Privacy Policy

Our Privacy Policy explains how we collect, use, and safeguard your personal information. Your privacy and security are our top priorities.

Last updated on 10 February 2025

Captured Information

Text version of the Privacy Policy for Your Website

Privacy Policy

1. Data Protection at a Glance General Information

The following information provides a straightforward overview of what happens to your personal data when you visit this website. Personal data is any data with which you could be personally identified. For more detailed information on data protection, please refer to our privacy policy below this text.

Data Collection on This Website
Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the section “Notice Concerning the Responsible Party” in this privacy policy. 

How do we collect your data?

Your data is collected firstly when you provide it to us. This can be data that you enter into a contact form, for instance.

Other data is automatically collected by our IT systems or after your consent when you visit the website. This includes mainly technical data (e.g., Internet browser, operating system, or the time of the page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

A portion of the data is collected to ensure the website is provided free of errors. Other data can be used to analyse user behaviour. If contracts could be concluded or initiated through the website, the transmitted data is also processed for contract offers, orders, or other contract requests.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have a right to request correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Additionally, you have the right to demand the restriction of the processing of your personal data under certain circumstances. Furthermore, there is the right to lodge a complaint with the competent supervisory authority.

For this and other questions regarding data protection, you can contact us at any time.

Analysis Tools and Third-Party Tools

When visiting this website, your surfing behaviour can be statistically evaluated. This mainly happens with so-called analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website at the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider/s. This may include IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access, and other data generated via a website.

External hosting is done for the purpose of fulfilling contracts with our prospective and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Provided that appropriate consent has been requested, processing will be carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. 

Our hosting provider/s will only process your data to the extent necessary to fulfil their performance obligations and follow our instructions regarding this data.

We use the following host provider/s:

Framer B.V. Rozengracht 207, 1016 LZ Amsterdam, Netherlands

Data Processing Contract

We have concluded a data processing agreement (AVV) for the use of the aforementioned service. This is a data protection contract that is required by law and ensures that this service processes the personal data of our website visitors only according to our instructions and in compliance with the DSGVO.

3. General Information and Mandatory Information Data Protection

The operators of these pages take the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy.

When you use this website, various personal data are collected. Personal data is data by which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data from access by third parties is not possible.

Notice Concerning the Responsible Party

The party responsible for processing data on this website is:

eXagora Media GmbH Grünlandweg 20, 83093 Bad Endorf, Germany

Telephone: +491603443077 Email: info@exagoramedia.com

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for the data processing ceases to exist. If you make a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons cease to apply.

General Information on the Legal Basis of Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6 Para. 1 lit. a DSGVO or Art. 9 Para. 2 lit. a DSGVO, if special data categories are processed according to Art. 9 Para. 1 DSGVO. In the event of express consent to the transfer of personal data to third countries, the data is also processed on the basis of Art. 49 Para. 1 lit. a DSGVO. Provided you have consented to the storage of cookies or to access information on your device (e.g., via device-fingerprinting), data processing is additionally based on § 25 Para. 1 TDDDG. The consent is revocable at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b DSGVO. Furthermore, we process your data if this is necessary to comply with a legal obligation on the basis of Art. 6 Para. 1 lit. c DSGVO. Data processing can further take place on the basis of our legitimate interest under Art. 6 Para. 1 lit. f DSGVO. Information on the relevant legal bases for processing in each individual case is provided in the following paragraphs of this privacy policy.

Recipients of Personal Data

We work with various external parties in the course of our business. In some cases, the transfer of personal data to these external parties is required. We only forward personal data to external parties if this is necessary within the framework of contract fulfillment, if we are legally obliged to do so (e.g., forwarding data to tax authorities), if we have a legitimate interest pursuant to Art. 6 Para. 1 lit. f DSGVO in the forwarding, or if another legal basis permits the data forwarding. When using data processors, we forward personal data of our customers only on the basis of a valid data processing contract. In the case of joint processing, a contract for joint processing is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent that has already been given at any time. The legality of the data processing carried out until the revocation remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 DSGVO)

IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH THE PROCESSING RELIES CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENCE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 PARA. 1 DSGVO). IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 PARA. 2 DSGVO).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of breaches of the DSGVO, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, their place of work, or the place of the alleged infringement. The right of complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract delivered to you or a third party in a commonly used, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

Information, Rectification and Erasure

Within the scope of the applicable statutory provisions, you have the right to free-of-charge information about your stored personal data, its origin, and recipients and the purpose of the data processing and, if applicable, a right to rectification or erasure of this data at any time. For this purpose, as well as for further questions about personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of the personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data happened/is happening unlawfully, you can request the restriction of the data processing instead of deletion.

If we no longer require your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
If you have lodged an objection pursuant to Art. 21 Para. 1 DSGVO, a balance must be struck between your interests and ours. As long as it is not established whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, apart from being stored, this data may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state. 

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. An encrypted connection is indicated by the browser's address line changing from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payments on This Website

If after the conclusion of a cost-based contract there is an obligation to provide us with your payment data (e.g., account number for direct debit), this data is required for payment processing.

Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are only conducted via an encrypted SSL or TLS connection. An encrypted connection is indicated by the browser's address line changing from “http://” to “https://” and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

4. Data Collection on This Website Cookies

Our web pages use so-called “cookies.” Cookies are small data packets and do not cause any damage to your terminal device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until your web browser automatically deletes them.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable integration of certain services of third-party companies within websites (e.g., cookies for the processing of payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or rendering videos). Other cookies can be used to evaluate user behaviour or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions desired by you (e.g., for the shopping cart function) or to optimise the website (e.g., cookies to measure web audience) are stored on the basis of Art. 6 Para. 1 lit. f DSGVO unless otherwise specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. Provided that a consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TDDDG); the consent can be revoked at any time.

You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or generally, as well as to activate the automatic deletion of cookies when closing the browser. The functionality of this website may be limited if cookies are deactivated.

Which cookies and services are used on this website can be found in this privacy policy.

Server Log Files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version, operating system used, referrer URL,
Host name of the accessing computer, time of the server request, IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 Para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free display and optimisation of its website – for this purpose, the server log files must be recorded.

Contact Form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data takes place on the basis of Art. 6 Para. 1 lit. b DSGVO, if your request is related to the fulfilment of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests directed to us (Art. 6 Para. 1 lit. f DSGVO) or on your consent (Art. 6 Para. 1 lit. a DSGVO), provided that this has been queried; the consent can be revoked at any time.

The data you entered on the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Inquiry by Email, Telephone or Fax

If you contact us by email, telephone, or fax, your inquiry, including all resultant personal data (name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

The processing of this data takes place on the basis of Art. 6 Para. 1 lit. b DSGVO if your request is related to the fulfilment of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 Para. 1 lit. f DSGVO) or on your 

Consent (Art. 6 Para. 1 lit. a DSGVO) if this has been queried; the consent is revocable at any time.

The data you send to us via contact requests remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – especially legal retention periods – remain unaffected.

Communication via WhatsApp

Amongst other means, we use the instant messaging service WhatsApp to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The communication occurs via end-to-end encryption (peer-to-peer), which prevents third parties, including WhatsApp, from accessing the communication content. WhatsApp, however, has access to metadata generated during the communication process (e.g., the sender, recipient, and time). We also inform you that, according to WhatsApp, it shares personal data from its users with its US-based parent company Meta. For more details on data processing, please see WhatsApp’s privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in as much quick and effective communication as possible with customers, interested parties, and other business and contract partners (Art. 6 Para. 1 lit. f DSGVO). If adequate consent has been obtained, processing will be carried out exclusively on the basis of the consent; this is revocable at any time with effect for the future.

The communication content exchanged between you and us on WhatsApp remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage lapses (e.g., after your request has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF is committed to complying with these data protection standards. More information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/7735.

We use the WhatsApp variant “WhatsApp Business”.

Data transfer to the USA is supported by the EU Commission's standard contractual clauses. Details can be found here:
https://www.whatsapp.com/legal/business-data-transfer-addendum.

Typeform

We have incorporated Typeform on this website. The provider is TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain (hereafter Typeform).

Typeform allows us to create online forms and embed them on our website. The data you enter into our Typeform forms will be stored on the servers of Typeform until you request us to delete it, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., once your inquiry has been processed).

Mandatory legal provisions – especially retention periods – remain unaffected.

The use of Typeform is based on Art. 6 Para. 1 lit. f DSGVO. The website operator has a legitimate interest in functioning online forms. If appropriate consent has been requested, processing will be carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data Processing Contract

We have entered into a data processing agreement (AVV) for the use of the aforementioned service. This is a data protection contract prescribed by law that ensures the service processes the personal data of our website visitors only in accordance with our instructions and in compliance with the DSGVO.

Registration on This Website

You can register on this website to use additional features on the site. We use the data entered in this process only for the purpose of using the particular offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

For important changes such as the scope of the offer or technically necessary changes, we use the email address provided during registration to inform you in this way.

The processing of the data entered during registration is based on the necessity for the execution of the user relationship established by the registration and, if applicable, for initiating further contracts (Art. 6 Para. 1 lit. b DSGVO).

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected.

5. Analytics Tools and Advertising Google Analytics

This website uses features of the web analysis service Google Analytics. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyse the behaviour of website visitors. Various user data is collected and collated through this, including page views, dwell time, operating systems used, and the user’s origin. This data is assigned to the user’s device. An allocation to a user ID does not occur.

Furthermore, Google Analytics can, among other things, record your mouse and scroll movements as well as clicks. Furthermore, Google Analytics uses various modelling approaches to supplement the collected data sets and deploys machine learning technologies in data analysis.

Google Analytics uses technologies that enable the user to be recognised for the purpose of analysing user behaviour (e.g., cookies or device fingerprinting). The information recorded by Google on your use of this website is usually transmitted to a Google server in the USA and stored there. 

The use of this service is based on your consent under Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TDDDG. Consent is revocable at any time.

The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.

The company holds a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF is committed to complying with these data protection standards. More information is available from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

IP Anonymisation

The IP anonymisation is enabled for Google Analytics. This means that Google truncates your IP address within the European Union or in other states party to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of this website's operator, Google will use this information to evaluate your usage of the website, compile reports on website activities, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics is not combined with any other data from Google.

Browser Plugin

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

More information about how Google Analytics handles user data can be found in Google's privacy policy:https://support.google.com/analytics/answer/6004245?hl=en.

Data Processing Contract

We have entered into a data processing agreement with Google and fully implement the strict guidelines of the German data protection authorities when using Google Analytics.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display ads in the Google search engine or on third-party websites when the user enters specific search terms on Google (keyword targeting). Targeted ads can also appear based on the user data Google holds (e.g., location data and interests) (audience targeting). We, as website operators, can quantitatively evaluate this data by analysing which search terms led to the display of our ads and how many ads resulted in respective clicks.

The use of this service is based on your consent under Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TDDDG. Consent is revocable at any time.

The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here:
https://policies.google.com/privacy/frameworks and
https://business.safety.google/controllerterms/.

The company holds a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF is committed to complying with these data protection standards. More information is available from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Klaviyo

We have integrated Klaviyo into this website. The provider is Klaviyo Inc., 125 Summer Street, Floor 6, Boston, MA, 02110, USA (hereafter Klaviyo).

Klaviyo is a marketing automation tool for sending emails, SMS, push messages, and gathering customer reviews for eCommerce merchants.

For this purpose, Klaviyo stores consent for email marketing. The data processed may include: name, phone number, email address, address data, IP address, device identifiers, usage data (such as user interactions with Klaviyo's online system, website or email, used browser, operating system, referrer URL).

The use of Klaviyo is based on Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TDDDG. Consent is revocable at any time.

Further details can be found in the provider's privacy policy at https://www.klaviyo.com/legal/privacy.

The company holds a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF is committed to adhering to these data protection standards. More information is available from the provider under the following link: https://www.dataprivacyframework.gov/participant/6149.

The provider uses the standard contractual clauses for transferring personal data to third countries. Details can be found here: https://www.klaviyo.com/legal/data-processing-agreement.

Data Processing Contract

We have entered into a data processing agreement (AVV) for the use of the aforementioned service. This is a legally required data protection contract that ensures the service processes the personal data of our website visitors only following our instructions and in compliance with the DSGVO.

Outseta

We use the platform Outseta, provided by Outseta LLC., 928 Diamond Street, Suite 2, San Diego, CA 92109, USA (hereafter “Outseta”), on our website for various functions, such as billing, payments processing via Stripe, access to gated content, as well as registration and login functionalities.

Outseta processes various personal data, such as:

  • Name, email address, and other login credentials during registration,

  • Payment data for transaction processing via Stripe,

  • Usage data for managing access to gated content.

The processing of these data is necessary for the fulfilment of the user agreement according to Art. 6 Para. 1 lit. b DSGVO or based on our legitimate interest according to Art. 6 Para. 1 lit. f DSGVO to optimise our web offering and ensure a smooth user experience.

If we obtain consent, processing will be carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO. You can revoke this consent at any time.

Data Storage and Transfer

Outseta stores your personal data on servers in the USA. The company holds a certification in the “EU-US Data Privacy Framework” (DPF). This agreement between the European Union and the USA ensures compliance with European data protection standards during data processing in the USA. More information on the DPF can be found at: https://www.dataprivacyframework.gov/.

Data Processing Contract

We have entered into a data processing agreement (AVV) with Outseta. This contract ensures Outseta processes the personal data of our website visitors only as instructed by us and in compliance with the DSGVO.

Further information can be found in Outseta's privacy policy at: https://www.outseta.com/legal/privacy-policy.

6. Newsletter Newsletter Data

If you want to receive the newsletter offered on the website, we require an email address from you, as well as information that permits us to verify that you are the owner of the specified email address and agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. For newsletter administration, we use newsletter service providers as described below.

Mailchimp

This website uses the services of Mailchimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Mailchimp is a service that can be used to organize and analyse the sending of newsletters. If you enter data for the purpose of subscribing to the newsletter (e.g., email address), this data is stored on Mailchimp servers in the USA.

With the help of Mailchimp, we can analyse our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (web-beacon) connects to Mailchimp's servers in the USA. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked. Technical information is also collected (e.g., time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of recipients.

If you do not want Mailchimp to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

The data processing is based on your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke any given consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data deposited with us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter with us or the newsletter service provider and deleted from the newsletter distribution list after cancellation of the newsletter. Data stored for other purposes with us remains unaffected by this.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here:
https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

After you unsubscribe from the newsletter distribution list, your email may be stored on a blacklist with us or the newsletter service provider if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements for sending newsletters (legitimate interest in the sense of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is indefinite. You can object to the storage if your interests outweigh our legitimate interest.

More details can be found in Mailchimp's privacy policy at: https://mailchimp.com/legal/terms/.

The company has certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards during data processing in the USA. Each company certified under the DPF is committed to adhering to these data protection standards. More information is available from the provider under the following link: https://www.dataprivacyframework.gov/participant/7693.

Data Processing Contract

We have entered into a data processing agreement (AVV) for the use of the aforementioned service. This is a legally required data protection contract that ensures the service processes the personal data of our website visitors only according to our instructions and complies with the DSGVO.

Newsletter Delivery to Existing Customers

If you purchase goods or services from us and provide your email address in the process, we may use this email address to send you newsletters, provided that we inform you of this beforehand. In such cases, the newsletter will only deliver direct mail for our own similar goods or services. You can cancel the newsletter delivery at any time. For this purpose, there is a corresponding link in each newsletter. The legal basis for sending the newsletter in this case is Art. 6 Para. 1 lit. f DSGVO in conjunction with § 7 Para. 3 UWG.

After you unsubscribe from the newsletter distribution list, your email may be stored on a blacklist with us to prevent future mailings to you. The data from the blacklist is only used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements for sending newsletters (legitimate interest in the sense of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is indefinite. You can object to the storage if your interests outweigh our legitimate interest.

7. Plugins and Tools Google reCAPTCHA

We use “Google reCAPTCHA” (hereafter “reCAPTCHA”) on this website. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With reCAPTCHA, it is determined whether the data entry on this website (e.g., in a contact form) is being done by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. To analyze, reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or user’s mouse movements). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not advised that an analysis takes place.

The storage and analysis of the data are based on Art. 6 Para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. Provided that appropriate consent has been requested, the processing occurs exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, consult the Google privacy policy and terms of use at the following links:
https://policies.google.com/privacy?hl=en and
https://policies.google.com/terms?hl=en.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards during data processing in the USA. Each company certified under the DPF is committed to complying with these data protection standards. More information is available from the provider under the following link:https://www.dataprivacyframework.gov/participant/5780.

8. eCommerce and Payment Providers Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data to establish, structure, and amend our contractual relationships. Personal data about the use of this website (usage data) is only collected, processed, and used to the extent necessary to enable the user to use the service or to charge for the service. The legal basis for this is Art. 6 Para. 1 lit. b DSGVO.

The collected customer data is deleted after the conclusion of the order or termination of the business relationship and the expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.

Data Transmission Upon Conclusion of Contracts for Online Shops, Dealers and Shipping of Goods

If you order goods from us, we will pass on your personal data to the transport company assigned to the delivery and the payment service provider assigned to payment processing. Only the data required for the respective service provider to fulfil their task is passed on. The legal basis for this is Art. 6 Para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. If you have given consent to this, we will forward your email address to the transport company assigned to the delivery so they can inform you by email about the shipping status of your order; you can revoke your consent at any time.

Data Transmission Upon Conclusion of Contracts for Services and Digital Content

We transmit personal data to third parties only if this is necessary in the context of contract processing, such as to the credit institution responsible for payment processing.

No further transmission of data will be made or only if you have expressly consented to the transmission. Your data will not be shared with third parties without express consent, such as for advertising purposes.

The basis for data processing is Art. 6 Para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Payment Services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (such as name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of payment processing. For these transactions, the respective service provider's contract and data protection provisions apply. The use of payment service providers occurs based on Art. 6 Para. 1 lit. b DSGVO (contract processing) and in the interest of a smooth, convenient, and secure payment process (Art. 6 Para. 1 lit. f DSGVO). If consent is requested for certain actions, Art. 6 Para. 1 lit. a DSGVO serves as the legal basis for data processing; consent is revocable at any time for the future.

We use the following payment services / payment service providers as part of this website: 

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

For more details, refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Apple Pay

The provider of the payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple’s privacy policy can be found at: https://www.apple.com/legal/privacy/de-ww/.

Google Pay

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The privacy policy of Google can be found here:
https://policies.google.com/privacy.

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereafter “Stripe”).

The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here:
https://stripe.com/de/privacy and
https://stripe.com/de/guides/general-data-protection-regulation.

Further details can be read in Stripe’s privacy policy at: https://stripe.com/de/privacy.

Klarna

The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereafter “Klarna”). Klarna offers various payment options (e.g., installment purchase). When you choose to pay with Klarna (Klarna Checkout Solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna Checkout Solution. Details on Klarna's use of cookies can be found in the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

More details can be read in Klarna’s privacy policy at: https://www.klarna.com/de/datenschutz/.

Immediate Transfer

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 München (hereinafter “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real-time and can immediately begin fulfilling our obligations. If you decide on the payment method “Sofortüberweisung”, you will send the PIN and a valid TAN to Sofort GmbH, enabling them to log into your online banking account. Sofort GmbH automatically checks your account balance and conducts the transfer to us using the TAN you provided. It then instantly sends us a transaction confirmation. After logging in, your sales, the credit limit of the overdraft facility, and the existence of other accounts and their holdings are automatically checked. In addition to the PIN and TAN, the payment data you provide and data about your person are also forwarded to Sofort GmbH. The data concerning your person includes first and last name, address, telephone number(s), email address, IP address, and any other data required for payment processing. The transmission of these data is necessary to confirm your identity without a doubt and to prevent fraud attempts. More details about payment using Immediate Transfer can be found here:

https://www.klarna.com/sofort/.

PayOne

The provider of this payment service is PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (hereinafter “PayOne”). For more details, consult the PayOne privacy policy: https://www.payone.com/DE-de/datenschutz.

giropay

The provider of this payment service is paydirekt GmbH, Stephanstraße 14 – 16, 60313 Frankfurt am Main (hereinafter “giropay”).

For more details, consult the giropay privacy policy: https://www.paydirekt.de/agb/index.html.

American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).

American Express may transfer data to its parent company in the USA. The data transfer to the USA is based on Binding Corporate Rules. More details can be found here: https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-rules/.

Further information can be read in the American Express privacy policy: https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard’s Binding Corporate Rules. More details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is Visa Europe Services Inc., Branch London, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

The United Kingdom is considered a safe third country under data protection regulations. This means the UK has a level of data protection equivalent to data protection in the European Union.

VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the EU Commission's standard contractual clauses. More details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu- zustandigkeitsfragen-fur-den-ewr.html.

Further information can be found in VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

9. Audio and Video Conferences

Data Processing

We use, among other online conference tools, to communicate with our customers. The specific tools used are listed below. When you communicate with us by video or audio conference via the Internet, your personal data is collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide to use/implement the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, number of participants, and other “context information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data necessary to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone, or speakers, as well as the type of connection.

If content is shared, uploaded or otherwise provided within the tool, it is also stored on the servers of the tool providers. This content includes, in particular, cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have complete control over the data processing procedures of the tools used. Our ability depends significantly on the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy statements of the respective tools used, which we have listed below this text.

Purpose and Legal Basis

The conference tools are used for communication with prospective or existing contract partners or to offer certain services to our customers (Art. 6 Para. 1 lit. b DSGVO). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us as well as within our company (legitimate interest in the sense of Art. 6 Para. 1 lit. f DSGVO). If a consent has been requested, the use of the respective tools is based on this consent; consent is revocable at any time with effect for the future.

Storage Duration

The data collected directly by us via the video and conference tools are deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal retention periods remain unaffected.

We have no control over the storage duration of your data that is stored by the operators of the conference tools for their own purposes. For details, please consult the respective operators of the conference tools directly.

Used Conference Tools

We use the following conference tools:

Google Meet

We use Google Meet. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Detailed information on data processing can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards during data processing in the USA. Each company certified under the DPF is committed to complying with these data protection standards. More information is available from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Data Processing Contract

We have entered into a data processing agreement (AVV) for the use of the aforementioned service. This is a legally required data protection contract that ensures the service processes the personal data of our website visitors only following our instructions and in compliance with the DSGVO.

10. Own Services Handling of Applicant Data

We provide you with the opportunity to apply for jobs either via email, by post or via online application forms. Below, we will brief you on the scope, purpose, and usage of your personal data collected as part of the application process. We assure you that the collection, processing, and use of your data happen in accordance with applicable data protection law and all other statutory provisions and that your data will be treated with strict confidentiality.

Scope and Purpose of Data Collection

If you send us an application, we process your accompanying personal data (e.g. contact and communication details, application documents, interview notes, etc.), insofar as it is necessary to make a decision regarding establishing an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 Para. 1 lit. b DSGVO (general contract initiation), and – if you have given your consent – Art. 6 Para. 1 lit. a DSGVO. Consent can be revoked at any time. Within our company, your personal data is only shared with individuals who are involved in processing your application.

If your application is successful, the data you submitted will be stored on the basis of § 26 BDSG and Art. 6 Para. 1 lit. b DSGVO within our data processing systems for the purpose of implementing the employment relationship.

Data Retention Period

If we are unable to make you a job offer, if you reject a job offer, or withdraw your application, we reserve the right to retain the data you submitted based on our legitimate interests (Art. 6 Para. 1 lit. f DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and physical application documents destroyed. This retention period serves, in particular, as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to a pending or imminent legal dispute), the data will only be deleted once it is no longer required.

A longer retention period can also be considered if you have given your consent (Art. 6 Para. 1 lit. a DSGVO) or if statutory retention obligations prohibit the deletion.

Inclusion in the Applicant Pool

If we do not offer you a position, you may be nominated for our applicant pool. If you are accepted, all documents and information from the application will be transferred to the applicant pool so we can contact you in case of suitable vacancies.

The applicant pool inclusion is based solely on your express consent (Art. 6 Para. 1 lit. a DSGVO). Giving consent is voluntary and has no relation to the ongoing application process. The affected individual can revoke their consent at any time. In such a case, the data stored in the applicant pool will be irrevocably deleted, provided there are no statutory retention reasons.

The data from the applicant pool will be irrevocably deleted two years after the consent is given at the latest.

Google Drive

We have incorporated Google Drive on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Drive allows us to embed an upload area on our website where you can upload content. When you upload content, this is stored on Google Drive's servers. Additionally, when you enter our website, a connection to Google Drive is established, allowing Google Drive to determine that you have visited our website.

The use of Google Drive is based on Art. 6 Para. 1 lit. f DSGVO. The website operator has a legitimate interest in a reliable upload area on their website. If adequate consent has been obtained, processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO; consent can be revoked at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards during data processing in the USA. Each company certified under the DPF is committed to these data protection standards. More information is available from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Data Processing Contract

We have entered into a data processing agreement (AVV) for the use of the aforementioned service. This is a legally required data protection contract that ensures the service processes the personal data of our website visitors only following our instructions and in compliance with the DSGVO.