Introduction

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data"), which we process for which purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both within the framework of providing our services as well as particularly on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Status: March 24, 2021

Table of Contents

• Introduction

• Responsible Party

• Overview of Processing

• Relevant Legal Bases

• Security Measures

• Transmission of Personal Data

• Data Processing in Third Countries

• Use of Cookies

• Commercial Services

• Provision of the Online Offer and Web Hosting

• Blogs and Publishing Media

• Contacting Us

• Communication via Messenger

• Video Conferencing, Online Meetings, Webinars, and Screen Sharing

• Promotional Communication via Email, Mail, Fax, or Phone

• Web Analysis, Monitoring, and Optimization

• Online Marketing

• Presences in Social Networks (Social Media)

• Plugins and Embedded Functions as well as Content

• Hosting

• Deletion of Data

• Change and Update of the Privacy Policy

• Rights of Affected Persons

• Definitions

  
  

Responsible Party

Dr. Dirk Stemper
Psychology Halensee
Wallotstraße 8
14193 Berlin

Email address: info@praxis-psychologie-berlin.de.

Overview of Processing

The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected persons.

Types of Processed Data

• Event Data (Facebook) ("Event Data" refers to data that can be transmitted to Facebook via Facebook Pixel (via apps or other means) and relates to individuals or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, app installations, product purchases, etc.; the Event Data is processed for the purpose of forming target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (e.g., written comments), no login information, and no contact information (i.e., no names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, along with the target groups formed from them with the deletion of our Facebook account).

• Inventory Data (e.g., names, addresses).

• Content Data (e.g., inputs in online forms).

• Contact Data (e.g., email, phone numbers).

• Meta/Communication Data (e.g., device information, IP addresses).

• Usage Data (e.g., visited websites, interest in content, access times).

• Contract Data (e.g., subject of the contract, duration, customer category).

• Payment Data (e.g., bank details, invoices, payment history).

Categories of Affected Persons

• Business and contractual partners.

• Interested parties.

• Communication partners.

• Users (e.g., website visitors, users of online services).

Purposes of Processing

• Provision of our online offer and user-friendliness.

• Conversion measurement (measuring the effectiveness of marketing measures).

• Office and organizational procedures.

• Direct marketing (e.g., by email or post).

• Target group formation.

• Marketing.

• Contact inquiries and communication.

• Profiles with user-related information (creating user profiles).

• Remarketing.

• Reach measurement (e.g., access statistics, recognition of repeat visitors).

• Security measures.

• Provision of contractual services and customer service.

• Management and response to inquiries.

• Target group formation (determining relevant target groups for marketing purposes or other dissemination of content).

Relevant Legal Bases

The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations in your or our residence or registered office may apply. If more specific legal bases apply in individual cases, we will inform you of this in the privacy policy.

• Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) – The affected person has given their consent to the processing of their personal data for a specific purpose or multiple specific purposes.

• Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) – The processing is necessary for the performance of a contract, of which the affected person is a party, or for implementing pre-contractual measures, which are performed at the request of the affected person.

• Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR) – The processing is necessary to comply with a legal obligation to which the responsible party is subject.

• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) – The processing is necessary to safeguard the legitimate interests of the responsible party or a third party, unless the interests or fundamental rights and freedoms of the affected person, which require the protection of personal data, outweigh those interests.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection in Germany also apply. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, the processing for other purposes, and the transfer and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of employment (§ 26 BDSG), especially with regard to the establishment, performance, or termination of employment relationships, as well as the consent of employees. In addition, state data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures to ensure an adequate level of protection, in accordance with the legal requirements, considering the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of processing as well as differing probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.

Measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as related access, input, transmission, securing the availability, and separation. Furthermore, we have established procedures that ensure the exercise of affected rights, the deletion of data, and responses to threats to data. In addition, we consider the protection of personal data already in the development or selection of hardware, software, and processes in accordance with the principle of data protection by design and by default.

Transmission of Personal Data

As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include, for example, service providers assigned to IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the statutory provisions and particularly enter into agreements or contracts that serve to protect your data with the recipients of your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place within the framework of using third-party services or disclosing or transmitting data to other persons, bodies, or companies, this is only done in accordance with the statutory provisions.

Subject to express consent or contractually or legally required transmission, we only process data in third countries with an adequate level of data protection, contractual obligations through so-called standard contractual clauses of the EU Commission, if certifications or binding internal data protection regulations are available (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie serves primarily to store information about a user during or after their visit to an online offer. The stored information may include, for example, language settings on a website, login status, a shopping cart, or the point at which a video was watched. The term "cookies" also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as "user IDs").

The following types of cookies and functions are distinguished:

• Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.

• Permanent Cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when a user revisits a website. Likewise, user interests used for reach measurement or marketing purposes can be stored in such a cookie.

• First-Party Cookies: First-party cookies are set by us.

• Third-Party Cookies: Third-party cookies are primarily used by advertisers (so-called third parties) to process user information.

• Necessary (also: essential or strictly necessary) Cookies: Cookies can be strictly necessary for the operation of a website (e.g., to store logins or other user inputs or for security reasons).

• Statistics, Marketing, and Personalization Cookies: Furthermore, cookies are typically used as part of reach measurement and when a user's interests or behavior (e.g., viewing certain content, using functions, etc.) are stored in a user profile on individual web pages. Such profiles serve to display content to users that corresponds to their potential interests. This process is also referred to as "tracking", i.e., tracking users' potential interests. To the extent that we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

Notes on Legal Bases: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with cookies will be processed on the basis of our legitimate interests (e.g., in an operational facility of our online offer and its improvement) or, when the use of cookies is necessary, to fulfill our contractual obligations.

Storage Duration: If we do not provide you with explicit information regarding the storage duration of permanent cookies (e.g., within the framework of a so-called cookie opt-in), please assume that the storage duration can be up to two years.

General Notes on Revocation and Opposition (Opt-Out): Depending on whether processing is based on consent or lawful permission, you have the option at any time to revoke a granted consent or oppose the processing of your data using cookie technologies (collectively referred to as "Opt-Out"). You can initially declare your objection through your browser settings, e.g., by disabling the use of cookies (which may limit the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared through a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ . In addition, you can receive further opposition notes within the information about the service providers and cookies used.

Processing Cookie Data on the Basis of Consent: We use a cookie consent management procedure, in which the consents of users to the use of cookies, as well as the processing and providers mentioned in the cookie consent management procedure, are obtained, managed, and can be revoked by the users. In this context, the consent statement is stored so that it does not need to be queried again, and to document the consent as required by law. The storage can take place server-side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) to be able to assign the consent to a user or their device. Subject to individual notes on the providers of cookie management services, the following notes apply: the duration of storage of consent can be up to two years. In this process, a pseudonymous user identifier is created and stored with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers) as well as the browser, system, and device used.

• Processed Data Types: Usage data (e.g., visited web pages, interest in content, access times), Meta/Communication data (e.g., device information, IP addresses).

• Affected Persons: Users (e.g., website visitors, users of online services).

• Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Commercial Services

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as "contract partners") within the framework of contractual and comparable legal relationships as well as related measures and in the context of communication with the contract partners (or pre-contractually), e.g., to answer inquiries.

We process this data to fulfill our contractual obligations, to secure our rights, and for purposes related to administrative tasks and corporate organization. We only pass on data of contract partners to third parties within the framework of applicable law to the extent necessary for the aforementioned purposes or with the consent of the affected persons (e.g., to involved telecommunications, transportation, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Further processing forms, e.g., for marketing purposes, will be informed to the contract partners within the framework of this privacy policy.

We provide contract partners with the information about which data is required for the aforementioned purposes before or during the data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks or similar), or personally.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it must be kept for legal reasons of archiving (e.g., for tax purposes typically 10 years). Data that has been disclosed to us by the contract partner in the context of an assignment will be deleted in accordance with the specifications of the assignment, generally after the end of the assignment.

To the extent that we use third parties or platforms to provide our services, the terms and privacy notices of the respective third parties or platforms apply in the relationship between the users and the providers.

• Processed Data Types: Inventory data (e.g., names, addresses), Payment data (e.g., bank details, invoices, payment history), Contact data (e.g., email, phone numbers), Contract data (e.g., subject of the contract, duration, customer category).

• Affected Persons: Interested parties, business and contract partners.

• Purposes of Processing: Provision of contractual services and customer service, contact inquiries and communication, office and organizational procedures, management and answering of inquiries.

• Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Provision of the Online Offer and Web Hosting

To ensure the secure and efficient provision of our online offer, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For this purpose, we can use infrastructure and platform services, computing capacity, storage space, and database services, as well as security services and technical maintenance services.

The data processed in the context of providing the hosting offer may include all data related to the users of our online offer that arises in the context of the use and communication. This regularly includes the IP address, which is necessary to deliver the content of online offers to browsers, and all inputs made within our online offer or from websites.

Collection of Access Data and Logfiles: We (or our web hosting provider) collect data on each access to the server (so-called server logfiles). Server logfiles may include the address and name of the retrieved websites and files, date and time of the retrieval, transferred data volumes, message about successful retrieval, browser type including version, user's operating system, referrer URL (the previously visited page), and in general IP addresses and the querying provider.

The server logfiles may, on the one hand, be used for security purposes, e.g., to avoid server overloads (especially in case of abusive attacks, so-called DDoS attacks) and on the other hand, to ensure the capacity utilization of the servers and their stability.

• Processed Data Types: Content data (e.g., inputs in online forms), Usage data (e.g., visited websites, interest in content, access times), Meta/Communication data (e.g., device information, IP addresses).

• Affected Persons: Users (e.g., website visitors, users of online services).

• Purposes of Processing: Provision of our online offer and user-friendliness.

• Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Blogs and Publishing Media

We use blogs or similar means of online communication and publication (hereinafter referred to as "publishing media"). The data of readers are processed for the purposes of the publishing medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publishing medium within the framework of this data protection notice.

Comments and Contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we can be held responsible for the comment or contribution and are therefore interested in the identity of the author.

Furthermore, we reserve the right to process user information for spam detection based on our legitimate interests.

On the same legal basis, we reserve the right to store the IP addresses of users for the duration of surveys and to use cookies to avoid multiple voting.

The information shared about the person within the comments and contributions, any contact and website information as well as the content-related information will be stored by us until the user objects.

• Processed Data Types: Inventory data (e.g., names, addresses), Contact data (e.g., email, phone numbers), Content data (e.g., inputs in online forms), Usage data (e.g., visited websites, interest in content, access times), Meta/Communication data (e.g., device information, IP addresses).

• Affected Persons: Users (e.g., website visitors, users of online services).

• Purposes of Processing: Provision of contractual services and customer service, feedback (e.g., collecting feedback via online form), security measures, management and response to inquiries.

• Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Used Services and Service Providers:

• UpdraftPlus: Backup software and backup storage; Service provider: Simba Hosting Ltd., 11, Barringer Way, St. Neots, Cambs., PE19 1LW, GB; Website: https://updraftplus.com/; Privacy Policy: https://updraftplus.com/data-protection-and-privacy-centre/.

Contacting Us

When contacting us (e.g., via contact form, email, phone, or via social media), the information of the inquiring persons is processed to the extent necessary to answer the contact inquiries and any measures requested.

The response to contact inquiries within the context of contractual or pre-contractual relationships occurs to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise based on our legitimate interests in answering the inquiries.

• Processed Data Types: Inventory data (e.g., names, addresses), Contact data (e.g., email, phone numbers), Content data (e.g., inputs in online forms).

• Affected Persons: Communication partners.

• Purposes of Processing: Contact inquiries and communication.

• Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Communication via Messenger

We use messengers for communication purposes and therefore ask you to pay attention to the following information about the functionality of messengers, encryption, the use of the communication metadata, and your options to object.

You can also contact us through alternative means, e.g., via phone or email. Please use the contact options provided to you or the contact options indicated within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages is not accessible, not even to the messenger providers themselves. You should always use an updated version of the messenger with encryption enabled to ensure the encryption of the message content.

However, we also inform our communication partners that while the messenger providers cannot see the content, they can learn when and how their communication partners communicate with us, as well as technical information about the communicating device and, depending on their device settings, location information (so-called metadata).

Notes on Legal Bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and they, for example, contact us on their own initiative, we use messengers in relation to our contractual partners as a contractual measure and in the case of other interested parties and communication partners based on our legitimate interests in a fast and efficient communication and fulfilling the needs of our communication partners for communication via messenger. Moreover, we would like to point out that we will not transmit the contact data provided to us to the messengers without your consent.

Revocation, Opposition, and Deletion: You can revoke any granted consent at any time and oppose communication with us via messenger at any time. In the case of communication via messenger, we delete the messages according to our general deletion policies (i.e., e.g., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any inquiries from the communication partners, if no reference to a previous conversation can be expected, and deletion is not precluded by any statutory retention obligations.

Reservation of Reference to Other Communication Means: In conclusion, we would like to point out that we reserve the right not to answer inquiries via messenger for your security reasons. This is the case if, for example, contractual matters require special confidentiality or a response via messenger does not meet formal requirements. In such cases, we refer you to more adequate communication means.

• Processed Data Types: Contact data (e.g., email, phone numbers), Usage data (e.g., visited websites, interest in content, access times), Meta/Communication data (e.g., device information, IP addresses).

• Affected Persons: Communication partners.

• Purposes of Processing: Contact inquiries and communication, direct marketing (e.g., by email or post).

• Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Video Conferencing, Online Meetings, Webinars, and Screen Sharing

We use platforms and applications from other providers (hereinafter referred to as "conference platforms") for the purposes of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as "conference"). In selecting the conference platforms and their services, we adhere to statutory provisions.

• Processed Data Types: Inventory data (e.g., names, addresses), Contact data (e.g., email, phone numbers), Content data (e.g., inputs in online forms), Usage data (e.g., visited websites, interest in content, access times), Meta/Communication data (e.g., device information, IP addresses).

• Affected Persons: Communication partners, users (e.g., website visitors, users of online services).

• Purposes of Processing: Provision of contractual services and customer service, contact inquiries and communication, office and organizational procedures.

• Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Promotional Communication via Email, Mail, Fax, or Phone

We process personal data for the purposes of promotional communication, which may take place via various channels, such as email, phone, post, or fax, in accordance with the statutory provisions.

Recipients have the right to revoke granted consents at any time or to oppose promotional communication at any time.

After revocation or opposition, we may store the data necessary to prove the consent for up to three years based on our legitimate interests before deleting it. The processing of this data is limited to the purpose of possibly defending against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed.

• Processed Data Types: Inventory data (e.g., names, addresses), Contact data (e.g., email, phone numbers).

• Affected Persons: Communication partners.

• Purposes of Processing: Direct marketing (e.g., by email or post).

• Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as "reach measurement") serves to evaluate the visitor flows of our online offer and may include behavior, interests, or demographic information about the visitors, such as age or gender, as pseudonymous values. Through reach analysis, we can recognize, for example, at what times our online offer or its functions or content are used most frequently or invite reuse. We can also track which areas need optimization.

In addition to web analysis, we can also use testing procedures to test and optimize different versions of our online offer or its components.

For these purposes, so-called user profiles can be created and stored in a file (so-called "cookie") or similar procedures with the same purpose can be used. These details may include, for example, viewed content, visited websites and elements used there, and technical details, such as the browser used, the computer system used, and usage times. If users have consented to the collection of their location data, these may also be processed depending on the provider.

We also store the IP addresses of the users. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect the users. In general, no clear user data (e.g., email addresses or names) is stored as part of web analysis, A/B testing, and optimization, but pseudonymous data. That is, we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on Legal Bases: If we ask users for their consent to the use of the third parties, then the legal basis for processing the data is their consent. Otherwise, the users' data will be processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would like to refer you to the information on the use of cookies in this privacy policy.

• Processed Data Types: Usage data (e.g., visited websites, interest in content, access times), Meta/Communication data (e.g., device information, IP addresses).

• Affected Persons: Users (e.g., website visitors, users of online services).

• Purposes of Processing: Reach measurement (e.g., access statistics, recognition of repeat visitors), profiles with user-related information (creating user profiles).

• Security Measures: IP masking (pseudonymization of the IP address).

• Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Online Marketing

We process personal data for the purposes of online marketing, whereby the marketing of advertising spaces or the presentation of advertising and other content (collectively referred to as "content") based on potential user interests and measuring their effectiveness may fall under this.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used that store relevant information about the user for displaying the aforementioned content. These details may include such things as viewed content, visited websites, used online networks, but also communication partners and technical details, such as the browser used, the computer system used, and usage times. If users have consented to the collection of their location data, this may also be processed.

We also store the IP addresses of the users. However, we use available IP masking procedures (i.e., pseudonymization by truncating the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored within the framework of online marketing procedures, but pseudonymous data. That is, we, as well as the providers of the online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or using similar methods. These cookies can later generally also be read on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content, as well as supplemented with further data and stored on the server of the online marketing procedure provider.

In exceptional cases, clear data can be assigned to the profiles. This is the case if, for example, users are members of a social network whose online marketing procedure we use and this network connects the users' profiles with the aforementioned information. We ask you to note that users can make additional agreements with providers, such as consent during registration.

In general, we only gain access to summarized information about the success of our advertisements. However, we can examine within the framework of so-called conversion measurement which of our online marketing measures led to a so-called conversion, i.e., for example, to a contract conclusion with us. The conversion measurement is used solely for the analysis of the success of our marketing measures.

Unless otherwise specified, we ask you to assume that cookies used are stored for a period of two years.

Notes on Legal Bases: If we ask users for their consent to use third parties, the legal basis for processing data is consent. Otherwise, users' data are processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would like to refer you to the information on the use of cookies in this privacy policy.

Facebook Pixel and Target Group Formation (Custom Audiences): 

With the help of the Facebook Pixel (or comparable functions, for transmitting event data or contact information via interfaces in apps), Facebook can determine the visitors of our online offer as a target group for the display of ads (so-called "Facebook Ads"). Accordingly, we use the Facebook Pixel to display the Facebook Ads we run only to those users on Facebook and within the services of partners cooperating with Facebook (the so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown interest in our online offer or who exhibit certain characteristics (e.g., interest in specific topics or products, as evidenced by the websites visited), which we transmit to Facebook (the so-called "Custom Audiences"). With the help of the Facebook Pixel, we also want to ensure that our Facebook Ads match the potential interests of users and do not appear intrusive. Furthermore, the Facebook Pixel allows us to measure the effectiveness of Facebook Ads for statistical and market research purposes.Processed Data Types: Usage data (e.g., visited websites, interest in content, access times), Meta/Communication data (e.g., device information, IP addresses), Event Data (Facebook) ("Event Data" refers to data that can be transmitted to Facebook via Facebook Pixel (via apps or other means) and relates to individuals or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, app installations, product purchases, etc.; the Event Data is processed for the purpose of forming target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (e.g., written comments), no login information, and no contact information (i.e., no names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, along with the target groups formed from them with the deletion of our Facebook account).

Affected Persons: Users (e.g., website visitors, users of online services).

Purposes of Processing: Marketing, profiles with user-related information (creating user profiles), remarketing, conversion measurement (measuring the effectiveness of marketing measures), target group formation, target group formation (determining relevant target groups for marketing purposes or other distribution of content).

Security Measures: IP masking (pseudonymization of the IP address).

Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Opportunity to Object (Opt-Out): We reference the privacy notices of the respective providers and the opt-out options provided for the providers (so-called "Opt-Out"). If no explicit opt-out option has been provided, you have the option to disable cookies in your browser settings. However, this may restrict functions of our online offer. We therefore also recommend the following opt-out options, which are collectively offered for respective regions: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-border: https://optout.aboutads.info.

Used Services and Service Providers:

• Google Tag Manager: Google Tag Manager is a solution that allows us to manage so-called website tags through an interface and thus integrate other services into our online offer (further information can be found in this privacy policy). The Tag Manager itself (which implements the tags) does not create profiles of users or save cookies. Google only learns the user's IP address, which is necessary to execute the Google Tag Manager. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy.

• Google Analytics: Online marketing and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Opportunity to Opt-Out (Opt-Out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, settings for ad display: https://adssettings.google.com/authenticated.

• Google Ad Manager: We use the "Google Marketing Platform" (and services such as "Google Ad Manager") to place ads in the Google advertising network (e.g., in search results, videos, on websites, etc.). The Google Marketing Platform distinguishes itself through real-time ad placement based on the presumed interests of users. This allows us to show ads for and within our online offer more targeted, to present users with ads that potentially match their interests. If a user, for example, sees ads for products he/she has shown interest in on other online offers, this is referred to as "remarketing." Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy.

• 
  

1603501783.006981 257596987.70642203 948339563.0620155 256961602.297235 176744296.81612903 1746503365.6544275 296435351.42410713 12978572265.24 325107414.4 1259743282.1941392 4208020379 28466142528.04348 13194774020 1920841081.625 1150228118.7844942 2189539997.723077 2283050162.061856 965381620.961794 21542048903.97059 3014315822.442953 

Presences in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about us.

We would like to point out that user data may be processed outside of the European Union. This may entail risks for users, as the enforcement of users' rights may be impeded.

Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles may be created based on user behavior and resulting interests. Usage profiles can subsequently be used to place ads within and outside the networks that likely correspond to users' interests. For these purposes, cookies are typically stored on users' computers, in which usage behavior and users' interests are stored. Furthermore, data may be stored in usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and logged in to them).

For a detailed presentation of the respective processing forms and the options to object (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

In the case of inquiries for information and the assertion of rights of the affected persons, we would also like to point out that these can be most effectively asserted with the providers. Only the providers have access to the users' data and can directly take corresponding measures and provide information. Should you still require assistance, you can contact us.

Facebook: We are jointly responsible with Facebook Ireland Ltd. for collecting (but not processing further) data from visitors to our Facebook page (so-called "fan page"). Such data includes information about the types of content users view or interact with, or actions taken by them (see under "Things Done and Provided by You and Others" in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by the users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in the Facebook Data Policy declaration: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How Do We Use This Information?", Facebook also collects and uses information to provide analysis services, so-called "Page Insights", for page operators so that they gain insights into how people interact with their pages and the related content. We have concluded a specific agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates, in particular, the security measures that Facebook must comply with, and in which Facebook has agreed to fulfill the rights of the affected persons (i.e., users can direct requests for information or deletion requests directly to Facebook). The rights of users (in particular, the rights to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data).

• Processed Data Types: Contact data (e.g., email, phone numbers), Content data (e.g., inputs in online forms), Usage data (e.g., visited websites, interest in content, access times), Meta/Communication data (e.g., device information, IP addresses).

• Affected Persons: Users (e.g., website visitors, users of online services).

• Purposes of Processing: Contact inquiries and communication, feedback (e.g., collecting feedback via online form), marketing.

• Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Used Services and Service Providers:

• Instagram: Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.

• Facebook: Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Opt-out option: https://www.facebook.com/settings?tab=ads.

• LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Opt-out option: https://adssettings.google.com/authenticated.

• Xing: Social network; Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.de; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

Plugins and Embedded Functions as well as Content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third parties"). These may include, for example, graphics, videos, or city maps (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the users' IP addresses, as they could not send the content to their browsers without the IP address. The IP address is thus necessary for the presentation of this content or functions. We strive to only use such content whose respective providers use the IP address only for delivering the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The pixel tags can be used to evaluate information, such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the users' devices and may contain, among other things, technical details about the browser and operating system, referring websites, visit times, and additional information about the use of our online offer, as well as being connected with information from other sources.

Notes on Legal Bases: If we ask users for their consent to the use of third parties, the legal basis for processing the data is consent. Otherwise, users' data will be processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

• Processed Data Types: Usage data (e.g., visited websites, interest in content, access times), Meta/Communication data (e.g., device information, IP addresses).

• Affected Persons: Users (e.g., website visitors, users of online services).

• Purposes of Processing: Provision of our online offer and user-friendliness, provision of contractual services and customer service.

• Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Used Services and Service Providers:

• Google Maps: We integrate the maps of the service "Google Maps" from the provider Google. The processed data may particularly include IP addresses and location data of the users, which, however, will not be collected without their consent (usually carried out within the framework of the settings of their mobile devices); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Privacy Policy: https://policies.google.com/privacy; Opt-out option: https://tools.google.com/dlpage/gaoptout?hl=en, settings for ad display: https://adssettings.google.com/authenticated.

  
  

Hosting We host the content of our website with one of the following service providers: Framer provider is Framer Inc., Rozengracht 207, 1016 LZ Amsterdam, Netherlands (hereinafter referred to as "Framer"). When you visit our website, Framer collects various log files, including your IP addresses. We have entered into a processing agreement (AVV) with Framer in accordance with Art. 28 GDPR. This contract ensures that Framer only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR. For further information, please refer to Framer's privacy policy: https://www.framer.com/legal/privacy-statement/. The use of Framer occurs based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in providing our website as reliably as possible. Website Analysis with Framer Analytics This website uses Framer Analytics, a web analysis service from Framer, Inc. Framer Analytics does not use cookies and does not collect personal data. The collected data is fully anonymized and serves to analyze user behavior on our website and improve our offering. This includes, for example, information about the number of visitors, the pages visited, the duration of stay, and the devices used. This data is not combined with other data sources and does not allow any conclusions to be drawn about individual persons. The processing of this data is based on our legitimate interest in optimizing our website (Art. 6 para. 1 lit. f GDPR).

Deletion of Data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consents allowed for processing are revoked or other permissions expire (e.g., when the purpose of processing this data ceases or they are no longer necessary for the purpose).

Unless the data is not deleted because it is necessary for other legally permissible purposes, its processing will be restricted to these purposes. That is, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or the protection of the rights of another natural or legal person.

Our data protection notices may also contain further information regarding the retention and deletion of data that primarily applies to the respective processes.

Change and Update of the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as the changes in our data processing make this necessary. We will inform you as soon as changes require an action on your part (e.g., consent) or some other individual notification.

If we provide addresses and contact details of companies and organizations in this privacy policy, please note that these addresses may change over time and check the information before contacting.

Rights of Affected Persons

You, as an affected person, have various rights under the GDPR, which arise particularly from Art. 15 to 21 GDPR:

• Right to Object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you, which is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR; this applies also to profiling based on these provisions. If personal data relating to you is being processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this applies also to profiling, to the extent it is related to such direct marketing.

• Right of Withdrawal of Consents: You have the right to withdraw granted consents at any time.

• Right of Access: You have the right to request confirmation as to whether personal data concerning you is processed and to request access to such data as well as further information and a copy of the data in accordance with legal requirements.

• Right to Rectification: You have the right to request the completion of personal data concerning you or the rectification of inaccurate personal data concerning you, in accordance with legal requirements.

• Right to Deletion and Restriction of Processing: You have the right to demand that personal data concerning you is deleted immediately, or alternatively, to request a restriction of the processing of the data, in accordance with legal requirements.

• Right to Data Portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request the transmission to another controller, in accordance with legal requirements.

• Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data relating to you infringes the provisions of the GDPR.

Definitions

This section provides you with an overview of the terminology used in this privacy policy. Many of the terms are taken from the law and are defined mainly in Art. 4 GDPR. The legal definitions are binding. The following explanations are mainly intended for understanding. The terms are sorted alphabetically.

• IP Masking: "IP masking" is a method whereby the last octet, i.e., the last two numbers of an IP address, are deleted so that the IP address can no longer serve to uniquely identify a person. Therefore, IP masking is a means of pseudonymization of processing procedures, especially in online marketing 

• Conversion Measurement: Conversion measurement (also referred to as "visit action evaluation") is a procedure with which the effectiveness of marketing measures can be determined. This typically involves a cookie being stored on the users' devices within the websites where the marketing measures take place, which is then retrieved again on the target website. For example, this allows us to track whether the ads we placed on other websites were successful. 

• Personal Data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific features that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

• Profiles with User-Related Information: The processing of "profiles with user-related information", or simply "profiles", includes any kind of automated processing of personal data that uses personal data to analyze, evaluate or predict certain personal aspects related to a natural person (depending on the type of profiling, this can include different information regarding demographics, behavior, and interests, such as interaction with websites and their content, etc.). Cookies and web beacons are often used for profiling purposes. 

• Reach Measurement: Reach measurement (also referred to as web analytics) serves to evaluate the visitor flows of an online offer and may include the behavior or interests of visitors for specific information, such as content of websites. Through reach analysis, website owners can, for example, determine when visitors visit their website and which content interests them. Thus, they can better adapt the content of the website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis.

• Remarketing: "Remarketing" or "retargeting" refers to the practice of marking which products a user has shown interest in on a website for advertising purposes, in order to remind the user of these products on other websites, e.g., in advertisements.

• Responsible Party: The natural or legal person, authority, institution, or other body that decides alone or jointly with others on the purposes and means of processing personal data is referred to as the "responsible party".

• Processing: "Processing" refers to any operation or set of operations performed upon personal data, whether or not by automated means. The term is broad and includes practically any handling of data, such as collection, evaluation, storage, transmission, or deletion.

• Target Group Formation: The term "target group formation" (or "custom audiences") refers to the determination of target groups for advertising purposes, for instance, the display of ads. For example, it can be inferred from a user's interest in specific products or topics on the internet that this user is interested in advertisements for similar products or the online shop in which he/she viewed the products. The term "lookalike audiences" (or similar target groups) refers to when content deemed suitable is shown to users whose profiles or interests presumably correspond to those of the users for whom the profiles were formed. In general, cookies and web beacons are usually used for the purpose of creating custom audiences and lookalike audiences.