Privacy Policy

Vercel

For the hosting and provision of our website we use the service Vercel, operated by Vercel GmbH, Ungenannte Str., 13089 Berlin, Germany. Vercel provides a cloud platform for the development, hosting and performance optimization of websites and web applications, including features such as continuous integration/delivery, globally distributed CDN, serverless backends and edge computing. When using Vercel, anonymized page view data such as URLs visited, referrers, country of origin, browser information, performance metrics (web vitals) and the user agent are processed in particular; according to Vercel, personal identification features such as IP addresses or email addresses are not collected by default unless special integrations are used. Data processing is carried out for the purpose of secure and efficient provision of the website, optimization of performance and to ensure operation and to analyze technical faults or malicious queries. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR due to the legitimate interest in an efficient and secure provision of the website. Vercel does not use cookies for the operation of the hosting environment or for analysis. The data collected in this context is not transferred to third countries; processing takes place within the European Union. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected or, at the latest, after any statutory retention periods have expired or if the legitimate interest no longer applies. Further information on data protection at Vercel can be found at https://vercel.com/legal/privacy-policy.

Resend

We use Resend on this website to process and transmit contact form messages, an email API service of Plus Five Five, Inc, 2261 Market Street #5039, San Francisco, CA 94114, USA, which is operated under the domain resend.com. Resend is a developer-oriented email sending platform that enables website operators to reliably send transactional emails via a REST API or SMTP integration. In the context of this website's contact form, Resend handles the technical delivery of incoming contact requests to the website operator's stored email address. In addition, Resend provides detailed dispatch logs and event data (e.g. delivery, bounce). The following personal data is processed when Resend is used to process contact form submissions: Name, e-mail address and all other data entered in the contact form (e.g. message content, telephone number), IP address of the requesting person, time stamp of the transmission and technical metadata of the e-mail dispatch (e.g. delivery status, bounce information). The purpose of the data processing is the technically reliable delivery of contact requests to the website operator and to ensure the traceability of the e-mail dispatch by means of dispatch logs. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, insofar as contact is made in the context of pre-contractual or contractual measures, and Art. 6 para. 1 lit. f GDPR (legitimate interest of the website operator in the reliable technical delivery of contact requests). Data processing takes place within the framework of a Data Processing Agreement (Data Processing Addendum, DPA) in accordance with Art. 28 GDPR. Resend does not place any cookies on the end devices of website visitors as part of pure contact form processing. Data is transferred to a third country. According to its own information, Resend stores and processes customer data in the USA. When data is transferred to the USA, the standard contractual clauses (SCC) of the EU Commission pursuant to Art. 46 para. 2 lit. c GDPR apply as a suitable guarantee, which are anchored in Resend's Data Processing Addendum (DPA). The data processed as part of the contact form transmission will be deleted after processing the request, provided that there are no legal storage obligations to the contrary. According to Resend's own information, dispatch logs are stored for a period of seven days and then automatically deleted. Further information on data processing can be found at: https://resend.com/legal/privacy-policy

Cookiebot

We use the consent management service Cookiebot on our website to manage and document cookie consents, offered by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot enables the display of an individualized consent banner, the automatic recognition and categorization of all cookies used on the website and blocks non-essential cookies and trackers until consent is given by users. In particular, the user's consent preferences (e.g. consent or refusal for necessary, functional, statistical and marketing cookies), the time and status of the consent given, technical metadata on cookies and trackers, as well as anonymous usage data such as browser type, referrer information, timestamps and random identifiers when the analysis function is activated are processed. The purpose of data processing is the legally compliant recording, documentation and management of cookie consents as well as the implementation of legal transparency and verification obligations with regard to the use of cookies and other tracking technologies on this website. The legal basis for the processing of personal data in connection with the use of Cookiebot is Art. 6 para. 1 lit. c GDPR for the fulfillment of legal obligations in the context of consent management and Art. 6 para. 1 lit. f GDPR due to the legitimate interest in a verifiable, data protection-compliant design of the website. The storage and evaluation of any cookie consents by means of technically unnecessary cookies is carried out exclusively on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG, which can be revoked at any time. Cookiebot uses both technically necessary cookies to manage consent and - depending on the selected user decision - optional cookies for analysis and marketing purposes. The exact cookie types and their duration are listed transparently in the cookie banner and can be viewed at any time. Cookiebot does not transfer data to third countries, as data processing takes place within the European Union. Personal data in connection with consent is stored for as long as is necessary for the documentation of consent or in accordance with the statutory retention obligations. Personal data will be deleted at the latest as soon as the purpose of the processing ceases to apply or consent given is revoked, provided that there are no legal retention periods to the contrary. Further information on data protection at Cookiebot can be found at: https://www.cookiebot.com/en/privacy-policy/

Mistral AI

We use API services from Mistral AI on our website to provide powerful AI-based applications for text processing, document analysis, assistance systems and automated workflows. Mistral AI is operated by Mistral AI SAS, 4 rue Vauvilliers, 75001 Paris, France. The Mistral AI API can be used to provide AI-based chat functions, document extraction including OCR, automated content and support for technical queries. In particular, the following categories of personal data are processed Identity data (e.g. name), account and profile data, contact data (e.g. email address), contract and subscription data, technical identifiers (in particular IP address), internet usage data, communication content, if applicable, as well as audio or visual data when using corresponding functions. The purpose of the processing is to enable users to access AI support, automated processes and the analysis and generation of content. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR, insofar as the use takes place in the context of (pre-)contractual measures, as well as Art. 6 para. 1 lit. f GDPR based on the legitimate interest in the efficient provision of digital assistance and processing functions; insofar as technically required cookies or similar technologies are used for data access on the end device, this is done in accordance with § 25 para. 2 TDDDG. According to current information, Mistral AI does not use cookies for analysis or marketing purposes in the context of API use on users' end devices. Personal data is not transferred to third countries, as processing takes place within the European Union. The deletion of personal data takes place as soon as the processing purpose no longer applies or statutory retention periods expire; in the event of revocation or objection, the data will be deleted immediately, provided there are no compelling legal reasons to the contrary. Further information can be found in Mistral AI's Privacy Policy: https://legal.mistral.ai/terms/privacy-policy

MailerLite

We use MailerLite to provide our newsletter. This service is provided by MailerLite Limited, 38 Mount Street Upper, Dublin 2, D02 PR89, Ireland. This service can be used to organize and analyse the sending of newsletters. The data entered in order to receive the newsletter is stored on MailerLite's servers. With the help of MailerLite, interactions with the newsletter can be analyzed. In addition, conversion rates can be determined and the users of the newsletter can be categorized in order to adapt the newsletter to the different target groups. This analysis can be objected to via the link in every newsletter message. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent can be revoked at any time when subscribing to the newsletter. The legality of the processing that has already taken place remains unaffected by any revocation. We also use other email services from MailerLite to fulfill our contractual services and for customer administration. The legal basis for this is Art. 6 para. 1 lit. b GDPR. The data will be deleted at the end of the contract between us and MailerLite, unless the website visitor withdraws their consent beforehand. If this is the case, the data will be deleted from the distribution list. In addition, after subscribing to the newsletter, the email address is stored on a blacklist separately from other data for an indefinite period of time. The legal basis for this is Art. 6 para. 1 lit. f GDPR. It serves the interest of website visitors as well as our interest in using/operating a newsletter in accordance with the legal requirements. Further details: https://www.mailerlite.com/features. https://www.mailerlite.com/legal/privacy-policy.

Google Ads

Our website uses Google Ads, an online advertising service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to place, control and analyze advertisements. Google Ads makes it possible to place targeted ads based on usage data, to measure the reach of advertising measures and to offer so-called conversion and remarketing functions. Depending on the integration, the following personal data may be processed IP address, information on browser and device type, pages and URLs accessed, click data, location data (if available), conversion and engagement information (e.g. purchases, completed forms), as well as contact information pseudonymized using a hash when using enhanced conversions. The data is processed in order to efficiently manage advertising campaigns, measure the success of advertisements (conversion tracking), retarget website visitors (remarketing), analyze user behavior with regard to advertisements and optimize advertising playout. The legal basis for the processing of personal data when using Google Ads is generally consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as cookies or comparable technologies are used for recognition; the use can be based on Art. 6 para. 1 lit. f GDPR in individual cases, provided that there is a legitimate interest in efficient marketing and no consent is required. Google Ads uses cookies and similar technologies as part of its functions to evaluate user behavior, measure conversions and create target groups; if this concerns analysis, conversion and marketing cookies, they are only set with the active consent of the website visitor in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with Art. 25 para. 1 TDDD. § 25 para. 1 TDDDG. A transfer of data to third countries, in particular to the USA, cannot be ruled out; for such transfers, Google uses the EU standard contractual clauses as suitable guarantees in accordance with Art. 46 GDPR. Personal data is stored for as long as it is required for the stated purposes or until consent is withdrawn; statutory retention obligations remain unaffected, after which it is deleted. Further information on data protection at Google and specific information on Google Ads can be found at: https://policies.google.com/privacy?hl=de

YouTube

The YouTube service, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is integrated on this website for analysis and tracking purposes. The service enables the evaluation of interaction with YouTube videos on the website, such as playing, pausing and the progress of videos, in order to understand user behavior and measure the performance of video content. Typically, IP address, browser and device information, video interaction data (play, pause, progress, completion), referrer URL, screen settings, language settings and video metadata such as title and URL are processed. The processing is carried out for the purpose of measuring reach, optimizing the video offer, analyzing the interaction with video content and measuring the success of marketing measures. The legal basis for data processing is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG (regarding access to terminal device information and setting cookies); if consent is not given, processing is based on our legitimate interest in analysis and optimization in accordance with Art. 6 para. 1 lit. f GDPR. As part of the video integration, YouTube can set cookies and comparable technologies for analysis, functional and marketing purposes; these cookies are only used with prior express consent. The integration of YouTube may result in the transfer of personal data to third countries, in particular to servers of Google LLC in the USA. According to Google, it uses the EU Commission's standard contractual clauses as suitable guarantees for this transfer. The data will be deleted as soon as the purpose of the processing no longer applies or consent has been revoked, provided there are no statutory retention obligations to the contrary. Further information can be found in Google's Privacy Policy at: https://policies.google.com/privacy?hl=de

Google Conversion Tracking

This website uses Google Conversion Tracking. Google Conversion Tracking is a web analysis service. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Conversion Tracking uses cookies for identification. We learn the number of users and which actions were carried out on the website by the website visitors. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. The data will be deleted as soon as it is no longer required for the processing purposes. Further details: https://policies.google.com/privacy?hl=de.

PostHog

Our website uses the analytics service PostHog, which is operated by PostHog, Inc, 2261 Market Street, Suite 4008, San Francisco, California 94114, USA. PostHog enables the collection and evaluation of usage data to analyze user behavior, for example by recording clicks, page views, form submissions, session histories, A/B tests and feature usage. Typical data such as IP address (unless deactivated), browser information (type, device, operating system), session data, URL paths, referrers, usage-related events, HTML attributes of relevant elements and unique user IDs may be processed. Processing is carried out for the purpose of analyzing and optimizing our website, troubleshooting, measuring the success of product functions and improving user-friendliness. As a rule, the legal basis is consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. § Section 25 (1) TDDDG, provided that a corresponding consent has been given in the cookie banner. Insofar as consent is not required for technically necessary data processing, the processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR out of a legitimate interest in economic and secure web optimization. Cookies may be set for analysis and tracking purposes, which are only used with prior consent. Technically necessary cookies may be used without consent; further details can be found in the website's cookie banner. Personal data may be transferred to the USA. For these transfers, PostHog relies on the standard contractual clauses of the EU Commission as suitable guarantees in accordance with Art. 46 para. 2 lit. c GDPR. Personal data is stored for as long as is necessary for the purposes of the analysis or until consent is withdrawn, provided there are no statutory retention obligations to the contrary. If the data is no longer required for the stated purposes, it will be deleted. Further information is available at https://posthog.com/privacy.

Calendly

On our website, we use the appointment scheduling and analysis functions of Calendly, operated by Calendly, LLC, 115 E Main St Ste A1B, Buford, GA 30518, United States. Calendly enables automated online appointment booking and provides a calendar and embeddings that allow the booking of appointments and meetings directly via the website, as well as the possibility of analyzing and tracking bookings made, e.g. through integration into web analytics tools such as Google Analytics. When using Calendly, in particular page views of appointment scheduling forms, form submissions, selection of date and time, the actual booking made and - if linked via third-party integrations - possibly also the e-mail address used, content of the booked appointment and UTM or referrer data are processed. This data processing serves the purpose of the organizational processing of appointments, the optimization of customer experiences and the evaluation of conversion rates in the context of marketing. The legal basis for the analysis and tracking functions of Calendly is regularly the consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with. § In individual cases, Art. 6 para. 1 lit. b or f GDPR may also be relevant if an appointment booking serves directly to fulfill the contract or if our legitimate interest in efficient appointment processing and performance measurement prevails. When Calendly is integrated, cookies may be used depending on the functionality and integration; cookies are primarily used for functional purposes and for web analysis. Analysis and tracking cookies are only stored on the basis of consent. In connection with the use of Calendly, personal data may be transferred to the USA; the EU standard contractual clauses are used as sufficient guarantees for the level of data protection. Personal data will be deleted as soon as the purpose of the processing no longer applies, in particular after an appointment has been made or consent has been withdrawn, provided that there are no statutory retention periods to the contrary. Further information can be found in Calendly's Privacy Policy: https://calendly.com/legal/privacy-notice

Google AdSense

This website uses Google AdSense, a service for monetizing website traffic by displaying contextual and personalized advertisements. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google AdSense analyzes website content and user behavior in order to display appropriate ads and provides statistics on ad performance. Data such as page views, ad impressions, clicks, session duration, engagement metrics (e.g. bounce rate, pages per session), IP address, device information and cookie identifiers are processed for advertising personalization. The purpose of data processing is the effective marketing of website content and the provision of analytical information about the use and reach of advertisements. The legal basis for the processing is generally Art. 6 para. 1 lit. a GDPR i.V.m. § Section 25 (1) TDDDG, as the prior consent of website visitors is required for personalized advertising and the setting of cookies; for technically necessary analyses for the operation of the service, Art. 6 (1) lit. f GDPR in conjunction with Section 25 (2) TDDDG may be relevant. Google AdSense sets cookies of different categories, in particular for advertising, analysis and functionality purposes. Advertising and analysis cookies are only set with consent; functional cookies, which are necessary for service operation, can be used without consent. Data may be transferred to the USA and other third countries. Google LLC uses the standard contractual clauses of the EU Commission as a suitable guarantee within the meaning of Art. 46 GDPR. The stored data will be deleted as soon as the purpose of the processing no longer applies, consent is revoked or statutory retention periods expire. Further information on data processing by Google AdSense can be found at: https://policies.google.com/privacy

Google Tag Manager

Our website uses the tag management service Google Tag Manager, which is operated by Google Ireland Limited, Google Building, 4th Floor, 70 Sir John Rogerson's Quay, Dublin 2, Ireland (D02 X576). With Google Tag Manager, various tracking and marketing scripts (so-called "tags") can be centrally managed and integrated on the website without the need to make any adjustments to the source code. The service itself does not use any tracking mechanisms, but forwards data streams to the integrated third-party tags. Google Tag Manager typically processes all personal data that is transmitted through configured tagging, such as IP address, user interaction data (e.g. clicks, page views, form submissions), technical information about the browser or end device, as well as tracking IDs, geographical location data and e-commerce information. The scope depends on the respective tag configuration and the respective third-party tags. The purpose of the use is the efficient management and display of analysis and marketing tags, the evaluation of user behavior and the optimization of the online offer. The legal basis for the use is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in the technically secure, efficient and economical provision of analysis and marketing services. Insofar as tracking or marketing tags are set with consent, this is done on the basis of Art. 6 para. 1 lit. a GDPR i. V. m. § 25 para. 1 TDDDG. Google Tag Manager itself does not set any cookies, but can control the triggering of cookies by integrated third-party tags. Which cookies are set in detail depends on the respective tag configuration; more detailed information on this can be found in the corresponding sections of the Privacy Policy. Google Tag Manager may transfer personal data to third countries, in particular the USA, via downstream, integrated third-party tags. Google ensures suitable guarantees for its own processing operations in accordance with Art. 46 GDPR, in particular the use of the EU standard contractual clauses. The data collected as part of the tag will be deleted as soon as the respective purpose of the processing no longer applies, the data subject withdraws consent or statutory retention obligations permit deletion. The storage period of the integrated third-party services may differ and can be found in their Privacy Policies. Further information on data protection at Google Tag Manager can be found at: https://policies.google.com/privacy?hl=de

Google Ads Remarketing

We use Google Ads Remarketing on this website. Google Ads Remarketing is a web analysis service. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads Remarketing sets cookies for the following purpose: Website visitors can be assigned to a specific target group and accordingly be provided with personalized advertising. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. Further details: https://www.google.com/settings/ads/onweb/ https://policies.google.com/technologies/ads?hl=de.

Google DoubleClick

Our website uses the Google DoubleClick analysis service, a solution for managing advertising campaigns and optimizing display marketing, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google DoubleClick enables the placement, control and optimization of online advertisements as well as the analysis of ad impressions and conversions. The functions provided include, in particular, conversion tracking, program-controlled control of ads as well as target group and reach measurement. In particular, the following data is processed: IP address, cookie identifiers, device identifiers, website activity (e.g. pages visited, clicks on ads, conversions made), browser and device information, demographic information and interest and usage profiles. The processing is carried out to display interest-based advertising, to measure reach, to optimize the effectiveness of advertising and to analyze user behavior on the website. As a rule, the legal basis is consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG, unless technically necessary cookies are set; for analytically mandatory processes, Art. 6 para. 1 lit. f GDPR (legitimate interest in effective marketing and economic operation of the website) may also be relevant. Google DoubleClick sets various cookies for the recognition and analysis of surfing behavior, for conversion tracking and for interest-based advertising. These cookies are only set with explicit consent; the storage period varies depending on the type of cookie, but is generally up to 24 months. Personal data may be transferred to third countries, in particular to the USA. In these cases, Google uses the standard contractual clauses of the EU Commission as a suitable guarantee to ensure an appropriate level of data protection. The data will be deleted as soon as it is no longer required for the stated purposes, but at the latest after withdrawal of consent or expiry of statutory retention periods. Further information can be found at: https://policies.google.com/privacy

Facebook

We operate a Facebook fan page on https://www.facebook.com/. This social network is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Interaction with our company profile

When you visit our Facebook profile and interact with us, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Facebook profile. Insofar as an inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

Page Insights

As explained in the Meta Privacy Policy under "How do we use your information?", Meta also collects and uses information to provide analytics services, known as Page Insights, for page operators. This also applies to our Facebook page. Page insights are summarized statistics that are created based on certain interactions of visitors with pages and the content associated with them (e.g. viewing a page or a video, subscribing to a page, marking a page with "Like" or "No longer like", etc.) and are logged by the Meta servers. Meta provides us with summarized statistics and insights in connection with the Page Insights, which give us information about how people interact with our company website. We do not have access to any personal data, only to the summarized Page Insights. With the help of Page Insights, we can view anonymous statistics, e.g. the reach of our account, page views, likes, etc.. These also contain evaluations according to the age, gender and location of the users (as specified by them in their respective Facebook profiles). To evaluate the reach, we can make settings or set appropriate filters with regard to the selection of a time period, the viewing of a specific post and demographic groupings. This data is anonymized. It is not possible for us to draw conclusions about specific individuals. The purpose of processing this data is to analyze our reach and adapt our content and advertisements to user interests so that visitors can derive the greatest possible benefit from them. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target group-specific content and place advertising to better market our company and our services. The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. When processing personal data in the course of the so-called Page Insights, we are jointly responsible with Facebook in accordance with Art. 26 para. 1 GDPR. We have concluded a corresponding agreement with Facebook for this purpose, which can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum. Facebook's contact details are as follows: Online contact: https://www.facebook.com/help/contact/1650115808681298 Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland. For Facebook, you can contact the data protection officer at the following link: https://www.facebook.com/help/contact/540977946302970. Further information about Page Insights: https://de-de.facebook.com/legal/terms/page_cntroller_addendum

Processing of personal data and cookies by Meta

When a Facebook page is accessed, the IP address assigned to the end device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for "German" IP addresses). Facebook also stores information about the end devices of its users (e.g. as part of the "login notification" function); Facebook may thus be able to assign IP addresses to individual users. Anyone who is currently logged in to Facebook has a cookie with a Facebook identifier on their device. This enables Facebook to track who has visited this page and how it has been used. Facebook buttons integrated into websites enable Facebook to record visits to these websites and assign them to Facebook profiles. This data can be used to offer personalized content or advertising. Information on how personal data can be managed or deleted can be found in Facebook's Privacy Center: https://www.facebook.com/privacy/center/. More information on how Facebook handles data can be found here: http://de-de.facebook.com/about/privacy.

WhatsApp channel

We operate a WhatsApp channel. The channel is operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Through WhatsApp channels, information and relevant messages can be played out directly on WhatsApp by subscribing to channels of people and organizations. When a channel is subscribed to, messages are sent in the form of text messages, links to information, images or videos. Channels are public, which means that anyone can find, follow and view them. Since channels are public and the number of users is unlimited, channel status messages are visible to everyone and to WhatsApp. WhatsApp collects information from users, for example about their reactions, their choice of language and the channels they follow. However, we ourselves as the operator do not have access to personal data. WhatsApp channels are designed in such a way that operators do not receive any information such as the identity or contact details of users. Information about data processing by WhatsApp: https://www.whatsapp.com/legal/channels-privacy-policy-eea?lang=de_DE.

Instagram

We operate an Instagram profile. This social media platform is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Interaction with our company profile

When you visit our Instagram profile and interact with us, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Instagram profile. Insofar as a request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

Insights

As explained in the Meta Privacy Policy under "How do we use your information?" (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect), Meta also collects and uses information to provide analytics services, known as insights, for site operators. This also applies to our Instagram profile. Insights are summarized statistics that are created based on certain interactions of visitors with pages and the content associated with them and are logged by the Meta servers. This includes the following information: - how many people see and interact with our products, services or content, such as posts, videos, Instagram pages, advertisements, stores and advertisements (if the advertisement is shown on Meta products); - how people interact with our content, websites, apps and services; - which group of people interact with our content or which group of people use our services. Meta provides us with aggregated reports and insights that tell us how well our content, features, products and services are performing. We do not have access to personal data, only to the summarized reports. To evaluate the reach, we can make settings or set appropriate filters with regard to the selection of a time period, the viewing of a specific post and demographic groupings. This data is anonymized. It is not possible for us to draw conclusions about specific individuals. The purpose of processing this data is to analyze our reach and adapt our content and advertisements to user interests so that visitors can derive the greatest possible benefit from them. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target-group-specific content and place advertising to better market our company and our services. The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. When processing personal data in the course of the so-called Insights, the processing is carried out in joint responsibility with Meta in accordance with Art. 26 para. 1 GDPR. We have entered into a corresponding agreement with Meta for this purpose, which can be viewed [here](https://www.facebook.com/legal/terms/page_controller_addendum.). Meta's contact details are as follows: Online contact: https://www.facebook.com/help/contact/1650115808681298 Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland. For Instagram, you can contact the data protection officer at the following link: https://www.facebook.com/help/contact/540977946302970. Further information about Insights: https://de-de.facebook.com/help/pages/insights. The complete privacy policy of Instagram: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Processing of personal data and cookies by Meta

When an Instagram page is accessed, the IP address assigned to the end device is transmitted to Meta. According to Meta, this IP address is anonymized (for "German" IP addresses). Meta also stores information about the end devices of its users (e.g. as part of the "login notification" function); Meta may thus be able to assign IP addresses to individual users. If you are currently logged in to Instagram as a user, a cookie with the Instagram identifier is stored on the end device. This enables Meta to track who has visited and used this page. Meta buttons integrated into websites enable Meta to record your visits to these websites and assign them to your Instagram profile. This data can be used to offer personalized content or advertising. Further information: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

LinkedIn

We operate a LinkedIn profile on https://www.linkedin.com/. This social network is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Interaction with our company profile

When you visit our LinkedIn profile and interact with us, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our LinkedIn profile. Insofar as a request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

Page Insights

LinkedIn provides us with aggregated statistics and insights (called Page Insights) that tell us how people interact with our Company Page. Among other things, we receive information about the number of profiles that view, comment on or otherwise interact with our posts, as well as aggregated demographic and other information that helps us learn about the interaction with our page or LinkedIn profile. Page Insights provided to us by LinkedIn consist of aggregated data, and LinkedIn does not provide us with any personally identifiable information about members in relation to Page Insights. We also have no way of linking Page Insights to individual members. When placing ads, LinkedIn provides us with information about the types of people who see our ads and the success of our ads. Personal data is only passed on to us if this person has consented to such processing. We also receive information from LinkedIn that allows us to understand which of our ads led to a purchase being made or an action being taken. This data is processed for the purpose of analyzing our reach and adapting our content and ads to user interests. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target-group-specific content and place advertisements in order to better market our company and our services. The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. When processing personal data in the course of the so-called Page Insights, the processing is carried out in joint responsibility with LinkedIn in accordance with Art. 26 para. 1 GDPR. We have concluded a corresponding agreement with LinkedIn for this purpose, which can be viewed [here](https://legal.linkedin.com/pages-joint-controller-addendum). LinkedIn's contact details are as follows: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For LinkedIn, you can contact the data protection officer at the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

Processing by LinkedIn

By visiting our company profile, LinkedIn may also process additional personal data. In this case, the processing is carried out under the sole responsibility of LinkedIn and without our knowledge. More information from LinkedIn on this: https://de.linkedin.com/legal/privacy-policy.

TikTok

We operate a TikTok channel. TikTok is provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter "TikTok Ireland"). Our TikTok channel gives us the opportunity to present ourselves to TikTok users and to get in touch with them.

Interactions with our TikTok channel

Users can interact with our TikTok channel via their TikTok account, for example by liking or commenting on our posts. In doing so, we process the associated data such as the user name and profile picture. We use this data to optimize our content and its presentation and to adapt it to the respective user interests. It is also possible to send us direct messages on our TikTok channel. The user name and profile picture are also displayed here. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in optimizing our TikTok channel and the content published there. We also have a legitimate interest in communicating with users in order to answer questions, respond to criticism, build a relationship and exchange information. This enables us to improve our services and respond to the needs of potential customers. By communicating via TikTok, we reach younger customers in particular. Comments are stored on the channel for an unlimited period of time and can be viewed by other users. The same applies to the use of the Like function and direct messages.

TikTok analysis

When our TikTok channel is accessed and used, additional data is processed for TikTok analysis. These are summarized statistics that are created and logged by TikTok based on certain interactions of visitors with our TikTok channel and provide information about how our channel is interacted with. This data includes, but is not limited to:

• Follower growth
• Video views
• Profile views
• Likes, comments and shares
• Average playback time
• Percentage of viewers who watch the entire video
• Sources of traffic (e.g. profile, For You feed)
• Geographical distribution of the audience
• Activity times of the followers.

The data is provided to us in aggregated form as statistics. We do not have access to personal data, only to the summarized statistics. Further information on TikTok analyses can be found here: https://www.tiktok.com/creators/creator-portal/en-us/tiktok-content-strategy/understanding-your-analytics/. This data is processed solely for the purpose of analyzing and improving the content on our TikTok channel. By evaluating this data, we can recognize how our content and our TikTok channel are consumed. This enables us to create target group-oriented content and, if necessary, to place advertising in order to better market our company and our services. The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. When processing personal data in the course of TikTok analyses, the processing is carried out in joint responsibility with TikTok in accordance with Art. 26 para. 1 GDPR. We have concluded a corresponding agreement with TikTok for this purpose, which can be viewed here. TikTok's contact details are as follows: Online contact: https://privacytiktok.zendesk.com/hc/en-us/requests/new. By post: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. You can contact TikTok's Data Protection Officer using this form: https://www.tiktok.com/legal/report/DPO.

Processing of personal data by TikTok

When using TikTok's services, TikTok processes the personal data of users. This includes data such as your IP address, location data, time zone settings, advertising IDs, app and browser versions and device data (system, network type, device ID, screen resolution, operating system, audio settings and connected audio devices). The TikTok profiles and channels accessed, likes, messages and other usage data are also processed. If you are logged in with your own TikTok account, this data will be assigned to your account. Further information on the processing of data by TikTok can be found here: https://www.tiktok.com/legal/page/eea/privacy-policy/de.

YouTube

The social profile and functions of YouTube are integrated on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube enables the display of video content, the increase of reach and user interaction as well as the presentation of social media profiles directly on the website. As part of the integration, YouTube processes personal data such as IP addresses, unique identifiers (e.g. device or browser IDs), usage and interaction data (such as videos viewed, playback times and click activities), demographic and preference information as well as information obtained via cookies and similar technologies. The purpose of data processing is to provide video content, display the YouTube profile, improve the user experience and analyze interactions to optimize the website and increase reach. As a rule, Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG serves as the legal basis, provided that consent has been given for processing and for the setting of cookies and comparable technologies. For purely technical, absolutely necessary processes, Art. 6 para. 1 lit. f GDPR may be relevant. Cookies of different categories are set through the integration, in particular analysis and marketing cookies. These cookies are only set after active consent; their functionality depends on the selected privacy settings of the integrated YouTube player. The transfer of personal data to third countries, in particular to the USA, cannot be ruled out. Google uses the EU standard contractual clauses pursuant to Art. 46 (2) and (3) GDPR as suitable guarantees for data transfers. Personal data is deleted when the purpose no longer applies, consent is withdrawn or on request, provided there are no statutory retention periods. Further information can be found at https://policies.google.com/privacy?hl=de

Google company profile

We have a so-called Google company profile. We use the information service offered by Google and the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Data processing by Google

The Google page and its functions are used under your own responsibility. This applies in particular to the use of social and interactive functions (e.g. commenting, sharing, rating, direct messages). When you visit and interact with our Google company profile entry, Google also collects your IP address and other information that is stored on your device in the form of cookies. This may enable Google to assign IP addresses to individual users or user accounts. This information is used to provide us, as the operator of the Google company profile entry, with statistical information about the use of Google services. The data collected in this context is processed by Google and may be transferred to countries outside the European Union. Google generally describes what information Google receives and how it is used in its Privacy Policy. If you contact us via our Google company profile entry or other Google services by direct message, we cannot rule out the possibility that these messages may also be read and analyzed by Google (both by employees and automatically). We therefore advise against communicating personal data to us there. Instead, another form of communication should be chosen as early as possible. The use of this service is subject to the Google Privacy Policy. Further information can be found in the Privacy Policy at the following link: https://policies.google.com/privacy?hl=de.

Data processing by us

As the provider of our Google company profile entry, we do not collect and process any further data from the use of this Google service. When you contact us or publish a review, we process published profile data and the content of the review/comment. The legal basis is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the presentation of our company and in enabling the evaluation of our services in order to present our company and our services and to present them well to the outside world.

Google

When you log in via Google, the following data is transmitted to us by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland: First and last name, e-mail address, profile picture if applicable. Further information on data processing by Google: https://policies.google.com/privacy

Trustpilot Widget

Our website uses the Trustpilot widget, which is provided by Trustpilot Group Plc, The Minster Building, 21 Mincing Lane, London, EC3R 7AG, United Kingdom. The widget is used to display customer experiences, TrustScore and star ratings in order to strengthen trust in the offer and increase conversion rates. As part of the integration, the widget processes public rating data (such as user names, rating comments and star ratings), technical information such as IP address and browser data as well as interaction data (e.g. views, clicks, impressions of the widget). The processing is carried out for the purpose of displaying customer reviews, improving the user experience and analyzing interactions. The legal basis for processing is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in providing trust-building content and optimizing the website. If the widget is actively integrated, Trustpilot may also set cookies for reach measurement and analysis; these are only activated with the consent of the user, so that in this respect Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG applies. The data processed by the widget may be transferred to the United Kingdom, which is considered a safe third country within the meaning of the GDPR; according to the current state of knowledge, Trustpilot does not include other third countries. The storage period depends on the purpose of use; data will be deleted as soon as it is no longer required for the purposes described or consent given is revoked, provided that there are no legal storage obligations to the contrary. Further information can be found in Trustpilot's Privacy Policy at https://corporate.trustpilot.com/legal/for-businesses/privacy-policy/14-mar-2025.

Trustpilot reviews

Our website includes reviews and testimonials via Trustpilot. Trustpilot is operated by Trustpilot Group plc, 5th Floor, The Minster Building, 21 Mincing Lane, London, England, EC3R 7AG, United Kingdom. The service enables the display of customer ratings, TrustScore badges and other rating elements in order to strengthen the trust of potential customers and transparently display business ratings. As part of the integration, Trustpilot processes the IP address, browser information, details of the end device used and interaction data such as page views and clicks on the reviews, among other things. This takes place in particular when loading Trustpilot widgets or displaying individual reviews on the website. The purpose of data processing is to display third-party reviews, to increase trustworthiness and to make user reviews transparent and visible. The legal basis for the integration and processing is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in a transparent external presentation and a sound basis for decision-making for potential customers. If Trustpilot uses cookies or similar technologies to analyze user behavior or for cross-device recognition, this is done exclusively on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. § Section 25 (1) TDDDG, which is requested in the consent banner. If only technical cookies necessary for the provision of content are used, the processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR in conjunction with Art. 25 para. 2 no. 2 TDDDG. § Section 25 para. 2 no. 2 TDDDG. A transfer of personal data to third countries cannot be ruled out, in particular to the United Kingdom, where Trustpilot is based. According to the current status, there are adequacy decisions by the EU Commission for a transfer to this country. Personal data is deleted as soon as it is no longer required to achieve the respective purpose, consent has been withdrawn or storage has been objected to, provided that there are no statutory retention obligations to the contrary. Further information can be found in Trustpilot's Privacy Policy at: https://corporate.trustpilot.com/legal/for-reviewers/privacy-policy-end-user/jan-2026

YouTube

Video content is integrated on our website via the third-party service YouTube, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube enables the direct playback and display of videos on our website as well as the use of associated functions such as starting, stopping or sharing videos. As part of the integration, personal data such as IP address, cookie and local storage information as well as interaction and usage data on video playback behavior may be processed. Data processing is carried out for the purpose of providing video content, increasing the user-friendliness of the website and integrating interactive media offerings. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG, provided that consent has been given for the use of cookies or other storage technologies in the end device; otherwise Art. 6 para. 1 lit. f GDPR is relevant, as there is a legitimate interest in an appealing and informative design of the website. YouTube uses cookies and similar technologies for analytical, functional and, if necessary, marketing purposes, in particular to enable video playback and to evaluate user behavior. However, this only takes place with prior consent via the website's consent banner. In the context of use, the transfer of data to third countries, in particular to the USA, cannot be ruled out. The standard contractual clauses of the EU Commission are used to protect the data. Personal data is deleted as soon as the purpose of the processing no longer applies, consent is no longer given or statutory retention periods expire. Further information on data processing by YouTube can be found at https://policies.google.com/privacy?hl=de

Zoom

Our website uses the video conferencing and communication service Zoom, provided by Zoom Video Communications, Inc, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA, for European users with services via regional subsidiaries such as ZVC Germany, ZVC Netherlands or ZVC UK. Zoom enables audio and video conferences, webinars, live chats, screen sharing and online meetings to be held directly via the website. In the course of use, IP addresses, account information, session and meeting data, registration information for webinars, engagement data (e.g. recordings, transcripts) and interaction data such as chat messages, shared files or technical usage information are usually processed. The data processing serves the provision and management of online meetings, interactive communication and the implementation and evaluation of digital events. The legal basis for the processing is regularly Art. 6 para. 1 lit. b GDPR (implementation of (pre-)contractual measures), for support or administrative processes as well as analysis purposes Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication and IT security). Depending on the integration, Zoom uses functional cookies for session management and, if necessary, analysis or marketing cookies to evaluate usage, whereby analysis and marketing cookies are only used with consent in accordance with Art. 6 Para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG are used. Functional cookies are necessary for operation and are used in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with. § 25 para. 2 TDDDG are used. Personal data is transferred to third countries, in particular to the USA, whereby Zoom uses the EU standard contractual clauses as suitable guarantees in accordance with Art. 46 para. 2 lit. c GDPR. The storage period depends on the respective purpose, i.e. data is deleted or blocked after the purpose of processing ceases to apply, if consent is revoked or objected to, or if statutory retention periods expire. Further information can be found in Zoom's Privacy Policy: https://www.zoom.com/en/trust/privacy/privacy-statement/

Google Meet

The Google Meet service is used on our website to conduct audio and video conferences. Google Meet is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Meet enables virtual meetings, audio and video conferences and functions such as screen sharing, live subtitling, chat and collaboration in real time. In particular, we process participants' identity data (such as name and email address), attendance data (e.g. joining and leaving times, roles in the meeting), device information and technical metrics (device type, network data such as latency and packet loss for audio/video), location data, meeting events (e.g. presentations, surveys, reports of abuse), meeting artifacts (recordings, transcripts, if activated) as well as browser and network analysis data. The data processing is carried out for the purpose of organizing and conducting online conferences and virtual collaboration, including the provision, safeguarding and analysis of the technical functionality of the meetings. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR for contractual and pre-contractual purposes and Art. 6 para. 1 lit. f GDPR based on our legitimate interest in efficient, secure and modern communication. If functions such as recording or extended analyses are used, additional consent may be required in accordance with Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Google Meet may use functional and analytical cookies to ensure the stability of the connection and to analyze performance. These cookies are only set with prior consent. The legal basis for this is Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG. A transfer of personal data to third countries, in particular to the USA, cannot be ruled out in the context of support or maintenance processes. Google guarantees compliance with an appropriate level of data protection by concluding EU standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR. The data will be deleted as soon as the purpose of the processing no longer applies, consent has been revoked or statutory retention periods have expired. Further information can be found in Google's Privacy Policy: https://policies.google.com/privacy?hl=de

Stripe

The Stripe payment service is integrated on the website to enable the secure and efficient processing of online payments and subscriptions. Stripe Payments Europe, Limited, 3 Dublin Landings, North Wall Quay, Dublin 1, D01 C4E0, Ireland, is responsible for the service in Europe. Stripe provides various payment functions, such as payment by credit card, direct debit, instant bank transfer or digital wallets, as well as automated invoicing and fraud prevention. In the context of use, Stripe processes personal data such as name, e-mail address, telephone number, billing and delivery address, credit card and account data, IP address, device and browser information, usage and transaction data and, if applicable, documents to confirm identity. The processing is carried out for the purpose of payment processing, contract execution, fraud prevention and compliance with legal requirements. The legal basis is Art. 6 para. 1 lit. b GDPR for contractual or pre-contractual measures, if applicable Art. 6 para. 1 lit. f GDPR due to legitimate interests in secure payment processing and § 25 para. 2 no. 2 TDDDG for technically necessary cookies and technologies. Stripe uses technically necessary cookies as part of the payment process, including authentication and security cookies as well as session IDs for fraud prevention and payment processing. These cookies are absolutely necessary for operation and are processed without consent (Section 25 (2) No. 2 TDDDG). Analytical or marketing cookies, on the other hand, are only used with consent in accordance with Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. Personal data may be transferred to third countries (in particular the USA) as part of payment processing. Stripe uses the standard contractual clauses approved by the EU Commission in accordance with Art. 46 para. 2 lit. c GDPR as suitable guarantees. Personal data is generally deleted as soon as it is no longer required for the purposes for which it was collected and there are no statutory retention obligations. If consent is withdrawn or after expiry of statutory periods, the data will be deleted, provided there are no other statutory retention periods to the contrary. Further information on data processing by Stripe is available at: https://stripe.com/privacy

Pipedrive CRM

Our website uses the Pipedrive CRM customer relationship management system from Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Harju maakond, Estonia, to support the collection, maintenance and management of customer data and the organization of the sales process. Pipedrive CRM enables the automated collection of website inquiries via contact forms as well as the management of leads, communication with interested parties and the analysis and tracking of sales activities. The processed data includes contact and company details such as name, e-mail address, communication content and history, information on website visits (e.g. IP address, time of visit, pages visited), interaction data from forms, campaign parameters (e.g. UTM parameters) and, if applicable, e-commerce-related information with corresponding integration. The purpose of the processing is the efficient processing of inquiries, management and tracking of potential business, coordination of sales and improvement of customer relationships. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, insofar as the processing is carried out to fulfill (pre-)contractual measures, as well as Art. 6 para. 1 lit. f GDPR due to the legitimate interest in optimizing sales processes and business processes. Insofar as Pipedrive CRM sets cookies for analysis or functionality purposes, this is done exclusively on the basis of a previously granted consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG; this may be the case in particular for the evaluation of visitor behavior. Personal data may be transferred to third countries, in particular to the USA. In such cases, Pipedrive uses the standard contractual clauses published by the European Commission as a suitable guarantee to ensure an adequate level of data protection. The personal data will be deleted when the purpose of processing ceases to apply, consent is revoked or upon request, provided that there are no legal retention periods to the contrary. Further information can be found in Pipedrive's Privacy Policy at: https://www.pipedrive.com/en/privacy

In-house development

We use a customer relationship management (CRM) system that we developed ourselves. This CRM enables us to manage existing and potential customers and contacts and to organize sales, accounting and communication processes. This system is crucial for analyzing and optimizing our customer-related processes. With the help of the CRM system, we can efficiently organize our customer communication via various channels to present relevant information and offers that match our customers' interests. As soon as we collect personal data on our website, we process it in the CRM system. The data is processed on the basis of Art. 6 para. 1 lit. b GDPR for the fulfillment of (pre-)contractual obligations and Art. 6 para. 1 lit. f GDPR, as the use of CRM functions is of central importance for the growth and scaling of our company and we have a legitimate interest in the most efficient customer management and communication possible. If a corresponding consent has been requested, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. Thanks to our in-house development, we can ensure that no data is transferred to third parties.

AWS Backup

On our website, we use the AWS Backup service from Amazon Web Services, Inc, 410 Terry Ave North, Seattle, WA 98109-5210, USA, for the automated backup and restoration of data in our cloud infrastructure. The service enables the centralized and automated creation, storage and restoration of backups for various AWS resources such as EC2 instances, EBS volumes, S3 buckets, RDS databases, EFS file systems and DynamoDB tables used for the operation of our website. The data specified in the backup configuration is processed from the aforementioned cloud resources as well as metadata on the backup processes (e.g. timestamps, resource IDs, status messages) and access and administration data (e.g. IAM roles and authorizations). The processing of this data serves the purpose of fail-safety, the recovery of systems in the event of a disaster, compliance with legal and business archiving obligations and the prevention of data loss. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in data security and business continuity, unless a contractual requirement pursuant to Art. 6 para. 1 lit. b GDPR is relevant in individual cases. AWS Backup does not use cookies as part of this functionality, as the service is not integrated into the user interaction on the website, but works exclusively on the server side for backup purposes. Data may be transferred to third countries, in particular to the USA, in certain cases. In this case, Amazon Web Services relies on the EU standard contractual clauses as suitable guarantees in accordance with Art. 46 GDPR. Data will be deleted as soon as the purpose of the backup no longer applies, a retention period expires or at the request of the website operator, provided that there are no legal retention obligations to the contrary. Further information on data protection at Amazon Web Services can be found at: https://aws.amazon.com/privacy/

Synology C2

This website uses cloud backup and storage functions of Synology C2, a service of Synology Inc, 9F, No. 1, Yuan Dong Rd, Banqiao, New Taipei 220632, Taiwan. Among other things, Synology C2 enables data backup, encrypted file transfer, identity and password management and the provision of object storage for content delivery solutions. During use, personal data such as access data to the Synology account, file metadata, one-time passwords (OTPs) for secure transfers and, if applicable, directory and group information for identity services are processed. The purpose of data processing is the secure storage, management and recovery of data and the provision of additional security and identification functions as part of the respective service. The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR for the fulfillment of contractual or pre-contractual obligations and in accordance with Art. 6 para. 1 lit. f GDPR due to the legitimate interest in secure and efficient data processing; if consent is required for certain functions (e.g. setting cookies, if online integration takes place), this is done on the basis of Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. Synology C2 may set technically necessary cookies as part of certain online integrations, for example for authentication or security functions; these are used exclusively for functional and security purposes and are based on Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. a GDPR with consent. When using Synology C2, data is transferred to third countries, in particular to Taiwan; standard contractual clauses recognized by the EU Commission exist for protection. The stored data will be deleted as soon as the purpose of processing no longer applies, consent has been revoked or statutory retention periods expire. Further information on data processing by Synology C2 can be found in Synology's Privacy Policy: https://www.synology.com/en-global/company/legal/privacy

Google Cloud Platform (GCP)

We use the cloud backup and hosting services of Google Cloud Platform (GCP) on our website, operated by Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland. GCP makes it possible to securely store website data and content in distributed cloud storage systems, create automated backups and provide robust hosting and infrastructure services for web applications and services. Depending on the configuration, technical data such as server logs, connection data (e.g. IP address, time stamp), usage and access data and, in the case of transmission processes, content transmitted on the website are typically processed. The data processing is carried out for the purpose of data backup, recovery in the event of loss, operational security of the website and for the effective provision of hosting infrastructure. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in the secure, stable and efficient provision of the website; insofar as backups are legally required, Art. 6 para. 1 lit. c GDPR may also be relevant. In connection with Google Cloud Platform, no cookies are set on users' end devices. Personal data may be transferred to third countries outside the European Union as part of cloud-based hosting. Google uses the European Commission's standard contractual clauses in accordance with Art. 46 GDPR as a suitable guarantee for this. The data will be deleted as soon as the purpose of the backup no longer applies, the website service is discontinued or statutory retention obligations have expired. In the event of a revocation or justified deletion requests, the deletion takes place after examination and within the scope of the technical possibilities. Further information on data processing by Google Cloud Platform can be found at: https://cloud.google.com/terms/cloud-privacy-notice

Google Drive

Our website uses Google Drive, a cloud service for file storage, synchronization and collaborative editing, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Drive enables the storage, synchronization and sharing of files and folders as well as the integration and collaborative editing of documents via the website. Among other things, file names, file contents, metadata (such as creation and modification data, folder structures and file sizes), information on sharing and access activities as well as interaction data are processed, as well as authentication data of the respective Google account. The processing is carried out for the purpose of secure cloud storage, synchronization as well as for the provision and management of files and to ensure collaboration functions. The legal basis for the processing is generally Art. 6 para. 1 lit. b GDPR, insofar as the processing is necessary for the use of the cloud services, as well as Art. 6 para. 1 lit. f GDPR based on the legitimate interest in the efficient provision and management of data. Insofar as cookies are used, for example for authentication or to ensure functionality, these are used exclusively for functional purposes; the legal basis for this is Art. 6 para. 1 lit. f GDPR in conjunction with. § Section 25 para. 2 no. 2 TDDDG. In the context of use, personal data is transferred to Google servers in the USA; the standard contractual clauses (SCC) approved by the EU Commission are used as suitable guarantees to protect the data. Data is deleted as soon as the purpose of storage no longer applies, consent is revoked or a statutory retention period expires. Further information can be found in Google's Privacy Policy: https://policies.google.com/privacy?hl=de