Data protection

Credit check

If we make advance payments or take on comparable economic risks (e.g., when ordering on account), we reserve the right to obtain identity and credit information for the purpose of assessing the credit risk on the basis of mathematical-statistical procedures from specialized service companies (credit agencies) in order to protect our legitimate interests.

We process the information received from the credit agencies about the statistical probability of a payment default as part of an appropriate discretionary decision on the establishment, execution, and termination of the contractual relationship. We reserve the right to refuse payment on account or other advance payments in the event of a negative credit check result.

The decision on whether we make advance payments is made in accordance with legal requirements solely on the basis of an automated decision in each individual case, which our software makes on the basis of the information provided by the credit agency.

If we obtain the express consent of contractual partners, the legal basis for the credit check and the transfer of customer data to credit agencies is consent. If no consent is obtained, the credit check is carried out credit report is carried out on the basis of our legitimate interests in the reliability of our payment claims.

• Types of data processed: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, telephone numbers); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., websites visited, interest in content, access times).
• Data subjects: Customers; Prospective customers. Business and contractual partners.
• Purposes of processing: Assessment of creditworthiness and credit rating.
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).
• Automated decisions in individual cases: Credit information (decision based on a credit check).

Further information on processing, procedures, and services:

• Credit check as a prerequisite for the provision of payment options: The provision of payment options, e.g., payment on account or installment payment, may be made dependent on the result of the customer's credit check. In this case, we ask customers to agree to the credit check procedure; Legal basis: Consent (Art. 6 (1) (a) GDPR) .
• Bisnode Deutschland GmbH: Credit agency; Service provider: Bisnode Deutschland GmbH, Robert-Bosch-Straße 11, 64293 Darmstadt, Germany; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.bisnode.de. Privacy policy: https://www.bisnode.de/datenschutz/.
• CRIF Bürgel GmbH: Credit agency; Service provider: CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Germany; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website:https://www.crifbuergel.de/dehttps://www.crifbuergel.de/en. Privacy policy: https://www.crifbuergel.de/de/datenschutz.
• Verband der Vereine Creditreform e.V.: Credit agency; Service provider: Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.creditreform.de/. Privacy policy: https://www.creditreform.de/datenschutz.

Provision of online services and web hosting

We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

• Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, consent status); Content data (e.g., entries in online forms).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
• Legal basis: Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Further information on processing procedures, processes, and services:

• Provision of online services on rented storage space: To provide our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also known as a “web host”); Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
• Provision of online services on our own/dedicated server hardware: To provide our online services, we use server hardware operated by us and the associated storage space, computing capacity, and software; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
• Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files.” The server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, known as DDoS attacks) and, on the other hand, to ensure server utilization and stability; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
• Email dispatch and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders, as well as other information relating to the sending of emails (e.g., the providers involved) and the contents of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that emails are generally not sent in encrypted form on the Internet. As a rule, emails are encrypted during transmission, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We therefore cannot accept any responsibility for the transmission of emails between the sender and the recipient on our server; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
• Content delivery network: We use a “content delivery network” (CDN). A CDN is a service that helps deliver content from an online offering, especially large media files such as graphics or program scripts, faster and more securely with the help of regionally distributed servers connected via the Internet; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Contact and inquiry management

When contacting us (e.g., by mail, contact form, email, telephone, or social media) and within the framework of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested measures.

• Types of data processed: Contact details (e.g., email, telephone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, consent status).
• Data subjects: Communication partners.
• Purposes of processing: Contact requests and communication; management and response to inquiries; feedback (e.g., collection of feedback via online form). Provision of our online offering and user-friendliness.
• Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Further information on processing procedures, processes, and services:

• Contact form: When users contact us via our contact form, email, or other communication channels, we process the data provided in this context to handle the matter communicated; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

Communication via messenger

We use messengers for communication purposes and therefore ask you to note the following information on the functionality of messengers, encryption, the use of communication metadata, and your options for objection.

You can also contact us by alternative means, e.g., by telephone or email. Please use the contact options provided to you or the contact options specified within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption enabled to ensure that the message content is encrypted.

However, we also point out to our communication partners that although the messenger providers cannot view the content, they can find out that and when communication partners are communicating with us, as well as technical information about the device used by the communication partners and, depending on the settings of their device, location information (so-called metadata) is also processed.

Information on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. Furthermore, if we do not ask for consent and they contact us on their own initiative, for example, we use Messenger in relation to our contractual partners and in the context of contract initiation as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and fulfillment of our communication partners' needs for communication via Messenger. Furthermore, we would like to point out that we will not transfer the contact details provided to us to Messenger without your consent.

Revocation, objection, and deletion: You may revoke your consent at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we will delete the messages in accordance with our general deletion guidelines (i.e., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any questions from the communication partners, if no reference to a previous conversation is to be expected and the deletion does not conflict with any legal retention obligations.

Reservation of reference to other communication channels: Finally, we would like to point out that, for your security, we reserve the right not to respond to inquiries via messenger. This is the case, for example, if internal contract details require special confidentiality or if a response via messenger does not meet formal requirements. In such cases, we will refer you to more appropriate communication channels.

• Types of data processed: Contact details (e.g., email, phone numbers); usage data (e.g., websites visited, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status); content data (e.g., entries in online forms).
• Data subjects: Communication partners.
• Purposes of processing: Contact requests and communication; direct marketing (e.g., by email or post).
• Legal basis: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• Microsoft Teams: Microsoft Teams - Messenger; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website:https://www.microsoft.com/de-de/microsoft-365; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter. Basis for third country transfers: EU-US Data Privacy Framework (DPF), standard contractual clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).
• Signal: Signal Messenger with end-to-end encryption; Service provider: Privacy Signal Messenger, LLC 650 Castro Street, Suite 120-223 Mountain View, CA 94041, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://signal.org/de. Privacy policy: https://signal.org/legal/.
• WhatsApp: WhatsApp Messenger with end-to-end encryption; Service provider: WhatsApp Ireland Limited, 4 Grand Canal Quay, Dublin 2, D02 KH28, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website:https://www.whatsapp.com/; Privacy policy: https://www.whatsapp.com/legal. Basis for third-country transfers: EU-US Data Privacy Framework (DPF).

Video conferences, online meetings, webinars, and screen sharing

We use platforms and applications from other providers (hereinafter referred to as “conference platforms”) for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as “conferences”). We comply with legal requirements when selecting conference platforms and their services.

Data processed by conference platforms: When participants take part in a conference, the conference platforms process the personal data of the participants as described below. The scope of the processing depends, on the one hand, on what data is required for a specific conference (e.g., access data or real names) and, on the other hand, on what optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, the conference platforms may also process participant data for security purposes or service optimization. The data processed includes personal data (first name, last name), contact information (email address, phone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the Internet access, information on the participants' end devices, their operating system, the browser and its technical and language settings, information on the content of communication processes, i.e., entries in chats as well as audio and video data, and the use of other available functions (e.g., surveys). The content of communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users on the conference platforms, additional data may be processed in accordance with the agreement with the respective conference provider.

Logging and recordings: If text entries, participation results (e.g., from surveys), and video or audio recordings are logged, participants will be informed of this in advance and, if necessary, asked for their consent.

Data protection measures for participants: For details on how your data is processed by the conference platforms, please refer to their privacy policies and select the security and privacy settings that are best for you in the conference platform settings. Please also ensure data and privacy protection in the background of your recording for the duration of a video conference (e.g., by informing roommates, locking doors, and using the background blur function, if technically possible). Links to the conference rooms and access data must not be passed on to unauthorized third parties.

Information on legal bases: If, in addition to the conference platforms, we also process user data and ask users for their consent to the use of the conference platforms or certain functions (e.g., consent to the recording of conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g., in participant lists, in the case of processing conversation results, etc.). In addition, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

• Types of data processed: Inventory data (e.g., names, addresses) ; contact data (e.g., email, telephone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).
• Data subjects: Communication partners; users (e.g., website visitors, users of online services). Persons depicted.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; contact requests and communication. Office and organizational procedures.
• Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR) .

Further information on processing procedures, processes, and services:

• Microsoft Teams: Conference and communication software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (1) (f) GDPR) ; website:https://www.microsoft.com/de-de/microsoft-365; privacy policy: https://privacy.microsoft.com/de-de/privacystatement, security information: https://www.microsoft.com/de-de/trustcenter. Basis for third-country transfers: EU-US Data Privacy Framework (DPF), standard contractual clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).

Cloud services

We use software services accessible via the Internet and executed on the servers of their providers (so-called “cloud services,” also referred to as “software as a service”) for the storage and management of content (e.g., document storage and management, exchange of documents, content, and information with specific recipients, or publication of content and information).

In this context, personal data may be processed and stored on the providers' servers if it is part of communication processes with us or is otherwise processed by us as described in this privacy policy. This data may include, in particular, master data and contact details of users, data on transactions, contracts, other processes, and their content. The providers of cloud services also process usage data and metadata, which they use for security purposes and to optimize their services.

If we use cloud services to provide forms or other documents and content for other users or publicly accessible websites, the providers may store cookies on users' devices for web analysis purposes or to remember user settings (e.g., in the case of media control).

• Types of data processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).
• Data subjects: Customers; employees (e.g., employees, applicants, former employees); interested parties. Communication partners.
• Purposes of processing: Office and organizational procedures. Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)). .
• Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, processes, and services:

• Google Cloud Storage: Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website:https://cloud.google.com/; Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://cloud.google.com/terms/data-processing-addendum; Basis for third country transfer: EU-US Data Privacy Framework (DPF), standard contractual clauses (https://cloud.google.com/terms/eu-model-contract-clause). Further information: https://cloud.google.com/privacy.
• Microsoft Cloud Services: Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://microsoft.com/de-de; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter; Data processing agreement: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA. Basis for third country transfers: EU-US Data Privacy Framework (DPF), standard contractual clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).

Newsletters and electronic notifications

We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipients or with legal permission. If the content of the newsletter is specifically described during the registration process, this content is decisive for the consent of the users. In addition, our newsletters contain information about our services and our company.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personalization in the newsletter or other information if this is necessary for the purposes of the newsletter.

Double opt-in procedure: Registration for our newsletter is always carried out using a double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else's email address. Newsletter registrations are logged in order to be able to verify the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the mailing service provider are also logged.

Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address in a block list (so-called “blocklist”) for this purpose alone. ").

The registration process is logged on the basis of our legitimate interests for the purpose of proving that it has been carried out correctly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

Contents:

Information about us, our services, promotions, and offers.

• Types of data processed: Inventory data (e.g., names, addresses); contact data (e.g., email, telephone numbers); meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, consent status); usage data (e.g., websites visited, interest in content, access times).
• Data subjects: Communication partners; users (e.g., website visitors, users of online services).
• Purposes of processing: Direct marketing (e.g., by email or post); reach measurement (e.g., access statistics, recognition of returning visitors); conversion measurement (measurement of the effectiveness of marketing measures). Profiles with user-related information (creation of user profiles).
• Legal basis: Consent (Art. 6 (1) (a) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR) .
• Right to object (opt-out): You can unsubscribe from our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Further information on processing, procedures, and services:

• Measurement of open and click rates: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our server or, if we use a mailing service provider, from their server when the newsletter is opened. As part of this retrieval, technical information such as information about your browser and your system, as well as your IP address and the time of retrieval, is initially collected.
•  
• This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval location (which can be determined using the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until it is deleted. The evaluations serve to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
•  
• The measurement of opening rates and click rates, as well as the storage of the measurement results in the user profiles and their further processing, are based on the consent of the users.
•  
• Unfortunately, it is not possible to revoke the performance measurement separately; in this case, the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted.
• Legal basis: Consent (Art. 6 (1) (a) GDPR).
• CleverReach: Email delivery and automation services; Service provider: CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: www.cleverreach.com/de; Privacy policy: www.cleverreach.com/de/datenschutz/. Data processing agreement: Provided by the service provider.
• Brevo: Email delivery and automation services; Service provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website:https://www.brevo.com/; Privacy policy: https://www.brevo.com/legal/privacypolicy/. Data processing agreement: Provided by the service provider.
• Google Analytics: Measuring the success of email campaigns and creating user profiles with a storage period of up to two years based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a terminal device in order to identify which content users have accessed within one or more usage processes, which search terms they have used, which they have accessed again, or how they have interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users who refer to our online offering and technical aspects of their end devices and browsers. Pseudonymous user profiles are created with information from the use of various devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for any other purpose. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before traffic is forwarded to Analytics servers for processing. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms; Basis for third country transfer: EU-US Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms); Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).

Advertising communication via email, post, fax, or telephone

We process personal data for the purposes of advertising communication, which may take place via various channels, such as email, telephone, post, or fax, in accordance with legal requirements.

Recipients have the right to revoke their consent at any time or to object to advertising communication at any time.

After revocation or objection, we store the data necessary to prove previous authorization for contact or sending up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. On the basis of the legitimate interest in permanently observing the revocation or objection of users, we also store the data necessary to avoid renewed contact (e.g., depending on the communication channel, the email address, telephone number, name).

• Types of data processed: Inventory data (e.g., names, addresses); contact details (e.g., email, telephone numbers).
• Data subjects: Communication partners.
• Purposes of processing: Direct marketing (e.g., by email or post).
• Legal basis: Consent (Art. 6 (1) (a) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).

Prize draws and competitions

We process the personal data of participants in prize draws and competitions only in compliance with the relevant data protection regulations, insofar as the processing is contractually necessary for the provision, conducting and processing the competition, the participants have consented to the processing, or the processing serves our legitimate interests (e.g., the security of the competition or the protection of our interests against misuse by possibly recording IP addresses when competition entries are submitted).

If participants' entries are published as part of the competitions (e.g., as part of a vote or presentation of the competition entries or winners, or reporting on the competition), we would like to point out that the names of the participants may also be published in this context. Participants can object to this at any time.

If the competition takes place within an online platform or social network (e.g., Facebook or Instagram, hereinafter referred to as “online platform”), the terms of use and data protection provisions of the respective platforms shall also apply. In these cases, we would like to point out that we are responsible for the information provided by participants in the context of the competition and that any inquiries regarding the competition should be directed to us.

Participants' data will be deleted as soon as the competition or contest has ended and the data is no longer required to inform the winners or because no further queries regarding the competition are to be expected. In principle, participants' data will be deleted no later than 6 months after the end of the competition. Winners' data may be retained for longer, e.g. answer questions about the prizes or to fulfill the prize obligations; in this case, the retention period depends on the type of prize and is up to three years for items or services, for example, in order to be able to process warranty claims. Furthermore, participants' data may be stored for longer, e.g., in the form of reporting on the competition in online and offline media.

If data was also collected for other purposes in the context of the competition, its processing and retention period are based on the data protection information for this use (e.g., in the case of a newsletter subscription in the context of a competition).

• Types of data processed: Inventory data (e.g., names, addresses) ; content data (e.g., entries in online forms); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).
• Data subjects: Contest and competition participants.
• Purposes of processing: Conducting prize draws and competitions.
• Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Surveys and questionnaires

We conduct surveys and questionnaires to collect information for the respective communicated survey or questionnaire purpose. The surveys and questionnaires we conduct (hereinafter “questionnaires”) are evaluated anonymously. Personal data is only processed to the extent necessary for the provision and technical implementation of the surveys (e.g., processing of the IP address to display the survey in the user's browser or to enable the survey to be resumed with the help of a cookie).

• Types of data processed: Contact details (e.g., email, phone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).
• Data subjects: Communication partners. Participants.
• Purposes of processing: Feedback (e.g., collecting feedback via online form).
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Web analysis, monitoring, and optimization

Web analysis (also known as “reach measurement”) is used to evaluate visitor traffic to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify at what time our online offering or its functions or content are used most frequently or invite reuse. We can also identify which areas need optimization.

In addition to web analysis, we can also use test procedures to test and optimize different versions of our online offering or its components, for example.

Unless otherwise specified below, profiles, i.e., data summarized for a usage process, can be created for these purposes, and information can be stored in a browser or on a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have agreed to the collection of their location data by us or by the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored in the context of web analysis, A/B testing, and optimization, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

• Types of data processed: Usage data (e.g., websites visited, interest in content, access times); meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, consent status).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); tracking (e.g., interest/behavior-based profiling, use of cookies). Provision of our online offering and user-friendliness.
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6 (1) (a) GDPR).

Further information on processing procedures, methods, and services:

• Google Tag Manager: Google Tag Manager is a solution that allows us to manage so-called website tags via an interface and thus integrate other services into our online offering (please refer to further information in this privacy policy). The Tag Manager itself (which implements the tags) does not create user profiles or store cookies, for example. Google only learns the user's IP address, which is necessary to execute Google Tag Manager; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Data processing agreement:
• https://business.safety.google/adsprocessorterms. Basis for third-country transfers: EU-US Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms).
• Google Analytics: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a device in order to identify which content users have accessed within one or more usage sessions, which search terms they have used, which they have accessed again, or how they have interacted with our online offering. The time and duration of use are also stored, as well as the sources of users who refer to our online offering and technical aspects of their devices and browsers. Pseudonymous user profiles are created using information from the use of various devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for any other purpose. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms; Basis for third-country transfers: EU-US Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms); Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).

Online marketing

We process personal data for online marketing purposes, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used to store information about the user that is relevant for the display of the aforementioned content. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used, and information on usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored as part of the online marketing process, but rather pseudonyms. This means that neither we nor the providers of the online marketing process know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in cookies or using similar methods. These cookies can later be read on other websites that use the same online marketing method, analyzed for the purpose of displaying content, supplemented with further data, and stored on the server of the online marketing method provider.

In exceptional cases, clear data can be assigned to the profiles. This is the case if, for example, users are members of a social network whose online marketing process we use and the network links the profiles of users with the aforementioned information. Please note that users can enter into additional agreements with the providers, e.g., by giving their consent during registration.

We generally only receive access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing methods have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. Conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

• Types of data processed: Content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, consent status); Event data (Facebook) (“Event data” is data that can be transmitted by us to Facebook, e.g., via Facebook pixels (via apps or other means) and relates to individuals or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, app installations, product purchases, etc. Event data is processed for the purpose of creating target groups for content and advertising information (custom audiences). Event data does not include the actual content (such as comments posted), login information, or contact information (i.e., no names, email addresses, or phone numbers). Event data is deleted by Facebook after a maximum of two years, and the target groups formed from it are deleted when our Facebook account is deleted).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest/behavior-based profiling, use of cookies); conversion measurement (measurement of the effectiveness of marketing measures); Target group formation; marketing; profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6 (1) (a) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).
• Right to object (opt-out): We refer you to the privacy policies of the respective providers and the options for objecting (known as “opt-out”) specified by the providers. If no explicit opt-out option has been specified, you have the option of disabling cookies in your browser settings. However, this may restrict the functions of our online offering. We therefore recommend the following additional opt-out options, which are offered collectively for the respective regions:
•  
• a) Europe: https://www.youronlinechoices.eu.
• b) Canada: https://www.youradchoices.ca/choices.
• c) USA: https://www.aboutads.info/choices.
• d) Cross-regional: https://optout.aboutads.info.

Further information on processing, procedures, and services:

• Meta Pixel and target group formation (Custom Audiences): With the help of the Meta Pixel (or comparable functions for transmitting event data or contact information via interfaces in apps), Meta is able to identify visitors to our online offering as a target group for the display of advertisements (so-called “Meta Ads” ). Accordingly, we use the Meta Pixel to display the Meta Ads we place only to those users on Meta platforms and within the services of Meta's cooperating partners (so-called “Audience Network” https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products, which can be seen from the websites visited) that we transmit to Meta (so-called “custom audiences”) . With the help of the Meta pixel, we also want to ensure that our Meta ads correspond to the potential interests of users and do not appear intrusive. With the help of the Meta pixel, we can also track the effectiveness of Meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta ad (so-called “conversion measurement”); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Data processing agreement: https://www.facebook.com/legal/terms/dataprocessing; Basis for third-country transfers: EU-US Data Privacy Framework (DPF), standard contractual clauses (https://www.facebook.com/legal/EU_data_transfer_addendum) ; Further information: User event data, i.e., behavioral and interest information, is processed for the purposes of targeted advertising and target group formation on the basis of the joint responsibility agreement (“Addendum for Controllers,” https://www.facebook.com/legal/controller_addendum). Joint responsibility is limited to the collection and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular with regard to the transfer of data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.). .
• Google Ad Manager: We use the “Google Ad Manager” service to place ads on the Google advertising network (e.g., in search results, in videos, on websites, etc.). Google Ad Manager is characterized by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to display ads for our online offering to users who may have a potential interest in our offering or who have previously shown interest in it, as well as to measure the success of the ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR) ; Website:https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: EU-US Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/; Data processing terms for Google advertising products: Information about the services Data processing terms between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms. If Google acts as a processor, data processing terms for Google advertising products and standard contractual clauses for third-country transfers of data:

business.safety.google/adsprocessorterms. Imgur: Embedded plugins and content - This may include content such as images, videos, or text and buttons; Service provider: Imgur, Inc., 600 California Street Fl. 11, San Francisco, California, 94108, USA;

• Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://imgur.com. Privacy policy: https://imgur.com/privacy.
• JSDelivr: Content Delivery Network (CDN) that helps to deliver media and files quickly and efficiently, especially under high load; Service provider: ProspectOne, Królewska 65A/1, 30-081, Kraków, Poland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website:https://www.jsdelivr.com. Privacy policy: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.

Presence on social networks (social media)

We maintain an online presence on social networks and, in this context, process user data in order to communicate with users who are active there or to provide information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users, as it could, for example, make it more difficult to enforce user rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of users. The usage profiles can in turn be used, for example, to

display advertisements within and outside the networks that are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer you to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be most effectively asserted with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. However, if you need help, you can contact us.

• Types of data processed: Contact details (e.g., email, phone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status) .
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Contact requests and communication; feedback (e.g., collecting feedback via online form). Marketing.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing operations, procedures, and services:

• Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website:https://www.instagram.com. Privacy policy: https://instagram.com/about/legal/privacy.
• Facebook pages: Profiles within the Facebook social network - Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not the further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content that users view or interact with, or the actions they take (see “Things you and others do and share” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights,” to page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook (“Page Insights Information,” https://www.facebook.com/legal/terms/page_controller_addendum), which specifically regulates the security measures Facebook must observe and in which Facebook has agreed to comply with the rights of data subjects (i.e., users can, for example, submit requests for information or deletion directly to Facebook). The rights of users (in particular the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Basis for third-country transfers: EU-US Data Privacy Framework (DPF), standard contractual clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). Further information: Joint controllership agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. Joint controllership is limited to the collection and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
• LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website:https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Data processing agreement: https://legal.linkedin.com/dpa; Basis for third country transfer: Standard contractual clauses (https://legal.linkedin.com/dpa). Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Privacy policy: https://policies.google.com/privacy; Basis for third-country transfer: EU-US Data Privacy Framework (DPF). Opt-out option: https://adssettings.google.com/authenticated.
• Social media wall / social media newsroom: A “social media wall” or “social media newsroom” is a compilation of posts from various social networks in which we are mentioned or which contain a hashtag with our name or the name of a campaign. This includes mentions of posts that we publish on social networks as well as posts published by users. The content of the posts is automatically obtained from the respective social networks in accordance with the terms and conditions and permissions of the authors, and users can object to the display at any time. The authors are generally responsible for the content of the posts. The providers of the respective social networks are responsible for processing the data in connection with the display of the posts and their content. We refer to the information on the respective social networks in this privacy policy. Without prejudice to the rights of users, we recommend that users (also) contact the respective authors or providers of the respective social networks with requests for information and complaints about posts that were not written by us in order to remove the posts at the source or to assert their data protection rights. Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
• Juicer: a. We continue to use a plugin from the provider SaaS.group LLC (“Juicer”), 304 S. Jones Blvd #1205, Las Vegas NV 89107, USA, Tel.: (323) 238-9740, email: hello@juicer.io, website: saas.group and www.juicer.io to integrate a social media feed. In this way, our social media activities are integrated into the website or aggregated on a page.
• b. This is done in the interest of presenting our online offering in an appealing manner and to inform you and other users of social networks about our activities. The processing operations on the part of Juicer and the social networks are carried out for the purpose of designing the service in line with requirements. These are legitimate interests within the meaning of Art. 6 (1) lit. f GDPR.
• c. When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Juicer's servers. This provides Juicer with the information that your browser has accessed the corresponding page of our website, and the content is provided by Juicer. This information (including your IP address) is transmitted directly from your browser to a Juicer server in the USA and stored there. When you access a specific feed, your browser may also connect to the social network from which the integrated content originates in order to load additional content. However, no cookies are set.
• If you interact with the plugins, for example by sharing a feed via Facebook, Twitter, Pinterest, or LinkedIn, the corresponding information is also transmitted directly to a server of the provider and stored there. In addition, the information about the shared feed is published on the respective social media platform and displayed there to your contacts. If you do not want social media to directly associate the data collected via our website with your account there, you must log out before visiting our website.
• d. Further information on the processing and use of data by third parties can be found in their respective privacy policies. For Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”) at www.facebook.com/policy.php; for Pinterest Inc., 808 Brannan Street, San Francisco, CA, 94103, USA (“Pinterest”) at about.pinterest.com/de/privacy-policy, for LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”) at www.linkedin.com/legal/privacy-policy, and Juicer at www.juicer.io/clj/eu-privacy. Juicer also states that it does not use any tracking mechanisms that make it possible to track the behavior of data subjects on the Internet and/or create user profiles when a user views a feed on our website (https://help.juicer.io/en/articles/2013002-juicer-and-the-eu-general-data-protection-regulation-gdpr).
• ;
• Service provider: SaaS.group LLC (“Juicer”), 304 S. Jones Blvd #1205, Las Vegas NV 89107, USA, Tel.: (323) 238-9740, Email: hello@juicer.io, Website: https://saas.group/ and https://www.juicer.io/ ; Website: https://saas.group/ and https://www.juicer.io/. Privacy policy: https://www.juicer.io/clj/eu-privacy.

Plugins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may be graphics, videos, or city maps (hereinafter collectively referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the users, as they would not be able to send the content to their browsers without the IP address. The IP address is therefore necessary for the display of this content or these functions. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, and may be linked to such information from other sources.

• Types of data processed: Usage data (e.g., websites visited, interest in content, access times); meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, consent status).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness.
• Legal basis: Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Further information on processing procedures, processes, and services:

• Google Fonts (provision on our own server): Provision of font files for the purpose of user-friendly presentation of our online offering; Service provider: Google Fonts are hosted on our server; no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 (1) (1) (f) GDPR).
• YouTube videos: Video content; YouTube videos are integrated via a special domain (recognizable by the component “youtube-nocookie”) in the so-called “extended data protection mode,” which means that no cookies are collected on user activities in order to personalize video playback. Nevertheless, information about user interaction with the video (e.g., remembering the last playback position) may be stored; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy. Basis for third country transfer: EU-US Data Privacy Framework (DPF).

Changes and updates to the privacy policy

We ask you to regularly review the content of our privacy policy. We will amend the privacy policy as soon as changes to our data processing practices make this necessary. We will inform you as soon as the changes require your involvement (e.g., consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time and check the information before contacting them.

Definition of terms

This section provides an overview of the terms used in this privacy policy. Where the terms are defined by law, their legal definitions apply. The following explanations are primarily intended to aid understanding.

Credit information: Automated decisions are based on automatic data processing without human intervention (e.g., in the case of automatic rejection of a purchase on account, an online credit application, or an online application process without any human intervention). Such automated decisions are only permissible under Art. 22 GDPR if the data subjects consent, if they are necessary for the performance of a contract, or if national laws permit such decisions.

Conversion measurement: Conversion measurement (also known as “visit action evaluation”) is a process that can be used to determine the effectiveness of marketing measures. To do this, a cookie is usually stored on the user's device within the websites where the marketing measures are carried out and then retrieved again on the target website. This allows us to track whether the ads we place on other websites were successful.Personal data: “Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.Profiles with user-related information: The processing of “profiles with user-related information,” or “profiles” for short, includes any type of automated processing of personal data that consists of using this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include various information regarding demographics, behavior, and interests, such as interaction with websites and their content, etc.) or to predict them (e.g., interest in certain content or products, click behavior on a website, or location). Cookies and web beacons are often used for profiling purposes.Reach measurement: Reach measurement (also known as web analytics) is used to evaluate visitor traffic to an online offering and may include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, operators of online offerings can, for example, identify at what time users visit their websites and what content they are interested in. This enables them to better tailor the content of their websites to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis purposes to recognize returning visitors and thus obtain more accurate analyses of the use of an online offering.Tracking: “Tracking” refers to the tracking of user behavior across multiple online offerings. As a rule, information about behavior and interests is stored in cookies or on the servers of the providers of tracking technologies (so-called profiling) with regard to the online offerings used. This information can then be used, for example, to display advertisements to users that are likely to correspond to their interests.Controller: The “controller” is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

• Processing: “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data, whether it is collection, evaluation, storage, transmission, or deletion.

Target group formation: Target group formation (English “Custom Audiences”) refers to the determination of target groups for advertising purposes, e.g., the display of advertisements. For example, based on a user's interest in certain products or topics on the internet, it can be concluded that this user is interested in advertisements for similar products or the online shop where they viewed the products. The term “lookalike audiences” (or similar target groups) is used when content that is considered suitable is displayed to users whose profiles or interests are presumed to correspond to those of the users for whom the profiles were created. Cookies and web beacons are generally used for the purpose of creating custom audiences and lookalike audiences.