Privacy Policy - yourtravelgirl

Introduction and overview
We have prepared this privacy policy (version 11.05.2024-322785396) in order to explain to you, in
accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and
applicable national laws, which personal data (data for short) we process as the controller – and
which personal data is processed by us.

the processors (e.g. providers) commissioned by us – process, will process in the future and what
lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Data protection declarations usually sound very technical and use legal jargon. This privacy policy,
on the other hand, is intended to describe the most important things to you as simply and
transparently as possible. Where it is conducive to transparency, technical terms are explained
in a reader-friendly way, links to further information are provided and graphics are used. We
thus inform you in clear and simple language that we only process personal data as part of our
business activities if there is a corresponding legal basis. This is certainly not possible by providing
explanations that are as concise, unclear and legally technical as possible, as is often standard on
the Internet when it comes to data protection. I hope you find the following explanations interesting
and informative and perhaps there is one or two pieces of information that you did not yet know.
If you still have any questions, please contact the responsible body named below or in the legal
notice, follow the links provided and view further information on third-party websites. Our contact
details can of course also be found in the legal notice.

Area of application
This privacy policy applies to all personal data processed by us in the company and to all personal
data processed by companies commissioned by us (processors). By personal data, we mean
information within the meaning of Art. 4 No. 1 GDPR, such as a person’s name, email address and
postal address. The processing of personal data ensures that we can offer and bill our services and
products, whether online or offline. The scope of this privacy policy includes

All online presences (websites, online stores) that we operate
Social media presences and e-mail communication
Mobile apps for smartphones and other devices

In short, the privacy policy applies to all areas in which personal data is processed in the company in
a structured manner via the channels mentioned. If we enter into legal relationships with you
outside of these channels, we will inform you separately if necessary.

Legal basis
In the following privacy policy, we provide you with transparent information on the legal principles
and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to
process personal data.

As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN
PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course read this EU General Data
Protection Regulation online at EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-
content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific
purpose. An example would be the storage of the data you entered in a contact form.

2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual
We process your data in order to fulfill our obligations to you. For example, if we conclude a
purchase agreement with you, we require personal information in advance.

3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal
obligation, we process your data. For example, we are legally obliged to keep invoices for
accounting purposes. These usually contain personal data.

4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that
If we do not restrict your fundamental rights, we reserve the right to process personal data.
For example, we need to process certain data in order to operate our website securely and
efficiently. This processing is therefore a legitimate interest.

Other conditions such as recording in the public interest, the exercise of official authority and the
protection of vital interests do not generally apply to us. If such a legal basis is relevant, it will be
indicated at the appropriate point.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the
Processing of Personal Data (Data Protection Act), or DSG for short.

In Germany, the Federal Data Protection Act (BDSG) applies.

If other regional or national laws apply, we will inform you of this in the following sections.

Contact details of the person responsible
If you have any questions about data protection or the processing of personal data, you will find
the contact details of the person or body responsible below:
Lasse Schrag
Wildkirschenweg 15, 71394 Kernen, Germany E-

mail: schraglasse@gmail.com

Phone: 01575 3345689

Storage duration
It is a general criterion for us that we only store personal data for as long as is absolutely necessary
for the provision of our services and products. This means that we delete personal data as soon as
the reason for the data processing no longer exists. In some cases, we are legally obliged to store
certain data even after the original purpose has ceased to exist, for example for accounting
purposes.

If you wish your data to be deleted or revoke your consent to data processing, the data will be
deleted as quickly as possible and insofar as there is no obligation to store it.

We will inform you below about the specific duration of the respective data processing if we have
further information on this.

Rights under the General Data Protection Regulation
In accordance with Articles 13, 14 GDPR, we inform you of the following rights to which you are
entitled in order to ensure fair and transparent processing of data:

According to Article 15 GDPR, you have a right to information as to whether we process
your data. If this is the case, you have the right to receive a copy of the data and the
following information:

the purpose for which we carry out the processing;
the categories, i.e. the types of data that are processed;
who receives this data and, if the data i s transferred to third countries, how security can be
guaranteed;

how long the data will be stored;
the existence of the right to rectification, erasure or restriction of processing
and the right to object to processing;

that you can lodge a complaint with a supervisory authority (links to these authorities can
be found below);

the origin of the data if we have not collected it from you;
whether profiling is carried out, i.e. whether data is automatically analyzed in order to
create a personal profile of you.

According to Article 16 GDPR, you have a right to rectification of data, which means that we
must correct data if you find errors.

According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which
specifically means that you may request the erasure of your data.

According to Article 18 GDPR, you have the right to restriction of processing, which means
that we may only store the data but not use it any further.

According to Article 20 GDPR, you have the right to data portability, which means that we will
provide you with your data in a commonly used format upon request.

According to Article 21 GDPR, you have the right to object, which will result in a change in the
processing after enforcement.

If the processing of your data is based on Article 6(1)(e) (public interest, exercise of
official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing.
We will then check as quickly as possible whether we can legally comply with this
objection.

If data is used for direct marketing purposes, you can object to this type of data
processing at any time. We may then no longer use your data for direct marketing.

If data is used for profiling purposes, you can object to this type of data processing at
any time. We may then no longer use your data for profiling.

Under Article 22 GDPR, you may have the right not to be subject to a decision based solely on
automated processing (e.g. profiling).

According to Article 77 GDPR, you have the right to lodge a complaint. This means that you
can lodge a complaint with the data protection authority at any time if you believe that the
processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible office listed above!

If you believe that the processing of your data violates data protection law or your data protection
claims have been violated in any other way, you can complain to the supervisory authority. For
Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/.
In Germany, there is a data protection officer for each federal state. For more information, you can
contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The
following local data protection authority is responsible for our company:

Baden-Württemberg Data Protection Authority
State Commissioner for Data Protection: Prof. Dr. Tobias Keber
Address: Lautenschlagerstraße 20, 70173 Stuttgart
Telephone no.: 07 11/61 55 41-0
E-mail address: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de/

Data transfer to third countries
We only transfer or process data to countries outside the scope of the GDPR (third countries) if you
consent to this processing or other legal permission exists. This applies in particular if the
processing is required by law or necessary to fulfill a contractual relationship and in any case only
to the extent that this is generally permitted. In most cases, your consent is the most important
reason for us to transfer data to

Cookies summary
Affected parties: Visitors to the website
Purpose: depends on the respective cookie. You can find more details on this below or

from the manufacturer of the software that sets the cookie.
Processed data: Depending on the cookie used. You can find more details on this below or

from the manufacturer of the software that sets the cookie.
Storage duration: depending on the cookie, can vary from hours to years

Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

processed in third countries. The processing of personal data in third countries such as the USA,
where many software manufacturers offer services and have their server locations, may mean that
personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, an adequate level of
protection for data transfers to the USA currently only exists if a US company that processes
personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy
Framework. You can find more information on this at:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy
Framework may result in data not being processed and stored anonymously. Furthermore, US
government authorities may be able to access individual data. In addition, data collected may be
linked to data from other services of the same provider if you have a corresponding user account.
Where possible, we try to use server locations within the EU if this is offered.
We will inform you in more detail about data transfer to third countries, if applicable, in the
appropriate sections of this privacy policy.

Security of data processing
In order to protect personal data, we have implemented both technical and organizational
measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as
difficult as possible for third parties to infer personal information from our data.

Art. 25 GDPR speaks here of “data protection by design and by default” and thus means that both
software (e.g. forms) and hardware (e.g. access to the server room) should always be designed with
security in mind and appropriate measures should be taken. If necessary, we will discuss specific
measures below.

Cookies

What are cookies?
Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the
following privacy policy.

Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari,
Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser.
These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use
cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of
application. HTTP cookies are small files that are stored on your computer by our website. These
cookie files are automatically stored in the cookie folder, the “brain” of your browser, so to speak. A
cookie consists of a name and a value. When defining a cookie, one or more attributes must also
be specified.

Cookies store certain user data about you, such as language or personal page settings. When you
visit our site again, your browser transmits the
“user-related” information back to our site. Thanks to cookies, our website knows who you are and
offers you the settings you are used to. In some browsers, each cookie has its own file; in others,
such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the
web server. The web browser requests a website and receives a cookie back from the server, which
the browser uses again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by
our website, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie
must be evaluated individually, as each cookie stores different data.

The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software
programs and do not contain viruses, Trojans or other “malware”.
Cookies also cannot access information on your PC. Cookie data

can look like this, for example:

Name: _ga
Wert: GA1.2.1326744211.152322785396-9
Intended use: Differentiation of website visitors
Expiration date: after 2 years

A browser should be able to support these minimum sizes:

At least 4096 bytes per cookie
At least 50 cookies per domain At

least 3000 cookies in total

What types of cookies are there?
The question of which cookies we use in particular depends on the services used and is clarified in
the following sections of the privacy policy. At this point, we would like to briefly explain the different
types of HTTP cookies.

A distinction can be made between 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic website functions. For example, these cookies are
needed when a user places a product in the shopping cart, then continues surfing on other pages
and only goes to the checkout later. These cookies ensure that the shopping cart is not deleted even
if the user closes their browser window.

Purposeful cookies
These cookies collect information about user behavior and whether the user receives any error
messages. These cookies are also used to measure the loading time and the behavior of the website
with different browsers.

Targeted cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form
data are saved.

Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver customized advertising
to the user. This can be very practical, but also very annoying.

When you visit a website for the first time, you are usually asked which of these cookie types you
would like to allow. And of course this decision is also stored in a cookie.

If you would like to know more about cookies and are not afraid of technical documentation, we
recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the
Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies
The purpose ultimately depends on the cookie in question. You can find more details on this below
or from the manufacturer of the software that sets the cookie.

What data is processed?
Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalize which
data is stored in cookies, but we will inform you about the processed or stored data in the following
privacy policy.

Storage duration of cookies
The storage period depends on the cookie in question and is specified below. Some cookies are
deleted after less than an hour, others can remain stored on a computer for several years.

You can also influence the storage period yourself. You can delete all cookies manually at any time
via your browser (see also “Right to object” below). Furthermore, cookies that are based on
consent will be deleted at the latest after you withdraw your consent, whereby the legality of the
storage until then remains unaffected.

Right to object – how can I delete cookies?
You decide how and whether you want to use cookies. Regardless of which service or website the
cookies come from, you always have the option of deleting, deactivating or only partially allowing
cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or
delete cookie settings, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies in Chrome Safari:

Safari: Manage cookies and website data with

Firefox: Delete cookies to remove data that websites have stored on your computer Internet

Explorer: Delete and manage cookies

Microsoft Edge: Deleting and managing cookies

If you generally do not want to have cookies, you can set up your browser so that it

Registration summary
Affected persons: All persons who register, create an account, log in and use the account.
Processed data: E-mail address, name, password and other data collected in the course of registration, login and account use.
Purpose: Provision of our services. Communication with customers in connection with the services.
Storage period: As long as the company account associated with the texts exists and there after usually 3 years.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para.
1 lit. f GDPR (legitimate interests) always informs you when a cookie is to be set. This allows you to decide for each individual cookie
whether or not to allow it. The procedure differs depending on the browser. It is best to search for the
instructions in Google using the search term “delete cookies Chrome” or “deactivate cookies
Chrome” in the case of a Chrome browser.

Legal basis
The so-called “Cookie Guidelines” have been in place since 2009. These state that the storage of
cookies requires your consent (Article 6(1)(a) GDPR). However, there are still very different reactions
to these directives within the EU countries. In Austria, however, this directive was implemented in
Section 165 (3) of the Telecommunications Act (2021). In Germany, the cookie directives have not
been implemented as national law.
Instead, this directive was largely implemented in Section 15 (3) of the German Telemedia Act (TMG).

For strictly necessary cookies, even if no consent has been given, there are legitimate interests
(Article 6 (1) (f) GDPR), which in most cases are of an economic nature. We
want to provide visitors to the website with a pleasant user experience and certain cookies are
often absolutely necessary for this.

If cookies that are not absolutely necessary are used, this will only take place with your consent.
The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.

In the following sections, you will be informed in more detail about the use of cookies if the software
used uses cookies.

Registration

When you register with us, personal data may be processed if you enter personal data or data such
as the IP address is collected in the course of processing. You can read below what we mean by the
rather unwieldy term “personal data”.

Please only enter data that we require for registration and for which you have the approval of a third
party if you are registering on behalf of a third party.

If possible, use a secure password that you do not use anywhere else and an e-mail address that
you check regularly.

In the following we will inform you about the exact type of data processing, because we want you to
feel comfortable with us!

What is a registration?
When you register, we collect certain data from you and enable you to simply log in to us online
later and use your account with us. The advantage of having an account with us is that you don’t
have to re-enter everything every time. Saves time, effort and ultimately prevents errors in the
provision of our services.

Why do we process personal data?
In short, we process personal data to enable the creation and use of an account with us.
If we didn’t do this, you would have to enter all the data every time, wait for us to approve it and
enter everything again. We and many, many customers wouldn’t like that. What would you
think?

What data is processed?
All data that you provided during registration, entered during login or entered as part of managing
your data in your account.

We process the following types of data during registration:

First name
Surname
E-mail address

Company name
Street + house number
Place of residence
Zip code

Country

When you log in, we process the data you enter when you log in, such as your user name and
password, and data collected in the background, such as device information and IP addresses.

When you use your account, we process data that you enter while using your account and that is
generated in the course of using our services.

Storage duration
We store the data entered at least for as long as it is necessary to process the data.

linked account with us exists and is used as long as contractual obligations exist between us and, if
the contract ends, until the respective claims arising from it have become time-barred. In addition,
we store your data for as long as and to the extent that we are subject to statutory storage
obligations. Thereafter, we retain accounting documents relating to the contract (invoices, contract
documents, account statements, etc.) and other relevant business documents for the legally
prescribed period (usually several years).

Right of objection
You have registered, entered data and would like to revoke the processing? No problem. As you
can read above, the rights under the General Data Protection Regulation also apply during and
after registration, login or account with us. Contact the person responsible for data protection above
to exercise your rights. If you already have an account with us, you can easily view and manage
your data and texts in your account.

Legal basis
By completing the registration process, you enter into a pre-contractual relationship with us in order
to conclude a contract of use via our platform (even if there is no automatic obligation to pay). You
invest time to enter data and register and we offer you our services after logging into our system
and viewing your customer account. We also fulfill our contractual obligations. Finally, we need to
keep registered users informed of important changes by email. Art. 6 para. 1 lit. b GDPR
(implementation of pre-contractual measures, performance of a contract) therefore applies.

If necessary, we may also obtain your consent, e.g. if you voluntarily provide more data than is
absolutely necessary or if we are allowed to send you advertising. Art. 6 para. 1 lit. a GDPR
(consent) therefore applies.

We also have a legitimate interest in knowing who we are dealing with in order to contact them in
certain cases. We also need to know who is using our services and whether they are being used in
accordance with our terms of use, so Art. 6 para. 1 lit. f GDPR (legitimate interests) applies.

Note: the following sections are to be ticked by users (as required):

Registration with a clear name

As we need to know who we are dealing with in our business operations, registration is only possible
with your real name (clear name) and not with pseudonyms.

Registration with pseudonyms

Pseudonyms can be used for registration, i.e. you do not have to register with us using your real
name. This ensures that your name is not misused by us.

Web hosting summary
Affected parties: Visitors to the website
Purpose: professional hosting of the website and securing its operation
Processed data: IP address, time of the website visit, browser used and other data. You can

find more details on this below or from the web hosting provider used.
Storage period: depending on the respective provider, but usually 2 weeks Legal basis: Art. 6

para. 1 lit.f GDPR (legitimate interests) can be processed.

Storage of the IP address

In the course of registration, login and account use, we store the IP address in the background for
security reasons in order to be able to determine lawful use.

Public profile

The user profiles are publicly visible, i.e. parts of the profile can also be viewed on the Internet
without entering a user name and password.

2-factor authentication (2FA)

Two-factor authentication (2FA) offers additional security when logging in, as it prevents you from
logging in without a smartphone, for example. This technical measure to secure your account
therefore protects you against the loss of data or unauthorized access even if your username and
password were known. You can find out which 2FA is used during registration, login and in the
account itself.

Webhosting introduction

What is web hosting?
When you visit websites these days, certain information – including personal data – is automatically
created and stored, including on this website. This data should be processed as sparingly as
possible and only with justification. By website, by the way, we mean the entirety of all web pages
on a domain, i.e. everything from the start page (homepage) to the very last subpage (like this one).
By domain we mean, for example, example.de or example.com.

If you want to view a website on a computer, tablet or smartphone, you use a program called a web
browser. You probably know a few web browsers by name: Google Chrome, Microsoft Edge,
Mozilla Firefox and Apple Safari. We call them browsers or web browsers for short.

To display the website, the browser must connect to another computer where the website code is
stored: the web server. The operation of a web server is a

complicated and time-consuming task, which is why this is usually carried out by professional
providers. They offer web hosting and thus ensure reliable and error-free storage of website data. A
lot of technical terms, but please stay tuned, it will get even better!

When the browser on your computer (desktop, laptop, tablet or smartphone) connects and during
data transfer to and from the web server, personal data may be processed. On the one hand, your
computer stores data; on the other hand, the web server must also store data for a certain period of
time in order to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the
browser, the Internet and the hosting provider.

Why do we process personal data?
The purposes of data processing are:

1. Professional website hosting and operational security
2. to maintain operational and IT security
3. Anonymous evaluation of access behavior to improve our offer and, if necessary, for

criminal prosecution or prosecution of claims

What data is processed?
Even while you are currently visiting our website, our web server, i.e. the computer on which this
website is stored, usually automatically saves data such as

the complete Internet address (URL) of the website accessed
Browser and browser version (e.g. Chrome 87)
the operating system used (e.g. Windows 10)
the address (URL) of the previously visited page (referrer URL) (e.g.
https://www.beispielquellsite.de/vondabinichgekommen/)

the host name and IP address of the device from which access is made (e.g. COMPUTERNAME
and 194.23.43.121)

Date and time
in files, the so-called web server log files

1&1 IONOS Webhosting Privacy Policy Summary
Affected parties: Visitors to the website
Purpose: Website storage and accessibility on the Internet
Processed data: IP address, but mainly also technical data Storage
period: Visitor data is deleted after 8 weeks

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)

How long is data stored?
As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do
not pass this data on, but we cannot rule out the possibility of this data being viewed by the
authorities in the event of unlawful conduct.

In short: Your visit is logged by our provider (company that runs our website on special computers
(servers)), but we do not pass on your data without your consent!

Legal basis
The lawfulness of the processing of personal data in the context of web hosting results from Art. 6
para. 1 lit. f GDPR (protection of legitimate interests), because the use of professional hosting with
a provider is necessary in order to present the company on the Internet in a secure and user-
friendly manner and to be able to pursue attacks and claims from this if necessary.

As a rule, there is a contract between us and the hosting provider for order processing in
accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees
data security.

1&1 IONOS Webhosting Privacy Policy

What is 1&1 IONOS Webhosting?
To host our website, we use the web hosting services of the company IONOS by 1&1. In Germany,
1&1 IONOS SE is based at Elgendorfer Str. 57 in 56410 Montabaur. In Austria, you can find 1&1
IONOS SE at Gumpendorfer Straße 142/PF 266 in 1060 Vienna.

IONOS offers the following web hosting services: Domain, Website & Shop, Hosting &
WordPress, Marketing, E-Mail & Office, IONOS Cloud and Server. With over 22 million domains,
almost 9 million customer contracts and 100,000 servers, IONOS is one of Germany’s biggest
names in web hosting.
We have already mentioned it in our introductory remarks on the subject of web hosting: hosting
also means that data about you or your end device is stored on the IONOS servers. First and
foremost, your IP address, which is known to be personal data, is stored. In addition, technical data
such as the URL of our website, the name of your internet browser or which operating system you
are using is also stored.

Why do we use 1&1 IONOS Webhosting?
IONOS was founded in Germany back in 1988 and therefore has over 30 years of experience
under its belt. However, this does not mean that the company is not constantly developing
technologically. It is precisely this combination of experience and innovative spirit that we believe
provides a good basis for our website. After all, we want our website to function smoothly 24 hours
a day and guarantee a high level of security. As IONOS does not limit the monthly data traffic and
provides plenty of storage space, our website remains powerful even with many visitors. We are
very satisfied with the speed of the website and the price-performance ratio currently meets our
requirements.

What data is processed by 1&1 IONOS Webhosting?
1&1 IONOS Webhosting may also process personal data about you. When you visit our website, the
following data about you or your computer is stored by IONOS:

the previously visited website (also called referrer)

the requested website (in this case our website) Browser type

and browser version

Your operating system and device type used Time

of page access

Your IP address in anonymized form

The data collected is used to increase the security of the website, to detect possible errors and also
to carry out anonymous statistical analyses. According to IONOS, the anonymized IP address is
only used to determine the location of access.

How long and where is the data stored?
The data is stored on IONOS’ own servers. In principle, IONOS stores the data for as long as is
necessary to fulfill its obligations. Visitor data is stored for 8 weeks. However, data may also be
stored for longer, for example to provide evidence for possible legal disputes. Visitor data is not
passed on to third parties and is not transferred to a country outside the EU.

How can I delete my data or prevent data storage?
You have the right to information, correction or deletion and restriction of the processing of your
personal data at any time. You can also withdraw your consent to the processing of data at any
time.

If you want to deactivate, delete or manage cookies, you will find the relevant links to the instructions
for the most popular browsers in the “Cookies” section.

Website builder systems Privacy policy summary
Affected parties: Visitors to the website
Purpose: Optimization of our service performance
Processed data: Data such as technical usage information such as browser activity,

clickstream activity, session heatmaps as well as contact details, IP address or your
geographical location. You can find more details on this below in this privacy policy and in the
providers’ privacy policies.

Storage duration: depends on the provider
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests), Art. 6 para. 1 lit. a GDPR (consent)

Legal basis
We have a legitimate interest in using IONOS in order to be able to offer our online service.
Professional hosting with a provider is necessary in order to present our company on the Internet in
a secure and user-friendly manner and to be able to track possible cyber attacks. The legal basis for
this is Art. 6 para. 1 lit. f GDPR (legitimate interests).

You can find much more information about data protection at IONOS in the privacy policy at
https://www.ionos.de/terms-gtc/datenschutzerklaerung/. If you have any further questions about
data protection, you can also contact the IONOS data protection team by email at
datenschutz@ionos.de.

Website modular systems Introduction

What are website builder systems?
We use a modular website system for our website. Modular systems are special forms of a content
management system (CMS). With a modular system, website operators can create a website very
easily and without programming knowledge. In many cases, web hosters also offer modular
systems. By using a modular system, your personal data can also be collected, stored and
processed. In this data protection text, we provide you with general information about data
processing by modular systems. You can find more detailed information in the provider’s data
protection declarations.

Why do we use website builder systems for our website?
The biggest advantage of a modular system is its ease of use. We want to offer you a clear,
simple and well-organized website that we can easily operate and maintain ourselves – without
external support. A modular system now offers many helpful functions that we can use even
without programming knowledge. This allows us to design our web presence according to our
wishes and offer you an informative and enjoyable time on our website.

What data is stored by a modular system?
Exactly which data is stored depends, of course, on the website builder system used. Each
provider processes and collects different data from the website visitor. As a rule, however, technical
usage information such as operating system, browser, screen resolution, language and keyboard
settings, hosting provider and the date of your website visit are collected. Tracking data (e.g.
browser activity, clickstream activity, session heatmaps, etc.) may also be processed. Personal
data may also be collected and stored. This usually involves contact data such as email address,
telephone number (if you have provided this), IP address and geographical location data. You can
find out exactly which data is stored in the provider’s privacy policy.

How long and where is the data stored?
We will inform you about the duration of data processing below in connection with the website
building block system used, if we have further information on this. You can find detailed information
about this in the provider’s privacy policy. In general, we only process personal data for as long as
is absolutely necessary for the provision of our services and products. The provider may store your
data according to its own specifications, over which we have no influence.

Right of objection
You always have the right to information, correction and deletion of your personal data. If you have
any questions, you can also contact the person responsible for the website builder system used at
any time. Contact details can be found either in our privacy policy or on the website of the relevant
provider.

You can delete, deactivate or manage cookies that providers use for their functions in your browser.
Depending on which browser you use, this works in different ways. Please note, however, that not all
functions may then work as usual.

Legal basis
We have a legitimate interest in using a website building block system to optimize our online
service and to present it to you in an efficient and user-friendly manner. The legal basis for this is
Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use the modular system if
you have given your consent.

Insofar as the processing of data is not absolutely necessary for the operation of the website, the
data will only be processed on the basis of your consent. This applies in particular to tracking
activities. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.

In this data protection declaration, we have provided you with the most important general
information about data processing. If you would like to find out more about this

WordPress.com Privacy Policy Summary
Affected parties: Visitors to the website
Purpose: Optimization of our service performance
Processed data: Data such as technical usage information such as browser activity,

clickstream activity, session heatmaps as well as contact details, IP address or your
geographical location. You can find more details below in this privacy policy.

Storage duration: It depends above all on the type of data stored and the specific settings.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

you will find further information – if available – in the following section or in the provider’s privacy
policy.

WordPress.com privacy policy

What is WordPress?
We use the well-known content management system WordPress.com for our website. The service
provider is the American company Automattic Inc, 60 29th Street #343, San Francisco, CA 94110,
USA.

In 2003, the company saw the light of day and developed into one of the best-known content
management systems (CMS) in the world in a relatively short space of time. A CMS is software that
helps us to design our website and present content in an attractive and organized way. The content
can be text, audio and video.
By using WordPress, your personal data may also be collected, stored and processed. As a rule,
mainly technical data such as operating system, browser, screen resolution or hosting provider are
stored. However, personal data such as IP address, geographical data or contact details may also be
processed.

Why do we use WordPress on our website?
We have many strengths, but real programming is not one of our core competencies.

Nevertheless, we want to have a powerful and attractive website that we can also manage and
maintain ourselves. With a modular website system or a content management system such as
WordPress, we can do just that. With WordPress, we don’t have to be ace programmers to offer
you a beautiful website. Thanks to WordPress, we can operate our website quickly and easily even
without prior technical knowledge. If technical problems occur or we have special requests for our
website, there are always our specialists who feel at home in HTML, PHP, CSS and co.

Thanks to the ease of use and comprehensive functions of WordPress, we can

design our website according to our wishes and offer you a good user experience.

What data is processed by WordPress?
Non-personal data includes technical usage information such as browser activity, clickstream
activity, session heatmaps and data about your computer, operating system, browser, screen
resolution, language and keyboard settings, internet provider and date of the page visit.

Personal data is also collected. These are primarily contact data (e-mail address or telephone
number, if you provide these), IP address or your geographical location.

WordPress can also use cookies to collect data. This often includes data about your behavior on
our website. For example, it can record which subpages you particularly like to view, how long you
spend on individual pages, when you leave a page (bounce rate) or which default settings (e.g.
language selection) you have made. Based on this data, WordPress can also better adapt its own
marketing measures to your interests and user behavior. The next time you visit our website, you
will therefore be shown our website as you have previously set it.

WordPress may also use technologies such as pixel tags (web beacons), for example to clearly
identify you as a user and possibly offer interest-based advertising.

How long and where is the data stored?
How long the data is stored depends on various factors. So it mainly depends on the type of data
stored and the specific settings of the website.
In principle, WordPress deletes data when it is no longer needed for its own purposes. There are of
course exceptions, especially if legal obligations require the data to be stored for longer. Web
server logs containing your IP address and technical data are deleted by WordPress or Automattic
after 30 days. Automattic uses the data for this period to analyze the traffic on its own websites
(e.g. all WordPress pages) and to resolve potential problems. Deleted content on WordPress
websites is also kept in the recycle bin for 30 days to enable recovery, after which it may remain in
backups and caches until it is deleted. The data is stored on Automattic’s American servers.

How can I delete my data or prevent data storage?
You have the right and opportunity to access your personal data at any time and to object to its
use and processing. You can also lodge a complaint with a state supervisory authority at any time.

In your browser, you also have the option of individually managing, deleting or deactivating
cookies. Please note, however, that deactivated or deleted cookies may have a negative impact on
the functions of our WordPress site. Depending on which browser you use, the management of
cookies works slightly differently. In the “Cookies” section, you will find the relevant links to the
instructions for the most popular browsers.

Legal basis
If you have consented to the use of WordPress, the legal basis for the corresponding data
processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes
the legal basis for the processing of personal data, as may occur when WordPress collects data.

We also have a legitimate interest in using WordPress to optimize our online service and present
it to you in an attractive manner. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate
interests). Nevertheless, we only use WordPress if you have given your consent.

WordPress or Automattic processes your data in the USA, among other places. Automattic is an
active participant in the EU-US Data Privacy Framework, which regulates the correct and secure
transfer of personal data from EU citizens to the USA. You can find more information on this at
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Automattic also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard
Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to
ensure that your data complies with European data protection standards even if it is transferred to
third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework
and the standard contractual clauses, Automattic undertakes to comply with the European level of
data protection when processing your relevant data, even if the data is stored, processed and
managed in the USA. These clauses are based on an implementing decision of the EU
Commission. You can find the decision and the corresponding standard contractual clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more details about the privacy policy and which data is processed by WordPress and
how at https://automattic.com/privacy/.

Web Analytics Introduction

What is web analytics?
We use software on our website to evaluate the behavior of website visitors, known as web
analytics or web analysis for short. This involves collecting data that is stored, managed and
processed by the respective analytics tool provider (also known as a tracking tool). The data is
used to create analyses of user behavior on our website and made available to us as the website
operator. In addition, most tools offer various test options. For example, we can test which offers
or content are best received by our visitors. To do this, we show you two different offers for a
limited period of time. After the test (known as an A/B test), we know which product or content our
website visitors find more interesting. For such test procedures, as well as for other analytics
procedures, user profiles can also be created and the data stored in cookies.

Why do we use web analytics?
With our website, we have a clear goal in mind: we want to deliver the best web offering on the
market for our industry. In order to achieve this goal, we want to offer the best and most interesting
services on the one hand and make sure that you feel completely at ease on our website on the
other. With the help of web analysis tools, we can take a closer look at the behavior of our website
visitors and then improve our website accordingly for you and for us. For example, we can see the
average age of our visitors, where they come from, when our website is visited the most or which
content or products are particularly popular. All this information helps us to optimize the website
and thus adapt it to your needs, interests and wishes.

What data is processed?
Exactly which data is stored depends, of course, on the analysis tools used. As a rule, however, the
content you view on our website, which buttons or links you click on, when you access a page,
which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or
which computer system you use are stored, for example. If you have agreed that location data may
also be collected, this may also be processed by the web analysis tool provider.

Web Analytics privacy policy summary
Affected parties: Visitors to the website
Purpose: Evaluation of visitor information to optimize the website. Processed data: Access
statistics, the data such as locations of access, device data,

access duration and time, navigation behavior, click behavior and IP addresses. You can find
more details on this in the respective web analytics tool used.

Storage period: depending on the web analytics tool used Legal basis: Art. 6 para. 1
lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP
addresses are personal data. However, your IP address is usually stored pseudonymized (i.e. in an
unrecognizable and shortened form). For the purpose of testing, web analysis and web optimization,
no direct data such as your name, age, address or e-mail address is stored. All this data, if collected,
is stored in pseudonymized form. This means that you cannot be identified as a person.

The following example shows schematically how Google Analytics works as an example of
client-based web tracking with Java Script code.

How long the respective data is stored always depends on the provider. Some cookies only store
data for a few minutes or until you leave the website, while other cookies can store data for several
years.

Duration of data processing
We will inform you about the duration of data processing below if we have further information on
this. In general, we only process personal data for as long as is absolutely necessary for the
provision of our services and products. If required by law, for example in the case of accounting,
this storage period may also be exceeded.

Right of objection
You also have the right and the option to withdraw your consent to the use of cookies or third-
party providers at any time. This works either via our cookie management tool or via other opt-
out functions. For example, you can also prevent data collection by cookies by managing,
deactivating or deleting cookies in your browser.

Jetpack Privacy Policy Summary
Affected parties: Visitors to the website
Purpose: Evaluation of visitor information to optimize the website. Processed data: Access
statistics, the data such as locations of access, device data,

access duration and time, navigation behavior, click behavior and IP addresses.
Storage period: until the data is no longer required for the services Legal basis: Art. 6 para.

1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

Legal basis
The use of web analytics requires your consent, which we have obtained with our cookie pop-up.
According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the
processing of personal data, as may occur when it is collected by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors in
order to improve our offer technically and economically. With the help of web analytics, we can
detect errors on the website, identify attacks and improve efficiency. The legal basis for this is Art. 6
para. 1 lit. f
GDPR (legitimate interests). Nevertheless, we only use the tools to the extent that they
have given their consent.

Since web analytics tools use cookies, we recommend that you also read our general privacy policy
on cookies. To find out exactly which of your data is stored and processed, you should read the
privacy policies of the respective tools.

Information on special web analytics tools, if available, can be found in the following sections.

Jetpack privacy policy

What is Jetpack?
We use the WordPress plug-in Jetpack on our website. Jetpack is a software that provides us with
web analytics, among other things. Jetpack is operated by the company Automattic (Inc. 132
Hawthorne Street San Francisco, CA 94107, USA), which uses the technology of the company
Quantcast (Inc., 201 3rd St, Floor 2, San Francisco, CA 94103-3153, USA) for this product. The
integrated tracking tool also collects, stores and processes your personal data. In this privacy
policy, we show you exactly what data is involved, why we use Jetpack and how you can prevent
this data storage.

Jetpack is a plug-in for WordPress websites with many different functions and modules. All these
tools help us to make our website more beautiful, more secure and more

welcome visitors here. The tool can also be used to display related posts, content can be shared
and Jetpack can also improve the loading speed of our website. All functions are hosted and
provided by WordPress.

Why do we use Jetpack?
It is crucial for us that you feel comfortable on our website and find what you are looking for. We
can only be successful if you are satisfied with our service. And so that we know how and where
we can improve our website, we need information. Jetpack allows us to see, for example, how
often and for how long you visit an individual web page or which buttons you like to click. With the
help of this information, we can improve our website and adapt it to your wishes and preferences.

What data is stored by Jetpack?
The built-in tracking tool WordPress.com statistics in particular also collects, stores and processes
your personal data. In order for the Jetpack tool to work, Jetpack sets a cookie in your browser when
you open a website that has components of the tool built in. The collected data is synchronized with
Automattic and stored there.

In addition to IP address (anonymized before storage) and data on user behaviour, this includes, for
example, browser type, unique device identifier, preferred language, data and time of page access,
operating system and information on the mobile network. Jetpack uses this information to improve its
own services and offers and to gain better insights into the use of its own service. The following data
can also be synchronized and stored:

For Google Ads customers, the email address and the physical address of the account are
synchronized

Successful and unsuccessful login attempts. Your IP address and the user agent are also
stored for this purpose

The user IDs, user names, e-mail addresses, roles and skills of the registered users. But no
passwords are saved

The user ID of users who make changes on the website Twitter
username, if configured with Jetpack

Jetpack also uses cookies to store data. Below we show you a few selected, exemplary cookies that
Jetpack uses:

Name: eucookielaw
Value: 1613651061376322785396-6
Purpose: Saves the status of the user’s consent to the use of cookies.
Expiration date: after 180 days

Name: tk_ai
Value: 0
Purpose: This cookie stores a randomly generated anonymous ID. It is only used within the
administration area to track general analyses.
Expiration date: after the end of the session

Name: tk_tc
Wert: E3%2BgJ1Pw6iYKk%2Fvj322785396-3
Intended use: This is a so-called referral cookie. It is used to analyze the connection between
WooCommerce and a website with a Jetpack plugin.
Expiration date: after the end of the session

Note: Jetpack uses many different cookies. Which cookies are actually used depends on the Jetpack
functions used on the one hand and on your actions on the websites with integrated Jetpack plug-in
on the other. At https://de.jetpack.com/support/cookies/ you can see a list of possible cookies that
Jetpack uses.

How long and where is the data stored?
Automattic stores the collected data until it is no longer used for its own services. Beyond this
period, the data is only stored if the company is obliged to do so for legal reasons. Web server
logs such as your IP address, browser type and operating system are deleted after around 30
days. The data is stored on the company’s American servers.

How can I delete my data or prevent data storage?
As mentioned above, Jetpack uses cookies to store data. If you do not want Jetpack to collect data
from you in the future, you can request an “opt-out” cookie at https://www.quantcast.com/opt-out/.
Quantcast will set this cookie and no visitor data will be saved. This is the case until you delete this
cookie.

Alternatively, you can simply manage, deactivate or delete cookies in your browser as you wish.
Depending on the browser type, cookie management works slightly differently. In the “Cookies”
section, you will find the relevant links to the instructions for the most popular browsers.

Legal basis
The use of Jetpack requires your consent, which we have obtained with our cookie pop-up.
According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for
the processing of personal data, as may occur when it is collected by web analytics tools.

In addition to consent, we have a legitimate interest in the following

Email marketing summary
Affected parties: Newsletter subscribers
Purpose: Direct advertising by e-mail, notification of system-relevant events Processed data:
Data entered during registration, but at least the e-mail address.

e-mail address. You can find more details on this in the respective e-mail marketing tool used.
Storage period: Duration of the existence of the subscription

Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

We use Jetpack to analyze the behavior of website visitors and thus improve our offer technically
and economically. With the help of Jetpack, we can detect errors on the website, identify attacks
and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f
GDPR (legitimate interests). Nevertheless, we only use Jetpack if you have a
have given their consent.

Automattic also processes your data in the USA, among other places. Jetpack or Automattic is an
active participant in the EU-US Data Privacy Framework, which regulates the correct and secure
transfer of personal data from EU citizens to the USA. You can find more information on this at
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

If you want to learn more about the privacy policy and the processing of data by Jetpack or
Automattic, we recommend the privacy policy at https://automattic.com/privacy/, the cookie policy
at https://automattic.com/cookies/ and also the information page https://jetpack.com/support/what-
data-does-jetpack-sync/. We hope we have been able to give you a good insight into data
processing by Jetpack.

Email marketing introduction

What is email marketing?
In order to keep you up to date, we also use the option of e-mail marketing. If you have agreed to
receive our e-mails or newsletters, your data will also be processed and stored. E-mail marketing is a
sub-area of online marketing.

marketing. This involves sending news or general information about a company, products or services
by e-mail to a specific group of people who are interested in them.

If you want to take part in our e-mail marketing (usually by newsletter), you normally just need to
register with your e-mail address. To do this, you fill out an online form and send it off. However, we
may also ask you to provide your title and name so that we can write to you personally.

Basically, the registration for newsletters works with the help of the so-called “double opt-in
procedure”. After you have registered for our newsletter on our website, you will receive an e-mail
confirming your newsletter registration. This ensures that the e-mail address belongs to you and
that no one has registered with a third-party e-mail address. We or a notification tool used by us
logs each individual registration. This is necessary so that we can prove that the registration
process is legally correct. As a rule, the time of registration, the time of registration confirmation
and your IP address are saved. In addition, it is also logged when you make changes to your
stored data.

Why do we use email marketing?
We naturally want to stay in contact with you and always provide you with the most important news
about our company. To do this, we use email marketing – often simply referred to as “newsletters” –
as an essential part of our online marketing. If you agree to this or if it is permitted by law, we will
send you newsletters, system e-mails or other notifications by e-mail. When we use the term
When we use the term “newsletter”, we mainly mean e-mails that are sent out regularly. Of course,
we do not want to bother you in any way with our newsletters. That’s why we make every effort to
offer only relevant and interesting content. For example, you can find out more about our company,
our services or products. As we are constantly improving our offers, you will always find out via our
newsletter when there is news or when we are offering special, lucrative promotions. If we
commission a service provider who offers a professional mailing tool for our email marketing, we do
so in order to be able to offer you fast and secure newsletters. The purpose of our email marketing
is basically to inform you about new offers and also to achieve our business goals.

What data is processed?
If you become a subscriber to our newsletter via our website, you confirm your membership of an e-
mail list by e-mail. In addition to your IP address and e-mail address, your title, name, address and
telephone number may also be stored. However, only if you consent to this data storage. The data
marked as such is necessary so that you can participate in the service offered. Providing this
information is voluntary, but if you do not provide it, you will not be able to use the service. In
addition, information about your device or your preferred content on our website may also be
stored. More

Social media privacy policy summary
Affected parties: Visitors to the website
Purpose: Presentation and optimization of our services, contact with visitors, interested parties, etc., advertising
Processed data: Data such as telephone numbers, e-mail addresses, contact details, user behavior data,

information about your device and your IP address.
You can find more details on this in the respective social media tool used. Storage

duration: depending on the social media platforms used
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

on the storage of data when you visit a website can be found in the section “Automatic data
storage”. We record your declaration of consent so that we can always prove that it complies with
our laws.

Duration of data processing
If you unsubscribe your e-mail address from our e-mail/newsletter distribution list, we may store your
address for up to three years on the basis of our legitimate interests so that we can still prove your
consent at that time. We may only process this data if we have to defend ourselves against any
claims.

However, if you confirm that you have given us your consent to the newsletter registration, you can
submit an individual deletion request at any time. If you permanently revoke your consent, we
reserve the right to store your e-mail address in a blacklist. As long as you have voluntarily
subscribed to our newsletter, we will of course retain your e-mail address.

Right of objection
You can cancel your newsletter subscription at any time. All you have to do is withdraw your
consent to the newsletter subscription. This usually only takes a few seconds or one or two clicks.
You will usually find a link to cancel your newsletter subscription at the end of every email. If you
really cannot find the link in the newsletter, please contact us by e-mail and we will cancel your
newsletter subscription immediately.

Legal basis
Our newsletter is sent on the basis of your consent (Article 6(1)(a) GDPR). This means that we may
only send you a newsletter if you have actively subscribed to it beforehand. We may also send you
advertising messages if you have become our customer and have not objected to the use of your
email address for direct advertising.

Information on specific email marketing services and how they process personal data, if available,
can be found in the following sections.

Social media introduction

What is social media?
In addition to our website, we are also active on various social media platforms. User data may be
processed so that we can target users who are interested in us via the social networks. In addition,
elements of a social media platform may also be embedded directly in our website. This is the
case, for example, if you click on a social button on our website and are forwarded directly to our
social media presence. Social media refers to websites and apps that registered members can use
to produce content, share content openly or in specific groups and network with other members.

Why do we use social media?
For years, social media platforms have been the place where people communicate and get in
touch online. With our social media presence, we can bring our products and services closer to
interested parties. The social media elements integrated on our website help you to switch to our
social media content quickly and without complications.

The data that is stored and processed through your use of a social media channel is primarily for
the purpose of carrying out web analyses. The aim of these analyses is to be able to develop more
precise and personalized marketing and advertising strategies.
Depending on your behavior on a social media platform, the evaluated data can be used to draw
conclusions about your interests and create user profiles. This also enables the platforms to
present you with customized advertisements. Cookies are usually set in your browser for this
purpose, which store data on your usage behavior.

As a rule, we assume that we remain responsible under data protection law, even if we use the
services of a social media platform. However, the European Court of Justice has ruled that in
certain cases the operator of the social media platform may be jointly responsible with us within the
meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis
of an agreement to this effect. The essence of the agreement is then reproduced below for the
platform concerned.

Please note that when using the social media platforms or our built-in elements, your data may also
be processed outside the European Union, as many social media channels, such as Facebook or
Twitter, are American companies. As a result, you may not be able to claim or enforce your rights in
relation to your personal data as easily.

What data is processed?
Exactly which data is stored and processed depends on the respective provider of the social media
platform. However, it usually involves data such as telephone numbers, e-mail addresses, etc.

E-mail addresses, data that you enter in a contact form, user data such as which buttons you click,
who you like or follow, when you visited which pages, information about your device and your IP
address. Most of this data is stored in cookies. Data can be linked to your profile, especially if you
have a profile on the social media channel you are visiting and are logged in.

All data that is collected via a social media platform is also stored on the provider’s servers. This
means that only the providers have access to the data and can provide you with the appropriate
information or make changes.

If you want to know exactly what data is stored and processed by social media providers and how
you can object to data processing, you should carefully read the company’s privacy policy. We also
recommend that you contact the provider directly if you have any questions about data storage and
data processing or wish to assert corresponding rights.

Duration of data processing
We will inform you about the duration of data processing below if we have further information on
this. For example, the social media platform Facebook stores data until it is no longer required for
its own purposes. However, customer data that is compared with our own user data is deleted
within two days. In general, we only process personal data for as long as is absolutely necessary
for the provision of our services and products. If required by law, for example in the case of
accounting, this storage period may be exceeded.

Right of objection
You also have the right and the option to withdraw your consent to the use of cookies or third-party
providers such as embedded social media elements at any time. This works either via our cookie
management tool or via other opt-out functions. For example, you can also prevent data collection
by cookies by managing, deactivating or deleting cookies in your browser.

As social media tools may use cookies, we also recommend that you read our general privacy policy
on cookies. To find out exactly which of your data is stored and processed, you should read the
privacy policies of the respective tools.

Facebook privacy policy summary
Affected parties: Visitors to the website
Purpose: Optimization of our service performance
Processed data: Data such as customer data, user behavior data, information about your

device and your IP address.
You can find more details below in the privacy policy.

Storage period: until the data is no longer useful for Facebook’s purposes Legal basis: Art.
6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

have given your consent. Most social media platforms also place cookies in your browser to store
data. We therefore recommend that you read our data protection text on cookies carefully and
consult the privacy policy or cookie guidelines of the respective service provider.

Information on specific social media platforms – if available – can be found in the following sections.

Facebook privacy policy

What are Facebook tools?
We use selected tools from Facebook on our website. Facebook is a social media network of the
company Meta Platforms Inc. or, for the European region, Meta Platforms Ireland Limited, 4 Grand
Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer
you and people who are interested in our products and services the best possible offer.

If data is collected and forwarded from you via our embedded Facebook elements or via our
Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook is
solely responsible for the further processing of this data. Our joint obligations are also set out in a
publicly accessible agreement at https://www.facebook.com/legal/controller_addendum. This states,
for example, that we must clearly inform you about the use of Facebook tools on our site.
Furthermore, we are also responsible for ensuring that the tools are securely integrated into our
website in accordance with data protection law. Facebook, on the other hand, is responsible for the
data security of Facebook products, for example. If you have any questions about data collection
and data processing by Facebook, you can contact the company directly. If you address the
question to us, we are obliged to forward it to Facebook.

Below we provide an overview of the various Facebook tools, what data is sent to Facebook and
how you can delete this data.

In addition to many other products, Facebook also offers the so-called “Facebook Business Tools”.
This is the official term used by Facebook. However, as the term is hardly known

we have decided to simply call them Facebook tools. These include, among others:

Facebook pixel
Social plug-ins (such as the “Like” or “Share” button)

Facebook login
Account Kit
APIs (programming interface)
SDKs (collection of programming tools) Platform

integrations
Plugins

Codes
Specifications
Documentations
Technologies and services

Through these tools, Facebook expands services and has the ability to obtain information about
user activity outside of Facebook.

Why do we use Facebook tools on our website?
We only want to show our services and products to people who are really interested in them. With
the help of advertisements (Facebook ads), we can reach precisely these people. However,
Facebook needs information about people’s wishes and needs in order to show users suitable
advertising. So the
We provide Facebook with information about user behavior (and contact details) on our website. As
a result, Facebook collects better user data and can display suitable advertising about our products
and services to interested people. The tools thus enable customized advertising campaigns on
Facebook.

Facebook calls data about your behavior on our website “event data”. This is also used for
measurement and analysis services. Facebook can thus on our behalf
“Campaign reports” on the impact of our advertising campaigns. We also use analytics to gain a
better insight into how you use our services, website or products. This allows us to optimize your
user experience on our website with some of these tools. For example, you can use the social plug-
ins to share content on our site directly on Facebook.

What data is stored by Facebook tools?
By using individual Facebook tools, personal data (customer data) can be sent to Facebook.
Depending on the tools used, customer data such as name, address, telephone number and IP
address may be sent.

Facebook uses this information to compare the data with the data it has about you (if you are a Facebook
member). Before customer data is transmitted to Facebook, it is hashed. This means that a data set of
any size is hashed in

is transformed into a character string. This is also used to encrypt data.

In addition to the contact data, “event data” is also transmitted. “Event data” refers to the
information that we receive about you on our website. For example, which subpages you visit or
which products you buy from us. Facebook does not share the information it receives with third
parties (such as advertisers) unless the company has explicit permission or is legally obliged to
do so. “Event data” can also be linked to contact details. This allows Facebook to offer better
personalized advertising. After the aforementioned matching process, Facebook deletes the
contact data again.

In order to deliver optimized ads, Facebook only uses the event data if it has been combined with
other data (collected by Facebook in other ways). Facebook also uses this event data for security,
protection, development and research purposes. Much of this data is transferred to Facebook via
cookies. Cookies are small text files that are used to store data or information in browsers.
Depending on the tools used and whether you are a Facebook member, different numbers of
cookies are stored in your browser. We go into more detail about individual Facebook cookies in
the descriptions of the individual Facebook tools. You can also find general information about the
use of Facebook cookies at https://www.facebook.com/policies/cookies.

How long and where is the data stored?
In principle, Facebook stores data until it is no longer needed for its own services and Facebook
products. Facebook has servers all over the world where its data is stored. However, customer data
is deleted within 48 hours after it has been compared with the company’s own user data.

How can I delete my data or prevent data storage?
In accordance with the General Data Protection Regulation, you have the right to information,
correction, transferability and deletion of your data.

The data will only be completely deleted if you delete your Facebook account completely. And this is
how deleting your Facebook account works:

1) Click on Settings on the right-hand side of Facebook.

2) Then click on “Your Facebook information” in the left-hand column.

3) Now click on “Deactivation and deletion”.

4) Now select “Delete account” and then click on “Continue and delete account”

5) Now enter your password, click on “Next” and then on “Delete account”

The storage of the data that Facebook receives via our site takes place, among other things, via

Cookies (e.g. for social plugins). You can deactivate, delete or manage individual or all cookies in
your browser. Depending on which browser you use, this works in different ways. In the “Cookies”
section, you will find the relevant links to the instructions for the most popular browsers.

If you generally do not want to have cookies, you can set up your browser so that it always informs
you when a cookie is to be set. This allows you to decide for each individual cookie whether you
want to allow it or not.

Legal basis
If you have consented to your data being processed and stored by integrated Facebook tools, this
consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is
also stored on
On the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in a fast and efficient
stored and processed for good communication with you or other customers and business partners.
Nevertheless, we only use these tools if you have given your consent. Most social media platforms
also set cookies in your browser to store data. We therefore recommend that you read our privacy
policy about cookies carefully and take a look at Facebook’s privacy policy or cookie guidelines.

Facebook also processes your data in the USA, among other places. Facebook or Meta Platforms is
an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure
transfer of personal data from EU citizens to the USA. You can find more information on this at
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Facebook uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR).
Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are
intended to ensure that your data complies with European data protection standards even if it is
transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy
Framework and the standard contractual clauses, Facebook undertakes to comply with the
European level of data protection when processing your relevant data, even if the data is stored,
processed and managed in the USA. These clauses are based on an implementing decision of the
EU Commission. You can find the decision and the corresponding standard contractual clauses
here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing conditions, which refer to the standard contractual clauses, can be
found at https://www.facebook.com/legal/terms/dataprocessing.

We hope we have provided you with the most important information about the use and data
processing by the Facebook tools. If you would like to find out more about how Facebook uses
your data, we recommend that you read the data policy at
https://www.facebook.com/privacy/policy/.

Gravatar privacy policy summary
Affected parties: Visitors to the website
Purpose: Optimization of our service performance
Processed data: including your encrypted e-mail address, IP address and URL of our server

You can find more details below in the privacy policy.
Storage period: in principle, the data is deleted when it is no longer useful for the provider’s

services.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

Gravatar privacy policy

What is Gravatar?
We have integrated the Gravatar plug-in from Automattic Inc. on our website (60 29th Street
#343, San Francisco, CA 94110, USA) is integrated. Gravatar is automatically activated on all
WordPress websites, among others. The function enables user images (avatars) to be displayed in
published posts or comments, provided the corresponding email address is registered with
www.gravatar.com.

Through this function, data is sent to Gravatar or Automattic Inc., stored and processed there. In
this privacy policy, we want to inform you about what data is involved, how the network uses this
data and how you can manage or prevent data storage.

Gravatar basically stands for “Globally Recognized Avatar” and refers to a globally available avatar
(a user picture) that is linked to the e-mail address. The company Gravatar is the world’s leading
service provider for this service. As soon as a user enters the e-mail address on a website that is
also registered with Gravatar at www.gravatar.com, a previously stored image is automatically
displayed together with a published post or comment.

Why do we use Gravatar on our website?
People often talk about anonymity on the Internet. An avatar gives users a face to the people
commenting. In addition, it is generally easier to be recognized on the Internet and can therefore
build up a certain level of recognition. Many users enjoy the advantages of such a user image and
also want to appear personal and authentic on the Internet. We naturally want to offer you the
opportunity to display your Gravatar on our website. We also like to see the faces of our
commenting users. By activating the Gravatar function, we are also expanding our service on our
website. After all, we want you to feel comfortable on our website and receive a comprehensive
and interesting offer.

What data is stored by Gravatar?
For example, as soon as you publish a comment on a blog post that requires an email address,
WordPress checks whether the email address is linked to an avatar at Gravatar. For this request,
your email address is sent to the Gravatar or Automattic servers in encrypted or hashed form
together with your IP address and our URL. This checks whether this email address is registered
with Gravatar.

If this is the case, the image stored there (Gravatar) will be displayed together with the published
comment. If you have registered an email address with Gravatar and comment on our website,
further data will be transferred to Gravatar, stored and processed. In addition to IP address and
data on user behavior, this includes, for example, browser type, unique device identifier, preferred
language, data and time of page access, operating system and information on the mobile network.
Gravatar uses this information to improve its own services and offers and to gain better insights into
the use of its own service.

The following cookies are set by Automattic if a user uses an e-mail address that is registered with
Gravatar for a comment:

Name: gravatar
Value: 16b3191024acc05a238209d51ffcb92bdd710bd19322785396-7
Purpose: We were unable to find out any precise information about the cookie.
Expiration date: after 50 years

Name: is-logged-in
Value: 1322785396-1
Purpose: This cookie stores the information that the user is logged in via the registered e-mail
address.
Expiration date: after 50 years

How long and where is the data stored?
Automattic deletes the collected data when it is no longer used for its own services and the
company is not legally obliged to retain the data. Web server logs such as IP address, browser type
and operating system are deleted after around 30 days. Until then, Automattic uses the data to
analyze the traffic on its own websites (for example, all WordPress pages) and to fix possible
problems. The data is also stored on Automattic’s American servers.

How can I delete my data or prevent data storage?
You have the right to access and delete your personal data at any time. If you have registered with
Gravatar with an e-mail address, you can delete your account or e-mail address at any time.

Since a picture is only displayed and data is therefore only transferred to Gravatar if you use an e-mail
address registered with Gravatar, you can also prevent your data from being transferred to Gravatar by
commenting on our website or posting articles using an e-mail address that is not registered with
Gravatar.

You can manage, deactivate or delete any cookies that are set during commenting in your browser.
Please note that any comment functions will then no longer be fully available. Depending on which
browser you use, the management of cookies works slightly differently. In the “Cookies” section, you
will find the relevant links to the instructions for the most popular browsers.

Legal basis
If you have consented to your data being processed and stored by integrated social media elements,
this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your
data is also stored on
On the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in a fast and secure
stored and processed for good communication with you or other customers and business partners.
Nevertheless, we only use the integrated social media elements if you have given your consent.
Most social media platforms also set cookies in your browser to store data. We therefore recommend
that you read our data protection text on cookies carefully and consult the privacy policy or cookie
guidelines of the respective service provider.

Gravatar also processes your data in the USA, among other places. Gravatar or Automattic is an
active participant in the EU-US Data Privacy Framework, which regulates the correct and secure
transfer of personal data from EU citizens to the USA. You can find more information on this at
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

You can find out more about the standard contractual clauses and data p r o c e s s e d through the use of
Gravatar in the privacy policy at https://automattic.com/privacy/, general information about Gravatar at
http://de.gravatar.com/.

Instagram privacy policy summary
Affected parties: Visitors to the website
Purpose: Optimization of our service performance
Processed data: Data such as user behavior data, information about your device and your

IP address.
You can find more details below in the privacy policy.

Storage period: until Instagram no longer needs the data for its purposes Legal basis: Art. 6
para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

Instagram privacy policy

What is Instagram?
We have integrated Instagram functions on our website. Instagram is a social media platform of the
company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a
subsidiary of Meta Platforms Inc. since 2012 and is a Facebook product. Embedding Instagram
content on our website is called embedding. This allows us to show you content such as buttons,
photos or videos from Instagram directly on our website. When you visit web pages on our website
that have an Instagram function integrated, data is transmitted to Instagram, stored and processed.
Instagram uses the same systems and technologies as Facebook. Your data is therefore processed
across all Facebook companies.

In the following, we want to give you a more detailed insight into why Instagram collects data, what
data is involved and how you can largely control data processing. Since Instagram belongs to Meta
Platforms Inc., we obtain our information from the Instagram guidelines on the one hand, but also
from the Meta privacy policy itself on the other.

Instagram is one of the best-known social media networks in the world. Instagram combines the
advantages of a blog with the benefits of audiovisual platforms such as YouTube or Vimeo. You can
upload photos and short videos to “Insta” (as many users casually call the platform), edit them with
various filters and also share them on other social networks. And if you don’t want to be active
yourself, you can also just follow other interesting users.

Why do we use Instagram on our website?
Instagram is the social media platform that has really gone through the roof in recent years. And of
course we have also responded to this boom. We want you to feel as comfortable as possible on our
website. That’s why a varied presentation of our content is a matter of course for us. The embedded
Instagram functions allow us to enrich our content with helpful, funny or exciting content from the
Instagram world. As Instagram is a subsidiary of Facebook, the data collected can also be useful to
us for personalized advertising on Facebook. This is how our

We only advertise to people who are genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive
summarized statistics and thus more insight into your wishes and interests. It is important to note
that these reports do not identify you personally.

What data is stored by Instagram?
When you visit one of our pages that has Instagram functions (such as Instagram images or plug-
ins), your browser automatically connects to Instagram’s servers. In the process, data is sent to
Instagram, stored and processed. This happens regardless of whether you have an Instagram
account or not. This includes information about our website, your computer, purchases made,
advertisements you see and how you use our services. The date and time of your interaction with
Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores
significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that this is exactly the
case with Instagram. Customer data includes, for example, name, address, telephone number and
IP address. This customer data is only transmitted to Instagram once it has been hashed. Hashing
means that a data record is converted into a character string. This allows the contact data to be
encrypted. The above-mentioned “event data” is also transmitted. By “event data”, Facebook – and
consequently Instagram – means data about your user behavior. Contact data may also be
combined with event data. The contact data collected is compared with the data that Instagram
already has about you.

The collected data is transmitted to Facebook via small text files (cookies), which are usually set in
your browser. Depending on the Instagram functions used and whether you have an Instagram
account yourself, different amounts of data are stored.

We assume that Instagram processes data in the same way as Facebook. This means that if you
have an Instagram account or have visited www.instagram.com, Instagram has at least set a
cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as
you come into contact with an Instagram function.
This data is deleted or anonymized after 90 days at the latest (after reconciliation). Although we have
studied Instagram’s data processing intensively, we cannot say exactly what data Instagram collects
and stores.

Below we will show you the minimum cookies that are set in your browser when you click on an
Instagram function (such as a button or an Insta image). In our test, we assume that you do not
have an Instagram account. If you are logged in to Instagram, significantly more cookies will of
course be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent falsification of requests.
However, we were unable to find out more about this.
Expiration date: after one year

Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimize its own services and offers in and outside of
Instagram. The cookie defines a unique user ID.
Expiration date: after the end of the session

Name: fbsr_322785396124024
Value: not specified
Purpose: This cookie stores the log-in request for users of the Instagram app.
Expiration date: after the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiration date: after the end of the session

Name: urlgen
Wert: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe322785396”
Purpose: This cookie is used for Instagram’s marketing purposes.
Expiration date: after the end of the session

Note: We cannot claim completeness here. Which cookies are set in individual cases depends on
the embedded functions and your use of Instagram.

How long and where is the data stored?
Instagram shares the information received between the Facebook companies with external
partners and with people you connect with worldwide. Data processing is carried out in compliance
with our own data policy. For security reasons, among others, your data is distributed on Facebook
servers around the world. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?
Thanks to the General Data Protection Regulation, you have the right to access, portability,
rectification and erasure of your data. You can manage your data in the Instagram settings

manage. If you want to completely delete your data on Instagram, you must permanently delete
your Instagram account.

And this is how deleting your Instagram account works:

First open the Instagram app. On your profile page, go to the bottom and click on
“Help area”. You will now be taken to the company’s website. On the website, click on “Manage your
account” and then on “Delete your account”.

If you delete your account completely, Instagram will delete posts such as your photos and status
updates. Information that other people have shared about you does not belong to your account and
will therefore not be deleted.

As mentioned above, Instagram stores your data primarily via cookies. You can manage, deactivate
or delete these cookies in your browser. Depending on your browser, the management always works
a little differently. In the “Cookies” section, you will find the relevant links to the instructions for the
most popular browsers.

You can also set up your browser so that you are always informed when a cookie is to be set. Then
you can always decide individually whether you want to allow the cookie or not.

Instagram also processes your data in the USA, among other places. Instagram or Meta Platforms is
an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure
transfer of personal data of EU citizens to the USA. You can find more information on this at
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Instagram also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard
Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to
ensure that your data complies with European data protection standards even if it is transferred to
third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework
and the standard contractual clauses, Instagram undertakes to ensure that when processing your

Pinterest privacy policy summary
Affected parties: Visitors to the website
Purpose: Optimization of our service performance
Processed data: Data such as user behavior data, information about your device, your IP

address and search terms.
You can find more details below in the privacy policy.

Storage period: until Pinterest no longer needs the data for its purposes Legal basis: Art. 6
para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

relevant data to comply with the European level of data protection, even if the data is stored,
processed and managed in the USA. These clauses are based on an implementing decision of the
EU Commission. You can find the decision and the corresponding standard contractual clauses
here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We have tried to provide you with the most important information about data processing by
Instagram. You can find out more about Instagram’s data policy at
https://privacycenter.instagram.com/policy/.

Pinterest privacy policy

What is Pinterest?
We use buttons and widgets from the social media network Pinterest, Pinterest Inc, 808 Brannan
Street, San Francisco, CA 94103, USA, on our website. For the European region, the Irish
company Pinterest Europe Ltd (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is
responsible for all aspects relevant to data protection.

Pinterest is a social network that specializes in graphic representations and photographs. The
name is made up of the two words “pin” and “interest”. Users can use Pinterest to share various
hobbies and interests and view the respective profiles with images either openly or in defined
groups.

Why do we use Pinterest?
Pinterest has been around for several years now and this social media platform is still one of the
most visited and appreciated platforms. Pinterest is particularly suitable for our industry because the
platform is primarily known for its beautiful and interesting images. That’s why we are of course also
represented on Pinterest and also want to showcase our content away from our website. The data
collected can also be used for advertising purposes so that we can show advertising messages to
precisely those people who are interested in our services or products.

What data is processed by Pinterest?
So-called log data may be stored. This includes information about your

Browser, IP address, the address of our website and the activities carried out on it (for example,
when you click the bookmark or pin button), search histories, date and time of the request and
cookie and device data. If you interact with an embedded Pinterest function, cookies that store
various data may also be set in your browser. In most cases, the above-mentioned log data, preset
language settings and clickstream data are stored in cookies. By clickstream data, Pinterest means
information about your website behavior.

If you have a Pinterest account yourself and are logged in, the data collected via our site may be
added to your account and used for advertising purposes. If you interact with our integrated
Pinterest functions, you will usually be redirected to the Pinterest page. Here you can see an
example selection of cookies that are then set in your browser.

Name: _auth
Value: 0
Purpose: The cookie is used for authentication. For example, a value such as your “user name” can
be stored in it.
Expiration date: after one year

Name: _pinterest_referrer
Value: 1
Purpose: The cookie stores the fact that you reached Pinterest via our website. The URL of our
website is therefore saved.
Expiration date: after the end of the session

Name: _pinterest_sess
Value: …9HRHZvVE0rQlUxdG89
Purpose: The cookie is used to log in to Pinterest and contains user IDs, authentication tokens
and timestamps.
Expiration date: after one year

Name: _routing_id
Wert: “8d850ddd-4fb8-499c-961c-77efae9d4065322785396-8”
Purpose: The cookie contains an assigned value that is used to identify a specific routing
destination.
Expiration date: after one day

Name: cm_sub
Value: denied
Purpose: This cookie stores a user ID and the timestamp.
Expiration date: after one year

Name: csrftoken
Wert: 9e49145c82a93d34fd933b0fd8446165322785396-1
Purpose: This cookie is most likely used for security reasons.

to prevent falsification of requests. However, we were unable to find out more about this.
Expiration date: after one year

Name: sessionFunnelEventLogged
Value: 1
Purpose: We have not yet been able to find out any further information about this cookie.
Expiration date: after one day

How long and where is the data stored?
Pinterest generally stores the collected data until it is no longer needed for the purposes of the
company. As soon as data storage is no longer necessary, for example to comply with legal
regulations, the data is either deleted or anonymized so that you can no longer be identified as a
person. The data may also be stored on American servers.

Right of objection
You also have the right and the option to withdraw your consent to the use of cookies or third-party
providers such as Pinterest at any time. This works either via our cookie management tool or via
other opt-out functions. For example, you can also prevent data collection by cookies by managing,
deactivating or deleting cookies in your browser.

As cookies may be used for embedded Pinterest elements, we also recommend that you read our
general privacy policy on cookies. To find out exactly what data is stored and processed by you, you
should read the privacy policies of the respective tools.

Legal basis
If you have consented to your data being processed and stored by integrated social media elements,
this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your
data is also stored on
On the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in a fast and efficient
stored and processed for good communication with you or other customers and business partners.
Nevertheless, we only use the tool if you have given your consent. Most social media platforms also
set cookies in your browser to store data. We therefore recommend that you read our data protection
text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service
provider.

Pinterest also processes your data in the USA, among other places. We would like to point out that,
in the opinion of the European Court of Justice, there is currently no adequate level of protection for
data transfers to the USA. This may entail various risks for the lawfulness and

Blogs and publication media Privacy policy summary
Affected parties: Visitors to the website
Purpose: Presentation and optimization of our services as well as communication between

website visitors, security measures and administration
Processed data: Data such as contact details, IP address and published content.

You can find more details on this in the tools used. Storage duration:
depending on the tools used

Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests),
Art. 6 para. 1 sentence 1 lit. b. GDPR (contract)

security of data processing.

Pinterest uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis
for data processing with recipients based in third countries (outside the European Union, Iceland,
Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard
Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to
ensure that your data complies with European data protection standards even if it is transferred to
third countries (such as the USA) and stored there. Through these clauses, Pinterest undertakes to
comply with the European level of data protection when processing your relevant data, even if the
data is stored, processed and managed in the USA. These clauses are based on an implementing
decision of the EU Commission. You can find the decision and the corresponding standard
contractual clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

You can find more information about Pinterest’s standard contractual clauses at
https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.

We have tried to provide you with the most important information about data processing by
Pinterest. You can find out more about Pinterest’s data policy at
https://policy.pinterest.com/de/privacy-policy.

Blogs and publication media Introduction

What are blogs and publication media?
We use blogs or other means of communication on our website with which we can communicate
with you on the one hand and you with us on the other. We may also store and process your data in
the process. This may be necessary so that we c a n display content appropriately, communication
works and security is increased. In our data protection text, we p r o v i d e a general description of
which of y o u r data may be processed. Exact details on data processing always depend on the tools
and functions used. You can find detailed information on data processing in the data protection
notices of the individual providers.

Why do we use blogs and publication media?
Our greatest concern with our website is to offer you interesting and exciting content and at the
same time your opinions and content are also important to us. That’s why we want to create a
good interactive exchange between us and you. With various blogs and publication options, we
can achieve exactly that. For example, you can write comments on our content, comment on
other comments or, in some cases, write articles yourself.

What data is processed?
Exactly which data is processed always depends on the communication functions we use. Very
often, the IP address, user name and published content are stored. This is primarily done to ensure
security protection, to prevent spam and to be able to take action against illegal content. Cookies
can also be used for data storage. These are small text files that are stored with information in your
browser. You can find more information on the data collected and stored in our individual sections
and in the privacy policy of the respective provider.

Duration of data processing
We will inform you about the duration of data processing below if we have further information on
this. For example, contribution and comment functions store data until you revoke the data storage.
In general, personal data is only stored for as long as is absolutely necessary for the provision of
our services.

Right of objection
You also have the right and the option to withdraw your consent to the use of cookies or third-party
communication tools at any time. This works either via our cookie management tool or via other
opt-out functions. For example, you can also prevent data collection by cookies by managing,
deactivating or deleting cookies in your browser.

As publication media may also use cookies, we also recommend that you read our general privacy
policy on cookies. To find out exactly which of your data is stored and processed, you should read
the privacy policies of the respective tools.

Legal basis
We use the means of communication mainly on the basis of our legitimate interests (Art. 6 para. 1 lit. f
GDPR) in fast and good communication with you or other customers, business partners and visitors.
Insofar as the use serves the processing o f contractual relationships or their initiation, the legal basis is
also Art. 6 para. 1 sentence 1 GDPR.

Partner programs privacy policy summary
Affected parties: Visitors to the website
Purpose: economic success and the optimization of our service performance.
Processed data: Access statistics that contain data such as access locations, device data,

access duration and time, navigation behavior, click behavior and IP addresses. Personal data
such as name or e-mail address may also be processed.

Storage period: personal data is usually stored by partner programs until it is no longer
needed
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

1 lit. b. GDPR.

Certain processing operations, in particular the use of cookies and the use of comment or message
functions, require your consent. If and insofar as you have consented to your data being processed
and stored by integrated publication media, this consent is the legal basis for data processing (Art.
6 para. 1 lit. a GDPR). Most of the communication functions we use set cookies in your browser to
store data. We therefore recommend that you read our data protection text on cookies carefully and
view the privacy policy or cookie guidelines of the respective service provider.

Information on special tools – if available – can be found in the following sections.

Blog posts and comment functions Privacy policy
There are various online communication tools that we can use on our website. For example, we use
blog posts and comment functions. This gives you the opportunity to comment on content or write
articles. If you use this function, your IP address may be stored for security reasons. In this way, we
protect ourselves against illegal content such as insults, unauthorized advertising or prohibited
political propaganda. In order to recognize whether comments are spam, we may also store and
process user information on the basis of our legitimate interest. If we start a survey, we also store
your IP address for the duration of the survey so that we can ensure that all participants only vote
once. Cookies may also be used for storage purposes. All data that we store about you (such as
content or personal information) will remain stored until you object.

Partner programs introduction

What are partner programs?
We use partner programs from various providers on our website. Through the

When you use an affiliate program, your data may be transferred to the respective affiliate
program provider, stored and processed. In this data protection text, we provide you with a general
overview of data processing by partner programs and show you how you can also prevent or
revoke data transmission. Every partner program (also known as an affiliate program) is based on
the principle of commission. A link or advertisement including a link is placed on our website and if
you are interested in it and click on it and purchase a product or service in this way, we receive a
commission (reimbursement of advertising costs) for this

Why do we use partner programs on our website?
Our aim is to provide you with an enjoyable time with lots of helpful content. We put a lot of work
and time into the development of our website. With the help of partner programs, we have the
opportunity to be rewarded a little for our work. Each partner link is of course always related to our
topic and shows offers that might be of interest to you.

What data is processed?
In order to be able to track whether you have clicked on a link we have used, the partner program
provider must know that it was you w h o f o l l o w e d the link via our website. This means t h a t the
affiliate program links used must be correctly assigned to the subsequent actions (business transaction,
purchase, conversion, impression, etc.). Only then can the billing of commissions work.

For this assignment to work, a value can be attached to a link (in the URL) or information can be
stored in cookies. This stores information such as which page you came from (referrer), when you
clicked on the link, an identifier for our website, which offer it is and a user ID.

This means that as soon as you interact with the products and services of a partner program, this
provider also collects data from you. Exactly which data is stored depends on the individual
provider. For example, the Amazon partner program distinguishes between active and automatic
information. Active information includes your name, e-mail address, telephone number, age,
payment information or location information. The automatically stored information in this case
includes user behavior, IP address, device information and the URL.

Duration of data processing
We will inform you about the duration of data processing below, if we have further information on
this. In general, personal data is only processed for as long as is necessary to provide the services
and products. Data stored in cookies is stored for different lengths of time. Some cookies are
deleted as soon as you leave the website, while others can be deleted again if they are not actively
deleted.

Amazon Affiliate Program Privacy Policy Summary
Affected parties: Visitors to the website
Purpose: economic success and the optimization of our service performance.
Processed data: Access statistics that contain data such as access locations, device data,

access duration and time, navigation behavior, click behavior and IP addresses. Personal data
such as name or e-mail address may also be processed.

Storage duration: personal data is stored by Amazon until it is no longer needed
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

will be stored in your browser for several years. The exact duration of data processing depends on
the provider used, but in most cases you should be prepared for a storage period of several years.
You can usually find precise information about the duration of data processing in the respective data
protection declarations of the individual providers.

Right of objection
You always have the right to information, correction and deletion of your personal data. If you have
any questions, you can also contact the person responsible for the partner program provider used at
any time. Contact details can be found either in our specific privacy policy or on the website of the
relevant provider.

You can delete, deactivate or manage cookies that providers use for their functions in your browser.
Depending on which browser you use, this works in different ways.

Legal basis
If you have consented to the use of partner programs, the legal basis for the corresponding data
processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), this consent
constitutes the legal basis for the processing of personal data, as may occur when it is collected by
an affiliate program.

We also have a legitimate interest in using a partner program to optimize our online service and our
marketing measures. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests).
Nevertheless, we only use the partner program if you have given your consent.

Information on special partner programs, if available, can be found in the following sections.

Amazon Affiliate Program Privacy Policy

What is the Amazon affiliate program?
We use the Amazon affiliate program of Amazon.com, Inc. on our website. The responsible bodies
within the meaning of the data protection declaration are Amazon Europe Core S.à.r.l., Amazon EU
S.à.r.l., Amazon Services Europe S.à.r.l. and Amazon Media EU S.à.r.l., all four located at 5, Rue
Plaetis, L-2338 Luxembourg and Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807
Munich. Amazon Deutschland Services GmbH, Marcel-Breuer-Str. 12, 80807 Munich, acts as data
processor. By using this Amazon partner program, your data may be transferred to Amazon, stored
and processed.

In this privacy policy, we inform you what data is involved, why we use the program and how you
can manage or prevent data transmission.

The Amazon affiliate program is an affiliate marketing program of the online mail order company
Amazon.de. Like any affiliate program, the Amazon affiliate program is based on the principle of
commission. Amazon or we place advertisements or partner links on our website and if you click on
them and buy a product via Amazon, we receive a reimbursement of advertising costs
(commission).

Why do we use the Amazon affiliate program on our website?
Our aim is to provide you with an enjoyable time with lots of helpful content. To achieve this, we put
a lot of work and energy into the development of our website. With the help of the Amazon affiliate
program, we have the opportunity to be rewarded a little for our work. Every affiliate link to Amazon
is of course always related to our topic and shows offers that might interest you.

What data is stored by the Amazon partner program?
As soon as you interact with Amazon’s products and services, Amazon collects data from you.
Amazon distinguishes between information that you actively provide to the company and
information that is automatically collected and stored. The “active information” includes, for
example, your name, e-mail address, telephone number, age, payment information or location
information. So-called “automatic information” is primarily stored via cookies. This includes
information on user behavior, IP address, device information (browser type, location, operating
systems) or the URL. Amazon also stores the clickstream. This refers to the path (sequence of
pages) that you as a user take to reach a product. Amazon also stores cookies in your browser in
order to be able to trace the origin of an order. In this way, the company recognizes that you have
clicked on an Amazon advertisement or an affiliate link via our website.

If you have an Amazon account and are logged in while browsing our website, the data collected
may be assigned to your account. You can prevent this by logging out of Amazon before you
browse our website.

Here we show you examples of cookies that are set in your browser when you click on an Amazon
link on our website.

Name: uid
Wert: 3230928052675285215322785396-9
Purpose: This cookie stores a unique user ID and collects information about your website activity.
Expiration date: after 2 months

Name: ad-id
Value: AyDaInRV1k-Lk59xSnp7h5o
Purpose: This cookie is provided by amazon-adsystem.com and is used by the company for various
advertising purposes.
Expiration date: after 8 months

Name: uuid2
Wert: 8965834524520213028322785396-2
Purpose: This cookie enables targeted and interest-based advertising via the AppNexus platform.
For example, the cookie collects and stores anonymous data via the IP address about which
advertisements you have clicked on and which pages you have accessed.
Expiration date: after 3 months

Name: session-id
Wert: 262-0272718-2582202322785396-1
Purpose: This cookie stores a unique user ID that the server assigns to you for the duration of a
website visit (session). If you visit the same page again, the information stored in it will be retrieved.
Expiration date: after 15 years

Name: APID
Wert: UP9801199c-4bee-11ea-931d-02e8e13f0574
Purpose: This cookie stores information about how you use a website and which advertisements you
viewed before visiting the website.
Expiration date: after one year

Name: session-id-time
Wert: tb:s-STNY7ZS65H5335FZEVPE|1581329862486&t:1581329864300&adb:adblk_no
Purpose: This cookie records the time you spend on a website with a unique cookie ID.
Expiration date: after 2 years

Name: csm-hit
Value: 2082754801l
Purpose: We could not find out any specific information about this cookie.

Expiration date: after 15 years

Note: Please note that this list only shows examples of cookies and cannot claim to be exhaustive.

Amazon uses this information to tailor advertisements more precisely to the interests of users.

How long and where is the data stored?
Personal data is stored by Amazon for as long as is necessary for Amazon’s business services or for
legal reasons. As Amazon is headquartered in the USA, the data collected is also stored on
American servers.

How can I delete my data or prevent data storage?
You have the right to access and delete your personal data at any time. If you have an Amazon
account, you can manage or delete much of the data collected in your account.

Another option to manage data processing and storage by Amazon according to your preferences
is provided by your browser. There you can manage, deactivate or delete cookies.
This works a little differently for each browser. In the “Cookies” section, you will find the relevant links
to the instructions for the most popular browsers.

Legal basis
If you have consented to the Amazon partner program being used, the legal basis for the
corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR
(consent), this consent constitutes the legal basis for the processing of personal data, as may occur
when it is collected by the Amazon Partner Program.

We also have a legitimate interest in using the Amazon partner program to optimize our online
service and our marketing measures. The legal basis for this is Art. 6 para. 1 lit. f GDPR
(legitimate interests). Nevertheless, we only use the Amazon partner program if you have given
your consent.

Amazon also processes your data in the USA, among other places. Amazon is an active participant
in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal
data from EU citizens to the USA. You can find more information on this at
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Amazon also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard
Contractual Clauses (SCCs) are model clauses provided by the EU Commission and are intended to
ensure that your data is processed in accordance with the GDPR.

Security & Anti-Spam Privacy Policy Summary
Data subjects: Visitors to the website
Purpose: Cybersecurity
Processed data: Data such as your IP address, name or technical data such as browser version
You can find more details on this below and in the individual data protection texts.

Storage period: Most of the data is stored until it is no longer required for the fulfillment of the service
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

European data protection standards if they are transferred to third countries (such as the USA) and
stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses,
Amazon undertakes to comply with the European level of data protection when processing your
relevant data, even if the data is stored, processed and managed in the USA. These clauses are
based on an implementing decision of the EU Commission. You can find the decision and the
corresponding standard contractual clauses here: https://eur-
lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Amazon Data Processing Terms (AWS GDPR DATA PROCESSING), which
correspond to the standard contractual clauses, can be found at
https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.

We hope we have given you the most important information about data transfer through the use
of the Amazon affiliate program. You can find more information at
https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.

Digistore24 affiliate program privacy policy
We use the Digistore24 partner program for our website. The service provider is the German
company Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany. You can find
out more about the data processed through the use of Digistore24 in the privacy policy at
https://www.digistore24.com/page/privacy.

Security & Anti-Spam

What is security & anti-spam software?
With so-called security and anti-spam software, you and we can protect ourselves from various
spam or phishing emails and possible other cyberattacks. Spam refers to advertising emails from a
mass mailing that you did not request yourself. Such emails are also known as data junk and can
also cause costs. Phishing emails, on the other hand, are messages that aim to build trust via fake
messages or websites in order to obtain personal data. Anti-spam software generally protects
against unwanted spam messages or malicious emails that could introduce viruses into our system.
We also use general firewall and security systems that protect our

Protect computers from unwanted network attacks.

Why do we use security & anti-spam software?
We attach great importance to security on our website. After all, it’s not just about our security, but
above all about yours. Unfortunately, cyber threats are now part of everyday life in the world of IT
and the Internet. Hackers often try to steal personal data from an IT system with the help of a cyber
attack. And that is why a good defense system is absolutely essential. A security system monitors
all incoming and outgoing connections to our network or computer. To achieve even greater
security against cyber attacks, we also use other external security services in addition to the
standardized security systems on our computer. This prevents unauthorized data traffic and
protects us from cybercrime.

What data is processed by security & anti-spam software?
Exactly which data is collected and stored depends of course on the respective service. However,
we always strive to use only programs that collect data very sparingly or only store data that is
necessary for the performance of the service offered. In principle, the service may store data such
as name, address, IP address, e-mail address and technical data such as browser type or browser
version. Any performance and log data may also be collected in order to detect possible incoming
threats in good time. This data is processed as part of the services and in compliance with the
applicable laws. This also includes the GDPR for US providers (via the standard contractual
clauses). In some cases, these security services also work with third-party providers who may
store and/or process data under instructions and in accordance with the data protection guidelines
and other security measures. Data is usually stored via cookies.

Duration of data processing
We will inform you about the duration of data processing below if we have further information on
this. For example, security programs store data until you or we revoke the data storage. In general,
personal data is only stored for as long as is absolutely necessary for the provision of the services.
In many cases, unfortunately, we do not receive precise information from the providers about the
length of storage.

Right of objection
You also have the right and the option to withdraw your consent to the use of cookies or third-party
security software at any time. This works either via our cookie management tool or via other opt-out
functions. For example, you can also prevent data collection by cookies by managing, deactivating or
deleting cookies in your browser.

Since such security services may also use cookies, we recommend that you

Audio & Video Privacy Policy Summary
Affected parties: Visitors to the website
Purpose: Optimization of our service performance
Processed data: Data such as contact details, user behavior data, information about your

device and your IP address may be stored.
You can find more details on this below in the corresponding data protection texts.

Storage period: Data is generally stored for as long as it is required for the purpose of the
service
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

Our general privacy policy on cookies. To find out exactly which of your data is stored and
processed, you should read the privacy policies of the respective tools.

Legal basis
We use the security services mainly on the basis of our legitimate interests (Art. 6 para. 1 lit. f
GDPR) in a good security system against various cyber attacks.

Certain processing operations, in particular the use of cookies and the use of security functions,
require your consent. If you have consented to your data being processed and stored by integrated
security services, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most
of the services we use set cookies in your browser to store data. We therefore recommend that you
read our data protection text on cookies carefully and view the privacy policy or cookie guidelines of
the respective service provider.

Information on special tools – if available – can be found in the following sections.

Audio & Video Introduction

What are audio and video elements?
We have integrated audio and video elements on our website so that you can watch videos or
listen to music/podcasts directly via our website. The content is provided by service providers. All
content is therefore also obtained from the corresponding servers of the providers.

These are integrated functional elements from platforms such as YouTube, Vimeo or Spotify. The
use of these portals is usually free of charge, but paid content can also be published. With the help
of these integrated elements, you can listen to or watch the respective content via our website.

If you use audio or video elements on our website, your personal data may also be transmitted to the
service providers, processed and stored.

Why do we use audio & video elements on our website?
Of course we want to provide you with the best offer on our website. And we are aware that content
is no longer just conveyed in text and static images. Instead of simply giving you a link to a video,
we offer you audio and video formats directly on our website that are entertaining or informative
and ideally even both. This expands our service and makes it easier for you to access interesting
content. We therefore offer video and/or audio content in addition to our texts and images.

What data is stored by audio & video elements?
When you access a page on our website that has an embedded video, for example, your server
connects to the server of the service provider. Your data is also transferred to the third-party
provider and stored there. Some data is collected and stored regardless of whether you have an
account with the third-party provider or not. This usually includes your IP address, browser type,
operating system and other general information about your end device. In addition, most providers
also collect information about your web activity. This includes, for example, session duration,
bounce rate, which button you clicked on or which website you used to access the service. All this
information is usually stored using cookies or pixel tags (also known as web beacons).
Pseudonymized data is usually stored in cookies in your browser. You can always find out exactly
which data is stored and processed in the privacy policy of the respective provider.

Duration of data processing
You can find out exactly how long the data is stored on the servers of the third-party providers
either below in the data protection text of the respective tool or in the provider’s privacy policy. In
principle, personal data is only ever processed for as long as is absolutely necessary for the
provision of our services or products. This generally also applies to third-party providers. In most
cases, you can assume that certain data will be stored on the servers of third-party providers for
several years. Data can be stored for different lengths of time, especially in cookies. Some cookies
are deleted as soon as you leave the website, while others may be stored in your browser for
several years.

Right of objection
You also have the right and the option to withdraw your consent to the use of cookies or third-party
providers at any time. This works either via our cookie management tool or via other opt-out
functions. For example, you can also prevent data collection by cookies by managing, deactivating
or deleting cookies in your browser. The lawfulness of the processing until the revocation remains
unaffected.

Since the integrated audio and video functions on our website usually also use cookies, you should
also read our general privacy policy on cookies. You can find out more in the privacy policies of the
respective third-party providers

YouTube privacy policy summary
Affected parties: Visitors to the website
Purpose: Optimization of our service performance
Processed data: Data such as contact details, user behavior data, information about your

device and your IP address may be stored.
You can find more details below in this privacy policy.

about the handling and storage of your data.

Legal basis
If you have consented to your data being processed and stored by integrated audio and video
elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In
principle, your data is also stored on
On the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in a fast and efficient
stored and processed for good communication with you or other customers and business partners.
Nevertheless, we only use the integrated audio and video elements if you have given your consent.

YouTube privacy policy

What is YouTube?
We have integrated YouTube videos on our website. This allows us to present interesting videos
directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The
video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you
access a page on our website that has a YouTube video embedded, your browser automatically
connects to the YouTube or Google servers. Various data is transmitted (depending on the
settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for
all data processing in Europe.

In the following, we would like to explain to you in more detail what data is processed, why we
have integrated YouTube videos and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on and upload videos for free. Over the last few
years, YouTube has become one of the most important social media channels in the world. To
enable us to display videos on our website, YouTube provides a code snippet that we have
integrated into our site.

Why do we use YouTube videos on our website?
YouTube is the video platform with the most visitors and the best content. We are

strives to offer you the best possible user experience on our website. And of course, interesting
videos are a must. With the help of our embedded videos, we provide you with additional helpful
content alongside our texts and images. In addition, our website is easier to find on the Google
search engine thanks to the embedded videos. Even if we place ads via Google Ads, Google can –
thanks to the data collected – only show these ads to people who are interested in our offers.

What data is stored by YouTube?
As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least
one cookie that stores your IP address and our URL. If you are logged into your YouTube account,
YouTube can usually assign your interactions on our website to your profile using cookies. This
includes data such as session duration, bounce rate, approximate location, technical information
such as browser type, screen resolution or your internet provider. Other data may include contact
details, any ratings, the sharing of content via social media or adding to your favorites on YouTube.

If you are not logged into a Google account or a YouTube account, Google stores data with a
unique identifier that is linked to your device, browser or app. For example, your preferred language
setting is retained. But a lot of interaction data cannot be saved because fewer cookies are set.

In the following list, we show cookies that were set in the browser in a test. On the one hand, we
show cookies that are set without a logged-in YouTube account. On the other hand, we show
cookies that are set with a logged-in account. The list cannot claim to be complete because the user
data always depends on the interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y322785396-1
Purpose: This cookie registers a unique ID to store statistics of the video viewed.
Expiration date: after the end of the session

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics on how you use YouTube
videos on our website via PREF.
Expiration date: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track the GPS location.
Expiration date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts to estimate the user’s bandwidth on our websites (with integrated
YouTube video).
Expiration date: after 8 months

Other cookies that are set when you are logged in to your YouTube account:

Name: APISID
Wert: zILlvClZSkqGsSwI/AU1aZI6HY7322785396-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalized
advertisements.
Expiration date: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user’s consent to the use of various Google services.
CONSENT is also used for security purposes to check users and protect user data from
unauthorized attacks.
Expiration date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps to display
personalized advertising.
Expiration date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: This cookie stores information about your login data.
Expiration date: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a
profile of your interests.
Expiration date: after 2 years

Name: SID
Value: oQfNKjAsI322785396-
Purpose: This cookie stores your Google Account ID and your last login time in digitally signed and
encrypted form.
Expiration date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL

Purpose: This cookie stores information about how you use the website and what advertisements you
may have seen before visiting our site.
Expiration date: after 3 months

How long and where is the data stored?
The data that YouTube receives from you and processes is stored on Google servers. Most of these
servers are located in America. At https://www.google.com/about/datacenters/locations/?hl=de you
can see exactly where the Google data centers are located. Your data is distributed across the
servers. This means that the data can be accessed more quickly and is better protected against
manipulation.

Google stores the data collected for different lengths of time. You can delete some data at any time,
others are automatically deleted after a limited time and others are stored by Google for a longer
period of time. Some data (such as elements from “My activity”, photos or documents, products)
that are stored in your Google account remain stored until you delete them. Even if you are not
signed in to a Google Account, you can delete some data associated with your device, browser or
app.

How can I delete my data or prevent data storage?
In principle, you can delete data in your Google account manually. With the automatic deletion
function for location and activity data introduced in 2019, information is stored for either 3 or 18
months, depending on your decision, and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser so that
cookies are deleted or deactivated by Google. Depending on which browser you use, this works in
different ways. In the “Cookies” section, you will find the relevant links to the instructions for the most
popular browsers.

Legal basis
If you have consented to your data being processed and stored by integrated YouTube elements,
this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your
data will also be stored on
On the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in a fast and secure
stored and processed for good communication with you or other customers and business partners.
Nevertheless, we only use the integrated YouTube elements if you have given your consent.
YouTube also sets cookies in your browser to store data. We therefore recommend that you read our
data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the
respective service provider.

YouTube also processes your data in the USA, among other places. Youtube or Google is more
active

Participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer
of personal data from EU citizens to the USA. You can find more information on this at
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard
Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to
ensure that your data complies with European data protection standards even if it is transferred to
third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework
and the standard contractual clauses, Google undertakes to comply with the European level of data
protection when processing your relevant data, even if the data is stored, processed and managed
in the USA. These clauses are based on an implementing decision of the EU Commission. You can
find the decision and the corresponding standard contractual clauses here: https://eur-
lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be
found at https://business.safety.google/intl/de/adsprocessorterms/.

As YouTube is a subsidiary of Google, there is a joint privacy policy. If you would like to find out
more about how your data is handled, we recommend that you read the privacy policy at
https://policies.google.com/privacy?hl=de.

All texts are protected by copyright.

Source: Created with the Privacy Generator Germany by AdSimple