Preamble

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to simply as "data") we process for which purposes and to what extent in the course of providing our application.

The terms used are not gender specific.

Table of contents

Controller

Ketonet Limited
Perikleous 13
Meshy Tower 217, Office 205
2413 Nicosia, Cyprus

Authorized representatives: Andreas Ketonis

Email address: connect@ketonet-ltd.com

Phone: +357 99 367 268

Imprint: https://ketonet-ltd.com/about-us/

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of data processed

  • Master data.
  • Payment data.
  • Location data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Log data.

Categories of data subjects

  • Recipients of services and clients.
  • Prospects.
  • Communication partners.
  • Users.
  • Business and contractual partners.

Purposes of processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organizational procedures.
  • Remarketing.
  • Target group formation.
  • Organizational and administrative procedures.
  • Feedback.
  • Marketing.
  • Profiles with user related information.
  • Provision of our online offering and user friendliness.
  • Information technology infrastructure.
  • Sales promotion.
  • Business processes and operational procedures.

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or establishment. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1) sentence 1 lit. a GDPR) - The data subject has given consent to the processing of personal data relating to him or her for one or more specific purposes.
  • Performance of a contract and pre contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1) sentence 1 lit. c GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests, fundamental rights, and freedoms of the data subject requiring the protection of personal data do not override those interests.

Security measures

In accordance with the legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, securing of availability of, and separation of the data. In addition, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to risks to data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software, and procedures in accordance with the principle of data protection through technology design and data protection friendly default settings.

Securing online connections through TLS or SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS or SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and more secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL or TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and in encrypted form.

Disclosure of personal data

As part of our processing of personal data, it may happen that the data is transmitted to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International data transfers

Data processing in third countries: If we transfer data to a third country, meaning outside the European Union (EU) or the European Economic Area (EEA), or if this occurs in the context of using third party services or disclosing or transferring data to other persons, entities, or companies, which can be recognized by the postal address of the respective provider or if the privacy policy explicitly refers to the transfer of data to third countries, this is always done in compliance with the legal requirements.

For transfers of data to the USA, we primarily rely on the Data Privacy Framework (DPF), which has been recognized as a secure legal framework by an adequacy decision of the EU Commission dated 10.07.2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and set out contractual obligations to protect your data.

This twofold safeguard ensures comprehensive protection of your data. The DPF forms the primary level of protection, while the standard contractual clauses serve as additional security. Should there be changes regarding the DPF, the standard contractual clauses act as a reliable fallback option. In this way, we ensure that your data remains adequately protected even in the event of political or legal changes.

For each service provider, we inform you whether they are certified under the DPF and whether standard contractual clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, corresponding safeguards apply, in particular standard contractual clauses, explicit consent, or legally required transfers. Information on transfers to third countries and applicable adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General information on data storage and deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or there are no other legal bases for processing. This applies in cases where the original purpose of processing no longer applies or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or for the protection of the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that apply specifically to certain processing activities.

If multiple retention periods or deletion deadlines are stated for a set of data, the longest period always applies. Data that is retained not for the originally intended purpose but due to legal requirements or other reasons is processed solely for the reasons that justify its retention.

Start of the period at the end of the year: If a period does not explicitly begin on a certain date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the time when the termination becomes effective or any other end of the legal relationship.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6(1) lit. e or f GDPR. This also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. This also applies to profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consents you have given at any time.
  • Right of access: You have the right to request confirmation as to whether data in question is being processed, and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: In accordance with legal requirements, you have the right to request completion of data concerning you or correction of inaccurate data concerning you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be deleted without undue delay or, alternatively, to request restriction of the processing of the data in accordance with legal requirements.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us, in accordance with legal requirements, in a structured, commonly used, and machine readable format, or to request its transmission to another controller.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Business services

We process data of our contractual and business partners, for example customers and prospects (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships as well as related measures and with regard to communication with the contractual partners (or pre contractually), for example to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any update obligations, and remedies in the event of warranty and other service disruptions. In addition, we use the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations, as well as company organization. We also process the data on the basis of our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business operations from misuse, risks to their data, secrets, information, and rights (for example by involving telecommunications, transport, and other auxiliary services and subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the scope of applicable law, we only pass on contractual partner data to third parties insofar as this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, such as for marketing purposes, within the framework of this privacy policy.

We inform contractual partners which data is required for the aforementioned purposes before or during data collection, for example in online forms, by special marking (for example colors) or symbols (for example an asterisk), or in person.

We delete the data after expiry of statutory warranty and comparable obligations, meaning generally after four years, unless the data is stored in a customer account, for example as long as it must be retained for legal archiving purposes (for tax purposes typically ten years). Data disclosed to us by the contractual partner in the course of an assignment is deleted in accordance with the requirements and generally after the end of the assignment.

  • Types of data processed: Master data (for example full name, residential address, contact information, customer number, etc.); payment data (for example bank details, invoices, payment history); contact data (for example postal and email addresses or phone numbers). Contract data (for example subject matter of the contract, term, customer category).
  • Data subjects: Recipients of services and clients; prospects. Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; communication; office and organizational procedures; organizational and administrative procedures. Business processes and operational procedures.
  • Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
  • Legal bases: Performance of a contract and pre contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); legal obligation (Art. 6(1) sentence 1 lit. c GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing activities, procedures, and services:

  • Agency services: We process our customers' data within the scope of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development or consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis or consulting services, and training services; Legal bases: Performance of a contract and pre contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
  • Provision of software and platform services: We process the data of our users, registered users and any test users (hereinafter collectively referred to as "users") in order to provide our contractual services to them and, on the basis of legitimate interests, to ensure the security of our offering and to develop it further. The required information is marked as such within the scope of the assignment, order, or comparable contract conclusion and includes the details required for service provision and billing as well as contact information in order to be able to hold any necessary consultations; Legal bases: Performance of a contract and pre contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
  • Technical services: We process the data of our customers and clients (hereinafter collectively referred to as "customers") to enable them to select, purchase or commission the chosen services or works as well as related activities, their payment, and their provision or execution or delivery.

    The required information is marked as such within the scope of the assignment, order, or comparable contract conclusion and includes the details required for service provision and billing as well as contact information in order to be able to hold any necessary consultations. To the extent that we gain access to information of end customers, employees, or other persons, we process this in accordance with legal and contractual requirements; Legal bases: Performance of a contract and pre contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Provision of the online offering and web hosting

We process users' data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the users' browser or end device.

  • Types of data processed: Usage data (for example page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (for example IP addresses, timestamps, identification numbers, involved persons); log data (for example log files relating to logins or the retrieval of data or access times). Content data (for example text or image messages and posts and the information relating to them, such as details of authorship or time of creation).
  • Data subjects: Users (for example website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
  • Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing activities, procedures, and services:

  • Provision of the online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also called a "web host"); Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
  • Provision of the online offering on our own or dedicated server hardware: For the provision of our online offering, we use server hardware operated by us as well as the associated storage space, computing capacity, and software; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so called "server log files". Server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, amounts of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and generally IP addresses and the requesting provider. Server log files can be used, on the one hand, for security purposes, for example to avoid server overload (especially in the case of abusive attacks, so called DDoS attacks), and, on the other hand, to ensure server utilization and stability; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
  • Email sending and hosting: The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the recipients' and senders' addresses as well as further information relating to email sending (for example the providers involved) and the content of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting spam. We ask you to note that emails on the internet are generally not sent in encrypted form. As a rule, emails are encrypted during transport, but, unless an end to end encryption method is used, not on the servers from which they are sent and received. We therefore cannot assume responsibility for the transmission path of emails between the sender and receipt on our server; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. Otherwise, we refer to the information on processing of visitors to our publication medium within the scope of these privacy notices.

  • Types of data processed: Master data (for example full name, residential address, contact information, customer number, etc.); contact data (for example postal and email addresses or phone numbers); content data (for example text or image messages and posts and the information relating to them, such as details of authorship or time of creation); usage data (for example page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (for example IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Users (for example website visitors, users of online services).
  • Purposes of processing: Feedback (for example collecting feedback via online form); provision of our online offering and user friendliness; security measures. Organizational and administrative procedures.
  • Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing activities, procedures, and services:

  • Comments and posts: If users leave comments or other posts, their IP addresses may be stored on the basis of our legitimate interests. This is done for our security in case someone posts unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we may be held liable for the comment or post ourselves and are therefore interested in the identity of the author.

    Furthermore, on the basis of our legitimate interests, we reserve the right to process users' information for spam detection purposes.

    On the same legal basis, we reserve the right, in the case of surveys, to store users' IP addresses for the duration of the survey and to use cookies to prevent multiple votes.

    The information provided in the context of comments and posts relating to the person, any contact and website information, as well as the content information, is stored permanently until the user objects; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Contact and inquiry management

When contacting us (for example by mail, contact form, email, phone, or via social media) as well as within the scope of existing user and business relationships, the information provided by the inquiring persons is processed insofar as this is necessary to respond to contact inquiries and any requested measures.

  • Types of data processed: Master data (for example full name, residential address, contact information, customer number, etc.); contact data (for example postal and email addresses or phone numbers); content data (for example text or image messages and posts and the information relating to them, such as details of authorship or time of creation); usage data (for example page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (for example IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback (for example collecting feedback via online form). Provision of our online offering and user friendliness.
  • Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR). Performance of a contract and pre contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Further information on processing activities, procedures, and services:

  • Contact form: When contacting us via our contact form, by email, or through other communication channels, we process the personal data you provide to respond to and handle the respective request. This generally includes information such as name, contact details, and, if applicable, other information communicated to us that is required for appropriate processing. We use this data exclusively for the stated purpose of contact and communication; Legal bases: Performance of a contract and pre contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Newsletters and electronic notifications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletters") only with the recipients' consent or on the basis of a legal permission. If, in the course of subscribing to the newsletter, its contents are specified, these contents are decisive for the users' consent. For registration for our newsletter, providing your email address is usually sufficient. However, in order to provide you with a personalized service, we may ask you to provide your name for personal addressing in the newsletter or additional information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a suppression list (so called "blocklist").

The logging of the subscription process is carried out on the basis of our legitimate interests for the purpose of proving its proper execution. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.

Content:

Information about us, our services, promotions, and offers.

  • Types of data processed: Master data (for example full name, residential address, contact information, customer number, etc.); contact data (for example postal and email addresses or phone numbers); meta, communication, and procedural data (for example IP addresses, timestamps, identification numbers, involved persons). Usage data (for example page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (for example by email or mail).
  • Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
  • Right to object (opt out): You can unsubscribe from our newsletter at any time, meaning revoke your consent or object to further receipt. A link to unsubscribe from the newsletter can be found either at the end of each newsletter or you can otherwise use one of the contact options provided above, preferably email.

Further information on processing activities, procedures, and services:

  • CleverReach: Email sending and automation services; Service provider: CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.cleverreach.com/de; Privacy policy: https://www.cleverreach.com/de/datenschutz/. Data processing agreement: Provided by the service provider.
  • Mailchimp: Email marketing, automation of marketing processes, collection, storage, and management of contact data, measurement of campaign performance, capturing and analysis of recipients' interaction with content, personalization of content; Service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://mailchimp.com; Privacy policy: https://mailchimp.com/legal/; Data processing agreement: https://mailchimp.com/legal/; Basis for third country transfers: Data Privacy Framework (DPF), standard contractual clauses (provided by the service provider). Further information: Specific security measures: https://mailchimp.com/de/help/mailchimp-european-data-transfers/.

Marketing communication via email, mail, fax, or telephone

We process personal data for the purposes of marketing communication, which may take place via various channels, such as email, telephone, mail, or fax, in accordance with legal requirements.

Recipients have the right to withdraw given consents at any time or to object to marketing communication at any time free of charge via the contact option stated above.

After withdrawal or objection, we store the data required to prove the previous authorization to contact or send communications for up to three years after the end of the year of withdrawal or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. On the basis of the legitimate interest in permanently observing the withdrawal or objection of users, we also store the data required to prevent renewed contact (for example, depending on the communication channel, the email address, phone number, name).

  • Types of data processed: Master data (for example full name, residential address, contact information, customer number, etc.); contact data (for example postal and email addresses or phone numbers). Content data (for example text or image messages and posts and the information relating to them, such as details of authorship or time of creation).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (for example by email or mail); marketing. Sales promotion.
  • Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
  • Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Web analysis, monitoring, and optimization

Web analysis (also referred to as "reach measurement") serves to evaluate visitor flows to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what times our online offering or its functions or content are most frequently used or invite reuse. It also allows us to determine which areas need optimization.

In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, for these purposes profiles, meaning data combined into a usage process, may be created, and information may be stored in a browser or on an end device and then read. The collected information includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data either to us or to the providers of the services we use, location data may also be processed.

In addition, users' IP addresses are stored. However, we use an IP masking method, meaning pseudonymization by truncating the IP address, to protect users. In general, no clear data of users (for example email addresses or names) is stored within the scope of web analysis, A B testing, and optimization, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of users, but only the information stored in their profiles for the purpose of the respective procedures.

Notes on legal bases: If we ask users for their consent to use third party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests, meaning an interest in efficient, economical, and recipient friendly services. In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (for example page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (for example IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Users (for example website visitors, users of online services).
  • Purposes of processing: Reach measurement (for example access statistics, recognition of returning visitors); profiles with user related information (creating user profiles); remarketing. Provision of our online offering and user friendliness.
  • Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing activities, procedures, and services:

  • Adobe Analytics: Adobe Analytics; Service provider: Adobe Systems Software Ireland, 4-6, Riverwalk Drive, Citywest Business Campus, Brownsbarn, Dublin 24, D24 DCW0, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://business.adobe.com/de/products/analytics/adobe-analytics.html; Privacy policy: https://www.adobe.com/de/privacy.html. Basis for third country transfers: Data Privacy Framework (DPF).
  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any clear data such as names or email addresses. It is used to assign analysis information to an end device in order to recognize which content users have accessed within one or more usage processes, which search terms they used, whether they accessed them again, or interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users that refer to our online offering and technical aspects of their end devices and browsers.
    Pseudonymous user profiles are created with information from the use of different devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. Analytics does provide coarse geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID based counterparts). For EU data traffic, IP address data is used solely for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for further purposes. When Google Analytics collects measurement data, all IP lookups are performed on EU based servers before the traffic is forwarded for processing to Analytics servers; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms); Right to object (opt out): Opt out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of ads: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).
  • Google Tag Manager: We use Google Tag Manager, software provided by Google that enables us to manage so called website tags centrally via a user interface. Tags are small code elements on our website that serve to record and analyze visitor activities. This technology helps us to improve our website and the content offered on it. Google Tag Manager itself does not create user profiles, does not store cookies with user profiles, and does not carry out independent analyses. Its function is limited to simplifying and making more efficient the integration and management of tools and services that we use on our website. Nevertheless, when using Google Tag Manager, users' IP addresses are transmitted to Google, which is technically necessary in order to implement the services we use. Cookies may also be set. However, this data processing only occurs if services are integrated via the Tag Manager. For more detailed information on these services and their data processing, we refer you to the further sections of this privacy policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Data processing agreement:
    https://business.safety.google/adsprocessorterms. Basis for third country transfers: Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms).
  • Matomo: Matomo is software used for web analysis and reach measurement purposes. When using Matomo, cookies are created and stored on users' end devices. The user data collected when using Matomo is processed only by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Deletion of data: The cookies have a storage period of a maximum of 13 months.

Plug ins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third party providers"). This may include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content").

The integration always requires that the third party providers of this content process users' IP addresses, since without an IP address they could not send the content to users' browsers. The IP address is therefore required for the display of this content or functions. We endeavor to use only such content whose respective providers use the IP address only to deliver the content. Third party providers may also use so called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users' devices and may include, among other things, technical information about the browser and the operating system, referring websites, time of visit, and other details about the use of our online offering, and may also be combined with such information from other sources.

Notes on legal bases: If we ask users for their consent to use third party providers, the legal basis for data processing is permission, meaning consent. Otherwise, user data is processed on the basis of our legitimate interests, meaning an interest in efficient, economical, and recipient friendly services. In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (for example page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (for example IP addresses, timestamps, identification numbers, involved persons). Location data (information on the geographic position of a device or a person).
  • Data subjects: Users (for example website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user friendliness; reach measurement (for example access statistics, recognition of returning visitors); tracking (for example interest and behavior based profiling, use of cookies); target group formation; marketing. Profiles with user related information (creating user profiles).
  • Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing activities, procedures, and services:

  • Google Fonts (retrieved from Google servers): Retrieval of fonts (and symbols) for the purpose of a technically secure, maintenance free, and efficient use of fonts and symbols with regard to currency and loading times, their uniform presentation, and possible licensing restrictions. The user's IP address is communicated to the font provider so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted, which is necessary for providing the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA. When visiting our online offering, users' browsers send their browser HTTP requests to the Google Fonts Web API, meaning a software interface for retrieving the fonts. The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent that describes the browser and operating system version of website visitors, as well as the referrer URL, meaning the web page on which the Google font is to be displayed. IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent must customize the font that is generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts "Analytics" page. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report of the top integrations can be generated based on the number of font requests. According to Google, Google does not use any of the information collected by Google Fonts to create profiles of end users or to serve targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.
  • Google Maps: We integrate maps from the service "Google Maps" provided by Google. The processed data may include, in particular, users' IP addresses and location data; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://mapsplatform.google.com/; Privacy policy: https://policies.google.com/privacy. Basis for third country transfers: Data Privacy Framework (DPF).
  • Instagram plugins and content: Instagram plugins and content. This may include, for example, content such as images, videos, or text and buttons that allow users to share content of this online offering within Instagram. We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt as part of a transfer (but not further processing) of "event data" that Facebook collects via Instagram functions (for example embedding functions for content) executed on our online offering or receives as part of a transfer for the following purposes: a) Display of content as well as advertising information corresponding to users' presumed interests; b) delivery of commercial and transactional messages (for example contacting users via Facebook Messenger); c) improving ad delivery and personalizing functions and content (for example improving recognition of which content or advertising information presumably corresponds to users' interests). We have concluded a specific agreement with Facebook ("Controller Addendum", https://www.facebook.com/legal/controller_addendum), which regulates, in particular, which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook agrees to fulfill data subject rights (meaning users can, for example, direct requests for information or deletion directly to Facebook). Note: If Facebook provides us with metrics, analyses, and reports (which are aggregated, meaning they do not contain information about individual users and are anonymous for us), then this processing is not carried out within the framework of joint controllership, but on the basis of a data processing agreement ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Terms" (https://www.facebook.com/legal/terms/data_security_terms), and with regard to processing in the USA on the basis of standard contractual clauses ("Facebook EU Data Transfer Addendum", https://www.facebook.com/legal/EU_data_transfer_addendum). Users' rights (in particular to access, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.instagram.com. Privacy policy: https://privacycenter.instagram.com/policy/.
  • LinkedIn plugins and content: LinkedIn plugins and content. This may include, for example, content such as images, videos, or text and buttons that allow users to share content of this online offering within LinkedIn; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Data processing agreement: https://legal.linkedin.com/dpa; Basis for third country transfers: Data Privacy Framework (DPF), standard contractual clauses (https://www.linkedin.com/legal/l/dpa). Right to object (opt out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • OpenStreetMap: We integrate maps from the service "OpenStreetMap", which are offered under the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation (OSMF). User data is processed by OpenStreetMap exclusively for the purpose of displaying map functions and for temporarily storing selected settings. This data may include, in particular, users' IP addresses and location data, which, however, is not collected without their consent (as a rule, via the settings of their end devices or browsers); Service provider: OpenStreetMap Foundation (OSMF); Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.openstreetmap.de. Privacy policy: https://osmfoundation.org/wiki/Privacy_Policy.
  • X plugins and content: Plugins and buttons of the platform "X". This may include, for example, content such as images, videos, or text and buttons that allow users to share content of this online offering within X; Service provider: X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://x.com/de; Privacy policy: https://x.com/de/privacy, (settings: https://x.com/personalization); Data processing agreement: https://privacy.x.com/en/for-our-partners/global-dpa. Basis for third country transfers: Standard contractual clauses (https://privacy.x.com/en/for-our-partners/global-dpa).
  • YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Right to object (opt out): Opt out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of ads: https://myadcenter.google.com/personalizationoff.

Created with the free privacy policy generator by Datenschutz-Generator.de, Dr. Thomas Schwenke