiles, sometimes using cookies. It's important to note that Google Analytics doesn't store full IP addresses; instead, it uses them to determine general location data (such as city, region, and country) before the IP is immediately discarded—especially for traffic coming from the EU, where IP lookups happen on EU-based servers. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Security measures: IP Masking (Pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://myadcenter.google.com/personalizationoff. Further Information: https://business.safety.google/adsservices/ (Types of processing and data processed).Google Analytics: We use Google Analytics to perform measurement and analysis of the use of our online services by users based on a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to an end device in order to recognize which content users have accessed within one or various usage processes, which search terms they have used, have accessed again or have interacted with our online services. Likewise, the time of use and its duration are stored, as well as the sources of users referring to our online services and technical aspects of their end devices and browsers.
  In the process, pseudonymous profiles of users are created with information from the use of various devices, and cookies may be used. Google Analytics does not log or store individual IP addresses. Analytics does provide coarse geo-location data by deriving the following metadata from IP addresses: City (and the derived latitude, and longitude of the city), Continent, Country, Region, Subcontinent (and ID-based counterparts). For EU-based traffic, IP-address data is used solely for geo-location data derivation before being immediately discarded. It is not logged, accessible, or used for any additional use cases. When Analytics collects measurement data, all IP lookups are performed on EU-based servers before forwarding traffic to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Security measures: IP Masking (Pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://myadcenter.google.com/personalizationoff. Further Information: https://business.safety.google/adsservices/ (Types of processing and data processed).
• Google Tag Manager: To keep our website organized, we use Google Tag Manager. This tool acts as a central hub that lets us manage 'tags'—small snippets of code—through a single interface. These tags are used to track and analyze how visitors use our site, which helps us refine our content and overall user experience. Google Tag Manager itself is just a delivery system; it doesn't create its own user profiles, store cookies for profiling, or perform independent data analysis. Its primary role is to make the integration of various third-party tools more efficient. However, because it facilitates these services, your IP address is transmitted to Google to make the technology work, and cookies may be set if a specific integrated service requires them. For a deeper dive into the specific tools we deploy via Tag Manager, please see the other sections of this policy. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms).Google Tag Manager: We use Google Tag Manager, a software provided by Google, which enables us to manage so-called website tags centrally via a user interface. Tags are small code elements on our website that serve to record and analyse visitor activities. This technology assists us in improving our website and the content offered on it. Google Tag Manager itself does not create user profiles, store cookies with user profiles, or perform any independent analyses. Its function is limited to simplifying and making the integration and management of tools and services we use on our website more efficient. Nevertheless, when using Google Tag Manager, users' IP addresses are transmitted to Google, which is technically necessary to implement the services we use. Cookies may also be set in this process. However, this data processing only occurs if services are integrated via the Tag Manager. For more detailed information about these services and their data processing, please refer to the further sections of this privacy policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms).
• Matomo: We use Matomo to analyze web traffic and measure our digital reach. This software uses cookies stored on your device to gather data. Unlike other tools, all data collected via Matomo is handled exclusively by us and is never shared with any third parties. These cookies remain on your device for a maximum of 13 months: https://matomo.org/faq/general/faq_146/; Legal Basis: Consent (Article 6 (1) (a) GDPR). Retention period: 13 months maximum.Matomo: Matomo is software that is used for the purposes of web analysis and reach measurement. As part of the use of Matomo, cookies are generated and stored on the user's terminal device. User data collected through the use of Matomo is processed only by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal Basis: Consent (Article 6 (1) (a) GDPR). Retention period: The cookies have a maximum storage period of 13 months.
• Microsoft Clarity: We use this tool to perform web analysis and track reach, specifically focusing on how users behave and what interests them regarding our features and content. This is done using pseudonymous IDs to create user profiles and track the time spent on the site. Service provider: Microsoft Irland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://clarity.microsoft.com; Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement; Data Processing Agreement: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://privacy.microsoft.com/en-us/privacystatement).Microsoft Clarity: Web analysis, measuring reach and analyzing user behavior in relation to the use and interests regarding functions and content as well as their duration of use based on a pseudonymous user identification number and profile creation; Service provider: Microsoft Irland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://clarity.microsoft.com; Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement; Data Processing Agreement: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://privacy.microsoft.com/en-us/privacystatement).
• Dynamic Yield: This service is utilized for web analysis and measuring reach. It allows us to analyze user behavior and interests regarding our content and functions, using pseudonymous identifiers to build profiles and track usage duration. Service provider: Dynamic Yield GmbH, Alexanderufer 3, Berlin, Germany, 10117; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.dynamicyield.com. Privacy Policy: https://www.dynamicyield.com/privacy-notice/.Dynamic Yield: Web analysis, measuring reach and analyzing user behavior in relation to the use and interests regarding functions and content as well as their duration of use based on a pseudonymous user identification number and profile creation; Service provider: Dynamic Yield GmbH, Alexanderufer 3, Berlin, Germany, 10117; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.dynamicyield.com. Privacy Policy: https://www.dynamicyield.com/privacy-notice/.

We process certain personal data to power our online marketing efforts. This mainly involves managing advertising spaces or showing you specific ads and content based on what we think you'll find interesting, as well as measuring how well these campaigns actually perform.

To make this possible, we create user profiles using cookies or similar technologies. These files store the data needed to show you relevant content, such as which pages you've visited, the websites you frequent, the social networks you use, and technical details like your operating system, browser, and how long you spend using certain features. If you've given us permission to collect additional background data, that may be processed as well.

While we do store IP addresses, we protect your privacy by using 'IP masking.' This means we shorten the IP address to turn it into a pseudonym. Because of this, neither we nor our marketing partners know your actual identity—we only see the pseudonymous profile associated with your activity, rather than your name or email address.

The data in these profiles is typically held in cookies. These can be accessed and analyzed not just on our site, but potentially on other websites that use the same marketing tools. This allows providers to supplement your profile with more data and store it on their own servers to better target content.

In some rare cases, a profile might be linked to your real identity. This usually happens if you are a member of a social network whose marketing tools we use, and that network connects your account to the activity profile. Keep in mind that you may have already agreed to this through the terms and conditions when you signed up for those social networks.

Generally, we only see aggregated reports on how our ads are performing. However, we do use 'conversion measurement' to see if a specific marketing effort actually led to a result, such as you signing a contract with us. This is used strictly to analyze the effectiveness of our marketing strategies.

Unless we've mentioned a different timeframe, please assume that the cookies we use will be stored on your device for up to two years.

Notes on revocation and objection:

We encourage you to review the privacy policies of our service providers to learn how to opt-out of their tracking. If a specific opt-out link isn't provided, you can always disable cookies in your browser settings, though this might limit some of the website's functionality. For your convenience, we recommend the following general opt-out tools for each category:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-regional: https://optout.aboutads.info.

• We process several categories of data to improve your experience. This includes usage statistics, such as how long you spend on a page, your navigation paths, how often you visit, and the specific devices or operating systems you use. We also handle technical and process-related data, including IP addresses, timestamps, and unique IDs. For Facebook, we transmit 'Event Data'—which tracks actions like website visits, app installations, and purchases—to build specific target groups (Custom Audiences). Please note that this Event Data doesn't include personal content like comments, login credentials, or direct contact details. Facebook retains this data for up to two years, or until our account is closed. Finally, we process content data, which covers the actual text or images you share, along with metadata like who created the content and when.Processed data types: Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties); Event Data (Facebook) ("Event Data" is data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as written comments), login information, and Contact Information (such as names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, the Custom Audiences created from them with the deletion of our Facebook account). Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.).
• Who is affected: These measures apply to all users, including general website visitors and those utilizing our online tools.Data subjects: Users (e.g. website visitors, users of online services).
• Our data processing serves several key goals: we use web analytics to understand traffic patterns and recognize returning visitors, and targeting tools (like cookies) to profile interests and behavior. We also employ affiliate tracking, general marketing, and the creation of user profiles to personalize your experience. Additionally, we use remarketing to stay connected with you, ensure our online services remain usable and efficient, and perform conversion tracking to measure exactly how well our marketing campaigns are working.Purposes of processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Affiliate Tracking; Marketing; Profiles with user-related information (Creating user profiles); Remarketing; Provision of our online services and usability. Conversion tracking (Measurement of the effectiveness of marketing activities).
• Storage and Deletion: Data is deleted according to our general retention guidelines. Unless specified otherwise, cookies and similar tracking tools remain on your device for up to two years.Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years.).
• Security Measure: We employ IP Masking to ensure the pseudonymization of user IP addresses.Security measures: IP Masking (Pseudonymization of the IP address).
• Legal Basis: Consent (Article 6 (1) (a) GDPR).

Additional details on our processing methods and tools:Further information on processing methods, procedures and services used:

• Facebook Ads: We use this service to run advertisements on Facebook and analyze their performance. The service is provided by Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland). Processing is based on your explicit consent per Article 6 (1) (a) GDPR. You can find more details at https://www.facebook.com and their privacy policy at https://www.facebook.com/privacy/policy/. International data transfers are handled via the Data Privacy Framework (DPF). To opt out or manage your data rights, please use the privacy and ad settings within your Facebook profile or contact them as outlined in their policy. For further detail: we jointly control the collection and transfer of behavioral 'event data' to Meta Platforms Ireland Limited in the EU. Once transferred, Meta Platforms Ireland Limited takes sole responsibility for further processing, including transferring data to the US-based parent company, Meta Platforms, Inc., using standard contractual clauses.Facebook Ads: Placement of ads within the Facebook platform and analysis of ad results; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/; Basis for third-country transfers: Data Privacy Framework (DPF); Opt-Out: We refer to the privacy and advertising settings in the users' profiles on the Facebook platforms, as well as to Facebook's consent procedures and contact options for exercising access and other data subject rights, as described in Facebook's privacy policy. Further Information: User event data, i.e. behavioral and interest data, is processed for the purposes of targeted advertising and audience building on the basis of the joint controllership agreement ("Controller Addendum", https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company located in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
• Google Ads Remarketing: This technology, often called retargeting, allows us to place users who have visited our service onto a pseudonymous list. This means that as you browse other parts of the web, you may see ads tailored to your previous visit to our site. The provider is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), and the legal basis for this is your consent (Article 6 (1) (a) GDPR). You can visit https://marketingplatform.google.com or review their privacy policy at https://policies.google.com/privacy. Transfers to third countries are governed by the Data Privacy Framework (DPF). For a deeper dive into how data is processed, visit https://business.safety.google/adsservices/ and review the controller terms at https://business.safety.google/adscontrollerterms.Google Ads Remarketing: Google Remarketing, also known as retargeting, is a technology that adds users who use an online service to a pseudonymous remarketing list so that users can be shown ads on other online services based on their visit to the online service
  ; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further Information: Types of processing and data processed: https://business.safety.google/adsservices/. Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms.
• Enhanced Conversions for Google Ads: If you click one of our Google ads and then complete a desired action (a 'conversion'), such as signing up or making a purchase, certain information you provide—like your name, email, address, or phone number—may be sent to Google. Google then uses hashed versions of this data to match it with existing Google accounts. This helps us more accurately measure and optimize how users interact with our ads. This process is based on your consent under Article 6 (1) (a) GDPR. More information is available at https://support.google.com/google-ads/answer/9888656.Enhanced Conversions for Google Ads: When users click on our Google ads and subsequently use the advertised service (so-called "conversion"), the data entered by the user, such as email address, name, residential address or telephone number, may be transmitted to Google. The hash values are then matched with existing Google accounts of the users to better evaluate and improve their interaction with the ads (e.g., clicks or views) and thus their performance; Legal Basis: Consent (Article 6 (1) (a) GDPR). Website: https://support.google.com/google-ads/answer/9888656.
• Instagram Ads: We utilize Instagram to place targeted advertisements and evaluate their success. The service is managed by Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland) based on your consent (Article 6 (1) (a) GDPR). You can visit https://www.instagram.com and their privacy center at https://privacycenter.instagram.com/policy/. Data transfers to third countries are covered by the Data Privacy Framework (DPF). If you wish to opt out or exercise your data rights, please refer to the privacy and ad settings in your Instagram profile or the contact options in their privacy policy. Regarding data handling: behavioral and interest-based event data is processed via a joint controllership agreement (https://www.facebook.com/legal/controller_addendum). Our role is limited to collecting and sending this data to Meta Platforms Ireland Limited in the EU; subsequent processing and the transfer of data to Meta Platforms, Inc. in the USA are handled exclusively by Meta Platforms Ireland Limited.Instagram Ads: Placement of ads within the Instagram platform and analysis of ad results; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/; Basis for third-country transfers: Data Privacy Framework (DPF); Opt-Out: We refer to the data protection and advertising settings in the user's profile on the Instagram platform as well as Instagram's consent procedure and Instagram's contact options for exercising information and other data subject rights in Instagram's privacy policy. Further Information: User event data, i.e. behavioral and interest data, is processed for the purposes of targeted advertising and audience building on the basis of the joint controllership agreement ("Controller Addendum", https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company located in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA.
• Dynamic Yield: This service is utilized for web analysis and measuring reach. It allows us to analyze user behavior and interests regarding our content and functions, using pseudonymous identifiers to build profiles and track usage duration. Service provider: Dynamic Yield GmbH, Alexanderufer 3, Berlin, Germany, 10117; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.dynamicyield.com. Privacy Policy: https://www.dynamicyield.com/privacy-notice/.Dynamic Yield: Web analysis, measuring reach and analyzing user behavior in relation to the use and interests regarding functions and content as well as their duration of use based on a pseudonymous user identification number and profile creation; Service provider: Dynamic Yield GmbH, Alexanderufer 3, Berlin, Germany, 10117; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.dynamicyield.com. Privacy Policy: https://www.dynamicyield.com/privacy-notice/.
• Meta Pixel and Custom Audiences: We use the Meta Pixel (and similar API tools) to identify visitors to our site who might be interested in our services. This allows us to create 'Custom Audiences'—groups of people based on specific characteristics or interests—so that our ads appear only to those who find them relevant, rather than being intrusive. The Pixel also helps us with 'conversion tracking,' allowing us to see if a user visited our site after clicking a Meta ad, which is vital for our market research. The provider is Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland). This is done with your consent (Article 6 (1) (a) GDPR). Relevant links include: https://www.facebook.com, their privacy policy (https://www.facebook.com/privacy/policy/), and the data processing agreement (https://www.facebook.com/legal/terms/dataprocessing). International transfers are managed via the Data Privacy Framework (DPF) and Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). As with other Meta services, we jointly control the initial data collection and transfer to Meta's EU entity, while Meta Platforms Ireland Limited is solely responsible for further processing and transfers to the US parent company, Meta Platforms, Inc.Meta Pixel and Custom Audiences (Custom Audiences): With the help of the Meta-Pixel (or equivalent functions, to transfer Event-Data or Contact Information via interfaces or other software in apps), Meta is on the one hand able to determine the visitors of our online services as a target group for the presentation of ads (so-called "Meta ads"). Accordingly, we use Meta-Pixels to display Meta ads placed by us only to Meta users and within the services of partners cooperating with Meta (so-called "audience network" https://www.facebook.com/audiencenetwork/ ) who have shown an interest in our online services or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Meta (so-called "custom audiences"). With the help of Meta-Pixels, we also want to ensure that our Meta ads correspond to the potential interest of users and do not appear annoying. The Meta-Pixel also enables us to track the effectiveness of Meta ads for statistical and market research purposes by showing whether users were referred to our website after clicking on a Meta ad (known as "conversion tracking"); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/; Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). Further Information: User event data, i.e. behavioral and interest data, is processed for the purposes of targeted advertising and audience building on the basis of the joint controllership agreement ("Controller Addendum", https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company located in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
• TikTok Pixel: This is a piece of code that activates when a visitor lands on our website. It monitors how users interact with our offering and tracks specific conversions to build a user profile. This allows us to analyze how our campaigns are performing, refine ad delivery, and create tailored target groups or similar audiences. We share joint responsibility with TikTok for gathering and transmitting this event data, as well as generating the resulting insight reports. The data collected includes the type of content you engage with, your specific actions, and technical details about your device—such as your IP address, browser, operating system, language settings, and cookies—alongside profile details like your location or country. For more details on how TikTok handles this data, please review their privacy policy at https://www.tiktok.com/legal/page/eea/privacy-policy/en. We have a formal joint-controller agreement with TikTok that mandates specific security protocols and ensures they honor data subject rights; this means you can send requests for information or data deletion directly to TikTok. Your legal rights—including the right to access your data, object to processing, or lodge a complaint with a regulator—remain fully intact. This agreement is outlined in TikTok's \"Jurisdiction Specific Terms\": https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms. Service providers: TikTok Technology Limited (Dublin, Ireland) and TikTok Information Technologies UK Limited (London, UK). Legal Basis: Consent under Article 6 (1) (a) GDPR. More info: https://ads.tiktok.com/help/article/tiktok-pixel. Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en. International transfers are governed by Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).TikTok Pixel: Code that is loaded when a user visits our online offering and tracks the user's behavior and conversions, as well as stores it in a profile (possible use cases: measuring campaign performance, optimizing ad delivery, building custom and similar target groups). - We and TikTok are jointly responsible for the collection and transmission of event data as well as for the measurement and creation of insights reports (statistics) for profile holders. This event data includes information about the types of content users view or interact with, actions they take, and information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data) and details from user profiles such as country or location. Data protection information regarding the processing of user data by TikTok can be found in TikTok's privacy notices: https://www.tiktok.com/legal/page/eea/privacy-policy/en. We have entered into a special agreement on joint responsibility with TikTok, which specifically regulates the security measures that TikTok must observe and in which TikTok has agreed to fulfill data subject rights (i.e., users can, for example, direct inquiries or deletion requests directly to TikTok). The rights of users (in particular the right to access, deletion, objection, and complaint to a competent supervisory authority) are not restricted by the agreements with TikTok. The agreement on joint responsibility can be found in TikTok's "Jurisdiction Specific Terms": https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://ads.tiktok.com/help/article/tiktok-pixel; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en. Basis for third-country transfers: Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).
• TikTok Ads: We use TikTok to run advertising campaigns and analyze their effectiveness. Both we and TikTok act as joint controllers when it comes to collecting event data and producing statistics for profile holders. This data covers the content you view or interact with, your behavior on the platform, and technical device information (like IP addresses, OS, browser type, language, and cookies), as well as profile data such as your country. You can find comprehensive information on TikTok's data processing in their privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en. Our joint responsibility agreement ensures TikTok follows strict security measures and handles user requests (like data deletion) directly. These agreements do not limit your rights to access, delete, or object to your data, nor your right to contact a supervisory authority. Details are available in the \"Jurisdiction Specific Terms\": https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms. Additionally, TikTok serves as our data processor for specific functions like contact matching, developer tools, and the 'Custom Audiences' feature (which includes creating target groups and gathering lead generation data). In all other capacities, TikTok operates independently as a third party. The commissioned processing contract is available here: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms. Service providers: TikTok Technology Limited (Dublin, Ireland) and TikTok Information Technologies UK Limited (London, UK). Legal Basis: Consent under Article 6 (1) (a) GDPR. Website: https://ads.tiktok.com/. Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en. Data Processing Agreement: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms. International transfers are based on Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).Tiktok Ads: Placement of ads within the Tiktok platform and analysis of ad results - We and TikTok are jointly responsible for the collection and transmission of event data as well as for the measurement and creation of insights reports (statistics) for profile holders. This event data includes information about the types of content users view or interact with, actions they take, and information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data) and details from user profiles such as country or location. Data protection information regarding the processing of user data by TikTok can be found in TikTok's privacy notices: https://www.tiktok.com/legal/page/eea/privacy-policy/en. We have entered into a special agreement on joint responsibility with TikTok, which specifically regulates the security measures that TikTok must observe and in which TikTok has agreed to fulfill data subject rights (i.e., users can, for example, direct inquiries or deletion requests directly to TikTok). The rights of users (in particular the right to access, deletion, objection, and complaint to a competent supervisory authority) are not restricted by the agreements with TikTok. The agreement on joint responsibility can be found in TikTok's "Jurisdiction Specific Terms": https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.
  Furthermore, TikTok acts as our processor in contact matching, developer tool functionality, use of the Custom Audiences product—i.e., creating target audiences and collecting data from interested parties within advertising campaigns ("Lead Generation"). Otherwise, TikTok acts independently as a third party. The contract on commissioned processing can be found in TikTok's "Jurisdiction Specific Terms": https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://ads.tiktok.com/; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en; Data Processing Agreement: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms. Basis for third-country transfers: Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).
• Reddit Ads: We place advertisements on Reddit and monitor their performance to evaluate success. Service provider: Reddit Ireland Limited, Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland. Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Website: https://www.reddit.com/. Privacy Policy: https://www.reddit.com/policies/privacy-policy.Reddit Ads: Placement of advertisements within the Reddit platform and evaluation of the advertisement results; Service provider: Reddit Ireland Limited, Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.reddit.com/. Privacy Policy:https://www.reddit.com/policies/privacy-policy.
• Reddit Pixel: This tool is used for measuring conversions, performing analytics, building target audiences, and managing ad delivery and profiling. Service provider: Reddit Ireland Limited, Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland. Legal Basis: Consent (Article 6 (1) (a) GDPR). Website: https://www.reddit.com/. Privacy Policy: https://www.reddit.com/policies/privacy-policy.Reddit Pixel: Analytics and conversion measurement, target audience formation, ad display, profiling; Service provider: Reddit Irland Limited, Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland; Legal Basis:Consent (Article 6 (1) (a) GDPR); Website: https://www.reddit.com/; Legal Basis: Analytics and conversion measurement, target audience formation, ad display, profiling. Privacy Policy:https://www.reddit.com/policies/privacy-policy.
  

We maintain active profiles on various social networks to stay in touch with our community and share updates or information about our services.

Please be aware that your data may be processed in countries outside the European Union. This can potentially create risks, such as making it more challenging to exercise your legal data rights.

Generally, social networks use your data for advertising and market research. By analyzing your behavior and interests, they create profiles that allow them to show you relevant ads both inside and outside their own platforms. This is typically achieved by storing cookies on your device to track your habits. Furthermore, this data is often linked to your user profile, meaning it follows you regardless of which device you use, especially if you have an account or join the network later.

For a deeper dive into how your data is handled and how you can opt-out, we recommend reviewing the specific privacy policies provided by each social network.

If you wish to request information about your data or exercise your privacy rights, the most efficient way is to contact the social network provider directly. Since they are the ones who hold the data and control the systems, they can provide the fastest and most accurate response. However, if you encounter any issues, we are always here to help.

• Types of data processed: Contact details (such as email, phone numbers, or mailing addresses); Content data (including text, images, posts, and metadata like timestamps or authorship); Usage data (such as how long you visit, which pages you click, frequency of use, device and OS details, and how you interact with features); Inventory data (such as full names, home addresses, and customer IDs); and Meta/Process data (including IP addresses, IDs, and timestamps).Processed data types: Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Inventory data (For example, the full name, residential address, contact information, customer number, etc.). Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).
• Who is affected: These measures apply to all users, including general website visitors and those utilizing our online tools.Data subjects: Users (e.g. website visitors, users of online services).
• Why we process this data: To facilitate communication, collect feedback via online forms, manage public relations, and carry out marketing. We also use it to improve the usability of our online services, perform web analytics (like tracking returning visitors), and implement targeting via behavioral profiling and cookies. Additionally, we use it for conversion and affiliate tracking to measure marketing success and to build user-related profiles.Purposes of processing: Communication; Feedback (e.g. collecting feedback via online form); Public relations; Marketing; Provision of our online services and usability; Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Conversion tracking (Measurement of the effectiveness of marketing activities); Affiliate Tracking. Profiles with user-related information (Creating user profiles).
• Data Retention: We delete this information according to the guidelines outlined in the \"General Information on Data Retention and Deletion\" section.Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
• Legal Basis: Processing is based on either your explicit consent (Article 6(1)(a) GDPR) or our legitimate interests (Article 6(1)(f) GDPR).Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Consent (Article 6 (1) (a) GDPR).

Additional details on our processing methods and tools:Further information on processing methods, procedures and services used:

• Instagram: A social platform for sharing photos and videos, interacting via comments and likes, messaging, and following pages. Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. International transfers are based on the Data Privacy Framework (DPF).Instagram: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Data Privacy Framework (DPF).
• Facebook Pages: These are official profiles hosted on the Facebook social network. In this context, we act as joint controllers with Meta Platforms Ireland Limited, meaning we share responsibility for the initial collection of visitor data, though Meta handles the subsequent processing. This data includes how users interact with our content—such as what they view or click—as well as technical details about the devices they use (including IP addresses, browser types, language settings, and cookie data). You can find more details on this in the Facebook Data Policy under the sections \"Things that you and others do and provide\" and \"Device Information\" (https://www.facebook.com/privacy/policy/). To help us understand our audience, Facebook provides \"page insights\" analytics. We have a specific agreement with Facebook (available at https://www.facebook.com/legal/terms/page_controller_addendum) that mandates strict security standards and ensures that users can exercise their data rights—such as requesting access to or deletion of their information—directly through Facebook. These agreements do not limit your legal rights to access, erase, or object to your data, nor your right to complain to a supervisory authority. More details are available here: https://www.facebook.com/legal/terms/information_about_page_insights_data. Our joint responsibility ends once the data is collected and transferred to Meta Platforms Ireland Limited in the EU; all further processing is handled solely by them. Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. International transfers are governed by the Data Privacy Framework (DPF) and Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).Facebook Pages: Profiles within the social network Facebook - We are jointly responsible (so called "joint controller") with Meta Platforms Ireland Limited for the collection (but not the further processing) of data of visitors to our Facebook page. This data includes information about the types of content users view or interact with, or the actions they take (see "Things that you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), and information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie information; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under "How we use this information?" Facebook also collects and uses information to provide analytics services, known as "page insights," to site operators to help them understand how people interact with their pages and with content associated with them. We have concluded a special agreement with Facebook ("Information about Page-Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular the security measures that Facebook must observe and in which Facebook has agreed to fulfill the rights of the persons concerned (i.e. users can send information access or deletion requests directly to Facebook). The rights of users (in particular to access to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information about Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data). The joint controllership is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company located in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).
• LinkedIn: A professional social network. Together with LinkedIn Ireland Unlimited Company, we are jointly responsible for gathering visitor data used to generate \"Page Insights\" (statistical reports) for our profiles. This involves tracking how users interact with our content and the actions they take, as well as technical device information (IP addresses, operating systems, browsers, language settings, and cookies). Additionally, LinkedIn may include professional profile details such as job function, industry, seniority, company size, and employment status. For full details on how LinkedIn processes this data, please refer to their privacy policy: https://www.linkedin.com/legal/privacy-policy. We have signed a \"Page Insights Joint Controller Addendum\" (https://legal.linkedin.com/pages-joint-controller-addendum) which outlines the security measures LinkedIn must follow and confirms that users can send data requests (like deletion or access) directly to LinkedIn. This agreement does not restrict your statutory rights to information, erasure, or the right to lodge a complaint with a regulator. Our shared responsibility is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company in the EU. LinkedIn Ireland is solely responsible for further processing, including transferring data to its parent company, LinkedIn Corporation, in the USA. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; International transfers are based on the Data Privacy Framework (DPF) and Standard Contractual Clauses (https://legal.linkedin.com/dpa). You can opt-out here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.LinkedIn: Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitor data, which is used to create "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as the actions they take. It also includes details about the devices used, such as IP addresses, operating systems, browser types, language settings, and cookie data, as well as profile details of users, such as job function, country, industry, seniority, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
  We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum," https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures LinkedIn must comply with and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, direct requests for information or deletion directly to LinkedIn). The rights of users (particularly the right to information, deletion, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by our agreements with LinkedIn. The joint responsibility is limited to the collection of data and its transmission to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, particularly concerning the transfer of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• TikTok Business: A social network for sharing videos and photos, messaging, and following accounts. We and TikTok share responsibility for collecting event data and creating insight reports for profile owners. This includes tracking what content users interact with, the actions they take, and technical device data (such as IP addresses, OS, browser, and cookies), as well as basic profile information like location or country. Detailed information on TikTok's data handling is available in their privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en. We have a joint responsibility agreement that specifies the security protocols TikTok must maintain and ensures that users can exercise their data rights (such as requesting info or deletion) directly with TikTok. Your legal rights—including access, objection, and the right to complain to a supervisory authority—remain fully intact. This agreement is part of TikTok's \"Jurisdiction Specific Terms\": https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en. International transfers are managed via Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).TikTok Business: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to accounts - We and TikTok are jointly responsible for the collection and transmission of event data as well as for the measurement and creation of insights reports (statistics) for profile holders. These event data include information about the types of content users view or interact with, actions taken by them, information about devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data), and information from user profiles such as country or location. Data protection information regarding the processing of user data by TikTok can be found in TikTok's privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en. We have concluded a special agreement on joint responsibility with TikTok that specifically regulates which security measures TikTok must observe and in which TikTok has agreed to fulfil the rights of data subjects (i.e., users can, for example, address requests for information or deletion directly to TikTok). The rights of users (in particular the right to access, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with TikTok. The agreement on joint responsibility can be found in TikTok's "Jurisdiction Specific Terms": https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en. Basis for third-country transfers: Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).
• X: A social networking platform. Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://x.com; Privacy Policy: https://x.com/privacy.X: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://x.com. Privacy Policy: https://x.com/privacy.
• YouTube: A video-sharing platform and social network. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Privacy Policy: https://policies.google.com/privacy; International transfers are based on the Data Privacy Framework (DPF). You can manage your preferences via the Opt-Out page: https://myadcenter.google.com/personalizationoff.YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Opt-Out: https://myadcenter.google.com/personalizationoff.
• Reddit: A community-driven social network and discussion platform. Service provider: Reddit Ireland Limited, Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.reddit.com/; Privacy Policy: https://www.reddit.com/policies/privacy-policy.Reddit: Social network / community and conversation platform; Service provider: Reddit Ireland Limited, Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.reddit.com/. Privacy Policy: https://www.reddit.com/policies/privacy-policy.

Our online services feature various functional elements and content—such as embedded videos, graphics, or interactive maps—that are loaded directly from the servers of external \"third-party providers.\"

To display this content in your browser, the third-party provider must necessarily process your IP address. We make every effort to partner with providers who use IP addresses solely for the purpose of delivering the requested content. Some providers may also use \"pixel tags\" (invisible web beacons) for marketing or statistical analysis to track visitor traffic. This pseudonymous data may be stored in cookies on your device and can include technical details about your browser, operating system, the site you came from, and your visit duration. In some cases, this may be combined with information from other sources.

• Types of data processed: This includes usage data (such as which pages you visit, how long you stay, your click patterns, and the devices you use), metadata and process information (like IP addresses, timestamps, and ID numbers), and location data (the approximate geographical position of your person or device).Processed data types: Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties). Location data (Information on the geographical position of a device or person).
• Who is affected: These measures apply to all users, including general website visitors and those utilizing our online tools.Data subjects: Users (e.g. website visitors, users of online services).
• Why we process this data: To ensure our online services function correctly and are user-friendly; to perform web analytics (such as tracking return visitors and traffic stats); for targeting and profiling based on behavior and interests via cookies; for affiliate tracking and general marketing; and to fulfill our contractual obligations and services.Purposes of processing: Provision of our online services and usability; Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Affiliate Tracking; Marketing. Provision of contractual services and fulfillment of contractual obligations.
• Storage and Deletion: Data is deleted according to our general retention guidelines. Unless specified otherwise, cookies and similar tracking tools remain on your device for up to two years.Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years.).
• Legal Basis: This is conducted based on User Consent (Article 6 (1) (a) GDPR) or our Legitimate Interests (Article 6 (1) (f) GDPR).Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Additional details on our processing methods and tools:Further information on processing methods, procedures and services used:

• Google Maps: To provide mapping functionality, we use the Google Maps service. This means Google may process certain information, specifically your IP address and location data. The service is provided by Google Cloud EMEA Limited, located at 70 Sir John Rogerson’s Quay, Dublin 2, Ireland. We rely on your consent as the legal basis for this (Article 6 (1) (a) GDPR). For more details, you can visit their website at https://mapsplatform.google.com/ or read their Privacy Policy at https://policies.google.com/privacy. Data transfers to third countries are handled under the Data Privacy Framework (DPF).Google Maps: We integrate the maps of the service "Google Maps" from the provider Google. The data processed may include, in particular, IP addresses and location data of users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).
• reCAPTCHA: To protect our site from spam and automated bots, we use reCAPTCHA to verify that users are actual humans. This tool analyzes various data points, including your IP address, browser and device details, operating system, language settings, and location. It also looks at behavioral patterns like mouse movements, typing speed, time spent on the page, your interaction with other reCAPTCHA prompts across the web, and potentially cookies or manual verification results (like picking images). We process this data based on our legitimate interest in maintaining a secure and abuse-free environment (Article 6 (1) (f) GDPR). The service is managed by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), with its parent company Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). You can find more info at https://www.google.com/recaptcha/ and their Privacy Policy at https://policies.google.com/privacy. Transfers to third countries are governed by the Data Privacy Framework (DPF). If you wish to opt-out, you can use the Google Opt-Out-Plugin (https://tools.google.com/dlpage/gaoptout?hl=en) or adjust your ad personalization settings at https://myadcenter.google.com/personalizationoff.reCAPTCHA: We integrate the "reCAPTCHA" function to be able to recognise whether entries (e.g. in online forms) are made by humans and not by automatically operating machines (so-called "bots"). The data processed may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes (e.g. answering questions asked or selecting objects in images). The data processing is based on our legitimate interest to protect our online services from abusive automated crawling and spam; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, , parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.google.com/recaptcha/; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://myadcenter.google.com/personalizationoff.
• YouTube videos: We embed YouTube content to provide video features. The service is operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), under the parent company Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). This processing is based on your consent (Article 6 (1) (a) GDPR). You can visit https://www.youtube.com and review the Privacy Policy at https://policies.google.com/privacy. Data transfers to third countries are secured via the Data Privacy Framework (DPF). To opt-out of certain tracking, you can use the plugin at https://tools.google.com/dlpage/gaoptout?hl=en or manage your ad settings at https://myadcenter.google.com/personalizationoff.YouTube videos: Video contents; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, , parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://myadcenter.google.com/personalizationoff.

We encourage you to check our privacy policy regularly to stay updated. We will modify these terms whenever changes in our data handling practices make it necessary. If a change requires your active involvement—such as providing new consent or receiving a specific notification—we will let you know immediately.

Please be aware that while we provide contact details for various companies and organizations within this policy, these addresses can change. We recommend verifying the information before reaching out to them.

This section explains the key terms used throughout this privacy policy. While some terms have official legal definitions that take precedence, these explanations are provided to make the document easier for everyone to understand.

• Affiliate Tracking: 'Custom Audiences' refers to the practice of identifying specific groups of people for targeted advertising. For instance, if you show interest in a particular product online, we may infer that you'd be interested in similar items or the store where you first saw them. 'Lookalike Audiences' are groups of people whose profiles or interests mirror those of an existing target group. To build these audiences, we typically rely on web beacons and cookies.Affiliate Tracking: Custom Audiences refers to the process of determining target groups for advertising purposes, e.g. the display of advertisements. For example, a user's interest in certain products or topics on the Internet may be used to conclude that the user is interested in advertisements for similar products or the online store in which the user viewed the products. "Lookalike Audiences" is the term used to describe content that is viewed as suitable by users whose profiles or interests presumably correspond to the users for whom the profiles were created. For the purposes of creating custom audiences and lookalike audiences, cookies and web beacons are typically used.
• Contact data: These are the basic details we need to get in touch with you or an organization. This includes standard info like email addresses, phone numbers, and physical mailing addresses, as well as modern communication handles for social media or instant messaging apps.Contact data: Contact details are essential information that enables communication with individuals or organizations. They include, among others, phone numbers, postal addresses, and email addresses, as well as means of communication like social media handles and instant messaging identifiers.
• Content data: This covers all information created during the process of producing, editing, or publishing content. It includes everything from text and images to audio and video files across different platforms. Beyond the actual content, this also includes 'metadata'—the behind-the-scenes details like authorship, publication dates, descriptions, and tags.Content data: Content data comprise information generated in the process of creating, editing, and publishing content of all types. This category of data may include texts, images, videos, audio files, and other multimedia content published across various platforms and media. Content data are not limited to the content itself but also include metadata providing information about the content, such as tags, descriptions, authorship details, and publication dates.
• Controller: A 'Controller' is any person, company, public agency, or body that decides why and how personal data is processed, whether they do this alone or together with others.Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Conversion tracking: This is a tool we use to see if our marketing is actually working. Usually, a cookie is placed on your device when you encounter an ad; if you later visit our target website, that cookie is recognized, allowing us to see if the original advertisement led to a successful visit or purchase.Conversion tracking: Conversion tracking is a method used to evaluate the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the devices of the users within the websites on which the marketing measures take place and then called up again on the target website (e.g. we can thus trace whether the advertisements placed by us on other websites were successful).
• Inventory data: These are the core details needed to manage accounts, user profiles, and contractual relationships. This typically includes identifying information such as full names, dates of birth, user IDs, and contact info (email, phone, address). This data is essential for creating a unique identity within our systems to ensure proper communication and service delivery.Inventory data: Inventory data encompass essential information required for the identification and management of contractual partners, user accounts, profiles, and similar assignments. These data may include, among others, personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Inventory data form the foundation for any formal interaction between individuals and services, facilities, or systems, by enabling unique assignment and communication.
• Location data: This information is generated whenever a device (like a smartphone) connects to a cellular tower, Wi-Fi network, or other positioning system. It identifies the physical coordinates of the device on Earth, which allows us to offer location-based services or display relevant maps.Location data: Location data is created when a mobile device (or another device with the technical requirements for a location determination) connects to a radio cell, a WLAN or similar technical means and functions of location determination. Location data serve to indicate the geographically determinable position of the earth at which the respective device is located. Location data can be used, for example, to display map functions or other information dependent on a location.
• Log data: Also known as protocol data, these are automatic records of events occurring within a network or system. They include things like timestamps, IP addresses, specific user actions, and error reports. We use these logs primarily to troubleshoot technical issues, monitor security, and analyze system performance.Log data: Protocol data, or log data, refer to information regarding events or activities that have been logged within a system or network. These data typically include details such as timestamps, IP addresses, user actions, error messages, and other specifics about the usage or operation of a system. Protocol data is often used for analyzing system issues, monitoring security, or generating performance reports.
• Meta, communication and process data: These categories describe the 'how' of data handling. Meta-data is 'data about data'—contextual info like who wrote a document, when it was created, its size, or its edit history. Communication data tracks the flow of information, such as call logs, email headers, and chat histories, including who was involved and when. Process data records the internal operations of a system, such as transaction logs and workflow documentation used for auditing and verification.Meta, communication and process data: Meta-, communication, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Meta-data, also known as data about data, include information that describes the context, origin, and structure of other data. They can include details about file size, creation date, the author of a document, and modification histories. Communication data capture the exchange of information between users across various channels, such as email traffic, call logs, messages in social networks, and chat histories, including the involved parties, timestamps, and transmission paths. Procedural data describe the processes and operations within systems or organisations, including workflow documentations, logs of transactions and activities, and audit logs used for tracking and verifying procedures.
• Personal Data: 'Personal data' refers to any piece of information that can identify a living person (the 'data subject'). This can be direct identification (like a name) or indirect (like an ID number, location data, or an online handle), as well as specific physical, genetic, mental, economic, or social characteristics.Personal Data: "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Processing: 'Processing' is a broad term that covers virtually any action taken with data, including collecting it, analyzing it, storing it, sending it to others, or deleting it.Processing: The term "processing" covers a wide range and practically every handling of data, be it collection, evaluation, storage, transmission or erasure.
• Profiles with user-related information: 'Profiling' is the automated analysis of personal data to predict or evaluate a person's behavior, interests, or demographics. This might involve tracking which pages you click on, what products you like, or where you are located. This is often achieved through the use of web beacons and cookies.Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, includes any kind of automated processing of personal data that consists of using these personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behaviour and interests, such as interaction with websites and their content, etc.) (e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.
• Remarketing: Also known as 'retargeting,' this is an advertising technique where we note which products you've looked at on our site and then show you ads for those same products on other websites to remind you of them.Remarketing: Remarketing" or "retargeting" is the term used, for example, to indicate for advertising purposes which products a user is interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.
• Targeting: 'Tracking' occurs when a user's activity is followed across multiple different websites. This behavioral data is usually stored in cookies or on a provider's server to create a profile. This allows advertisers to show you content and ads that are more likely to match your specific interests.Targeting: "Tracking" is the term used when the behaviour of users can be traced across several websites. As a rule, behavior and interest information with regard to the websites used is stored in cookies or on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to display advertisements to users presumably corresponding to their interests.
• Usage data: This term describes the information gathered from how people actually engage with a digital platform, app, or service. Essentially, it tracks the user's journey—which features they gravitate toward, the amount of time spent on particular pages, and the specific routes they take through the interface. Beyond just behavior, this data often includes technical details like IP addresses, device specs, timestamps, and location markers. For companies, these insights are gold; they allow for a deeper understanding of user habits, helping them refine the user experience, tailor content to individual needs, and spot bugs or friction points that need fixing.Usage data: Usage data refer to information that captures how users interact with digital products, services, or platforms. These data encompass a wide range of information that demonstrates how users utilise applications, which features they prefer, how long they spend on specific pages, and through what paths they navigate an application. Usage data can also include the frequency of use, timestamps of activities, IP addresses, device information, and location data. They are particularly valuable for analysing user behaviour, optimising user experiences, personalising content, and improving products or services. Furthermore, usage data play a crucial role in identifying trends, preferences, and potential problem areas within digital offerings
• Web Analytics: This is the process of analyzing traffic to online services to figure out what visitors are looking for and how they behave. For instance, a site owner can use these tools to see peak visiting hours or identify which articles are the most popular, allowing them to tweak their content to better match their audience's interests. To make this data more accurate, site operators frequently employ web beacons and pseudonymous cookies, which help them recognize returning users and gain a clearer picture of how the service is being utilized over time.Web Analytics: Web Analytics serves the evaluation of visitor traffic of online services and can determine their behavior or interests in certain information, such as content of websites. With the help of web analytics, website owners, for example, can recognize at what time visitors visit their website and what content they are interested in. This enables them, for example, to better adapt the content of their websites to the needs of their visitors. For the purposes of web analytics , pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyses of the use of an online service.