1. A Quick Overview of Privacy

‍General Information
The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

‍Data Collection on This Website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact data in the section “Note on the Responsible Body” in this privacy policy.
‍
How do we collect your data?
Your data is collected on the one hand, when you provide it to us. This can be, for example, data that you enter in a contact form. Other data is collected automatically or after your consent when visiting the website through our IT systems. These are mainly technical data (e.g., internet browser, operating system, or the time of page access). This data is collected automatically as soon as you enter this website.
‍
What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data can be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other inquiry requests.

What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of these data. If you have given consent for data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Moreover, you have the right to lodge a complaint with the competent supervisory authority. You can always contact us regarding these as well as other questions on the subject of data protection.

Analysis Tools and Tools from Third-Party Providers
When visiting this website, your surfing behavior can be statistically evaluated. This mainly happens with so-called analysis programs. Detailed information on these analysis programs can be found in the following privacy policy.

2. Hosting and Content Delivery Networks (CDN)
‍
We host the contents of our website at the following provider:
‍
Amazon Web Services (AWS)
The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter AWS). When you visit our website, your personal data is processed on AWS servers. Personal data can also be transferred to AWS’s parent company in the USA. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/. Further information can be found in AWS’s privacy policy: https://aws.amazon.com/de/privacy/?nc1=f_pr. The use of AWS is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in a reliable presentation of our website. If consent has been requested, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent covers the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5776.
‍
Order Processing
We have concluded an order processing contract (AVV) for the use of the mentioned service. This is a data protection contract that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Cloudflare
We use the service “Cloudflare.” The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”). Cloudflare offers a globally distributed Content Delivery Network with DNS. Technically, the information transfer between your browser and our website is routed through Cloudflare's network. This enables Cloudflare to analyze the data traffic between your browser and our website and serve as a filter between our servers and potentially malicious data traffic from the internet. Cloudflare can use cookies or other technologies to recognize internet users, but only for the purpose described here. The use of Cloudflare is based on our legitimate interest in a fault-free and secure provision of our web offering (Art. 6 para. 1 lit. f GDPR). Data transmission to the USA is based on the EU standard contractual clauses. Details and further information on safety and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5666.

Order Processing
We have concluded an order processing contract (AVV) for the use of the mentioned service. This is a data protection contract that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Amazon CloudFront CDN
We use the Content Delivery Network Amazon CloudFront CDN. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (hereinafter “Amazon”). Amazon CloudFront CDN is a globally distributed Content Delivery Network. Technically, information transfer between your browser and our website is routed through the Content Delivery Network. This increases the worldwide reachability and performance of our website. The use of Amazon CloudFront CDN is based on our legitimate interest in a fault-free and secure provision of our web offering (Art. 6 para. 1 lit. f GDPR). Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/. Further information on Amazon CloudFront CDN can be found here: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5776. Order Processing We have concluded an order processing contract (AVV) for the use of the mentioned service. This is a data protection contract that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General Notes and Mandatory Information
‍
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy. When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done. We point out that data transmission on the internet (e.g., when communicating by e-mail) can have security gaps. Complete protection of data from access by third parties is not possible.

Note on the Responsible Body
The responsible body for data processing on this website is:
Company: Copecart Pro Limited
Legal form: LTD - Private Company Limited by Shares
Register number: 765393
Business address: Ground Floor, 71 Lower Baggot Street, Dublin 2, Co. Dublin, D02 P593, Ireland Telephone: +49 30 25559259
Email: Support-pro@copecart.com

The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration
Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you make a legitimate deletion request or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will occur after these reasons cease.

General Notes on the Legal Basis of Data Processing on this Website
If you have consented to data processing, we process your personal data based on Art. 6 para. 1 lit. a GDPR and/or Art. 9 para. 2 lit. a GDPR if special data categories according to Art. 9 para. 1 GDPR are processed. In case of express consent to the transmission of personal data to third countries, data processing is also carried out based on Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is also carried out based on § 25 para. 1 TDDDG. Consent is revocable at any time. If your data is necessary for contract fulfillment or to carry out pre-contractual measures, we process your data based on Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if it is necessary for the fulfillment of a legal obligation based on Art. 6 para. 1 lit. c GDPR. Data processing can also be based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in individual cases is provided in the following paragraphs of this privacy policy.

Data Protection Officer
We have appointed a Data Protection Officer.
Williams-Connect
Janko Williams
Straße der Jugend 18
14974 Ludwigsfelde Telephone: +49 (0) 30 25559259
Email: datenschutz@copecart.com

Note on Data Disclosure in Privacy-Unsecure Third Countries and Disclosure to US Companies Not Certified Under DPF
We use tools from companies based in third countries that are not privacy-secure, as well as US-tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these states and processed there. We point out that no equivalent data protection level comparable to that in the EU can be guaranteed in privacy-unsecure third countries. We point out that the USA is fundamentally considered a secure third country with a comparable data protection level to the EU. Data transmission to the USA is permissible if the recipient has certification under the “EU-US Data Privacy Framework” (DPF) or possesses suitable additional guarantees. Information on transmissions to third countries, including the data recipients, can be found in this privacy policy.

Recipients of Personal Data
As part of our business activities, we work with various external entities. In some cases, this also requires the transmission of personal data to these external entities. We only pass personal data to external entities if it is necessary as part of contract fulfillment, if we are legally obliged to do so (e.g., dissemination of data to tax authorities), if we have a legitimate interest after Art. 6 para. 1 lit. f GDPR in the dissemination or if some other legal basis allows data dissemination. When using processors, we only pass personal data of our customers based on a valid processing contract. In case of joint processing, a joint processing contract is concluded.

Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can revoke consent already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and Against Direct Advertising (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR). IF YOUR PERSONAL DATA IS PROCESSED TO CONDUCT DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH ADVERTISING PURPOSES; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their usual residence, place of work or the location of the alleged violation. The right to lodge a complaint remains unaffected by other administrative or judicial remedies.

Right to Data Portability
You have the right to data that we process automatically based on your consent or in fulfillment of a contract, to be handed over to yourself or a third party in a common, machine-readable format. If you request the direct transmission of the data to another responsible party, this is only done to the extent that it is technically feasible.

Information, Correction, and Deletion
Within the scope of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient, and the purpose of the data processing and, if necessary, a right to correction or deletion of these data. For this purpose, as well as for further questions regarding personal data, you can always contact us.‍

Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data. To do this, you can always contact us. The right to restriction of processing exists in the following cases:
‍
– If you dispute the correctness of your stored personal data, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
‍
– If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
‍
– If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
‍
– If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, a balance must be made between your and our interests. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data may only be processed – apart from storage – with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.

SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on This Website
If after the conclusion of a fee-based contract, there is an obligation to transmit your payment data (e.g., account number for direct debit authorization), this data is required for payment processing. The payment transactions via the common payment means (Visa/MasterCard, debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and the lock symbol in your browser line. In the case of encrypted communication, your payment data, which you transmit to us, cannot be read by third parties.

Opposition to Advertising Emails
We hereby object to the use of contact data published within the scope of the imprint obligation for sending unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal steps in the event of unsolicited sending of advertising information, such as spam emails.

4. Data Collection on This Website

Cookies
Our internet pages use so-called “cookies.” Cookies are small data packets and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain on your device until you delete them yourself or an automatic deletion is carried out by your web browser. Cookies may come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies allow the integration of certain services from third-party companies within websites (e.g., cookies for payment transaction processing). Cookies have different functions. Many cookies are technically necessary as some website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies can be used to evaluate user behavior or for advertising purposes. Cookies that are necessary for carrying out the electronic communication process, providing certain functions requested by you (e.g., for the shopping cart function), or optimizing the website (e.g., cookies for measuring website audience) are stored based on Art. 6 para. 1 lit. f GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and similar recognition technologies is requested, processing is carried out exclusively based on this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time. You can set your browser so that you are informed about the setting of cookies and only allow cookies individually, exclude the acceptance of cookies for certain cases or generally, and activate automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. You can find out which cookies and services are used on this website in this privacy policy.

Consent with Cookiebot
Our website uses the consent technology of Cookiebot to obtain your consent for storing certain cookies on your device or using certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”). When you enter our website, a connection to Cookiebot servers is established to obtain your consents and other declarations regarding the use of cookies. Subsequently, Cookiebot stores a cookie in your browser to assign the consents you have given or their revocation. The data collected will be stored until you request us to delete it, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected. The use of Cookiebot serves to obtain the legally required consents for the usage of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Order Processing
We have concluded an order processing contract (AVV) for the use of the mentioned service. This is a data protection contract that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
These are:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of server request
- IP address
A merge of this data with other data sources is not carried out. The data collection takes place based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – the server log files need to be recorded for this.

Contact Form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not transmit these data without your consent. The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your inquiry is related to the performance of a contract or required for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested; the consent can be revoked at any time. The data you have entered in the contact form will remain with us until you request us to delete it, revoke your consent to data storage or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory statutory provisions – especially retention periods – remain unaffected.

Inquiry by Email, Telephone, or Fax
If you contact us by email, telephone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not transmit these data without your consent. The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your inquiry is related to the performance of a contract or required for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested; the consent can be revoked at any time. The data you have provided during contact inquiries will remain with us until you request us to delete it, revoke your consent to data storage or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

Communication via WhatsApp
For communication with our customers and other third parties, we use the instant messaging service WhatsApp among others. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The communication is via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from accessing the content of the communication. However, WhatsApp gains access to the metainformation that occurs during the communication process (e.g., sender, recipient, and timestamp). We further point out that WhatsApp states that it shares personal data of its users with its parent company located in the USA, Meta. Further details on data processing can be found in WhatsApp’s privacy policy at: https://www.whatsapp.com/legal/#privacy-policy. The use of WhatsApp is based on our legitimate interest in fast and effective communication with customers, interested parties, and other business and contract partners (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, data processing is carried out solely based on consent; this is revocable at any time with effect for the future. The communication content exchanged between you and us on WhatsApp remains with us until you request us to delete it, revoke your consent to data storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – especially retention periods – remain unaffected. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/7735. We use WhatsApp in the version WhatsApp Business. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum. We have set up our WhatsApp accounts so that there is no automatic data reconciliation with the address book on the smartphones in use. We have concluded an order processing contract (AVV) with the provider mentioned above.

Google Forms
We have integrated Google Forms on this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter Google). Google Forms allows us to create online forms to capture messages, inquiries, and other entries from our website visitors in a structured manner. All inputs you make are processed on Google’s servers. Google Forms stores a cookie in your browser containing a unique ID (NID cookie). This cookie stores various information, such as your language settings. The use of Google Forms is based on our legitimate interest in a user-friendly assessment of your request (Art. 6 para. 1 lit. f GDPR). If consent has been requested, processing is carried out based solely on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. The data you enter in the form remain with us until you request us to delete them, revoke your consent to data storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – especially retention periods – remain unaffected. Further information can be found in Google’s privacy policy at https://policies.google.com/. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Order Processing
We have concluded an order processing contract (AVV) for the use of the mentioned service. This is a data protection contract that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Calendly
On our website, you have the possibility to schedule appointments with us. To book appointments, we use the tool “Calendly.” The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”). For appointment scheduling, you enter the requested data and your preferred date in the provided form. The entered data are used for planning, performing, and potentially following up on the appointment. The appointment data and any other data you provide will be stored on Calendly servers; you can view its privacy policy here: https://calendly.com/privacy. The data you enter will remain with us until you request us to delete them, revoke your consent to data storage, or the purpose for data storage no longer applies. Mandatory statutory provisions – especially retention periods – remain unaffected. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in a straightforward appointment arrangement with interested parties and customers. If consent has been requested, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://calendly.com/pages/dpa. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/6050.

Order Processing
We have concluded an order processing contract (AVV) for the use of the mentioned service. This is a data protection contract that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Hubspot CRM
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM). Hubspot CRM allows us to manage existing and potential customers and customer contacts. With Hubspot CRM, we can capture, sort, and analyze customer interactions via email, social media, or telephone across various channels. The personal data collected in this way may be evaluated and used for communication with the potential customer or for marketing activities (e.g., newsletter mailing). Furthermore, we can capture and analyze the user behavior of our contacts on our website with Hubspot CRM. The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and communication feasible. If consent has been requested, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. Details can be found in Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5812.

Registration on This Website
You can register on this website to use additional features on the site. The data entered for this purpose will only be used to use the particular offer or service for which you have registered. The mandatory information asked during registration must be provided completely. Otherwise, we will reject the registration. For important changes, such as the scope of the offer or technically necessary changes, we use the email address provided at registration to inform you in this way. The processing of the data entered during registration takes place for the purpose of performing the usage relationship established by the registration and, if applicable, for initiating further contracts (Art. 6 para. 1 lit. b GDPR). The data collected during registration is stored until you are registered on this website and will be deleted afterward. Statutory retention periods remain unaffected.

5. Social Media

Facebook
Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. However, the data collected, according to Facebook, is also transmitted and processed in the USA and other third countries. An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE. If the social media element is active, a direct connection is established between your device and the Facebook server. Facebook then receives the information that you have visited this website with your IP address. If you click the Facebook “Like button” while logged in to your Facebook account, you can link the content of this website to your Facebook profile. Facebook can then assign the visit to this website to your user account. We point out that we, as the provider of the pages, do not receive knowledge of the content of the transmitted data or their use by Facebook. Further information can be found in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent is revocable at any time. Insofar as personal data is collected on our website with the help of the tool described here and transmitted to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to data collection and its transmission to Facebook. The processing carried out by Facebook following transmission is not part of the joint responsibility. The obligations that we jointly owe were recorded in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the data protection implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert rights (e.g., information requests) concerning data processed by Facebook directly with Facebook. If you assert rights as a data subject with us, we are obliged to forward them to Facebook. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381, and https://www.facebook.com/policy.php. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

X (formerly Twitter)
Functions of the X service (formerly Twitter) are integrated into this website. These functions are offered by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for data processing for individuals residing outside the USA. If the social media element is active, a direct connection is established between your device and the X server. X (formerly Twitter) thus receives information about your visit to this website. By using X (formerly Twitter) and the “Re-Tweet” function, the websites you visit are linked with your X (formerly Twitter) account and disclosed to other users. We point out that we, as the provider of the pages, do not receive knowledge of the content of the transmitted data or their use by X (formerly Twitter). Further information can be found in the privacy policy of X (formerly Twitter) at: https://x.com/de/privacy. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent is revocable at any time. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://gdpr.x.com/en/controller-to-controller-transfers.html. You can change your privacy settings on X (formerly Twitter) in the account settings at https://x.com/settings/account. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/2710.

Instagram
Functions of the Instagram service are integrated into this website. These functions are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. If the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website. If you are logged into your Instagram account, you can link the content of this website with your Instagram profile by clicking the Instagram button. Instagram can then assign the visit to this website to your user account. We point out that we, as the provider of the pages, do not receive knowledge of the content of the transmitted data or their use by Instagram. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent is revocable at any time. Insofar as personal data is collected on our website with the help of the tool described here and transmitted to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to data collection and its transmission to Facebook or Instagram. The processing carried out by Facebook or Instagram following transmission is not part of the joint responsibility. The obligations that we jointly owe were recorded in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the data protection implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can assert rights (e.g., information requests) concerning data processed by Facebook or Instagram directly with Facebook. If you assert rights as a data subject with us, we are obliged to forward them to Facebook. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/, and https://de-de.facebook.com/help/566994660333381. Further information can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

LinkedIn
This website uses elements from the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. When accessing a page of this website containing LinkedIn elements, a connection to LinkedIn's servers is established. LinkedIn is informed that you visited this website with your IP address. If you click LinkedIn's “Recommend-button” while logged into LinkedIn, LinkedIn can assign your visit to this website to your LinkedIn user account. We point out that we, as the provider of the pages, do not receive knowledge of the content of the transmitted data or their use by LinkedIn. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent is revocable at any time. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/data-transfers-from-the-eu-the-eea-and-switzerland?lang=de. Further information can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5448.  

6. Analysis Tools and Advertising

Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool with which we can integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies nor carry out independent analyses. It serves only the administration and delivery of the integrated tools. However, Google Tag Manager captures your IP address, which can also be transmitted to Google’s parent company in the United States. The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in a fast and uncomplicated integration and administration of various tools on its website. If consent has been requested, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics
This website uses Google Analytics functions, a web analysis service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of stay, operating systems used, and the origin of the user, which are assigned to the respective user's device. No assignment to a user ID occurs. Furthermore, we can record your mouse and scroll movements and clicks with Google Analytics, among other things. Moreover, Google Analytics uses various modeling approaches to supplement collected data sets and employs machine learning technologies in data analysis. Google Analytics uses technologies that enable the recognition of the user to analyze user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to and stored on a Google server in the USA. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent is revocable at any time. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

IP Anonymization
The Google Analytics IP Anonymization is activated. This causes your IP address to be shortened by Google within member states of the European Union or in other contracting states of the agreement on the European Economic Area before transmission to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide further services associated with the use of the website and internet to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. More information on handling user data by Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order Processing
We have concluded an order processing contract with Google and fully implement the strict requirements of German data protection authorities when using Google Analytics.

Google Analytics E-Commerce Measurement
This website uses the “E-Commerce Measurement” function of Google Analytics. With the help of E-Commerce Measurement, the website operator can analyze the shopping behavior of website visitors to improve its online marketing campaigns. Information such as placed orders, average order values, shipping costs, and the time from view to purchase of a product are recorded. This data can be compiled by Google under a transaction ID, which is assigned to the respective user or their device.

Hotjar
This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com). Hotjar is a tool to analyze your user behavior on this website. With Hotjar, we can record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you stayed at a particular spot with the mouse pointer. From these information, Hotjar creates so-called heatmaps, which allow deducing which areas of the website are most frequently viewed by website visitors. Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine where you canceled your input in a contact form (so-called conversion funnels). In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website offerings of the website operator. Hotjar uses technologies that enable the recognition of the user to analyze user behavior (e.g., cookies or device fingerprinting). If consent has been obtained, the use of the mentioned service is carried out solely based on Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent is revocable at any time. If consent has not been obtained, use of this service is based on Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in analyzing user behavior to optimize both its website offering and advertising.

Disabling Hotjar
If you want to disable data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/. Please note that disabling Hotjar must be carried out separately for each browser and device you use. More detailed information on Hotjar and the collected data can be found in Hotjar’s privacy policy at the following link: https://www.hotjar.com/privacy‍

Order Processing
We have concluded an order processing contract (AVV) for the use of the mentioned service. This is a data protection contract that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

ClickFunnels
We use the marketing tool ClickFunnels. The provider is Etison, LLC., 3443 W. Bavaria Street, Eagle, Idaho 83616, USA (hereinafter ClickFunnels). ClickFunnels is a tool for optimizing and automating our marketing activities. With ClickFunnels, we can build landing pages, funnels, and forms, plan, execute and evaluate marketing actions, manage our customer data, and set up automation processes. Furthermore, we can analyze the user behavior of our website visitors while passing through the funnels. Based on this information, further marketing actions can be triggered. For example, we can track which customer has downloaded from us and is therefore eligible for certain further marketing activities. ClickFunnels uses technologies that enable the cross-site recognition of the user to analyze user behavior (e.g., cookies or device fingerprinting). Website visitors receive an individual ID, with which they can be recognized again upon a subsequent website visit. Furthermore, ClickFunnels collects the IP address, the user’s language, visited URLs, and the timing of accesses. If consent has been obtained, the use of the described service is carried out solely based on Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent is revocable at any time. If consent has not been obtained, use of this service is based on Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in optimizing its marketing campaigns. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/1747.  

Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to play advertisements in the Google search engine or on third-party websites when the user enters specific search terms at Google (keyword targeting). Furthermore, targeted ads can be played based on the user data available at Google (e.g., location data and interests) (audience targeting). We as the website operator can quantitatively evaluate these data, for example, to analyze which search terms have led to the playing of our ads and how many ads have led to corresponding clicks. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent is revocable at any time. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Ads Remarketing
This website uses Google Ads Remarketing functions. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With Google Ads Remarketing, we can assign individuals who interact with our online offering to specific target groups to show interest-related advertisements in the Google advertising network afterward (remarketing and retargeting). Furthermore, the target audiences created with Google Ads Remarketing can be linked with Google’s cross-device functions. This allows interest-related, personalized advertising messages that have been adapted on one device (e.g., phone) based on previous usage and browsing behavior to be displayed on another of your devices (e.g., tablet or PC). If you have a Google Account, you can oppose personalized advertising under the following link: https://adssettings.google.com/anonymous?hl=de. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent is revocable at any time. Further information and the privacy policy can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.  

Meta Pixel (formerly Facebook Pixel)
This website uses the visitor action pixel from Meta to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, the data collected is also transmitted to and processed in the USA and other third countries according to Meta. The site visitors' behavior can be tracked after they click on a Meta advertisement and are redirected to the provider’s website. This allows Meta ad effectiveness to be assessed for statistical and market research purposes and future advertising measures to be optimized. The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about users’ identity. However, the data is stored and processed by Meta, so a connection to the respective user profile at Facebook or Instagram is possible, and Meta can use the data for its advertising purposes, according to Meta’s data usage guidelines (https://de-de.facebook.com/about/privacy/). This allows Meta to play advertisements on pages of Facebook or Instagram and other advertising channels. This use of data cannot be influenced by us as the site operator. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent is revocable at any time. Insofar as personal data is collected on our website using the tool described here and transmitted to Meta, we, and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to data collection and its transmission to Meta. The processing carried out by Meta following transmission is not part of the joint responsibility. The obligations that we jointly owe were recorded in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Meta tool and for the data protection implementation of the tool on our website. Meta is responsible for the data security of the meta products. You can assert rights (e.g., information requests) concerning data processed by Facebook or Instagram directly with Meta. If you assert rights as a data subject with us, we are obliged to forward them to Meta. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. You can find further notes on protecting your privacy in Meta’s privacy notices: https://de-de.facebook.com/about/privacy/. You can also deactivate the “Custom Audiences” remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook. If you do not have an account on Facebook or Instagram, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

TikTok Pixel
We have integrated the TikTok Pixel on this website. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter TikTok). With the help of TikTok Pixel, we can show website visitors interested in our offerings interest-based advertising on TikTok (TikTok Ads). At the same time, TikTok Pixel allows us to determine how effective our advertising is on TikTok. This allows TikTok ad effectiveness to be assessed for statistical and market research purposes and optimized for future advertising measures. Here, various usage data is processed, such as IP address, page views, duration, operating systems used, the user's origin, information about the advertisement a person clicked on TikTok, or an event triggered (timestamp). This data is combined into a user ID and assigned to the website visitor's respective device. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent is revocable at any time. Data transmission to third countries is based on the EU standard contractual clauses. Details can be found here: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

7. Newsletter

Newsletter Data
If you would like to receive the newsletter offered on the website, we require an email address and information that allows us to verify that you own the email address provided and agree to receive the newsletter. Other data is only collected on a voluntary basis. We use newsletter services described below for processing newsletters.

ActiveCampaign
This website uses ActiveCampaign for newsletter distribution. The provider is ActiveCampaign, Inc., 1 N Dearborn, 5th Floor Chicago, Illinois 60602, USA. ActiveCampaign is a service that helps organize and analyze newsletter distribution. The data you provide for the newsletter receipt is stored on ActiveCampaign servers in the USA. Data Analysis by ActiveCampaign With ActiveCampaign, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked, among others. This allows us to determine which links were clicked most frequently. Furthermore, we can identify if predefined actions were performed after opening or clicking (conversion rate). For example, we can determine whether you made a purchase after clicking the newsletter. ActiveCampaign allows us to divide newsletter recipients into various categories (“clusters”). This allows newsletter recipients to be divided into age, gender or location, among others. This allows newsletters to be better tailored to target audiences. If you wish to avoid analysis by ActiveCampaign, you must unsubscribe from the newsletter. We provide a corresponding link in each newsletter message for this purpose. Detailed information about ActiveCampaign’s features can be found at: https://www.activecampaign.com/email-marketing. ActiveCampaign’s privacy policy can be found at: https://www.activecampaign.com/privacy-policy. Legal Basis Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of data processing that has already occurred remains unaffected by revocation. Data transmission to the USA is based on the EU standard contractual clauses. Details can be found here: https://www.activecampaign.com/legal/newscc and https://www.activecampaign.com/de/legal/gdpr-updates/privacy-shield.

‍Storage Duration
The data you stored with us to receive the newsletter will be stored until unsubscribing from the newsletter and deleted afterward from the newsletter distribution list. Data stored for other purposes remain unaffected by this. After unsubscribing from the newsletter distribution list, your email address may be stored with us or the newsletter service provider on a blacklist if necessary to prevent future mailings. Blacklist data is used only for this purpose and not merged with other data. This serves your and our interests in complying with statutory regulations when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Blacklist storage is not time-limited. You can object to storage if your interests outweigh our legitimate interest. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/4495.

Order Processing
We have concluded an order processing contract (AVV) for the use of the mentioned service. This is a data protection contract that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.  

8. Plugins and Tools

YouTube with Enhanced Privacy
This website integrates videos from the YouTube website. The provider of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. When visiting one of the pages on our website where YouTube is integrated, a connection to YouTube's servers is established. The YouTube server is informed about which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. We use YouTube in enhanced privacy mode. According to YouTube, videos played in enhanced privacy mode are not used to personalize browsing on YouTube. Ads played in enhanced privacy mode are also not personalized. No cookies are set in enhanced privacy mode. Instead, so-called local storage elements are stored in the user’s browser that contains personal data and can be used for recognition. Details on enhanced privacy mode can be found here: https://support.google.com/youtube/answer/171780. If YouTube videos are activated, further data processing processes may be triggered, over which we have no influence. The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest according to Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is carried out solely based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. Further information on YouTube privacy can be found in their privacy policy at: https://policies.google.com/privacy?hl=de. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Vimeo without Tracking (Do-Not-Track)
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with Vimeo videos, a connection to Vimeo’s servers is established. Vimeo will be informed which of our pages you visited. Furthermore, Vimeo will gain your IP address. However, we have set up Vimeo so that it does not track your user activities and does not set any cookies. The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest in the sense of Art. 6