privacy policy

13. Registration

​

Registration Overview

• Affected parties: Anyone who registers to create an account with us, and logs in to use the account.

• Processed data: Personal data such as email address, name, password and other data that is collected during registration, login and account use.

• Purpose: For the provision of our services, as well as to communicate with clients or customers in the scope of our services.

• Storage period: As long as the company account associated with the texts exists, plus a period of usually 3 years.

• Legal bases: Article 6 paragraph 1 letter b GDPR (contract), Article 6 paragraph 1 letter a GDPR (consent), Article 6 paragraph 1 letter f GDPR (legitimate interests)

If you register with us and provide any personal data, this data may be processed, possibly along with your IP address. Below you can explore what we mean by the rather broad term “personal data”. Please only enter the data we need for the registration. In case you are registering on behalf of a third party, please only enter data for which you have the approval of the party you are registering for. If possible, use a secure password that you don’t use anywhere else and an email address that you check regularly. In the following, we will inform you about the exact type of data processing we do. After all, we want you to feel at ease with the services we provide!

What is a registration?

When you register, we retain certain of your data in order to make it easy for you to log in with us online and use your account. An account with us has the advantage that you don’t have to re-enter everything every time. It saves time and effort and ultimately prevents any issues with the provision of our services.

Why do we process personal data?

In short, we process personal data to make account registration and usage possible for you. If we didn’t do this, you would have to enter all your data each time, wait for our approval and then enter everything again. This strenuous process would probably not only irritate us a little, but also many of our dear clients and customers.

Which data is processed?

Any data that you provided during registration or login and any data that you may enter as part of managing your account data. During registration, we process the following types of data:

• First name

• Last name

• Email address

• Company name

• Street + house number

• Residence

• Postcode

• Country

During your registration, we process any data you enter, such as your username and password, along with data that is collected in the background such as your device information and IP addresses. When using your account, we process any data you enter while using the account, as well as any data that is created while you use our services.

Storage time

We store the entered data for at least as long as the account associated with the data exists with us and is in use – and as long as there are contractual obligations between you and us. In case the contract ends, we retain the data until the respective claims get time- barred. Moreover, we store your data as long as we are subject to legal storage obligations, if applicable. Following that, we keep any accounting records (invoices, contract documents, account statements, etc.) of the contract for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after accrual.

Right to object

You have registered, entered data and want to revoke the data processing? Not a problem. As you can see above, you retain this right under the General Data Protection Regulation also at and after registration, login or account creation with us. Contact the Data Protection Officer above to exercise your rights. If you already have an account with us, you can easily view and manage your data and texts in your account.

Legal Basis

By completing the registration process, you enter into a pre-contractual agreement with us, with the intention to conclude a contract of use for our platform (although there is no automatic payment obligation). You invest time to enter data and register and in return, we offer you our services after you log on to our system and view your customer account. We also meet our contractual obligations. Finally, we need to be able to email registered users about important changes. Article 6 (1) (b) GDPR (implementation of pre-contractual measures, fulfilment of a contract) applies. Where applicable, we will ask for your consent, e.g. in case you voluntarily provide more data than is absolutely necessary, or in case we may ask you if we may send you advertising. Article 6 paragraph 1 lit. a GDPR (consent) applies in this matter. We also have a legitimate interest in knowing who who our clients or customers are, in order to get in touch if required. We also need to know who is using our services and whether they are being used in accordance with our terms of use, i.e. Article 6 (1) (f) GDPR (legitimate interests) applies in this matter. Note: the following sections are to be ticked by users (as required):

• Registration with real names: Since business operations require us to know who our clients or customers are, registration is only possible with your real name (full name) and not with a pseudonym.

• Registration with pseudonyms: You can use a pseudonym for the registration, which means you don’t have to register with your real name. This ensures that your real name cannot be processed by us.

• Storage of the IP address: During registration, login and account use, we store your IP address for security reasons in order to be able to determine legitimate use.

• Public Profile: User profiles are publicly visible, i.e. parts of the profiles can also be viewed on the Internet without the need to enter a username and password.

Two Factor Authentication (2FA)

Two Factor Authentication (2FA) offers additional security when logging in, as it prevents you from logging in without a smartphone, for example. This technical measure to secure your account protects you against the loss of data or unauthorised access, even if your username and password were leaked. During your registration process, login or within the account itself you can find out which 2FA is used.

14. Website Builders

​

Website Builders Privacy Policy Overview

• Affected parties: website visitors

• Purpose: service optimisation

• Data processed: The data that is being processed includes but is not limited to technical usage information, browser activity, clickstream activity, session heat maps, contact details, IP addresses or geographic locations. You can find more details in the Privacy Policy below as well as in the providers’ Privacy Policies.

• Storage duration: depends on the provider

• Legal bases: Art. 6 (1) lit. f GDPR (legitimate interests), Art. 6 (1) lit. a GDPR (consent)

What are website builders?

We use a modular website builder for our website. This is a special form of Content Management System (CMS). Website builders enable website operators to create websites very easily and without any programming knowledge. In many cases, web hosts also offer website builders. Your personal data may be collected, stored and processed if a website builder is being used. In this Privacy Policy, you will find general information about data that is processed by such modular website builder systems. You can find more information in the respective provider’s Privacy Policy.

Why do we use website builders for our website?

The greatest advantage of modular website builders is their ease of use. We want to offer you a clear, simple and nicely designed website that we can easily operate and maintain by ourselves – without needing any external support. Nowadays website builders offer many helpful functions that we can use even without having any programming knowledge. This enables us to design our website according to our wishes and therefore, to give you an informative and pleasant experience on our website.

Which data are stored by website builders?

First of all, the exact data that is stored depends on the website builder that is being used. Each provider processes and collects different data from website visitors. However, technical usage information such as users’ operating system, browser, screen resolution, language and keyboard settings, hosting provider as well as the date of the website visit are usually collected. Moreover, tracking data (e. g. browser activity, clickstream activities, session heat maps, etc.) may also be processed. The same goes for personal data, since data such as contact information e. g. email address, telephone number (if you have provided it), IP address and geographic location data may also be processed and stored. In the respective provider’s Privacy Policy you can find out exactly which of your data is getting stored.

How long and where are the data stored?

Provided that we have any further information on this, we will inform you below about the duration of the data processing associated with the website builder we use. You can find detailed information on this in the provider’s Privacy Policy. Generally, we only process personal data for as long as is absolutely necessary to provide our services and products. The provider may store your data according to their own specifications, over which we have no influence.

Right to object

You always retain the right to information, rectification and erasure of your personal data. If you have any questions, you can also contact the responsible parties at the respective website builder system at any time. You can find the corresponding contact details either in our Privacy Policy or on the website of the respective provider. What is more, in your browser you can clear, disable or manage cookies that providers use for their functions. Depending on the browser you use, this can be done in different ways. Please note, that this may lead to not all functions working as usual anymore.

Legal Bases

We have a legitimate interest in using a website builder system to optimise our online service and present it in an efficient and user- friendly way. The corresponding legal basis for this is Article 6 (1) (f) GDPR (legitimate interests). However, we only use the website builder system if you have consented to it. If the processing of data is not absolutely necessary for the operation of the website, your data will only be processed on the basis of your consent. This particularly applies to tracking activities. The legal basis for this is Article 6 (1) (a) GDPR. With this Privacy Policy, we have made you more familiar with the most important general information on data processing. If you want to find out more about this, you will find further information – if available – in the following section or in the Privacy Policy of the provider.

​

Wix Privacy Policy

Wix Privacy Policy Overview

• Affected parties: website visitors

• Purpose: service optimisation

• Processed data: data such as technical usage information like browser activity, clickstream activities, session heat maps and contact details, IP addresses or geographic locations. You can find more details on this in the Privacy Policy below.

• Storage period: no precise information is known

• Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Wix?

For our website we use the website construction-kit Wix by the Israeli company Wix.com Ltd., 40 Hanamal Tel Aviv St., Tel Aviv 6350671, Israel. In addition to the headquarters in Tel Aviv, the company also has other headquarters such as in Berlin, Dublin, Vancouver, or New York. Due to the use of Wix, your personal data may be collected, stored and processed. In this privacy policy we want to explain why we use Wix, what data is stored, where your data is stored and how you can prevent data retention. Wix is a website construction-kit that makes it very easy to create HTML5 websites as well as mobile websites. The online platform is based on the cloud principle and allows easy integration of various Wix or third-party provider functions into your own website.

Why do we use Wix on our website?

For working on our website, we need an easy-to-use system, that allows us to present you a beautiful design and interesting content quickly and easily. We have found Wix to be the right system for this. Thanks to both, Wix’s easy operation and its extensive functions, we can design our website as we wish, while ensuring its user-friendliness.

What data is stored by Wix?

Non-personal data include for example technical usage information such as browser activity, clickstream activity, session heat maps, as well as data about your computer, operating system, browser, screen resolution, language and keyboard settings, internet provider and date of the page visit. Personal data are also recorded. These are primarily contact details (email address or telephone number, if you have provided them), IP address or your geographical location. Tracking systems such as cookies are used to collect data about your behaviour on our website. For example, it records which sub-pages you take a particular interest in, how much time you spend on individual pages, when you leave a page (bounce rate) or which pre-sets (e.g. language settings) you have made. Based on this data, Wix.com can adjust their marketing measures better to your interests and your user behaviour. Therefore, the next time you visit our website, you will get to view it with the settings you have chosen priorly. Wix.com may also forward personal data to third parties (such as service providers). Below we will show you a list of exemplary cookies that are placed due to the use of Wix:

​

Name: XSRF-TOKEN
Value: 1591628008|P01ovn-JtsrK
Purpose: This cookie is a security cookie and prevents the so-called cross-site request forgery, which is an attack on a computer system.

Expiry date: after end of session

Name: _wixCIDX
Value: b2474394-b64f-4c7a-a598-16b9043a8938312451506-9
Purpose: This cookie appropriately stores data when you to log in to our website, to shorten the logon process the following time.

Expiry date: after 3 months

Name: AWSELB
Value: EB626B5A40C80CEFD0EB26286F9684716FECD023880992D31DEC38312451506-1
Purpose: This cookie is used to distribute the website’s load across multiple servers. Therefore, the page loading speed gets increased.

Expiry date: after one hour

Name: AWSELBCORS
Value: 85FDC7C91873988D19D2D53305AA8CAB73AF02FCEAEB626B5A40C
Purpose: We have not yet been able to find out more information on this cookie. We will inform you as soon as we know more.

Expiry date: after one hour

Note: Please note that the cookies shown above are examples and that this list does not claim to be exhaustive.

How long and where is the data stored?

Your data can be stored on various servers that are distributed across the globe. For example, the data can be stored in the USA, Ireland, South Korea, Taiwan, or Israel. Wix always stores data until it is no longer required for their provided service. We have not yet been able to find out more about the period the data is stored for.

How can I delete my data or prevent data retention?

You have the option to update, correct or delete your personal data at any time. You can also contact Wix’s data protection department directly at privacy@wix.com. To deactivate, delete, or manage cookies you have to select the appropriate settings in your browser. Depending on which browser you use, the cookie settings work a little differently. Under the "Cookies" section you will find the relevant instructions for the most popular browsers. Wix.com Ltd. is headquartered in Israel. The European Commission declared Israel to be a country that provides adequate protection for personal data of EU citizens.

Legal basis

If you have consented to the use of Wix, your consent is the legal basis for the corresponding data processing. According to Art. 6 Paragraph 1 lit. (Consent) your consent is the legal basis for the processing of personal data as may occur when collected by Wix. We also have a legitimate interest in using Wix to optimise our online service and to present our services nicely for you. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use Wix if you have given your consent to it. Wix uses standard contractual clauses approved by the EU Commission (= Art. 46, paragraphs 2 and 3 of the GDPR) as basis for data processing by recipients based in third countries (which are outside the European Union, Iceland, Liechtenstein and Norway) or for data transfer there. These clauses oblige Wix to comply with the EU‘s level of data protection when processing relevant data outside the EU. These clauses are based on an implementing order by the EU Commission. You can find the order and the clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en. With this Privacy Policy we have made you familiar with the most important information on data processing by Wix.com. If you want to find out more about it, we recommend you to read the company’s Privacy guidelines at https://www.wix.com/about/privacy.

Data Processing Agreement (DPA) Wix

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Wix. What exactly a DPA is and especially what must be included in a DPA, you can read in our general section “Data Processing Agreement (DPA)”. This contract is required by law because Wix processes personal data on our behalf. It clarifies that Wix may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the data processing agreement at https://www.wix.com/about/privacy-dpa-users.

15. Web Analytics

​

Web Analytics Privacy Policy Overview

• Affected parties: visitors to the website

• Purpose: Evaluation of visitor information to optimise the website.

• Processed data: Access statistics that contain data such as access location, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. You can find more details on this from the respective web analytics tool directly.

• Storage period: depending on the respective web analytics tool used

• Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Web Analytics?

We use software on our website, which is known as web analytics, in order to evaluate website visitor behaviour. Thus, data is collected, which the analytic tool provider (also called tracking tool) stores, manages and processes. Analyses of user behaviour on our website are created with this data, which we as the website operator receive. Most tools also offer various testing options. These enable us, to for example test which offers or content our visitors prefer. For this, we may show you two different offers for a limited period of time. After the test (a so-called A/B test) we know which product or content our website visitors find more interesting. For such testing as well as for various other analyses, user profiles are created and the respective data is stored in cookies.

Why do we run Web Analytics?

We have a clear goal in mind when it comes to our website: we want to offer our industry’s best website on the market. Therefore, we want to give you both, the best and most interesting offer as well as comfort when you visit our website. With web analysis tools, we can observe the behaviour of our website visitors, and then improve our website accordingly for you and for us. For example, we can see the average age of our visitors, where they come from, the times our website gets visited the most, and which content or products are particularly popular. All this information helps us to optimise our website and adapt it to your needs, interests and wishes.

Which data are processed?

The exact data that is stored depends on the analysis tools that are being used. But generally, data such as the content you view on our website are stored, as well as e. g. which buttons or links you click, when you open a page, which browser you use, which device (PC, tablet, smartphone, etc.) you visit the website with, or which computer system you use. If you have agreed that location data may also be collected, this data may also be processed by the provider of the web analysis tool. Moreover, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in a pseudonymised form (i.e. in an unrecognisable and abbreviated form). No directly linkable data such as your name, age, address or email address are stored for testing purposes, web analyses and web optimisations. If this data is collected, it is retained in a pseudonymised form. Therefore, it cannot be used to identify you as a person. The graphic under this link shows Google Analytics’ functionality as an example for client-based web tracking with JavaScript code. The storage period of the respective data always depends on the provider. Some cookies only retain data for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

If we have any further information on the duration of data processing, you will find it below. We generally only process personal data for as long as is absolutely necessary to provide products and services. The storage period may be extended if it is required by law, such as for accounting purposes for example for accounting.

Right to object

You also have the option and the right to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data processing by cookies by managing, deactivating or erasing cookies in your browser.

Legal basis

The use of Web Analytics requires your consent, which we obtained with our cookie popup. According to Art. 6 para. 1 lit. a of the GDPR (consent), this consent represents the legal basis for the processing of personal data, such as by collection through Web Analytics tools. In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors, which enables us to technically and economically improve our offer. With Web Analytics, we can recognise website errors, identify attacks and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f of the GDPR (legitimate interests). Nevertheless, we only use these tools if you have given your consent. Since Web Analytics tools use cookies, we recommend you to read our privacy policy on cookies. If you want to find out which of your data are stored and processed, you should read the privacy policies of the respective tools. If available, information on special Web Analytics tools can be found in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Overview

• Affected parties: website visitors

• Purpose: Evaluation of visitor information to optimise the website.

• Processed data: Access statistics that contain data such as the location of access, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. You can find more details on this in the privacy policy below.

• Storage period: Customizable, GA4 stores data for 14 months by default.

• Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

On our website, we use the analytics tracking tool Google Analytics in the Google Analytics 4 (GA4) version provided by the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies such as cookies, device IDs, and login information, you can be identified as a user across different devices. This allows your actions to be analyzed across platforms as well. For example, when you click on a link, this event is stored in a cookie and sent to Google Analytics. With the reports we receive from Google Analytics, we can better tailor our website and service to your needs. In the following, we will provide more information about the tracking tool and specifically inform you about the data processed and how you can prevent it. Google Analytics is a tracking tool used for website traffic analysis. The basis for these measurements and analyses is a pseudonymous user identification number. This number does not include personally identifiable information such as name or address but is used to assign events to a device. GA4 utilizes an event-based model that captures detailed information about user interactions such as page views, clicks, scrolling, and conversion events. Additionally, GA4 incorporates various machine learning features to better understand user behavior and certain trends. GA4 employs modeling through machine learning capabilities, meaning that based on the collected data, missing data can be extrapolated to optimize the analysis and provide forecasts. In order for Google Analytics to function properly, a tracking code is embedded in the code of our website. When you visit our website, this code records various events that you perform on our website. With GA4’s event-based data model, we, as website operators, can define and track specific events to obtain analyses of user interactions. This allows us to track not only general information such as clicks or page views but also specific events that are important for our business, such as submitting a contact form or making a purchase. Once you leave our website, this data is sent to and stored on Google Analytics servers. Google processes the data, and we receive reports on your user behavior. These reports can include, among others, the following:

• Audience reports: Audience reports help us get to know our users better and gain a more precise understanding of who is interested in our service.

• Advertising reports: Advertising reports make it easier for us to analyze and improve our online advertising.

• Acquisition reports: Acquisition reports provide helpful information on how we can attract more people to our service.

• Behavior reports: Here, we learn about how you interact with our website. We can track the path you take on our site and which links you click on.

• Conversion reports: Conversion refers to an action you take as a result of a marketing message, such as going from being a website visitor to becoming a buyer or newsletter subscriber. Through these reports, we gain insights into how our marketing efforts resonate with you, with the aim of improving our conversion rate.

• Real-time reports: With real-time reports, we can see what is currently happening on our website. For example, we can see how many users are currently reading this text.

In addition to the above-mentioned analysis reports, Google Analytics 4 also offers the following functions:

• ​Event-based data model: This model captures specific events that can occur on our website, such as playing a video, making a purchase, or subscribing to our newsletter.

• Advanced analytics features: With these features, we can gain a better understanding of your behavior on our website or certain general trends. For example, we can segment user groups, conduct comparative analyses of target audiences, or track your path on our website.

• Predictive modeling: Based on the collected data, missing data can be extrapolated through machine learning to predict future events and trends. This can help us develop better marketing strategies.

• Cross-platform analysis: Data collection and analysis are possible from both websites and apps. This enables us to analyze user behavior across platforms, provided you have consented to data processing.

​

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal. The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our website. On one hand, we can optimize our site to make it more easily found by interested people on Google. On the other hand, the data helps us better understand you as a visitor. We know exactly what we need to improve on our website in order to provide you with the best possible service. The data also helps us conduct our advertising and marketing activities in a more personalized and cost-effective manner. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

With the help of a tracking code, Google Analytics creates a random, unique ID associated with your browser cookie. This way, Google Analytics recognizes you as a new user, and a user ID is assigned to you. When you visit our site again, you are recognized as a “returning” user. All collected data is stored together with this user ID, making it possible to evaluate pseudonymous user profiles. To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the default is Google Analytics 4 Property. The data storage duration varies depending on the property used. Through identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your interactions, if you have consented, are measured across platforms. Interactions encompass all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated through Google Analytics can be linked to third-party cookies. Google does not disclose Google Analytics data unless we, as website operators, authorize it, except when required by law. According to Google, IP addresses are not logged or stored in Google Analytics 4. However, IP address data is used by Google for deriving location data and is immediately deleted thereafter. All IP addresses collected from users in the EU are deleted before the data is stored in a data center or on a server. Since GA4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions such as Google Universal Analytics. However, there are still some specific cookies used by GA4. These can include:

Name: _ga
Value: 2.1326744211.152312451506-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is used to distinguish website visitors.
Expiration: After 2 years

​

Name: _gid
Value: 2.1687193234.152312451506-1
Purpose: This cookie is also used to distinguish website visitors. 

Expiration: After 24 hours

Name: gat_gtag_UA

Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named dc_gtm .
Expiration: After 1 minute

​

Note: This list cannot claim to be exhaustive, as Google may change their choice of cookies from time to time. GA4 aims to improve data privacy and offers several options for controlling data collection. For example, we can determine the storage duration ourselves and control data. Here we provide an overview of the main types of data collected by Google Analytics:

• Heatmaps: Google creates heatmaps to show the exact areas you click on. This provides us with information about your interactions on our site.

• Session duration: Google refers to session duration as the time you spend on our site without leaving. If you are inactive for 20 minutes, the session automatically ends.

• Bounce rate: Bounce rate refers to when you view only one page on our website and then leave.

• Account creation: If you create an account or place an order on our website, Google Analytics collects this data.

• Location: IP addresses are not logged or stored in Google Analytics. However, location data is derived shortly before the IP address is deleted.

• Technical information: Technical information includes your browser type, internet service provider, and screen resolution, among others.

• Source of Origin: Google Analytics is interested in the website or advertisement that brought you to our site.

Additional data may include contact information, reviews, media playback (e.g., if you play a video on our site), sharing of content via social media, or adding to favorites. This list is not exhaustive and serves only as a general guide to the data storage by Google Analytics.

Where and how long are the data stored?

Google has servers distributed worldwide. You can find precise information about the locations of Google data centers at: https://www.google.com/about/datacenters/locations/?hl=en. Your data is distributed across multiple physical storage devices. This ensures faster access to data and better protection against manipulation. Each Google data center has emergency programs in place for your data. In the event of hardware failure or natural disasters, the risk of service interruption at Google remains low. The retention period of data depends on the properties used. The storage duration is always set separately for each individual property. Google Analytics offers us four options for controlling the storage duration:

• 2 months: This is the shortest storage period.

• 14 months: By default, data is stored in GA4 for 14 months.

• 26 months: Data can also be stored for 26 months.

• Data is only deleted manually.

In addition, there is also the option for data to be deleted only if you do not visit our website within the selected time period. In this case, the retention period is reset every time you revisit our website within the defined time frame. Once the defined period has expired, the data is deleted once a month. This retention period applies to data linked to cookies, user identification, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a combination of individual data into larger units.

How can I delete my data or prevent data storage?

Under the data protection laws of the European Union, you have the right to access, update, delete, or restrict your data. By using the browser add-on to deactivate Google Analytics JavaScript (analytics.js, gtag.js), you can prevent Google Analytics 4 from using your data. You can download and install the browser add-on at: https://tools.google.com/dlpage/gaoptout?hl=en. Please note that this add-on only disables data collection by Google Analytics. If you want to disable, delete, or manage cookies in general, you can find the respective instructions for the most common browsers in the “Cookies” section.

Legal basis

The use of Google Analytics requires your consent, which we obtained through our cookie popup. According to Art. 6 (1) (a) of the GDPR, this consent constitutes the legal basis for the processing of personal data that may occur during the collection by web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors to improve our offering technically and economically. By using Google Analytics, we can identify website errors, detect attacks, and improve efficiency. The legal basis for this is Art. 6 (1) (f) of the GDPR (legitimate interests). However, we only use Google Analytics if you have given your consent. Google processes data from you, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Additionally, Google uses so-called Standard Contractual Clauses (Article 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are template clauses provided by the EU Commission and are designed to ensure that your data complies with European data protection standards, even when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847. You can find the Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, at: https://business.safety.google/intl/en/adsprocessorterms/. We hope we have provided you with the most important information regarding the data processing by Google Analytics. If you want to learn more about the tracking service, we recommend the following links: https://marketingplatform.google.com/about/analytics/terms/en/ and https://support.google.com/analytics/answer/6004245?hl=en. If you want to learn more about data processing, you can refer to the Google Privacy Policy at: https://policies.google.com/privacy?hl=en.

Data Processing Agreement (DPA) Google Analytics

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Google Analytics. What exactly a DPA is and especially what must be included in a DPA, you can read in our general section “Data Processing Agreement (DPA)”. This contract is required by law because Google Analytics processes personal data on our behalf. It clarifies that Google Analytics may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Terms under https://business.safety.google/intl/en/adsprocessorterms/.

Google Analytics Reports on demographic characteristics and interests

We have turned on Google Analytics’ functions for advertising reports. These reports on demographic characteristics and interests contain details about age, gender and interests. Through them we can get a better picture of our users – without being able to allocate any data to individual persons. You can learn more about advertising functions at auf https://support.google.com/analytics/answer/3450482?hl=en&amp%3Butm_id=ad. You can terminate the use of your Google Account’s activities and information in “Ads Settings” at https://adssettings.google.com/authenticated via a checkbox.

​

Google Analytics Google Signals Privacy Policy

We have activated Google signals in Google Analytics. Through this, any existing Google Analytics functions (advertising reports, remarketing, cross-device reports and reports on interests and demographic characteristics) are updated, to result in the summary and anonymisation of your data, should you have permitted personalised ads in your Google Account. The special aspect of this is that it involves cross-device tracking. That means your data can be analysed across multiple devices. Through the activation of Google signals, data is collected and linked to the Google account. For example, it enables Google to recognise when you look at a product on a smartphone and later buy the product on a laptop. Due to activating Google signals, we can start cross-device remarketing campaigns, which would otherwise not be possible to this extent. Remarketing means, that we can show you our products and services across other websites as well. Moreover, further visitor data such as location, search history, YouTube history and data about your actions on our website are collected in Google Analytics. As a result, we receive improved advertising reports and more useful information on your interests and demographic characteristics. These include your age, the language you speak, where you live or what your gender is. Certain social criteria such as your job, your marital status or your income are also included. All these characteristics help Google Analytics to define groups of persons or target audiences. Those reports also help us to better assess your behaviour, as well as your wishes and interests. As a result, we can optimise and customise our products and services for you. By default, this data expires after 26 months. Please consider, that this data is only collected if you have agreed to personalised advertisement in your Google Account. The retained information is always exclusively summarised and anonymous data, and never any data on individual persons. You can manage or delete this data in your Google Account.

Google Analytics IP Anonymisation

We implemented Google Analytics’ IP address anonymisation to this website. Google developed this function, so this website can comply with the applicable privacy laws and the local data protection authorities’ recommendations, should they prohibit the retention of any full IP addresses. The anonymisation or masking of IP addresses takes place, as soon as they reach Google Analytics’ data collection network, but before the data would be saved or processed. You can find more information on IP anonymisation at https://support.google.com/analytics/answer/2763052?hl=en.

16. Email-Marketing

​

Email Marketing Overview

• Affected parties: newsletter subscribers

• Purpose: direct marketing via email, notification of events that are relevant to the system

• Processed data: data entered during registration, but at least the email address. You can find more details on this in the respective email marketing tool used.

Storage duration: for the duration of the subscription

Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Email-Marketing?

We use email marketing to keep you up to date. If you have agreed to receive our emails or newsletters, your data will be processed and stored. Email marketing is a part of online marketing. In this type of marketing, news or general information about a company, product or service are emailed to a specific group of people who are interested in it. If you want to participate in our email marketing (usually via newsletter), you usually just have to register with your email address. To do this, you have to fill in and submit an online form. However, we may also ask you for your title and name, so we can address you personally in our emails. The registration for newsletters generally works with the help of the so-called “double opt-in procedure”. After you have registered for our newsletter on our website, you will receive an email, via which you can confirm the newsletter registration. This ensures that you own the email address you signed up with, and prevents anyone to register with a third-party email address. We or a notification tool we use, will log every single registration. This is necessary so we can ensure and prove, that registration processes are done legally and correctly. In general, the time of registration and registration confirmation are stored, as well as your IP address. Moreover, any change you make to your data that we have on file is also logged.

Why do we use Email-Marketing?

Of course, we want to stay in contact with you and keep you in the loop of the most important news about our company. For this, we use email marketing – often just referred to as “newsletters” – as an essential part of our online marketing. If you agree to this or if it is permitted by law, we will send you newsletters, system emails or other notifications via email. Whenever the term “newsletter” is used in the following text, it mainly refers to emails that are sent regularly. We of course don’t want to bother you with our newsletter in any way. Thus, we genuinely strive to offer only relevant and interesting content. In our emails you can e.g. find out more about our company and our services or products. Since we are continuously improving our offer, our newsletter will always give you the latest news, or special, lucrative promotions. Should we commission a service provider for our email marketing, who offers a professional mailing tool, we do this in order to offer you fast and secure newsletters. The purpose of our email marketing is to inform you about new offers and also to get closer to our business goals.

Which data are processed?

If you subscribe to our newsletter via our website, you then have to confirm your membership in our email list via an email that we will send to you. In addition to your IP and email address, your name, address and telephone number may also be stored. However, this will only be done if you agree to this data retention. Any data marked as such are necessary so you can participate in the offered service. Giving this information is voluntary, but failure to provide it will prevent you from using this service. Moreover, information about your device or the type of content you prefer on our website may also be stored. In the section “Automatic data storage” you can find out more about how your data is stored when you visit a website. We record your informed consent, so we can always prove that it complies with our laws.

Duration of data processing

If you unsubscribe from our e-mail/newsletter distribution list, we may store your address for up to three years on the basis of our legitimate interests, so we can keep proof your consent at the time. We are only allowed to process this data if we have to defend ourselves against any claims. However, if you confirm that you have given us your consent to subscribe to the newsletter, you can submit an individual request for erasure at any time. Furthermore, if you permanently object to your consent, we reserve the right to store your email address in a blacklist. But as long as you have voluntarily subscribed to our newsletter, we will of course keep your email address on file. Withdrawal – how can I cancel my subscription? You have the option to cancel your newsletter subscription at any time. All you have to do is revoke your consent to the newsletter subscription. This usually only takes a few seconds or a few clicks. Most of the time you will find a link at the end of every email, via which you will be able to cancel the subscription. Should you not be able to find the link in the newsletter, you can contact us by email and we will immediately cancel your newsletter subscription for you.

Legal basis

Our newsletter is sent on the basis of your consent (Article 6 (1) (a) GDPR). This means that we are only allowed to send you a newsletter if you have actively registered for it beforehand. Moreover, we may also send you advertising messages on the basis of Section 7 (3) UWG (Unfair Competition Act), provided you have become our customer and have not objected to the use of your email address for direct mail. If available – you can find information on special email marketing services and how they process personal data, in the following sections.

Ascend by Wix Privacy Policy

We use Ascend by Wix on our website, which is a service for our email marketing. The service provider is the Israeli company Wix.com Ltd., 40 Namal Tel Aviv Street, Tel Aviv, 6350671 Israel. Ascend by Wix uses standard contractual clauses approved by the EU Commission (= Art. 46, paragraphs 2 and 3 of the GDPR) as basis for data processing by recipients based in third countries (which are outside the European Union, Iceland, Liechtenstein and Norway) or for data transfer there. These clauses oblige Ascend by Wix to comply with the EU‘s level of data protection when processing relevant data outside the EU. These clauses are based on an implementing order by the EU Commission. You can find the order and the clauses here: https://ec.europa.eu/commission/ presscorner/detail/en/ip_21_2847 You can find out more about the data that is processed through the use of Ascend by Wix in the privacy policy at https://www.wix.com/about/privacy.

Data Processing Agreement (DPA) Ascend by Wix

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Wix. What exactly a DPA is and especially what must be included in a DPA, you can read in our general section “Data Processing Agreement (DPA)”. This contract is required by law because Wix processes personal data on our behalf. It clarifies that Wix may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) under https://www.wix.com/about/privacy-dpa-users.