Privacy policy
Adjust or revoke cookie settings:
You can adjust your current privacy settings or withdraw your consent at any time by clicking here. This opens the settings menu.
Introduction and Overview
We have drafted this privacy policy (version 14.03.2026-313200034) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller – and the processors commissioned by us (e.g. providers) – process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.
Privacy policies usually sound very technical and use legal terminology. This privacy policy, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it promotes transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We use clear and simple language to inform you that we only process personal data in the course of our business activities if there is an appropriate legal basis for doing so. This is certainly not possible if one provides explanations that are as brief, unclear, and legal-technical as possible, as are often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is a piece of information or two that you did not yet know.
If any questions remain, we kindly ask you to contact the responsible body mentioned below or in the legal notice (Impressum), to follow the existing links, and to look at further information on third-party sites. You will, of course, also find our contact details in the legal notice.
Scope of Application
This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies we have commissioned (processors). By “personal data,” we mean information as defined in Article 4(1) of the GDPR, such as a person’s name, email address, and mailing address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:
- all online platforms (websites, online stores) that we operate
- Social Media Presence and Email Communication
- Mobile Apps for Smartphones and Other Devices
In short: The privacy policy applies to all areas in which personal data is processed structurally within the company via the channels mentioned. Should we enter into legal relations with you outside of these channels, we will inform you separately if necessary.
Legal Basis
In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation, which allow us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex32016R0679 https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex32016R0679 can be found.
We process your data only if at least one of the following conditions applies:
- Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you entered into a contact form.
- Contract (Article 6(1)(b) GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase contract with you, we require personal information in advance.
- Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
- Legitimate interests (Article 6(1)(f) GDPR): In the event of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data in order to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.
Other conditions, such as the perception of recordings in the public interest, the exercise of official authority, or the protection of vital interests, generally do not occur in our case. Should such a legal basis nevertheless be relevant, it will be designated in the corresponding place.
In addition to the EU regulation, national laws also apply:
- In Austria, this is the Federal Act concerning the Protection of Personal Data (Data Protection Act), or DSG for short.
- In Germany, the Federal Data Protection Act, BDSG for short, applies.
If additional regional or national laws apply, we will provide you with information about them in the following sections.
Contact information for the data controller
If you have any questions regarding data protection or the processing of personal data, you will find below the contact details of the controller in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR):
KDL GmbH
Michael Krüger
Julius-Cäsar-Str. 9a
42897 Remscheid
E-Mail: shop-versand@armrelaxpad.com
Imprint https://www.armrelaxpad.com/impressum/
Storage duration
It is our general policy to retain personal data only for as long as is strictly necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally required to retain certain data even after the original purpose has ceased to exist, for example, for accounting purposes.
If you wish to have your data deleted or wish to withdraw your consent to data processing, the data will be deleted as soon as possible, provided there is no legal obligation to retain it.
We will provide you with information below regarding the specific duration of the respective data processing, provided we have further details on this matter.
Rights under the General Data Protection Regulation
In accordance with Articles 13 and 14 of the GDPR, we are informing you of the following rights to which you are entitled to ensure that your data is processed fairly and transparently:
- According to Article 15 GDPR, you have the right to obtain confirmation as to whether we are processing your data. If this is the case, you have the right to receive a copy of the data and to be informed of the following information:
- the purpose for which we carry out the processing;
- the categories, i.e., the types of data that are processed;
- who receives this data and, if data is transferred to third countries, how the security of the data can be guaranteed;
- how long the data is stored;
- the existence of the right to rectification, erasure, or restriction of processing, as well as the right to object to the processing;
- that you have the right to lodge a complaint with a supervisory authority (links to these authorities can be found below);
- the origin of the data, if we did not collect it from you;
- whether profiling is carried out, i.e., whether data is automatically evaluated in order to arrive at a personal profile of you.
- According to Article 16 GDPR, you have the right to rectification of data, which means that we must correct data if you find any errors.
- According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which concretely means that you may request the deletion of your data.
- According to Article 18 GDPR, you have the right to restriction of processing, which means that we are only allowed to store the data but not to use it any further.
- According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
- According to Article 21 GDPR, you have the right to object, which, once enforced, entails a change in processing.
- If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
- If your data is used for direct advertising purposes, you may object to this type of data processing at any time. We may no longer use your data for direct marketing purposes thereafter.
- If data is used for profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
- According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
- According to Article 77 GDPR, you have the right to lodge a complaint. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.
In short: You have rights – do not hesitate to contact the controller listed above!
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
Data transfers to third countries
We only transfer or process data in countries outside the scope of the GDPR (third countries) if you consent to this processing or if there is another legal permission. This applies in particular if the processing is required by law or necessary for the fulfillment of a contractual relationship and in any case only to the extent that this is generally permitted. In most cases, your consent is the most important reason why we have data processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.
We expressly point out that, in the opinion of the European Court of Justice, an adequate level of protection for data transfer to the USA currently only exists if a US company processing personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. You can find more information on this at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It is also possible that collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. We endeavor to use server locations within the EU whenever possible, provided this is offered.
Wir informieren Sie an den passenden Stellen dieser Datenschutzerklärung genauer über Datenübertragung in Drittländer, sofern diese zutrifft.
Communication
| Communication Summary |
When you contact us and communicate by phone, email, or online form, personal data may be processed.
The data is processed for the handling and processing of your inquiry and the associated business transaction. The data is stored only for as long as necessary or as prescribed by law.
Affected individuals
All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.
Phone
When you call us, call data is stored in pseudonymized form on the respective device and with the telecommunications provider used. In addition, data such as name and phone number may subsequently be sent via email and stored for the purpose of answering your inquiry. The data is deleted as soon as the business transaction has been completed and statutory requirements permit it.
When you communicate with us by email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data is stored on the email server. The data will be deleted as soon as the business case has been completed and statutory regulations permit.
Online Forms
When you communicate with us via an online form, data is stored on our web server and may be forwarded to one of our email addresses. The data will be deleted as soon as the business case has been completed and statutory regulations permit.
Legal Basis
The processing of data is based on the following legal foundations:
- Art. 6(1)(a) GDPR (consent): You give us your consent to store your data and to continue using it for purposes related to the business transaction;
- Art. 6(1)(b) GDPR (contract): There is a necessity for the fulfillment of a contract with you or a processor such as the telephone provider, or we must process the data for pre-contractual activities, such as the preparation of an offer;
- Art. 6(1)(f) GDPR (legitimate interests): We aim to conduct customer inquiries and business communication in a professional framework. This requires certain technical facilities such as email programs, Exchange servers, and mobile network operators to ensure efficient communication.
Cookies
| Cookies Summary |
What are cookies?
Our website uses HTTP cookies to store user-specific data. Below, we explain what cookies are and why they are used so that you can better understand the following privacy policy.
Whenever you browse the internet, you use a browser. Familiar browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge, for example. Most websites store small text files in your browser. These files are called cookies.
One thing is undeniable: cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, the "brain" of your browser, so to speak. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data, such as language or personal site settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.
The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.
German:
English: 
French:

Italian:

Polish:

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other "malware". Cookies also cannot access information on your PC.
This is what cookie data can look like, for example:
Name: _ga
Value: GA1.2.1326744211.152313200034-9
Purpose: Differentiation of website visitors
Expiration date: after 2 years
A browser should be able to support these minimum sizes:
- At least 4096 bytes per cookie
- At least 50 cookies per domain
- At least 3000 cookies in total
What types of cookies are there?
The question of which specific cookies we use depends on the services utilized and is clarified in the following sections of this privacy policy. At this point, we would like to briefly look at the different types of HTTP cookies.
There are 4 main types of cookies that can be distinguished:
Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user places a product in the shopping cart, then continues browsing other pages, and only goes to the checkout later. These cookies ensure that the shopping cart is not cleared, even if the user closes their browser window.
Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are used to measure the loading time and the behavior of the website across different browsers.
Preference Cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes, or form data are stored.
Targeting Cookies
These cookies are also called targeting cookies. They serve to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.
Usually, when you visit a website for the first time, you are asked which of these types of cookies you want to allow. And of course, this decision is also stored in a cookie.
If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) titled "HTTP State Management Mechanism".
Purpose of data processing via cookies
The purpose ultimately depends on the respective cookie. You can find more details on this below or from the manufacturer of the software that sets the cookie.
What data is processed?
Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data within the scope of the following privacy policy.
Cookie Retention Period
The retention period depends on the specific cookie and is specified further below. Some cookies are deleted in less than an hour, while others can remain stored on a computer for several years.
You also have control over the retention period yourself. You can manually delete all cookies at any time via your browser (see also "Right to object" below). Furthermore, cookies based on consent will be deleted at the latest once you withdraw your consent, although the lawfulness of storage until that point remains unaffected.
Right to object – how can I delete cookies?
You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.
If you want to see which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:
Chrome: Delete, enable, and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies
If you generally do not want to have any cookies, you can set your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether you allow it or not. The procedure varies depending on the browser. It is best to search for the instructions on Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.
Legal basis
Since 2009, there have been the so-called "cookie guidelines". They state that the storage of cookies requires your consent (Article 6 para. 1 lit. a GDPR). However, within EU countries, there are still very different reactions to these guidelines. In Austria, this directive was implemented in § 165 para. 3 of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, the implementation of this directive largely took place in § 15 para. 3 of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.
For absolutely necessary cookies, even where no consent is provided, there are legitimate interests (Article 6 para. 1 lit. f GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience, and for this, certain cookies are often absolutely necessary.
Insofar as cookies that are not absolutely necessary are used, this only occurs in the event of your consent. The legal basis for this is Art. 6 para. 1 lit. a GDPR.
In the following sections, you will be informed in more detail about the use of cookies, provided that the software used utilizes cookies.
Web Hosting Introduction
| Web Hosting Introduction |
What is web hosting?
When you visit websites nowadays, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all web pages on a domain, i.e., everything from the start page (homepage) to the very last subpage (like this one). By domain, we mean for example example.com or sample-example.com.
If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You are likely familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We refer to them simply as browsers or web browsers.
To view a website, the browser must connect to another computer where the website's code is stored: the web server. Operating a web server is a complex and demanding task, which is why it is usually handled by professional providers. They offer web hosting and ensure the reliable and error-free storage of website data. A lot of technical terms, but please stay tuned, it gets even better!
When your browser connects to the web server from your computer (desktop, laptop, tablet, or smartphone) and during the transfer of data, the processing of personal data may occur. On one hand, your computer stores data; on the other hand, the web server must also store data for a certain period to ensure proper operation.
A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.
German:
English:

French:

Italian:

Polish:

Why do we process personal data?
The purposes of data processing are:
- Professional hosting of the website and securing of operations.
- Maintenance of operational and IT security.
- Anonymous analysis of access behavior to improve our services and, if necessary, for law enforcement or the pursuit of legal claims.
What data is processed?
Even while you are visiting our website, our web server—the computer where this website is stored—usually automatically saves data such as
- the complete internet address (URL) of the accessed webpage
- browser and browser version (e.g., Chrome 87)
- the operating system used (e.g., Windows 10)
- the internet address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)
- the hostname and the IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
- date and time
- in files known as web server log files
How long is data stored?
Generally, the aforementioned data is stored for two weeks and then automatically deleted. We do not pass this data on, but we cannot exclude the possibility that this data may be viewed by authorities in the event of illegal behavior.
In short: Your visit is logged by our provider (a company that hosts our website on special computers (servers)), but we do not share your data without your consent!
Legal basis
The processing of personal data for the purpose of web hosting is based on Art. 6 (1) (f) GDPR (legitimate interests). The use of professional hosting with a service provider is necessary to present our company on the internet securely and in a user-friendly manner, and to be able to defend against or pursue legal claims arising from cyberattacks.
Between us and the hosting provider, there is generally a data processing agreement in accordance with Art. 28 et seq. GDPR, which ensures compliance with data protection and guarantees data security.
ALL-INKL Web Hosting Privacy Policy
| ALL-INKL Web Hosting Privacy Policy Summary |
What is ALL-INKL Web Hosting?
We use the services of ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany (hereinafter "ALL-INKL"), for hosting our website. ALL-INKL provides us with the infrastructure, computing capacity, storage space, database services, and security services required to operate this online service.
What data is processed, and why?
When you visit our website, ALL-INKL automatically collects various general data and information on our behalf, which are stored in so-called server log files. These include:
the IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
the website from which the access is made (referrer URL)
- the browser used and, if applicable, your computer's operating system as well as the name of your access provider
These data are processed to ensure a smooth connection to the website, to evaluate system security and stability, and for error analysis and defense against cyberattacks. These data are not merged with other data sources.
Legal Basis and Data Processing Agreement (DPA)
The use of ALL-INKL is based on our legitimate interest in providing our online services in a secure, fast, and reliable manner, in accordance with Art. 6 (1) (f) GDPR.
To ensure data-compliant processing, we have concluded a data processing agreement (DPA) with ALL-INKL in accordance with Art. 28 GDPR. This agreement ensures that ALL-INKL processes the personal data of our website visitors only according to our strict instructions and in strict compliance with European data protection guidelines.
Introduction to Web Analytics
| Web Analytics Privacy Policy Summary |
What is web analytics?
We use software on our website to evaluate the behavior of website visitors, known as web analytics. Data is collected, stored, managed, and processed by the respective analytics tool provider (also known as a tracking tool). With the help of this data, analyses of user behavior on our website are created and made available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content resonate best with our visitors. To do this, we show you two different offers for a limited period. After the test (a so-called A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics procedures, user profiles may be created and data may be stored in cookies.
Why do we use web analytics?
With our website, we have a clear goal in mind: we want to provide the best online offering in our industry. To achieve this, we aim to offer the best and most interesting content while ensuring you feel completely comfortable on our site. Using web analytics tools, we can take a closer look at our visitors' behavior and consequently improve our online offering for both you and us. For example, we can identify the average age of our visitors, where they come from, when our website is most frequented, or which content or products are particularly popular. All this information helps us optimize the website, tailoring it perfectly to your needs, interests, and preferences.
What data is processed?
The exact data stored depends, of course, on the analytics tools used. However, as a rule, information such as which content you view on our website, which buttons or links you click, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website, or which computer system you are using is stored. If you have consented to the collection of location data, this may also be processed by the web analytics tool provider.
In addition, your IP address is stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is generally stored in a pseudonymized (i.e., unrecognizable and shortened) form. For the purposes of testing, web analytics, and website optimization, no direct personal data such as your name, age, address, or email address are stored. If any such data is collected, it is stored in a pseudonymized form, ensuring that you cannot be identified as an individual.
The following example schematically shows how Google Analytics works as an example of client-side web tracking using JavaScript code.
German:
English:

French:

Italian:

Polish:

How long the respective data is stored always depends on the provider. Some cookies store data for only a few minutes or until you leave the website, while other cookies can store data for several years.
Duration of data processing
We will provide you with further information regarding the duration of data processing below, if available. Generally, we only process personal data for as long as is absolutely necessary to provide our services and products. If, as in the case of accounting, it is required by law, this retention period may be exceeded.
Right to object
You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.
Legal basis
The use of web analytics requires your consent, which we have obtained via our cookie popup. In accordance with Art. 6 (1) (a) GDPR (consent), this consent serves as the legal basis for the processing of personal data that may occur during collection by web analytics tools.
In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our services technically and economically. With the help of web analytics, we can detect errors on the website, identify attacks, and improve efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use these tools to the extent that you have provided consent.
Since web analytics tools use cookies, we also recommend reading our general cookie privacy policy. To learn exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.
You will find information on specific web analytics tools, if available, in the following sections.
Google Analytics Privacy Policy
| Google Analytics Privacy Policy Summary |
What is Google Analytics?
We use the web analytics tool Google Analytics in the version Google Analytics 4 (GA4) from the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies such as cookies, device IDs, and login information, you as a user can be identified across different devices. This allows your actions to be analyzed across platforms.
For example, when you click a link, this event is stored in a cookie and sent to Google Analytics. With the help of the reports we receive from Google Analytics, we can better adapt our website and service to your wishes. In the following, we will go into more detail about the tracking tool and, above all, inform you about what data is processed and how you can prevent it.
Google Analytics is a tracking tool used for traffic analysis of our website. These measurements and analyses are based on a pseudonymous user identification number. This number does not contain personal data such as name or address, but is used to assign events to a specific device. GA4 uses an event-based model that captures detailed information on user interactions such as page views, clicks, scrolling, and conversion events. In addition, various machine learning functions have been integrated into GA4 to better understand user behavior and certain trends. GA4 relies on modeling using machine learning functions. This means that based on the collected data, missing data can be extrapolated to optimize the analysis and provide forecasts.
To ensure Google Analytics functions, a tracking code is embedded in our website's code. When you visit our website, this code records various events you perform. With GA4's event-based data model, we as website operators can define and track specific events to obtain analyses of user interactions. Consequently, in addition to general information such as clicks or page views, special events that are important for our business can also be tracked. Such special events may include, for example, submitting a contact form or purchasing a product.
As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.
Google processes the data, and we receive reports about your user behavior. These reports may include, among others, the following:
- Target audience reports: Through target audience reports, we get to know our users better and know more precisely who is interested in our service.
- Ad reports: With ad reports, we can analyze and improve our online advertising more easily.
- Acquisition reports: Acquisition reports provide us with helpful information on how we can inspire more people to use our service.
- Behavior reports: Here we learn how you interact with our website. We can trace the path you take on our site and which links you click.
- Conversion reports: A conversion is a process in which you perform a desired action based on a marketing message. For example, when you go from a mere website visitor to a buyer or a newsletter subscriber. With the help of these reports, we learn more about how our marketing measures resonate with you. This is how we aim to increase our conversion rate.
- Real-time reports: Here we find out immediately what is happening on our website right now.
In addition to the analysis reports mentioned above, Google Analytics 4 also offers, among other things, the following features:
- Event-based data model: This model records specific events that can occur on our website. For example, playing a video, purchasing a product, or signing up for our newsletter.
- Advanced analytics features: These features allow us to better understand your behavior on our website or certain general trends. For instance, we can segment user groups, perform comparative analyses of target audiences, or trace your path on our website.
- Predictive modeling: Based on the data collected, machine learning can be used to extrapolate missing data to predict future events and trends. This helps us develop better marketing strategies.
- Cross-platform analysis: Data collection and analysis are possible for both websites and apps. This gives us the ability to analyze user behavior across platforms, provided you have consented to the data processing.
Why do we use Google Analytics on our website?
Our goal for this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.
The statistically evaluated data show us a clear picture of the strengths and weaknesses of our website. On one hand, we can optimize our site so that it is more easily found by interested people on Google. On the other hand, the data help us to better understand you as a visitor. We therefore know exactly what we need to improve on our website to offer you the best possible service. The data also serve to help us conduct our advertising and marketing activities in a more individualized and cost-effective manner. After all, it only makes sense to show our products and services to people who are interested in them.
What data is stored by Google Analytics?
Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This way, Google Analytics recognizes you as a new user and assigns you a user ID. When you visit our site again, you are recognized as a "returning" user. All collected data is stored along with this user ID. This is the only way to evaluate pseudonymous user profiles.
To be able to analyze our website using Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For every newly created property, the Google Analytics 4 property is the default. Depending on the property used, data is stored for different lengths of time.
Through identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your interactions are measured across platforms, provided you have consented. Interactions refer to all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as website operators, authorize it. Exceptions may occur if required by law.
According to Google, IP addresses are neither logged nor stored in Google Analytics 4. Google uses IP address data to derive location information and deletes it immediately afterwards. All IP addresses collected from users in the EU are deleted before the data is stored in any data center or on any server.
Since the focus of Google Analytics 4 is on event-based data, the tool uses significantly fewer cookies compared to previous versions (such as Google Universal Analytics). Nevertheless, there are a few specific cookies used by GA4. These include, for example:
Name: _ga
Value: 2.1326744211.152313200034-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it serves to distinguish website visitors.
Expiry date: after 2 years
Name: _gid
Value: 2.1687193234.152313200034-1
Purpose: The cookie also serves to distinguish website visitors.
Expiry date: after 24 hours
Name: _gat_gtag_UA_
Value: 1
Purpose: Used to throttle request rate. If Google Analytics is provided via the Google Tag Manager, this cookie is named _dc_gtm_ .
Expiry date: after 1 minute
Note: This list cannot claim to be exhaustive, as Google constantly changes its choice of cookies. The goal of GA4 is also to improve data protection. Therefore, the tool offers some options for controlling data collection. For example, we can set the retention period ourselves and also control data collection.
Here we provide you with an overview of the most important types of data collected with Google Analytics:
Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly which areas you click on. This way we get information about where you are "moving around" on our site.
Session duration: Google defines session duration as the time you spend on our site without leaving it. If you have been inactive for 20 minutes, the session ends automatically.
Bounce rate: A bounce occurs when you view only one page on our website and then leave our website again.
Account creation: If you create an account or place an order on our website, Google Analytics collects this data.
Location: IP addresses are not logged or stored in Google Analytics. However, shortly before the IP address is deleted, derivations are used for location data.
Technical information: Technical information includes, among other things, your browser type, your internet service provider or your screen resolution.
Source of origin: Google Analytics or we are of course also interested in which website or which advertisement brought you to our site.
Further data include contact details, any ratings, playing media (e.g., when you play a video on our site), sharing content via social media, or adding items to your favorites. This list is not exhaustive and serves only as general guidance regarding data storage by Google Analytics.
How long and where is the data stored?
Google has distributed its servers all over the world. You can read exactly where the Google data centers are located here: https://datacenters.google/
Your data is distributed across various physical storage media. This has the advantage that the data is faster to retrieve and better protected against manipulation. Every Google data center has corresponding emergency programs for your data. If, for example, hardware fails at Google or natural disasters cripple servers, the risk of a service interruption at Google remains low.
The data retention period depends on the properties used. The retention period is always defined separately for each individual property. Google Analytics offers us four options for controlling the retention period:
- 2 months: This is the shortest retention period.
- 14 months: By default, data in GA4 is stored for 14 months.
- 26 months: Data can also be stored for 26 months.
- Data is only deleted when we manually delete it.
Additionally, there is the option that data is only deleted if you do not visit our website again within the period we have chosen. In this case, the retention period is reset each time you revisit our website within the defined timeframe.
Once the specified period has expired, the data is deleted on a monthly basis. This retention period applies to your data linked to cookies, user identification, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a consolidation of individual data into a larger unit.
How can I delete my data or prevent data storage?
Under the data protection law of the European Union, you have the right to obtain information about your data, to update, delete, or restrict it. By using the browser add-on to deactivate Google Analytics JavaScript (analytics.js, gtag.js), you prevent Google Analytics 4 from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates data collection by Google Analytics.
If you generally want to disable, delete, or manage cookies, you will find the corresponding links to the instructions for the most popular browsers in the "Cookies" section.
Legal basis
The use of Google Analytics requires your consent, which we have obtained via our cookie popup. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data as may occur during collection by web analytics tools.
In addition to the consent, we have a legitimate interest in analyzing the behavior of our website visitors in order to improve our offering both technically and economically. With the help of Google Analytics, we detect errors on the website, can identify attacks, and improve profitability. The legal basis for this is Art. 6 (1) (f) GDPR (Legitimate Interests). Nevertheless, we only use Google Analytics to the extent that you have given your consent.
Google processes your data in the USA, among other locations. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Google uses so-called Standard Contractual Clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
We hope we have been able to bring you closer to the most important information regarding data processing by Google Analytics. If you would like to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.
If you want to learn more about data processing, please use the Google Privacy Policy at https://policies.google.com/privacy?hl=de.
Google Analytics demographic and interest reports
We have enabled advertising reporting features in Google Analytics. The demographic and interest reports contain information on age, gender, and interests. This allows us to gain a better picture of our users – without being able to associate this data with individual persons. You can learn more about advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.
You can terminate the use of your Google account activities and information under “Ad settings” at https://adssettings.google.com/authenticated via a checkbox.
Google Analytics E-commerce measurement
We also use the e-commerce measurement feature of the web analytics tool Google Analytics on our website. This allows us to analyze very precisely how you and all our other customers interact with our website. E-commerce measurement focuses primarily on purchasing behavior. Based on the data obtained, we can adapt and optimize our service to meet your wishes and expectations. Likewise, we can deploy our online advertising measures more precisely so that our advertisements are only seen by people who are actually interested in our products or services. E-commerce measurement records, for example, which orders were placed, how long it took for you to purchase the product, the average order value, or the shipping costs. All this data can be collected and stored under a specific ID.
Google Analytics in consent mode
Depending on your consent, personal data is processed by Google Analytics using the so-called "Consent Mode". You can choose whether or not to agree to Google Analytics cookies. In doing so, you also choose which data Google Analytics is allowed to process from you. This collected data is mainly used to perform measurements of user behavior on the website, to serve targeted advertising, and to provide us with web analytics reports. Typically, you consent to data processing by Google via a cookie consent tool. If you do not consent to data processing, only aggregated data is collected and processed. This means that data cannot be assigned to individual users and thus no user profile is created for you. You can also agree only to statistical measurement. In this case, no personal data is processed and, consequently, it is not used for advertising or advertising performance measurement.
Google Analytics IP anonymization
We have implemented IP anonymization in Google Analytics on this website. This feature was developed by Google to allow this website to comply with applicable data protection regulations and the recommendations of local data protection authorities when they prohibit the storage of the full IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place.
You can find more information on IP anonymization at https://support.google.com/analytics/answer/2763052?hl=de.
Google Tag Manager
We use the Google Tag Manager on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool that allows us to integrate and manage tracking or statistics tools and other technologies on our website via a so-called "tag" interface. The Google Tag Manager itself (which implements the tags) does not create user profiles, does not store cookies, and does not perform any independent analysis. It merely serves to manage and deploy the tools integrated through it. However, the Google Tag Manager collects your IP address, which may also be transferred to Google's servers in the USA. The use of Google Tag Manager is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in the fast and uncomplicated integration and management of various tools on our website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; consent can be revoked at any time.
Google Site Kit Privacy Policy
| Google Site Kit Privacy Policy Summary |
What is Google Site Kit?
We have integrated the WordPress plugin Google Site Kit from the American company Google Inc. into our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics originating from various Google products, such as Google Analytics, directly in our WordPress dashboard. The tool, or the tools integrated into Google Site Kit, also collect personal data from you. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored, and which other privacy notices are relevant for you in this context.
Google Site Kit is a plugin for the WordPress content management system. This plugin allows us to view important website analysis statistics directly in our dashboard. These are statistics collected by other Google products, primarily Google Analytics. In addition to Google Analytics, services such as Google Search Console, PageSpeed Insights, Google AdSense, Google Optimize, and Google Tag Manager can also be linked with Google Site Kit.
Why do we use Google Site Kit on our website?
As a service provider, our task is to provide you with the best possible experience on our website. We want you to feel comfortable on our site and to find exactly what you are looking for quickly and easily. Statistical analyses help us get to know you better and tailor our offerings to your wishes and interests. We use various Google tools for these analyses. Site Kit makes our work much easier in this regard because we can view and analyze statistics from Google products directly in the dashboard. This means we no longer have to log in to each tool separately. Site Kit therefore always provides a good overview of the most important analytical data.
Which data is stored by Google Site Kit?
If you have actively consented to tracking tools in the cookie notice (also referred to as a script or banner), cookies will be set by Google products such as Google Analytics, and data about you, such as your user behavior, will be sent to Google, where it will be stored and processed. This also includes the storage of personal data, such as your IP address.
For more detailed information on individual services, we have dedicated sections in this privacy policy. Please take a look at our privacy policy for Google Analytics, for example. There, we go into great detail regarding the data collected. You will learn how long Google Analytics stores, manages, and processes data, which cookies may be used, and how you can prevent data storage. Likewise, we have separate privacy policies with comprehensive information for other Google services, such as Google Tag Manager or Google AdSense.
The following are examples of Google Analytics cookies that may be set in your browser, provided that you have generally consented to data processing by Google. Please note that this is merely a selection of cookies:
Name: _ga
Value: 2.1326744211.152313200034-2
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it is used to distinguish website visitors.
Expiration: after 2 years
Name: _gid
Value: 2.1687193234.152313200034-7
Purpose: This cookie is also used to distinguish website visitors.
Expiration: after 24 hours
Name: _gat_gtag_UA_
Value: 1
Purpose: This cookie is used to lower the request rate.
Expiration: after 1 minute
How long and where is the data stored?
Google stores the collected data on its own servers, which are distributed worldwide. Most of these servers are located in the United States, so it is quite possible that your data will be stored there as well. At https://datacenters.google/ you can see exactly where the company provides servers.
The data collected by Google Analytics is standardized to be stored for 26 months. Afterwards, your user data will be deleted. The retention period applies to all data associated with cookies, user identification, and advertising IDs.
How can I delete my data or prevent data storage?
You always have the right to receive information about your data, and to have your data deleted, corrected, or restricted. In addition, you can also deactivate, delete, or manage cookies in your browser at any time.
If you generally want to disable, delete, or manage cookies, you will find the corresponding links to the instructions for the most popular browsers in the "Cookies" section.
Legal basis
The use of Google Site Kit requires your consent, which we have obtained via our cookie popup. According to Art. 6 (1) (a) GDPR (consent), this consent serves as the legal basis for the processing of personal data as it may occur during collection by web analytics tools.
In addition to the consent, we have a legitimate interest in analyzing the behavior of website visitors in order to technically and economically improve our offering. With the help of Google Site Kit, we can detect errors on the website, identify attacks, and improve economic efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Google Site Kit if you have given your consent.
Google processes your data in the USA, among other locations. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Google uses so-called Standard Contractual Clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
To learn more about how Google processes data, we recommend reading Google's comprehensive privacy policy at https://policies.google.com/privacy?hl=de.
Jetpack Privacy Policy
| Jetpack Privacy Policy Summary |
What is Jetpack?
On our website, we use the WordPress plugin Jetpack. Jetpack is a software that provides us with web analytics, among other features. It is operated by the company Automattic (Inc. 132 Hawthorne Street San Francisco, CA 94107, USA), which utilizes technology from the company Quantcast (Inc., 201 3rd St, Floor 2, San Francisco, CA 94103-3153, USA) for this product. The integrated tracking tool also collects, stores, and processes your personal data. In this privacy policy, we will explain exactly what data is involved, why we use Jetpack, and how you can prevent this data storage.
Jetpack is a plug-in for WordPress websites featuring many different functions and modules. All these tools help us to make our website more attractive, secure, and to welcome more visitors. For example, the tool can display related posts, content can be shared, and Jetpack can also improve the loading speed of our website. All functions are hosted and provided by WordPress.
Why do we use Jetpack?
It is essential to us that you feel comfortable on our website and find what you are looking for. We can only be successful if you are satisfied with our service. And to know how and where we can still improve our website, we need information. Through Jetpack, we see, for example, how often and for how long you are on an individual webpage or which buttons you like to click. With the help of this information, we can improve our website and adapt it to your wishes and preferences.
What data does Jetpack store?
Specifically, the integrated WordPress.com statistics tracking tool also collects, stores, and processes your personal data. For the Jetpack tool to function, Jetpack sets a cookie in your browser when you open a webpage that has components of the tool embedded. The collected data is synchronized with Automattic and stored there.
This includes, among other things, the IP address (which is anonymized before storage) and data on user behavior, such as browser type, unique device identifier, preferred language, date and time of page access, operating system, and information about the mobile network. Jetpack uses this information to improve its own services and offerings and to gain better insights into the usage of its own service. Furthermore, the following data may also be synchronized and stored:
- For Google Ads customers, the account's email address and physical address are synchronized.
- Successful and failed login attempts. In addition, your IP address and user agent are stored.
- The user IDs, usernames, email addresses, roles, and capabilities of registered users. However, no passwords are stored.
- The user ID of users who make changes to the website.
- Twitter username, if configured with Jetpack.
For data storage, Jetpack also uses cookies. Below, we show you a few selected, exemplary cookies that Jetpack uses:
Name: eucookielaw
Value: 1613651061376313200034-6
Purpose: Stores the user's consent status for the use of cookies.
Expiration: after 180 days
Name: tk_ai
Value: 0
Purpose: This cookie stores a randomly generated anonymous ID. It is only used within the administration area to track general analytics.
Expiration: at the end of the session
Name: tk_tc
Wert: E3%2BgJ1Pw6iYKk%2Fvj313200034-3
Verwendungszweck: Hier handelt es sich um ein sogenanntes Referral-Cookie. Damit wird die Verbindung zwischen WooCommerce und einer Website mit Jetpack-Plugin analysiert.
Ablaufdatum: nach Sitzungsende
Note: Jetpack uses many different cookies. Which cookies are specifically used depends on the Jetpack features used and your actions on websites with the integrated Jetpack plug-in. At https://de.jetpack.com/support/cookies/ you can see a list of possible cookies that Jetpack uses.
How long and where is the data stored?
The data collected is stored by Automattic until it is no longer required for its own services. Beyond this period, data is only retained if the company is obligated to do so for legal reasons. Web server logs, such as your IP address, browser type, and operating system, are deleted after approximately 30 days. The data is stored on the company's servers in the United States.
How can I delete my data or prevent data storage?
As mentioned above, Jetpack uses cookies to store data. If you do not want Jetpack to collect data from you in the future, you can request an "opt-out" cookie at https://www.quantcast.com/opt-out/. Quantcast will set this cookie, and no visitor data will be stored from you. This remains the case until you delete this cookie.
Alternatively, you can also manage, deactivate, or delete cookies in your browser as you wish. Cookie management works slightly differently depending on the browser type. Under the "Cookies" section, you will find the relevant links to the respective instructions for the most popular browsers.
Legal basis
The use of Jetpack requires your consent, which we have obtained via our cookie popup. According to Art. 6 (1) (a) GDPR (consent), this consent serves as the legal basis for the processing of personal data, as it may occur during collection by web analytics tools.
In addition to the consent, we have a legitimate interest in analyzing the behavior of website visitors in order to technically and economically improve our offering. With the help of Jetpack, we can detect errors on the website, identify attacks, and improve economic efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Jetpack if you have given your consent.
Automattic also processes your data in the USA. Jetpack and Automattic are active participants in the EU-U.S. Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Automattic uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-U.S. Data Privacy Framework and the standard contractual clauses, Automattic commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
If you would like to learn more about the privacy policies and the processing of data by Jetpack or Automattic, we recommend the privacy policy at https://automattic.com/privacy/, the cookie policy at https://automattic.com/cookies/, and also the information page at https://jetpack.com/support/what-data-does-jetpack-sync/. We hope we have been able to give you a good insight into data processing by Jetpack.
Meta Conversions API Privacy Policy
| Meta Conversions API Privacy Policy Summary You can find more details below in the Privacy Policy. |
What is a Meta Conversions API?
We use the Meta Conversions API on our website, which is a server-side event tracking tool. The service provider is the American company Meta Platforms Inc. For the European region, the company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible.
The Meta Conversions API is a tool or feature that allows us to measure the performance of our advertising campaigns in real time. The API is an interface that connects our website to Meta and thus measures certain actions on our website. A conversion occurs when you, as a visitor to a website, perform a desired action. This can be, for example, clicking a button or filling out a registration form. This conversion tracking method is an alternative to the Meta Pixel and aims to optimize conversion tracking through precision and reliability. The API sends data directly from our server to Meta on the server side. Personal data may also be processed in this process. In this privacy policy, we will go into more detail about the data processing by us and Meta.
Why do we use the Meta Conversions API on our website?
We use the Meta Conversions API to increase the quality of our website, our offerings, and our advertising campaigns. Our goal is to provide you with the best possible service. We want you to feel comfortable on our website and get exactly what you expect. To do this, we naturally need to adapt our offering as well as possible to your wishes and requirements. With the Meta Conversions API, we can respond to this very well and customize content and offers individually. This flexibility helps us to take different needs into account and, at the same time, improve our website offering. The data also helps us to conduct our advertising measures more cost-effectively and individually. Because, naturally, we want to show our offering only to people who are actually interested in it.
What data is stored by the Meta Conversions API?
With the help of the Meta Conversions API, we can collect various data about events on our website and provide it to Meta. Exactly which data is stored and processed depends on our individual settings and the specific events and parameters. As a rule, event data, user data, device data, and the exact time an event (e.g., button click) occurred are stored and sent to Meta. Event data includes actions such as registration, product purchase, page views, or button clicks that can be performed on our website. User data may also include personal data such as IP address, name, address, or email address. Device data refers to your device type, operating system, browser, and screen resolution.
How long and where is the data stored?
In principle, Meta stores data until it is no longer required for its own services and Meta products. Meta has servers distributed all over the world where data is stored. However, customer data is deleted within 48 hours after it has been matched with their own user data.
How can I delete my data or prevent data storage?
You have the right to access your personal data and object to its use and processing at any time. You can also file a complaint with a state supervisory authority at any time. In principle, you can prevent data storage by not consenting to data processing via the Consent Management Tool. The Meta Conversions API operates server-side, which is why deleting data is handled differently than with client-side methods. Nevertheless, you can check the privacy and security settings in your browser and, if possible, block tracking resources (pixels, cookies, scripts).
Legal basis
If you have consented to your data being processed and stored by the Meta Conversions API, this consent serves as the legal basis for data processing (Art. 6 (1) (a) GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 (1) (f) GDPR) in fast and good communication with you or other customers and business partners. However, we only use the Meta Conversions API if you have given your consent.
Meta also processes your data in the USA, among other places. Meta Platforms is an active participant in the EU-U.S. Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Meta uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-U.S. Data Privacy Framework and the standard contractual clauses, Meta commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de. https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Meta Data Processing Terms, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.
To learn more about the data processed through the use of the Meta Conversions API, please refer to the Privacy Policy at https://www.facebook.com/about/privacy.
Pinterest Web Analytics Privacy Policy
| Pinterest Web Analytics Privacy Policy Summary |
What is Pinterest Web Analytics?
We use Pinterest Web Analytics, a web analysis program from the social media network Pinterest, provided by the company Pinterest Inc. (808 Brannan Street, San Francisco, CA 94103, USA), on our website. For the European region, the Irish company Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data protection aspects.
Pinterest is a social network specializing in graphic visuals and photographs. The name is a portmanteau of the words "pin" and "interest." Users can exchange information about various hobbies and interests on Pinterest and view profiles with images, either openly or in defined groups. The Pinterest Web Analytics program refers to data analysis regarding the interaction between our website and our Pinterest page. When Pinterest visitors come to our website, we can analyze the user behavior of Pinterest users on our website through Pinterest Web Analytics.
Why Do We Use Pinterest? Web Analytics?
Pinterest has been around for several years now, and this social media platform remains one of the most visited and valued platforms. Pinterest is particularly well-suited for our industry because the platform is primarily known for its beautiful and interesting images. That’s why we’re naturally active on Pinterest and want to showcase our content there as well, beyond our website. Using Pinterest’s analytics tool, we gain valuable insights into the performance of our content, which allows us to better optimize our offerings. The data collected can also be used for advertising purposes, enabling us to show promotional messages to exactly those people who are interested in our services or products.
What data is processed by Pinterest Web Analytics?
So-called log data may be stored. This includes information about your browser, IP address, the address of our website and the activities performed on it (e.g., when you click the "Save" or "Pin" button), search histories, the date and time of the request, and cookie and device data. When you interact with a Pinterest function, cookies that store various data may also be set in your browser. Typically, the aforementioned log data, preset language settings, and clickstream data are stored in cookies. Pinterest defines clickstream data as information regarding your website behavior.
If you have a Pinterest account yourself and are logged in, the data collected through our site may be added to your account and used for advertising purposes. Below you can see an example selection of cookies that may be set in your browser.
Name: _auth
Value: 0
Purpose: This cookie is used for authentication. It can store a value such as your “username.”
Expiry date: after one year
Name: _pinterest_referrer
Value: 1
Purpose: This cookie stores the fact that you arrived at Pinterest via our website. It therefore saves the URL of our website.
Expiry date: after session ends
Name: _pinterest_sess
Value: …9HRHZvVE0rQlUxdG89
Purpose: This cookie is used for logging into Pinterest and contains user IDs, authentication tokens, and timestamps.
Expiry date: after one year
Name: _routing_id
Value: “8d850ddd-4fb8-499c-961c-77efae9d4065313200034-8”
Purpose: The cookie contains an assigned value that is used to identify a specific routing destination.
Expiry date: after one day
Name: cm_sub
Value: denied
Purpose: This cookie stores a user ID and a timestamp.
Expiry date: after one year
Name: csrftoken
Value: 9e49145c82a93d34fd933b0fd8446165313200034-1
Purpose: This cookie is likely set for security reasons to prevent request forgery. We were unable to determine further details.
Expiry date: after one year
Name: sessionFunnelEventLogged
Value: 1
Purpose: We have not yet been able to obtain more detailed information about this cookie.
Expiry date: after one day
How long and where is the data stored?
In principle, Pinterest stores the collected data until it is no longer required for the company's purposes. Once data retention is no longer necessary, for example to comply with legal requirements, the data is either deleted or anonymized so that you can no longer be identified as an individual. Data may also be stored on American servers.
Right to object
You also have the right and the option to withdraw your consent to the use of cookies or third-party providers like Pinterest at any time. This can be done via our cookie management tool or other opt-out functions. For example, you can also prevent data collection via cookies by managing, deactivating, or deleting cookies in your browser.
Since cookies may be used with embedded Pinterest elements, we also recommend that you read our general privacy policy regarding cookies. To find out exactly which data is stored and processed, you should read the privacy policies of the respective tools.
Legal basis
If you have consented to your data being processed and stored by Pinterest Web Analytics, this consent serves as the legal basis for data processing (Art. 6 (1) (a) GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 (1) (f) GDPR) in fast and good communication with you or other customers and business partners. However, we only use the tool if you have given your consent. Most web analysis tools also set cookies in your browser to store data. Therefore, we recommend that you read our privacy policy regarding cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.
Pinterest processes your data, including in the USA. By participating in the EU-U.S. Data Privacy Framework (DPF), Pinterest ensures that it complies with the European level of data protection. You can find more information about the DPF and Pinterest's certification here: https://www.dataprivacyframework.gov/.
As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and in particular the USA) or for the transfer of data thereto, Pinterest uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Pinterest commits to adhering to the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
You can find more information about standard contractual clauses at Pinterest here: https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.
We have attempted to provide you with the most important information regarding data processing by Pinterest Web Analytics. You can find more detailed information on Pinterest's data policies at https://policy.pinterest.com/de/privacy-policy.
TikTok Pixel Privacy Policy
| TikTok Pixel Privacy Policy Summary You can find more details below in the Privacy Policy. |
What is TikTok Pixel?
We use the TikTok Pixel tracking software on our website. The service provider is the Chinese company Beijing Bytedance Technology Ltd. For the European region, the Irish company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible. TikTok is a popular social media platform, especially among young people, where users can create, share, and watch short video clips.
The TikTok Pixel is a code snippet that we have integrated into our website to analyze user behavior. Together with TikTok for Business tools, the pixel helps us measure website traffic, monitor the performance of advertising campaigns, optimize our campaigns, and reach new customers.
In this privacy policy, we inform you about which data is processed by the TikTok Pixel, how long this data is stored, and how you can manage your privacy settings.
Why do we use TikTok on our website?
We have integrated the TikTok Pixel into our website to learn more precisely how you use our site, what interests you, and where we can further improve our service. Furthermore, this information helps us to run more personalized advertising campaigns on TikTok. Ultimately, we want to show our offers only to people who are genuinely interested in them.
What data is processed by TikTok Pixel?
To make tracking work, a JavaScript code snippet must be integrated into the website. The pixel collects various data about your user behavior on our website and uses cookies for this purpose. This can also involve the processing of personal data, such as your IP address. The exact data processed depends primarily on individual settings and cannot be precisely determined in this general text section.
TikTok distinguishes between the following types of information that are collected and processed via TikTok pixels:
Ad/Event Information: This is information about the advertisement that a user clicked on TikTok.
Timestamp: This records the exact time a pixel event was triggered. For example, if a specific button is clicked, the time of that click is stored.
IP Address: The IP address is considered personal data and is used by TikTok to determine your geographical location.
User Agent: The User Agent is used to identify the device model, operating system, and your browser version.
Cookies: Cookies are used to store data for measuring campaign performance or website performance directly.
Metadata & Button Clicks: This includes various page performance data such as load times and button clicks (name of the button, descriptive text, and attributes). It records exactly when you click which button and which subpage you visit.
Here, we provide only a rough overview of the types of data that can be processed by the TikTok Pixel. Please note that the type of data collected depends significantly on the individual settings of the pixel. In principle, the data is used for analyzing website trends and personalizing advertising.
How long and where is the data stored?
TikTok retains your data for as long as it is necessary for providing the platform and for the other purposes mentioned in TikTok's privacy policy. The company also retains data when necessary to fulfill contractual and legal obligations, when TikTok has a legitimate business interest (e.g., to improve and develop the platform and to enhance the security and stability of our services), and to establish or defend against legal claims.
The storage duration and locations of the data collected by TikTok can vary significantly and are subject to TikTok's privacy policies. TikTok may also store data on servers in the USA and other countries. The retention period generally depends on applicable legal requirements and internal policies. However, we have not yet been able to determine exactly how long data is stored. As soon as we have more detailed information, we will of course inform you.
How can I delete my data or prevent data storage?
You have the right at any time to access, correct, or delete your personal data, as well as to restrict its processing. You may also withdraw your consent to the processing of your data at any time.
If you generally want to disable, delete, or manage cookies, you will find the corresponding links to the instructions for the most popular browsers in the "Cookies" section.
If you have a TikTok account, you can manage your privacy settings directly on TikTok. For example, in your TikTok account settings, you can specify which information can be shared and which cannot.
Legal basis
If you have consented to your data being processed and stored by the TikTok Pixel, this consent serves as the legal basis for data processing (Art. 6 (1) (a) GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 (1) (f) GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the integrated TikTok Pixel if you have given your consent. The TikTok Pixel may also set cookies in your browser to store data. Therefore, we recommend that you read our privacy policy regarding cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.
TikTok processes your data, including in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve various risks to the legality and security of data processing.
As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and in particular the USA) or for the transfer of data thereto, TikTok uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, TikTok commits to adhering to the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
Further information on TikTok's privacy policy and data collection via the TikTok Pixel can be found on the TikTok website at https://www.tiktok.com/legal/page/eea/privacy-policy/en as well as in the general information about TikTok at https://www.tiktok.com/en/.
Social Media Introduction
| Social Media Privacy Policy Summary You can find more details on this in the respective social media tool. |
What is social media?
In addition to our website, we are also active on various social media platforms. In this context, user data may be processed so that we can specifically target users who are interested in us through social networks. Furthermore, elements of a social media platform may be embedded directly into our website. This is the case, for example, if you click on a so-called social button on our website and are redirected directly to our social media presence. Websites and apps through which registered members can produce content, share content openly or within specific groups, and network with other members are referred to as social media.
Why do we use social media?
For years, social media platforms have been the place where people communicate and connect online. With our social media presence, we can bring our products and services closer to interested parties. The social media elements integrated into our website help you switch to our social media content quickly and easily.
The data stored and processed through your use of a social media channel is primarily intended for web analysis. The aim of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can be used to draw appropriate conclusions about your interests and to create so-called user profiles. This also enables the platforms to present you with tailored advertisements. In most cases, cookies are set in your browser for this purpose, which store data on your usage behavior.
As a rule, we assume that we remain responsible under data protection law, even when using the services of a social media platform. However, the European Court of Justice has ruled that, in certain cases, the operator of the social media platform can be jointly responsible with us within the meaning of Art. 26 GDPR. Insofar as this is the case, we will point this out separately and operate on the basis of an agreement to this effect. The essential elements of the agreement are then reproduced further below for the respective platform.
Please note that when using social media platforms or our integrated elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may no longer be able to claim or enforce your rights regarding your personal data as easily.
What data is processed?
Exactly which data is stored and processed depends on the respective provider of the social media platform. However, it usually involves data such as telephone numbers, email addresses, data you enter into a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the visited social media channel yourself and are logged in, data can be linked to your profile.
All data collected via a social media platform is also stored on the providers' servers. Therefore, only the providers have access to the data and can provide you with the appropriate information or make changes.
If you want to know exactly which data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the respective privacy policy of the company. Even if you have questions about data storage and data processing or want to assert corresponding rights, we recommend that you contact the provider directly.
Duration of data processing
We will inform you about the duration of data processing further below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer required for its own purpose. However, customer data matched with its own user data is deleted within two days. In general, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. If required by law, as is the case with accounting for example, this storage period may also be exceeded.
Right to object
You also have the right and the opportunity to revoke your consent to the use of cookies or third-party providers, such as embedded social media elements, at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling, or deleting cookies in your browser.
Since cookies may be used with social media tools, we also recommend our general privacy policy regarding cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.
Legal basis
If you have consented to your data being processed and stored by integrated social media elements, this consent is considered the legal basis for data processing (Art. 6 Abs. 1 lit. a GDPR). In principle, if consent is given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Abs. 1 lit. f GDPR) in rapid and effective communication with you or other customers and business partners. Nevertheless, we only use the tools insofar as you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy text about cookies carefully and look at the privacy policy or cookie guidelines of the respective service provider.
You can find information about specific social media platforms—if available—in the following sections.
Facebook Privacy Policy
| Facebook Privacy Policy Summary You can find more details below in the Privacy Policy. |
What are Facebook tools?
We use selected Facebook tools on our website. Facebook is a social media network owned by Meta Platforms Inc. or, for the European region, by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer the best possible deals to you and to people who are interested in our products and services.
If your data is collected and forwarded via our embedded Facebook elements or via our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook bears sole responsibility for the further processing of this data. Our joint obligations have also been anchored in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum. This states, for example, that we must inform you clearly about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are integrated into our website in a secure manner under data protection law. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and data processing by Facebook, you can contact the company directly. If you direct the question to us, we are obliged to forward it to Facebook.
Below we provide an overview of the various Facebook tools, what data is sent to Facebook, and how you can delete this data.
In addition to many other products, Facebook also offers the so-called "Facebook Business Tools". This is Facebook's official designation. However, since the term is barely known, we have chosen to refer to them simply as Facebook tools. These include, among others:
- Facebook-Pixel
- social media plugins (such as the “Like” or “Share” button)
- Facebook Login
- Account Kit
- APIs (Application Programming Interfaces)
- SDKs (collection of programming tools)
- Platform Integrations
- Plugins
- Codes
- Specifications
- Documentation
- Technologies and Services
Through these tools, Facebook expands its services and is able to obtain information about user activity outside of Facebook.
Why do we use Facebook tools on our website?
We only want to show our services and products to people who are genuinely interested in them. With the help of advertisements (Facebook Ads), we can reach exactly these people. However, in order to show users relevant advertising, Facebook requires information about people's wishes and needs. Thus, the company is provided with information about user behavior (and contact data) on our website. This allows Facebook to collect better user data and display the right advertising about our products or services to interested people. The tools therefore enable tailored advertising campaigns on Facebook.
Facebook refers to data about your behavior on our website as "event data." This is also used for measurement and analysis services. Facebook can thus create "campaign reports" on our behalf regarding the effectiveness of our advertising campaigns. Furthermore, through analyses, we gain a better insight into how you use our services, website, or products. As a result, we optimize your user experience on our website with some of these tools. For example, you can use social plug-ins to share content from our site directly on Facebook.
What data is stored by Facebook tools?
By using individual Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number, and IP address can be transmitted.
Facebook uses this information to match the data with the data it already has about you (provided you are a Facebook member). Before customer data is transmitted to Facebook, a process known as "hashing" takes place. This means that a data set of any size is transformed into a string of characters. This also serves to encrypt data.
In addition to contact data, "event data" is also transmitted. By "event data" we mean the information that we receive about you on our website. For example, which subpages you visit or which products you purchase from us. Facebook does not share the information received with third-party providers (such as advertisers) unless the company has explicit permission or is legally obliged to do so. "Event data" can also be combined with contact data. This allows Facebook to offer better personalized advertising. After the matching process mentioned above, Facebook deletes the contact data again.
In order to optimize the delivery of advertisements, Facebook only uses the event data once it has been aggregated with other data (collected by Facebook in other ways). Facebook also uses this event data for safety, security, development, and research purposes. Much of this data is transmitted to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools used and whether or not you are a Facebook member, a varying number of cookies will be created in your browser. In the descriptions of the individual Facebook tools, we go into more detail about specific Facebook cookies. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.
How long and where is the data stored?
In principle, Facebook stores data until it is no longer required for its own services and Facebook products. Facebook has servers distributed all over the world where its data is stored. However, customer data is deleted within 48 hours after it has been matched with its own user data.
How can I delete my data or prevent data storage?
In accordance with the General Data Protection Regulation, you have the right to information, rectification, portability, and erasure of your data.
A complete deletion of the data only occurs if you delete your Facebook account entirely. And this is how deleting your Facebook account works:
1) Click “Settings” on the right side of Facebook.
2) Next, click on “Your Facebook Information” in the left column.
3) Now click “Deactivate and Delete.”
4) Now select “Delete Account” and then click “Continue and Delete Account”
5) Now enter your password, click “Next,” and then click “Delete Account”
The data that Facebook receives through our site is stored, among other things, via cookies (e.g., in social plugins). In your browser, you can disable, delete, or manage individual cookies or all cookies. Depending on which browser you use, this works in different ways. Under the “Cookies” section, you’ll find links to the instructions for the most popular browsers.
If you do not want to accept cookies at all, you can configure your browser to notify you whenever a cookie is about to be set. This allows you to decide whether to allow each individual cookie or not.
Legal basis
If you have consented to your data being processed and stored by integrated Facebook tools, this consent is considered the legal basis for data processing (Art. 6 Abs. 1 lit. a GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Abs. 1 lit. f GDPR) in rapid and effective communication with you or other customers and business partners. Nevertheless, we only use the tools insofar as you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy text about cookies carefully and look at the privacy policy or cookie guidelines of Facebook.
Facebook processes your data in the USA, among other places. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Facebook uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook commits to complying with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Facebook data processing terms, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.
We hope we have provided you with the most important information about the use and data processing by Facebook tools. If you want to learn more about how Facebook uses your data, we recommend the privacy policy at https://www.facebook.com/privacy/policy/.
Instagram Privacy Policy
| Instagram Privacy Policy Summary You can find more details below in the Privacy Policy. |
What is Instagram?
We have integrated Instagram features into our website. Instagram is a social media platform owned by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is one of the Facebook Products. The integration of Instagram content into our website is called embedding. This allows us to display content such as buttons, photos, or videos from Instagram directly on our website. When you access web pages of our online presence that have an integrated Instagram feature, data is transmitted to Instagram, stored, and processed. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.
Below we want to give you a more detailed insight into why Instagram collects data, what data is involved, and how you can largely control the data processing. Since Instagram belongs to Meta Platforms Inc., we obtain our information partly from the Instagram guidelines, but also from the Meta privacy policy itself.
Instagram is one of the most well-known social media networks worldwide. Instagram combines the benefits of a blog with the benefits of audiovisual platforms like YouTube or Vimeo. On "Insta" (as many users casually call the platform), you can upload photos and short videos, edit them with various filters, and also distribute them on other social networks. And if you do not want to be active yourself, you can simply follow other interesting users.
Why do we use Instagram on our website?
Instagram is the social media platform that has truly gone through the roof in recent years. And of course, we have also responded to this boom. We want you to feel as comfortable as possible on our website. That is why a diverse presentation of our content is a matter of course for us. Through the embedded Instagram features, we can enrich our content with helpful, funny, or exciting material from the Instagram world. Since Instagram is a subsidiary of Facebook, the collected data can also be useful to us for personalized advertising on Facebook. This way, our advertisements are only shown to people who are genuinely interested in our products or services.
Instagram also uses the collected data for measurement and analysis purposes. We receive aggregated statistics and thus gain more insight into your wishes and interests. It is important to mention that these reports do not personally identify you.
What data does Instagram store?
When you come across one of our pages that has integrated Instagram features (such as Instagram images or plug-ins), your browser automatically connects to Instagram's servers. During this process, data is transmitted to Instagram, stored, and processed. This happens regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, advertisements you see, and how you use our offer. Furthermore, the date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.
Facebook distinguishes between customer data and event data. We assume that this is exactly the same for Instagram. Customer data includes, for example, name, address, telephone number, and IP address. This customer data is only transmitted to Instagram after it has been "hashed." Hashing means transforming a data set into a string of characters. This allows the contact data to be encrypted. In addition, the aforementioned "event data" is also transmitted. By "event data," Facebook – and consequently Instagram as well – means data about your user behavior. It can also happen that contact data is combined with event data. The collected contact data is matched with the data that Instagram already has about you.
The collected data is transmitted to Facebook via small text files (cookies) that are usually set in your browser. Depending on the Instagram features used and whether you have an Instagram account yourself, a varying amount of data is stored.
We assume that data processing works the same way on Instagram as it does on Facebook. This means: if you have an Instagram account or have visited www.instagram.com, Instagram has set at least one cookie. If that is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram feature. At the latest after 90 days (after matching), this data is deleted or anonymized again. Although we have studied Instagram's data processing extensively, we cannot state with absolute certainty which exact data Instagram collects and stores.
Below we show you cookies that are set in your browser at least when you click on an Instagram feature (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged into Instagram, significantly more cookies will, of course, be set in your browser.
These cookies were used in our test:
Name: csrftoken
Value: “”
Purpose: This cookie is very likely set for security reasons to prevent request forgery. However, we could not obtain more precise information about this.
Expiry date: after one year
Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimize its own services and offers within and outside of Instagram. The cookie defines a unique user ID.
Expiry date: after the end of the session
Name: fbsr_313200034124024
Value: no information available
Purpose: This cookie stores the log-in request for users of the Instagram app.
Expiry date: after the end of the session
Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date: after the end of the session
Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe313200034”
Purpose: This cookie is used for Instagram's marketing purposes.
Expiry date: after the end of the session
Note: We cannot claim completeness here. Which cookies are set in each individual case depends on the embedded features and your use of Instagram.
How long and where is the data stored?
Instagram shares the information received among the Facebook companies, with external partners, and with people you connect with worldwide. Data processing is carried out in compliance with its own data policy. Your data is distributed across Facebook servers around the world, among other things for security reasons. Most of these servers are located in the USA.
How can I delete my data or prevent data storage?
Thanks to the General Data Protection Regulation, you have the right to access, portability, rectification, and erasure of your data. You can manage your data in the Instagram settings. If you want to completely erase your data on Instagram, you must permanently delete your Instagram account.
Here's how to delete your Instagram account:
First, open the Instagram app. On your profile page, scroll down and click on "Help Center". Now you will reach the company's website. On the website, click on "Managing Your Account" and then on "Delete Your Account".
If you delete your account entirely, Instagram deletes posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and will consequently not be deleted.
As mentioned above, Instagram stores your data primarily via cookies. You can manage, disable, or delete these cookies in your browser. Depending on your browser, this management always works a little differently. Under the "Cookies" section, you will find the corresponding links to the respective guides of the most popular browsers.
You can also generally configure your browser so that you are always informed when a cookie is about to be set. This allows you to decide individually in each case whether you want to allow the cookie or not.
Legal basis
If you have consented to your data being processed and stored by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 Abs. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 Abs. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements to the extent that you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie policies of the respective service provider.
Instagram processes your data in the USA, among other places. Instagram and Meta Platforms are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Instagram uses so-called Standard Contractual Clauses (= Art. 46. Abs. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Instagram commits to complying with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
We have tried to give you a clearer understanding of the most important information regarding data processing by Instagram. At https://privacycenter.instagram.com/policy/, you can look into Instagram's data policies in even greater detail.
Pinterest Privacy Policy
| Pinterest Privacy Policy Summary You can find more details below in the Privacy Policy. |
What is Pinterest?
We use buttons and widgets of the social media network Pinterest, a company owned by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA, on our site. For the European region, the Irish company Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all aspects relevant to data protection.
Pinterest is a social network that specializes in graphic images and photographs. The name is composed of the two words "pin" and "interest". Users can connect via Pinterest to exchange ideas about various hobbies and interests, and view respective profiles with pictures either openly or within defined groups.
Why do we use Pinterest?
Pinterest has been around for several years now, and this social media platform remains one of the most visited and appreciated platforms. Pinterest is particularly well-suited for our industry because the platform is primarily known for beautiful and interesting images. That is why we are, of course, active on Pinterest as well and want to showcase our content beyond our website. The collected data can also be used for advertising purposes, allowing us to display marketing messages precisely to those people who are interested in our services or products.
What data does Pinterest process?
So-called log data can be stored. This includes information about your browser, IP address, the address of our website and the activities performed on it (for example, when you click the save or pin button), search histories, date and time of the request, and cookie and device data. If you interact with an embedded Pinterest feature, cookies that store various data can also be set in your browser. Mostly, the aforementioned log data, preset language settings, and clickstream data are stored in cookies. Pinterest defines clickstream data as information about your website behavior.
If you have a Pinterest account yourself and are logged in, the data collected via our site can be added to your account and used for advertising purposes. When you interact with our embedded Pinterest features, you will generally be redirected to the Pinterest website. Below is an exemplary selection of cookies that are then set in your browser.
Name: _auth
Value: 0
Purpose: This cookie is used for authentication. It can store a value such as your “username.”
Expiry date: after one year
Name: _pinterest_referrer
Value: 1
Purpose: This cookie stores the fact that you arrived at Pinterest via our website. It therefore saves the URL of our website.
Expiry date: after session ends
Name: _pinterest_sess
Value: …9HRHZvVE0rQlUxdG89
Purpose: This cookie is used for logging into Pinterest and contains user IDs, authentication tokens, and timestamps.
Expiry date: after one year
Name: _routing_id
Value: “8d850ddd-4fb8-499c-961c-77efae9d4065313200034-8”
Purpose: The cookie contains an assigned value that is used to identify a specific routing destination.
Expiry date: after one day
Name: cm_sub
Value: denied
Purpose: This cookie stores a user ID and a timestamp.
Expiry date: after one year
Name: csrftoken
Value: 9e49145c82a93d34fd933b0fd8446165313200034-1
Purpose: This cookie is likely set for security reasons to prevent request forgery. We were unable to determine further details.
Expiry date: after one year
Name: sessionFunnelEventLogged
Value: 1
Purpose: We have not yet been able to obtain more detailed information about this cookie.
Expiry date: after one day
How long and where is the data stored?
In principle, Pinterest stores the collected data until it is no longer required for the company's purposes. Once data retention is no longer necessary, for example to comply with legal requirements, the data is either deleted or anonymized so that you can no longer be identified as an individual. Data may also be stored on American servers.
Right to object
You also have the right and the option to withdraw your consent to the use of cookies or third-party providers like Pinterest at any time. This can be done via our cookie management tool or other opt-out functions. For example, you can also prevent data collection via cookies by managing, deactivating, or deleting cookies in your browser.
Since cookies may be used with embedded Pinterest elements, we also recommend that you read our general privacy policy regarding cookies. To find out exactly which data is stored and processed, you should read the privacy policies of the respective tools.
Legal basis
If you have consented to your data being processed and stored by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 Abs. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 Abs. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. Nevertheless, we only use the tool to the extent that you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie policies of the respective service provider.
Pinterest processes your data, including in the USA. By participating in the EU-U.S. Data Privacy Framework (DPF), Pinterest ensures that it complies with the European level of data protection. You can find more information about the DPF and Pinterest's certification here: https://www.dataprivacyframework.gov/.
As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and in particular the USA) or for the transfer of data thereto, Pinterest uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Pinterest commits to adhering to the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
You can find more information about standard contractual clauses at Pinterest here: https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.
We have tried to give you a clearer understanding of the most important information regarding data processing by Pinterest. At https://policy.pinterest.com/de/privacy-policy, you can look into Pinterest's data policies in even greater detail.
Snapchat Privacy Policy
| Snapchat Privacy Policy Summary You can find more details below in the Privacy Policy. |
What is Snapchat?
We also use integrations of the messaging and social media service Snapchat on our website. The service provider is the American company Snap Inc., 2772 Donald Douglas Loop N, Santa Monica (HQ), CA, USA.
With Snapchat, users can create so-called "Snaps"—short images or videos—and share them with friends or followers. Snapchat is a popular communication tool, especially among younger people. Unlike other social media tools, these "Snaps" are deleted after a limited period of time. Depending on the user's preferences, this time can be set between a few seconds and up to 24 hours. In addition, Snapchat also offers features such as group chats, video calls, and a Discover section for media companies.
Why do we use Snapchat on our website?
We have provided Snapchat features on our website so that we can highlight Snapchat content and also give you the opportunity to follow us on Snapchat. This allows us to stay in touch with you beyond our website presence. By integrating Snapchat content, we also offer all our visitors who are not on Snapchat the opportunity to get a glimpse into the Snapchat world. Therefore, we view this integration as part of the overall experience offered on our website.
What data does Snapchat process?
When you view or interact with Snapchat content via our website, Snapchat may collect information about your usage behavior and your device. This can include data such as your IP address, browser type, operating system, location, language settings, and other technical information. Snapchat may also use cookies and similar technologies to collect information and personalize your user experience.
If you have or create a Snapchat account yourself, additional information may also be collected and processed. In this case, you voluntarily disclose data such as your name, username, email address, telephone number, and date of birth. If you make a purchase within the app, you must also provide payment data. All this information is processed by Snapchat, provided that you make this data available. If you actively use the service with your account, all information sent via Snapchat is also processed. This information includes, for example, chats, conversations, pictures, and videos.
How long and where is the data stored?
Snapchat stores different data for different periods of time, and the Snapchat servers are distributed across various regions worldwide. This means that your data can, for example, also be processed in the USA. As mentioned above, the storage duration of "Snaps" can partly be chosen by yourself in the settings. Most messages sent within the tool are automatically deleted from the servers as soon as they have been received or have expired. However, there is also data that is stored for a significantly longer period of time. This includes account information such as your name, mobile phone number, or email address. The storage duration of location data depends on how accurate it is and which specific Snapchat service is being used.
At https://help.snapchat.com/hc/de/articles/7012334940948, you will find a very good overview of the storage duration of various Snapchat data.
How can I delete my data or prevent data storage?
If you have a Snapchat account, you can manage your privacy settings directly on Snapchat and determine the storage duration of various content yourself. For example, in your Snapchat account settings, you can specify whether "Snaps" are deleted after a few seconds or only after 24 hours. In addition, you can also directly request those responsible at Snapchat to delete your personal data. However, the privacy policy on Snapchat points out that although most data will be deleted, legal reasons may arise where the data deletion must be suspended or certain data must continue to be stored.
In addition, you can manage and disable any cookies that Snapchat may set in your web browser to limit data collection. You can do this even without a Snapchat account. Please note, however, that this may affect the functionality of our website.
Legal basis
If you have consented to your data being processed and stored by Snapchat, this consent serves as the legal basis for data processing (Art. 6 Abs. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 Abs. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. Nevertheless, we only use the integrated Snapchat elements to the extent that you have given your consent. Snapchat may also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie policies of the respective service provider.
Snap processes your data in the United States, among other places. Please note that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. This may entail various risks regarding the lawfulness and security of data processing.
As a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or a transfer of data there, Snap uses so-called Standard Contractual Clauses (= Art. 46. Abs. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Snap commits to complying with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
More information on the Standard Contractual Clauses at Snap can be found at https://snap.com/en-US/terms/standard-contractual-clauses.
You can learn more about the data processed through the use of Snapchat in the Privacy Policy at https://snap.com/de-DE/privacy/privacy-policy.
TikTok Privacy Policy
| TikTok Privacy Policy Summary You can find more details below in the Privacy Policy. |
What is TikTok?
We use the TikTok integration on our website. The service provider is the Chinese company Beijing Bytedance Technology Ltd. For the European region, the Irish company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible. TikTok is a popular social media platform, especially among young people, where users can create, share, and watch short video clips.
In this privacy policy, we inform you about which data is processed by TikTok, how long the data is stored, and how you can manage your privacy settings.
Why do we use TikTok on our website?
We have integrated TikTok into our website so that you can watch TikTok videos and, if you like, interact with them. TikTok is particularly known for funny and creative content, and of course, we do not want to hold back such content from you. After all, we enjoy watching a creative TikTok video now and then ourselves.
What data does TikTok process?
When you watch or interact with TikTok videos on our website, TikTok may collect information about your usage behavior and your device. This can include data such as your IP address, browser type, operating system, location, and other technical information. TikTok may also use cookies and similar technologies to collect information and personalize your user experience.
If you have a TikTok account yourself, additional information may also be collected and processed. This includes user information (such as your name, date of birth, or email address) and data about your communication with other TikTok users.
How long and where is the data stored?
The storage duration and locations of the data collected by TikTok can vary significantly and are subject to TikTok's privacy policies. TikTok may also store data on servers in the USA and other countries. The retention period generally depends on applicable legal requirements and internal policies. However, we have not yet been able to determine exactly how long data is stored. As soon as we have more detailed information, we will of course inform you.
How can I delete my data or prevent data storage?
If you have a TikTok account, you can manage your privacy settings directly on TikTok. For example, in your TikTok account settings, you can determine which information may be shared and which may not. Furthermore, you can manage and disable cookies in your web browser to limit data collection. This is, of course, also possible without a TikTok account. Please note, however, that doing so may affect the functionality of our website and your TikTok experience.
Legal basis
If you have consented to your data being processed and stored by TikTok, this consent serves as the legal basis for data processing (Art. 6 Abs. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 Abs. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements to the extent that you have given your consent. TikTok may also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie policies of the respective service provider.
TikTok processes your data, including in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve various risks to the legality and security of data processing.
As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and in particular the USA) or for the transfer of data thereto, TikTok uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, TikTok commits to adhering to the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
Further information on TikTok's privacy policy and the collection of data by TikTok can be found on the TikTok website at https://www.tiktok.com/legal/page/eea/privacy-policy/en as well as in the general information about TikTok at https://www.tiktok.com/en/.
Payment Providers: Introduction
| Payment Provider Privacy Policy Summary You can find more details about this in the respective payment provider's tool. |
What is a payment provider?
We use online payment systems on our website that enable a secure and smooth payment process for both us and you. In doing so, personal data may, among other things, be sent to, stored by, and processed by the respective payment provider. Payment providers are online payment systems that enable you to complete an order via online banking. The payment process is carried out by the payment provider you have selected. We then receive notification of the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks left that do not offer or accept such payment methods.
Why do we use payment providers on our website?
Of course, we want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and take advantage of our offers. We know that your time is precious and that payment processing, in particular, must work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in your customary manner.
What data is processed?
Exactly which data is processed depends, of course, on the respective payment provider. However, in principle, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are stored. This is necessary data to be able to carry out a transaction at all. In addition, any contract data and user data, such as when you visit our website, what content you are interested in, or which subpages you click on, can also be stored. Most payment providers also store your IP address and information about the computer you are using.
The data is generally stored and processed on the servers of the payment providers. As the website operator, we do not receive this data. We are only informed about whether the payment was successful or not. For identity and credit checks, payment providers may forward data to the appropriate authority. The business and data protection policies of the respective provider always apply to all payment transactions. Therefore, please always review the General Terms and Conditions and the privacy policy of the payment provider. You also have the right to have data deleted or corrected at any time, for example. Please contact the respective service provider regarding your rights (right of withdrawal, right to information, and data subject rights).
Duration of data processing
We will inform you about the duration of data processing further below if we have further information on this. Generally, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If required by law, such as in the case of accounting, this storage period may be exceeded. For instance, we keep accounting records belonging to a contract (invoices, contracts, bank statements, etc.) for 10 years (Section 147 of the German Fiscal Code - AO) and other relevant business documents for 6 years (Section 257 of the German Commercial Code - HGB) after they are incurred.
Right to object
You always have the right to information, rectification, and deletion of your personal data. If you have any questions, you can also contact those responsible at the payment provider used at any time. Contact details can be found either in our specific privacy policy or on the website of the respective payment provider.
You can delete, disable, or manage cookies that payment providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.
Legal basis
We therefore offer other payment service providers in addition to conventional banking/credit institutions for the processing of contractual or legal relationships (Art. 6 Abs. 1 lit. b GDPR) . The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay, or Discover) provide you with a precise overview of data processing and data storage. In addition, you can always contact those responsible if you have any questions regarding data protection topics.
You can find information about specific payment providers—if available—in the following sections.
Stripe
If you choose a payment method offered by the payment service provider Stripe, the payment processing will be handled by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information provided during the ordering process together with information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency, and transaction number). Your data will be passed on solely for the purpose of payment processing with Stripe Payments Europe, Ltd. and only to the extent necessary for this purpose. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR (contract performance). Further information regarding data privacy from Stripe can be found at: https://stripe.com/de/privacy.
Apple Pay
If you choose the payment method "Apple Pay" provided by Apple Inc., One Apple Park Way, Cupertino, California, USA, 95014, the payment processing will be carried out via the "Apple Pay" function of your Apple-operated device. For the purpose of payment processing, the information provided during the ordering process together with the information about your order will be passed on to Apple. The processing of your data is based on Art. 6 para. 1 lit. b GDPR (contract performance). Apple generally processes this data in anonymized form. Further information on data protection regarding Apple Pay can be found at: https://support.apple.com/de-de/HT203027.
Google Pay Privacy Policy
We use the online payment provider Google Pay on our website. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.
Google processes your data in the USA, among other locations. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Google uses so-called Standard Contractual Clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Controller-Controller Data Protection Terms, which reference the standard contractual clauses, can be found at https://business.safety.google/adscontrollerterms/.
You can learn more about the data processed through the use of Google Pay in the Privacy Policy at https://policies.google.com/privacy.
Klarna Checkout Privacy Policy
| Klarna Checkout Privacy Policy Summary You can find more details on this further down in this privacy policy. |
What is Klarna Checkout?
We use the online payment system Klarna Checkout provided by the Swedish company Klarna Bank AB on our website. Klarna Bank has its corporate headquarters at Sveavägen 46, 111 34 Stockholm, Sweden. If you choose this service, personal data among other things will be sent to Klarna, stored, and processed. In this privacy policy, we would like to provide you with an overview of data processing by Klarna.
Klarna Checkout is a payment system for orders in an online shop. The user selects the payment method, and Klarna Checkout takes over the entire payment process. Once a user has completed a payment using the checkout system and has provided the relevant details, future online purchases can be completed even faster and easier. The Klarna system then recognizes the existing customer after they enter just their email address and zip code.
Why do we use Klarna Checkout on our website?
Our goal with our website and our integrated online shop is to offer you the best possible service. In addition to the overall experience on the website and our offers, this also includes a smooth, fast, and secure payment processing of your orders. To ensure this, we use the Klarna Checkout payment system.
What data does Klarna Checkout store?
As soon as you choose the Klarna payment service and pay using the Klarna Checkout payment method, you also transmit personal data to the company. On the Klarna Checkout page, technical data such as browser type, operating system, our website address, date and time, language settings, time zone settings, and IP address are collected from you, transmitted to Klarna's servers, and stored there. This data is stored even if you have not yet completed an order.
If you order a product or service through our shop, you must enter data about your person into the designated fields. This data is processed by Klarna for payment processing. In this context, for creditworthiness and identity checks, the following personal data in particular (as well as general product information) may be stored and processed by Klarna:
- Contact information: Name, date of birth, national identification number, title, billing and delivery address, email address, phone number, nationality, or salary.
- Payment information such as credit card data or your account number
- Product information such as tracking number, item type, and product price
In addition, there is also data that can be collected optionally, provided you make a conscious decision to do so. This includes, for example, political, religious, or philosophical beliefs, or various health data.
Klarna may also, either itself or via third parties (such as via us or via public databases), collect data on the goods or services you buy or order, in addition to the data mentioned above. This can include, for example, the tracking number or the type of item ordered, but also information about your creditworthiness, your income, or credit approvals. Klarna may also pass on your personal data to service providers such as software providers, data storage providers, or to us as the merchant.
When data is automatically entered into a form, cookies are always involved. If you do not want to use this function, you can deactivate these cookies at any time. Further down in the text, you will find instructions on how to fundamentally delete, deactivate, or manage cookies in your browser. Our tests have shown that no cookies are directly set by Klarna. If you choose the payment method "Klarna Sofort" and click on "Order", you will be redirected to the Sofort website. After successful payment, you will be taken to our thank you page. There, the following cookie is set by sofort.com:
Name: SOFUEB
Value: e8cipp378mdscn9e17kajlfhv7313200034-4
Purpose: This cookie stores your session ID.
Expiry date: after the end of the browser session
How long and where is the data stored?
Klarna endeavors to store your data only within the EU or the European Economic Area (EEA). However, it may also happen that data is transferred outside the EU/EEA. If this happens, Klarna ensures that data protection complies with the GDPR and that the third country is covered by an adequacy decision of the European Union. Data is always stored as long as Klarna requires it for the purpose of processing.
How can I delete my data or prevent data storage?
You can revoke your consent for Klarna to process personal data at any time. You also always have the right to information, rectification, and deletion of your personal data. To do so, you only need to contact the company or the company's data protection team via email at datenschutz@klarna.de. You can also contact Klarna directly via the Klarna website under "My Privacy Request".
Cookies that Klarna may use for its functions can be deleted, deactivated, or managed in your browser. Depending on which browser you use, this works in different ways. Under the "Cookies" section, you will find the corresponding links to the respective instructions for the most popular browsers.
Legal basis
Thus, for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR) , we offer the payment service provider Klarna Checkout in addition to traditional banking/credit institutions.
We hope to have provided you with a good overview of data processing by Klarna. If you would like to learn more about how your data is handled, we recommend Klarna's privacy policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy.
PayPal Privacy Policy
| PayPal Privacy Policy Summary You can find more details on this further down in this privacy policy. |
What is PayPal?
We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.
With PayPal, all users can send and receive money electronically. The company was founded in 1998 and, with over 325 million active customers, is now one of the best-known and largest online payment service providers worldwide.
Why do we use PayPal on our website?
There are various reasons why we use PayPal and offer it on our website. Since PayPal is one of the most popular online payment providers, many of our website visitors also use and trust this service. PayPal also offers high security standards for digital money transfers. The service uses various encryption methods to protect your personal data in the best possible way. We also appreciate PayPal's ease of use and the possibility of international payments in various currencies. As a rule, transactions are processed very quickly, which is a further advantage for both us and you as a customer.
What data does PayPal process?
In its privacy policy, PayPal distinguishes between various categories of personal data that may be processed through the use of the service. These include registration and contact data, identification and signature data, payment information, information on imported contacts, data from your account profile, device data such as your IP address, location data, and so-called inferred data. The latter is understood to mean information that can be derived from transactions or other data. This can include, for example, purchasing habits, behavior patterns, creditworthiness, or personal preferences.
Then there is also personal data collected by third parties (such as identity verification services, fraud detection providers, or your bank). This data includes information from credit agencies, transaction data, information on statutory regulations, technical usage data, location data, and again inferred data.
PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons, and widgets to recognize you as a user, customize content, and conduct analyses for interest-based advertising.
How long and where is the data stored?
In principle, PayPal stores the data as long as it is necessary to fulfill its obligations and within the scope of the purpose. Personal data required for the customer relationship will be retained for up to 10 years after the termination of the relationship. If PayPal is subject to a legal obligation, the retention period of the personal data corresponds to the respective applicable law (e.g., insolvency law). PayPal also stores personal data as long as necessary if retention is advisable with regard to legal disputes.
Since PayPal is a globally operating company, the service also has data centers worldwide where your data can be stored. This means that your data can also be stored on PayPal servers outside your country and also outside the scope of the GDPR.
How can I delete my data or prevent data storage?
You have the right at any time to access, correct, or delete your personal data, as well as to restrict its processing. You may also withdraw your consent to the processing of your data at any time.
If you generally want to disable, delete, or manage cookies, you will find the corresponding links to the instructions for the most popular browsers in the "Cookies" section.
Legal basis
There is a legitimate interest on our part to integrate PayPal as an external payment service, thereby making our offer more attractive and improving it technically and economically. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Please note that you can only use PayPal if you enter into a contractual relationship with PayPal. In this case, it may be necessary to submit further data protection and contractual declarations (e.g., consent).
PayPal also processes your data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks for the lawfulness and security of data processing.
As a basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, meaning in particular in the USA) or for any data transfer there, PayPal uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, PayPal undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
More information on the Standard Contractual Clauses and on the data processed through the use of PayPal can be found in the privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.
Visa Privacy Policy
We use Visa, a globally operating payment provider, on our website. The service provider is the American company Visa Inc. For the European region, the company Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, Great Britain) is responsible.
Visa also processes your data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks for the lawfulness and security of data processing.
As a basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, meaning in particular in the USA) or for any data transfer there, Visa uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Visa undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
More information on the Standard Contractual Clauses at Visa can be found at https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
More information about the data processed through the use of Visa can be found in the privacy policy at https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
Review Platforms: Introduction
| Review Platforms Summary |
What are review platforms?
You can rate our products or services on various review platforms. We participate in some of these platforms to receive feedback from you and optimize our offers. When you review us via a review platform, the privacy policy and terms and conditions of the respective review service apply. Very frequently, you also need to register to submit a review. Review technologies (widgets) may also be integrated into our website. By using such an integrated tool, data is also transferred to, processed, and stored by the corresponding provider.
Many of these integrated programs function according to a similar principle. After you have ordered a product from us or made use of a service, you will be asked, via email or on the website, to submit a review. For this purpose, you are usually redirected to a review page via a link, where you can easily and quickly create a review. Some review systems also offer an interface to various social media channels in order to make the feedback accessible to more people.
Why do we use review platforms?
Review platforms collect feedback and reviews about our offers. Through your reviews, we receive prompt feedback and can improve our products and/or services much more efficiently. Consequently, the reviews serve on the one hand to optimize our offers and, on the other hand, provide you and all our future customers with a good overview of the quality of our products and services.
What data is processed?
With your consent, we transfer information about you and the services you have used to the corresponding review platform. We do this to ensure that you have actually made use of one of our services. Because only then can you provide genuine feedback. The transferred data serves solely for user recognition. Which data is stored and processed exactly depends, of course, on the providers used. Mostly, personal data such as your IP address, email address, or your name is also made available to the review platforms. Even after you have submitted your review, order information, such as the order number of a purchased item, is forwarded to the corresponding platform. If your email address is transferred, this is done so that the review platform can send you an email after the purchase of a product. In order for us to also integrate your review into our website, we give the providers the information that you have accessed our page. The review platform used is responsible for the personal data collected.
How long and where is the data stored?
You can find more precise details about the duration of data processing further below in the respective privacy policy of the provider, provided we have further information on this. In general, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. Personal data mentioned in a review is usually anonymized by employees of the platform used and is therefore only visible to the company's administrators. The collected data is stored on the providers' servers and, with most providers, deleted after the end of the contract.
Right to object
You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.
Legal basis
If you have consented to the use of a review platform, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as can occur when captured by a review portal.
There is also a legitimate interest on our part to use a review platform in order to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Nevertheless, we only use a review platform to the extent that you have given your consent.
We hope we were able to provide you with the most important general information regarding the data processing of review platforms. More detailed information can be found further below in the data protection texts or in the linked privacy policies of the company.
Trustpilot
We use the review portal Trustpilot on our website. The provider is Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark. When you submit a review via Trustpilot, the data you enter there (e.g., name, email address, review content) as well as technical data (such as your IP address) are processed by Trustpilot and stored on their servers. If we send you a review request after a purchase, we transmit your email address, your name, and a reference number (order number) to Trustpilot in order to verify the authenticity of the review. The legal basis for using Trustpilot and transmitting the data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in collecting verified customer reviews and improving our offer. If you have given your express consent, the processing is based on Art. 6 para. 1 lit. a GDPR. Further information on data protection at Trustpilot can be found at: https://de.legal.trustpilot.com/for-reviewers/end-user-privacy-terms.
Google Customer Reviews Privacy Policy
We also use the Google Customer Reviews platform on our website. The service provider is the U.S. company Google Inc. In Europe, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.
Google processes your data in the USA, among other locations. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Google uses so-called Standard Contractual Clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The data protection terms for Google advertising products (Google Ads Controller-Controller Data Protection Terms), which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/
More information about the data processed through the use of Google can be found in the privacy policy at https://policies.google.com/privacy?hl=de.
All texts are protected by copyright.
Quelle: Privacy policy erstellt mit dem Datenschutz Generator für Deutschland von AdSimple.