Imprint

Systemtechnology Cala Plata

Dr. Cala Sana

Hohenzollerndamm 105-110
14199 Berlin
Germany

Phone: +4930.8974.5050
E-mail: mail@calavivo.world

VAT ID: DE237342823

Note:

All texts, images and graphics on Cala Vivo World are protected by copyright. The contents are entirely fictional and serve solely for entertainment; any resemblance to real persons or events is coincidental and unintended.

EU dispute resolution

In accordance with the Regulation on online dispute resolution in consumer matters (ODR Regulation), we would like to inform you about the online dispute resolution platform (OS platform).
Consumers have the option of submitting complaints to the European Commission's online dispute resolution platform at https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home2.show&lng=DE. You will find the contact details required for this above in our imprint.

However, we would like to point out that we are neither willing nor obliged to take part in dispute resolution proceedings before a consumer arbitration board.

Source: Created with the Imprint Generator by AdSimple

Privacy Policy

Table of contents

• Introduction and overview
• Scope
• Legal bases
• Contact details of the controller
• Storage period
• Rights under the General Data Protection Regulation
• Security of data processing
• Standard Contractual Clauses (SCC)
• Communication
• Cookies
• Web hosting introduction
• Web analytics introduction
• Social media introduction
• Audio & video introduction
• Web design introduction
• Closing words

Introduction and overview

We have written this privacy policy (version 05.04.2025-312026304) in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as controller – and the processors commissioned by us (e.g. providers) – process, will process in the future, and which lawful options you have. The terms used are to be understood as gender-neutral.
In short: We inform you comprehensively about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, by contrast, is intended to describe the most important things to you as simply and transparently as possible. Where it aids transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We thereby inform you in clear and plain language that, within the scope of our business activities, we only process personal data where there is a corresponding legal basis. That is certainly not possible by providing terse, unclear and legalistic-technical explanations, as is often the standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information among them that you did not yet know.
If questions nevertheless remain, we would ask you to contact the responsible body named below or in the imprint, to follow the links provided, and to view further information on third-party sites. You will of course also find our contact details in the imprint.

Scope

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data we mean information within the meaning of Art. 4 No. 1 DSGVO, such as a person's name, e-mail address and postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy covers:

• all online presences (websites, online shops) that we operate
• social media presences and e-mail communication
• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. Should we enter into legal relationships with you outside these channels, we will inform you separately where applicable.

Legal bases

In the following privacy policy we provide you with transparent information on the legal principles and rules, i.e. the legal bases of the General Data Protection Regulation, that enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
2. Contract (Article 6(1)(b) DSGVO): In order to fulfil a contract or pre-contractual obligations with you, we process your data. If, for example, we conclude a purchase contract with you, we need personal information in advance.
3. Legal obligation (Article 6(1)(c) DSGVO): Where we are subject to a legal obligation, we process your data. For example, we are required by law to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we have to process certain data in order to be able to operate our website securely and in an economically efficient manner. This processing is therefore a legitimate interest.

Further conditions, such as the performance of tasks carried out in the public interest and the exercise of official authority as well as the protection of vital interests, generally do not arise in our case. Should such a legal basis nevertheless be relevant, it will be indicated at the appropriate point.

In addition to the EU Regulation, national laws also apply:

• In Austria this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), DSG for short.
• In Germany the Federal Data Protection Act, BDSG for short, applies.

Insofar as further regional or national laws apply, we will inform you about them in the following sections.

Contact details of the controller

Should you have any questions about data protection or the processing of personal data, you will find below the contact details of the controller in accordance with Article 4(7) of the EU General Data Protection Regulation (DSGVO):
Dr. Cala Sana
Hohenzollerndamm 105
14199 Berlin

E-mail: mail@calavivo.world

Storage period

That we only store personal data for as long as is strictly necessary to provide our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases we are legally obliged to store certain data even after the original purpose has ceased to apply, for example for accounting purposes.

Should you wish your data to be deleted or should you withdraw your consent to data processing, the data will be deleted as quickly as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing further below, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 DSGVO, we inform you about the following rights to which you are entitled, so that fair and transparent processing of data takes place:

• Under Article 15 DSGVO you have a right of access to information on whether we process data about you. If that is the case, you have the right to receive a copy of the data and to learn the following information:
  • for what purpose we carry out the processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data is stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to the processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found further below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e. whether data is automatically evaluated in order to arrive at a personal profile of you.
• Under Article 16 DSGVO you have a right to rectification of the data, which means that we must correct data if you find errors.
• Under Article 17 DSGVO you have the right to erasure ("right to be forgotten"), which specifically means that you may request the deletion of your data.
• Under Article 18 DSGVO you have the right to restriction of processing, which means that we may only store the data but not use it further.
• Under Article 20 DSGVO you have the right to data portability, which means that on request we will provide you with your data in a common format.
• Under Article 21 DSGVO you have a right to object, which, once enforced, brings about a change in the processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
  • If data is used to conduct direct advertising, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  • If data is used to carry out profiling, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
• Under Article 22 DSGVO you may, under certain circumstances, have the right not to be subject to a decision based solely on automated processing (for example profiling).
• Under Article 77 DSGVO you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the DSGVO.

In short: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you can complain to the supervisory authority. For Austria this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany there is a data protection officer for each federal state. For further information you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Berlin data protection authority

State Commissioner for Data Protection: Meike Kamp
Address: Alt-Moabit 59-61, 10969 Berlin
Phone: 030/138 89-0
E-mail address: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de/

Security of data processing

In order to protect personal data, we have implemented both technical and organisational measures. Where possible, we encrypt or pseudonymise personal data. In this way we make it as difficult as possible, within the scope of our possibilities, for third parties to infer personal information from our data.

Art. 25 DSGVO speaks here of "data protection by design and by default" and means that, with both software (e.g. forms) and hardware (e.g. access to the server room), security is always kept in mind and appropriate measures are taken. In the following we will, where necessary, go into specific measures.

TLS encryption with https

TLS, encryption and https sound very technical, and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transmit data tap-proof over the internet.
This means that the complete transmission of all data from your browser to our web server is secured – no one can "listen in".

We have thereby introduced an additional layer of security and fulfil data protection by design (Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the internet, we can ensure the protection of confidential data.
You can recognise the use of this safeguarding of data transmission by the small padlock symbol at the top left in the browser, to the left of the internet address (e.g. examplesite.com), and by the use of the https scheme (instead of http) as part of our internet address.
If you would like to know more about encryption, we recommend a Google search for "Hypertext Transfer Protocol Secure wiki" to obtain good links to further information.

Standard Contractual Clauses (SCC)

With several of the services mentioned below, your data may be transferred to third countries (in particular the USA). Insofar as there is no level of data protection there recognised by an adequacy decision, the providers rely on Standard Contractual Clauses (SCC) in accordance with Art. 46(2) and (3) DSGVO. Standard Contractual Clauses are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries and stored there. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de. The following sections refer to this explanation for the services concerned.

Communication

When you contact us and communicate by phone, e-mail or online form, personal data may be processed.

The data is processed for handling and dealing with your enquiry and the associated business transaction. The data is stored for exactly as long, or for as long as the law requires.

Data subjects

All those who seek contact with us via the communication channels we provide are affected by the processes mentioned.

Phone

When you call us, the call data is stored in pseudonymised form on the respective end device and at the telecommunications provider used. In addition, data such as name and phone number may subsequently be sent by e-mail and stored in order to answer the enquiry. The data is deleted as soon as the business case has ended and statutory requirements permit.

E-mail

When you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone, …) and data is stored on the e-mail server. The data is deleted as soon as the business case has ended and statutory requirements permit.

Online forms

When you communicate with us by means of an online form, data is stored on our web server and, where applicable, forwarded to an e-mail address of ours. The data is deleted as soon as the business case has ended and statutory requirements permit.

Legal bases

The processing of the data is based on the following legal bases:

• Art. 6(1)(a) DSGVO (consent): You give us your consent to store your data and use it further for purposes relating to the business case;
• Art. 6(1)(b) DSGVO (contract): There is a necessity for the performance of a contract with you or a processor, such as the telephone provider, or we must process the data for pre-contractual activities, such as the preparation of an offer;
• Art. 6(1)(f) DSGVO (legitimate interests): We want to conduct customer enquiries and business communication in a professional framework. For this, certain technical facilities, such as e-mail programs, Exchange servers and mobile network operators, are necessary in order to be able to conduct communication efficiently.

Cookies

What are cookies?

Our website uses HTTP cookies to store user-specific data.
In the following we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you surf the internet, you use a browser. Well-known browsers are, for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, since there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, the "brain" of your browser, so to speak. A cookie consists of a name and a value. When defining a cookie, one or more attributes must additionally be specified.

Cookies store certain user data of yours, such as language or personal page settings. When you call up our page again, your browser transmits the "user-related" information back to our page. Thanks to the cookies, our website knows who you are and offers you the settings you are used to. In some browsers each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our page, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie has to be assessed individually, since each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain any viruses, Trojans or other "pests". Cookies also cannot access information on your PC.

Cookie data can look like this, for example:

Name: _ga
Value: GA1.2.1326744211.152312026304-9
Purpose: distinguishing website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

• at least 4096 bytes per cookie
• at least 50 cookies per domain
• at least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point we would like to briefly address the different types of HTTP cookies.

One can distinguish 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user places a product in the shopping basket, then continues surfing on other pages and only later goes to the checkout. Thanks to these cookies the shopping basket is not deleted, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behaviour of the website in different browsers.

Targeted cookies
These cookies provide better usability. For example, entered locations, font sizes or form data are stored.

Advertising cookies
These cookies are also called targeting cookies. They serve to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Usually, when you first visit a website, you are asked which of these cookie types you would like to allow. And of course this decision is also stored in a cookie.

If you would like to know more about cookies and do not shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) named "HTTP State Management Mechanism".

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You will find more details on this further below or with the manufacturer of the software that sets the cookie.

Which data is processed?

Cookies are little helpers for many different tasks. Unfortunately it is not possible to generalise which data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Storage period of cookies

The storage period depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You also have an influence on the storage period yourself. You can manually delete all cookies at any time via your browser (see also "Right to object" below). Furthermore, cookies based on consent are deleted at the latest after you withdraw your consent, whereby the lawfulness of the storage up to that point remains unaffected.

Right to object – how can I delete cookies?

You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option of deleting, deactivating or only partially allowing cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to determine which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: delete, enable and manage cookies in Chrome

Safari: managing cookies and website data with Safari

Firefox: delete cookies to remove data that websites have placed on your computer

Internet Explorer: deleting and managing cookies

Microsoft Edge: deleting and managing cookies

If you generally do not want any cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search for the instructions in Google with the search term "delete cookies Chrome" or "deactivate cookies Chrome" in the case of a Chrome browser.

Legal basis

The so-called "cookie directives" have existed since 2009. They state that the storage of cookies requires your consent (Article 6(1)(a) DSGVO). Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in § 165(3) of the Telecommunications Act (2021). In Germany the cookie directives were not implemented as national law. Instead, this directive was largely implemented in § 15(3) of the Telemedia Act (TMG), which has been replaced since May 2024 by the Digital Services Act (DDG).

For strictly necessary cookies, even where no consent exists, there are legitimate interests (Article 6(1)(f) DSGVO), which in most cases are of an economic nature. We want to give visitors to the website a pleasant user experience, and for this certain cookies are often strictly necessary.

Insofar as non-essential cookies are used, this only happens in the case of your consent. The legal basis in this respect is Art. 6(1)(a) DSGVO.

In the following sections you will be informed in more detail about the use of cookies, provided the software used uses cookies.

Web hosting introduction

What is web hosting?

When you visit websites these days, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, incidentally, we mean the entirety of all web pages on a domain, i.e. everything from the start page (homepage) to the very last sub-page (like this one). By domain we mean, for example, example.com or sample-example.com.

If you want to view a website on a computer, tablet or smartphone, you use a program for this called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We refer to them in short as browser or web browser.

In order to display the website, the browser has to connect to another computer where the code of the website is stored: the web server. Operating a web server is a complicated and demanding task, which is why this is usually handled by professional providers. These offer web hosting and thereby ensure reliable and error-free storage of the data of websites. A whole lot of technical terms, but please stay with us, it gets even better!

When the browser on your computer (desktop, laptop, tablet or smartphone) establishes a connection, and during the data transmission to and from the web server, personal data may be processed. On the one hand your computer stores data, on the other hand the web server also has to store data for a while in order to ensure proper operation.

A picture says more than a thousand words, so the following graphic illustrates the interplay between the browser, the internet and the hosting provider.

Why do we process personal data?

The purposes of the data processing are:

1. professional hosting of the website and safeguarding of operation
2. maintaining operational and IT security
3. anonymous evaluation of access behaviour to improve our offering and, where applicable, for law enforcement or the pursuit of claims

Which data is processed?

Even while you are visiting our website right now, our web server, that is the computer on which this website is stored, usually automatically stores data such as

• the complete internet address (URL) of the web page accessed
• browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)
• the host name and the IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
• date and time
• in files, the so-called web server log files

How long is data stored?

As a rule the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass this data on, but we cannot rule out that this data may be viewed by authorities in the event of unlawful conduct.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not pass your data on without consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting follows from Art. 6(1)(f) DSGVO (safeguarding of legitimate interests), since the use of professional hosting with a provider is necessary in order to present the company on the internet securely and in a user-friendly way and to be able to pursue attacks and any claims arising from them.

There is usually a contract on data processing in accordance with Art. 28 et seq. DSGVO between us and the hosting provider, which ensures compliance with data protection and guarantees data security.

Web analytics introduction

What is web analytics?

On our website we use software to evaluate the behaviour of website visitors, web analytics for short. In doing so, data is collected which the respective analytics tool provider (also called a tracking tool) stores, manages and processes. With the help of the data, analyses of user behaviour on our website are created and made available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content go down best with our visitors. To do this, we show you two different offers for a limited period of time. After the test (so-called A/B test) we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why do we carry out web analytics?

With our website we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. To achieve this goal, we want, on the one hand, to provide the best and most interesting offering and, on the other hand, to ensure that you feel completely at ease on our website. With the help of web analysis tools we can examine the behaviour of our website visitors more closely and then improve our web offering for you and us accordingly. For example, we can recognise how old our visitors are on average, where they come from, when our website is visited most, or which content or products are particularly popular. All this information helps us to optimise the website and thus to adapt it optimally to your needs, interests and wishes.

Which data is processed?

Which data exactly is stored depends of course on the analysis tools used. But as a rule, for example, it is stored which content you view on our website, which buttons or links you click on, when you call up a page, which browser you use, with which device (PC, tablet, smartphone, etc.) you visit the website, or which computer system you use. If you agreed that location data may also be collected, this too may be processed by the web analysis tool provider.

In addition, your IP address is also stored. According to the General Data Protection Regulation (DSGVO), IP addresses are personal data. However, your IP address is usually stored in pseudonymised form (i.e. in an unrecognisable and shortened form). For the purpose of the tests, web analysis and web optimisation, no direct data, such as your name, your age, your address or your e-mail address, is stored as a matter of principle. All this data, insofar as it is collected, is stored in pseudonymised form. This way you cannot be identified as a person.

The following example schematically shows how Google Analytics works as an example of client-based web tracking with JavaScript code.

How long the respective data is stored always depends on the provider. Some cookies store data only for a few minutes or until you leave the website again, other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of the data processing further below, provided we have further information on this. In general, we only process personal data for as long as is strictly necessary to provide our services and products. If, as for example in the case of accounting, it is required by law, this storage period may also be exceeded.

Right to object

You also have the right and the option at any time to withdraw your consent to the use of cookies or third-party providers. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent the collection of data by cookies by managing, deactivating or deleting the cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie pop-up. According to Art. 6(1)(a) DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as can occur in the case of collection by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors and thus improving our offering technically and economically. With the help of web analytics we recognise errors on the website, can identify attacks and improve cost-efficiency. The legal basis for this is Art. 6(1)(f) DSGVO (legitimate interests). Nevertheless, we only use the tools insofar as you have given consent.

Since cookies are used with web analytics tools, we also recommend reading our general privacy policy on cookies. To find out which data exactly is stored and processed about you, you should read the privacy policies of the respective tools.

Information on specific web analytics tools is provided – where available – in the following sections.

Google Analytics privacy policy

What is Google Analytics?

On our website we use the analysis tracking tool Google Analytics in the Google Analytics 4 (GA4) version of the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. Through the combination of various technologies such as cookies, device IDs and login information, you as a user can be identified across different devices. This means that your actions can also be analysed across platforms.

If you click a link, for example, this event is stored in a cookie and sent to Google Analytics. With the help of the reports we receive from Google Analytics, we can better adapt our website and our service to your wishes. In the following we go into the tracking tool in more detail and inform you above all about which data is processed and how you can prevent this.

Google Analytics is a tracking tool that serves to analyse the traffic on our website. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not contain any personal data such as name or address, but serves to assign events to an end device. GA4 uses an event-based model that records detailed information on user interactions such as page views, clicks, scrolling, conversion events. In addition, various machine learning functions have been built into GA4 in order to better understand user behaviour and certain trends. GA4 relies on modelling with the help of machine learning functions. This means that, on the basis of the collected data, missing data can also be extrapolated in order to optimise the analysis and also to be able to provide forecasts.

For Google Analytics to work in principle, a tracking code is built into the code of our website. When you visit our website, this code records various events that you carry out on our website. With the event-based data model of GA4, we as the website operator can define and track specific events in order to obtain analyses of user interactions. Thus, in addition to general information such as clicks or page views, special events that are important for our business can also be tracked. Such special events can be, for example, the submission of a contact form or the purchase of a product.

As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports about your user behaviour. These may include, among others, the following reports:

• Audience reports: through audience reports we get to know our users better and know more precisely who is interested in our service.
• Advertising reports: through advertising reports we can analyse and improve our online advertising more easily.
• Acquisition reports: acquisition reports give us helpful information on how we can get more people excited about our service.
• Behaviour reports: here we learn how you interact with our website. We can trace which path you take on our page and which links you click.
• Conversion reports: a conversion is a process in which you carry out a desired action as a result of a marketing message. For example, when you go from being a mere website visitor to a buyer or newsletter subscriber. With the help of these reports we learn more about how our marketing measures resonate with you. In this way we want to increase our conversion rate.
• Real-time reports: here we always learn immediately what is currently happening on our website. For example, we can see how many users are currently reading this text.

In addition to the analysis reports mentioned above, Google Analytics 4 also offers, among others, the following functions:

• Event-based data model: this model records very specific events that can take place on our website. For example, the playing of a video, the purchase of a product or signing up for our newsletter.
• Advanced analysis functions: with these functions we can understand your behaviour on our website or certain general trends even better. For example, we can segment user groups, make comparative analyses of audiences or trace your path on our website.
• Predictive modelling: on the basis of collected data, missing data can be extrapolated through machine learning to predict future events and trends. This can help us to develop better marketing strategies.
• Cross-platform analysis: the collection and analysis of data is possible both from websites and from apps. This offers us the possibility of analysing user behaviour across platforms, provided of course that you have consented to the data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal.

The statistically evaluated data shows us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimise our page so that it is more easily found by interested people on Google. On the other hand, the data helps us to understand you as a visitor better. We thus know very precisely what we have to improve on our website in order to offer you the best possible service. The data also serves us to carry out our advertising and marketing measures in a more individual and cost-effective way. After all, it only makes sense to show our products and services to people who are interested in them.

Which data is stored by Google Analytics?

With the help of a tracking code, Google Analytics creates a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognises you as a new user and a user ID is assigned to you. The next time you visit our page, you are recognised as a "returning" user. All collected data is stored together with this user ID. This is what first makes it possible to evaluate pseudonymous user profiles.

In order to be able to analyse our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For every newly created property, the Google Analytics 4 property is the default. Depending on the property used, data is stored for different lengths of time.

By means of identifiers such as cookies, app instance IDs, user IDs or custom event parameters, your interactions are measured across platforms, provided you have consented. Interactions are all kinds of actions that you carry out on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics can be linked with third-party cookies. Google does not pass on any Google Analytics data unless we as the website operator authorise this. Exceptions may occur where it is required by law.

According to Google, no IP addresses are logged or stored in Google Analytics 4. However, Google uses the IP address data to derive location data and deletes it immediately afterwards. All IP addresses collected from users in the EU are therefore deleted before the data is stored in a data centre or on a server.

Since the focus of Google Analytics 4 is on event-based data, the tool uses significantly fewer cookies compared to earlier versions (such as Google Universal Analytics). Nevertheless, there are some specific cookies that are used by GA4. These include, for example:

Name: _ga
Value: 2.1326744211.152312026304-5
Purpose: by default, analytics.js uses the _ga cookie to store the user ID. In principle, it serves to distinguish website visitors.
Expiry date: after 2 years

Name: _gid
Value: 2.1687193234.152312026304-1
Purpose: the cookie also serves to distinguish website visitors
Expiry date: after 24 hours

Name: _gat_gtag_UA_
Value: 1
Purpose: used to lower the request rate. If Google Analytics is provided via Google Tag Manager, this cookie receives the name _dc_gtm_ .
Expiry date: after 1 minute

Note: This list cannot claim to be complete, since Google repeatedly changes its choice of cookies. A goal of GA4 is also to improve data protection. The tool therefore offers some options for controlling data collection. For example, we can set the storage period ourselves and also control the data collection.

Here we show you an overview of the most important types of data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. Via heatmaps one can see exactly those areas that you click on. This way we get information about where you are "moving around" on our page.

Session duration: Google refers to session duration as the time you spend on our page without leaving it. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: a bounce is when you view only one page on our website and then leave our website again.

Account creation: when you create an account on our website or place an order, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, shortly before the deletion of the IP address, derivations for location data are used.

Technical information: technical information includes, among other things, your browser type, your internet provider or your screen resolution.

Source of origin: Google Analytics, and we of course, are naturally also interested in which website or which advertising brought you to our page.

Further data includes contact details, any ratings, the playing of media (e.g. when you play a video via our page), the sharing of content via social media or adding to your favourites. The list does not claim to be complete and serves only as a general orientation regarding data storage by Google Analytics.

How long and where is the data stored?

Google has its servers distributed all over the world. Here you can read exactly where the Google data centres are located: https://www.google.com/about/datacenters/locations/?hl=de

Your data is distributed across various physical data carriers. This has the advantage that the data is more quickly retrievable and better protected against manipulation. In every Google data centre there are corresponding emergency programs for your data. If, for example, Google's hardware fails or natural disasters paralyse servers, the risk of a service interruption at Google nevertheless remains low.

The retention period of the data depends on the properties used. The storage period is always set separately for each individual property. Google Analytics offers us four options for controlling the storage period:

• 2 months: this is the shortest storage period.
• 14 months: by default the data is stored for 14 months with GA4.
• 26 months: the data can also be stored for 26 months.
• data is only deleted when we delete it manually

In addition there is also the option that data is only deleted when you no longer visit our website within the period we have chosen. In this case the retention period is reset each time you visit our website again within the defined period.

When the defined period has elapsed, the data is deleted once a month. This retention period applies to your data that is linked with cookies, user recognition and advertising IDs (e.g. cookies of the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a merging of individual data into a larger unit.

How can I delete my data or prevent the storage of data?

Under the data protection law of the European Union, you have the right to obtain information about your data, to update it, to delete it or to restrict it. With the help of the browser add-on to deactivate Google Analytics JavaScript (analytics.js, gtag.js) you prevent Google Analytics 4 from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates the data collection by Google Analytics.

If you generally want to deactivate, delete or manage cookies, you will find the corresponding links to the respective instructions of the best-known browsers under the "Cookies" section.

Legal basis

The use of Google Analytics requires your consent, which we have obtained with our cookie pop-up. According to Art. 6(1)(a) DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as can occur in the case of collection by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors and thus improving our offering technically and economically. With the help of Google Analytics we recognise errors on the website, can identify attacks and improve cost-efficiency. The legal basis for this is Art. 6(1)(f) DSGVO (legitimate interests). Nevertheless, we only use Google Analytics insofar as you have given consent.

Google also processes data of yours, among other places, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) DSGVO). Through the EU-US Data Privacy Framework and through the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. What function Standard Contractual Clauses have and where you can find the underlying EU decision, you can read in the "Standard Contractual Clauses (SCC)" section above.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we have been able to bring you the most important information about the data processing of Google Analytics. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

If you want to learn more about the data processing, use the Google privacy policy at https://policies.google.com/privacy?hl=de.

Social media introduction

What is social media?

In addition to our website, we are also active on various social media platforms. In doing so, data of users may be processed so that we can specifically address users who are interested in us via the social networks. Beyond that, elements of a social media platform may also be embedded directly into our website. That is the case, for example, when you click a so-called social button on our website and are forwarded directly to our social media presence. Websites and apps via which registered members can produce content, exchange content openly or in particular groups, and connect with other members, are referred to as social media.

Why do we use social media?

For years, social media platforms have been the place where people communicate and get in touch online. With our social media presences we can bring our products and services closer to prospects. The social media elements integrated into our website help you to switch quickly and without complications to our social media content.

The data stored and processed through your use of a social media channel primarily has the purpose of being able to carry out web analyses. The aim of these analyses is to be able to develop more precise and personalised marketing and advertising strategies. Depending on your behaviour on a social media platform, suitable conclusions about your interests can be drawn with the help of the evaluated data and so-called user profiles can be created. This way it is also possible for the platforms to present you with tailored advertisements. Mostly, cookies that store data about your usage behaviour are set in your browser for this purpose.

As a rule, we assume that we remain responsible under data protection law even when we use the services of a social media platform. However, the European Court of Justice has decided that in certain cases the operator of the social media platform can be jointly responsible together with us within the meaning of Art. 26 DSGVO. Insofar as this is the case, we point this out separately and work on the basis of a corresponding agreement. The essential content of the agreement is then reproduced further below with the platform concerned.

Please note that, when using the social media platforms or our integrated elements, data of yours may also be processed outside the European Union, since many social media channels, for example Facebook or Twitter, are American companies. As a result, you may possibly no longer be able to claim or enforce your rights regarding your personal data so easily.

Which data is processed?

Which data exactly is stored and processed depends on the respective provider of the social media platform. But usually it is data such as phone numbers, e-mail addresses, data that you enter into a contact form, user data such as which buttons you click, whom you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you yourself have a profile on the social media channel visited and are logged in, data can be linked with your profile.

All data collected via a social media platform is also stored on the providers' servers. Thus only the providers have access to the data and can give you the appropriate information or make changes.

If you want to know exactly which data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the respective privacy policy of the company. Also, if you have questions about the data storage and data processing or want to assert corresponding rights, we recommend that you contact the provider directly.

Duration of data processing

We will inform you about the duration of the data processing further below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. Customer data that is matched with its own user data is, however, deleted within two days. In general, we only process personal data for as long as is strictly necessary to provide our services and products. If, as for example in the case of accounting, it is required by law, this storage period may also be exceeded.

Right to object

You also have the right and the option at any time to withdraw your consent to the use of cookies or third-party providers such as embedded social media elements. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent the collection of data by cookies by managing, deactivating or deleting the cookies in your browser.

Since cookies may be used with social media tools, we also recommend our general privacy policy on cookies. To find out which data exactly is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to data of yours being able to be processed and stored by integrated social media elements, this consent serves as the legal basis for the data processing (Art. 6(1)(a) DSGVO). In principle, where consent exists, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools insofar as you have given consent. Most social media platforms also set cookies in your browser in order to store data. We therefore recommend that you read our data protection text on cookies carefully and look at the privacy policy or the cookie policies of the respective service provider.

Information on specific social media platforms is provided – where available – in the following sections.

Facebook privacy policy

What are Facebook tools?

On our website we use selected tools from Facebook. Facebook is a social media network of the company Meta Platforms Inc. or, for the European area, of the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools we can offer you, and people who are interested in our products and services, the best possible offering.

When data of yours is collected and forwarded via our embedded Facebook elements or via our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. For the further processing of this data, Facebook bears sole responsibility. Our joint obligations have also been anchored in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum. This states, for example, that we must clearly inform you about the use of the Facebook tools on our page. Furthermore, we are also responsible for ensuring that the tools are integrated into our website in a data-protection-secure way. Facebook, on the other hand, is responsible, for example, for the data security of the Facebook products. For any questions about data collection and data processing by Facebook, you can contact the company directly. If you direct the question to us, we are obliged to forward it to Facebook.

In the following we provide an overview of the various Facebook tools, which data is sent to Facebook and how you can delete this data.

Among many other products, Facebook also offers the so-called "Facebook Business Tools". That is the official designation by Facebook. Since the term is hardly known, however, we have decided simply to call them Facebook tools. Among them are, among others:

• Facebook pixel
• social plug-ins (such as the "Like" or "Share" button)
• Facebook Login
• Account Kit
• APIs (programming interface)
• SDKs (collection of programming tools)
• platform integrations
• plugins
• codes
• specifications
• documentation
• technologies and services

Through these tools, Facebook extends services and has the possibility of obtaining information about user activities outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who really are interested in them. With the help of advertisements (Facebook ads) we can reach precisely these people. However, in order for suitable advertising to be shown to users, Facebook needs information about people's wishes and needs. In this way the company is provided with information about user behaviour (and contact data) on our website. As a result, Facebook collects better user data and can show interested people the appropriate advertising about our products or services. The tools thus enable tailored advertising campaigns on Facebook.

Facebook calls data about your behaviour on our website "event data". This is also used for measurement and analysis services. Facebook can thus create "campaign reports" on our behalf about the effect of our advertising campaigns. Furthermore, through analyses we gain a better insight into how you use our services, website or products. As a result, we optimise your user experience on our website with some of these tools. For example, with the social plug-ins you can share content on our page directly on Facebook.

Which data is stored by Facebook tools?

Through the use of individual Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number and IP address can be sent.

Facebook uses this information to match the data with the data it itself has about you (provided you are a Facebook member). Before customer data is transmitted to Facebook, so-called "hashing" takes place. This means that an arbitrarily large data set is transformed into a character string. This also serves to encrypt data.

In addition to the contact data, "event data" is also transmitted. By "event data" is meant that information which we receive about you on our website. For example, which sub-pages you visit or which products you buy from us. Facebook does not share the information received with third parties (such as advertisers), unless the company has explicit permission or is legally obliged to do so. "Event data" can also be linked with contact data. As a result, Facebook can offer better personalised advertising. After the matching process already mentioned, Facebook deletes the contact data again.

In order to be able to deliver advertisements in an optimised way, Facebook only uses the event data when it has been combined with other data (collected by Facebook in another way). Facebook also uses this event data for security, protection, development and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools used and on whether you are a Facebook member, varying numbers of cookies are created in your browser. In the descriptions of the individual Facebook tools we go into individual Facebook cookies in more detail. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.

How long and where is the data stored?

In principle, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers distributed all over the world where its data is stored. Customer data, however, is deleted within 48 hours after it has been matched with its own user data.

How can I delete my data or prevent the storage of data?

In accordance with the General Data Protection Regulation, you have the right of access, rectification, portability and erasure of your data.

A complete deletion of the data only takes place if you completely delete your Facebook account. And this is how deleting your Facebook account works:

1) On Facebook, click on Settings on the right.

2) Then click on "Your Facebook information" in the left-hand column.

3) Now click "Deactivation and deletion".

4) Now select "Delete account" and then click on "Continue and delete account".

5) Now enter your password, click on "Continue" and then on "Delete account".

The storage of the data that Facebook receives via our page takes place, among other things, via cookies (e.g. with social plugins). In your browser you can deactivate, delete or manage individual or all cookies. Depending on which browser you use, this works in different ways. Under the "Cookies" section you will find the corresponding links to the respective instructions of the best-known browsers.

If you generally do not want any cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way you can decide for each individual cookie whether you allow it or not.

Legal basis

If you have consented to data of yours being able to be processed and stored by integrated Facebook tools, this consent serves as the legal basis for the data processing (Art. 6(1)(a) DSGVO). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools insofar as you have given consent. Most social media platforms also set cookies in your browser in order to store data. We therefore recommend that you read our data protection text on cookies carefully and look at the privacy policy or the cookie policies of Facebook.

Facebook also processes data of yours, among other places, in the USA. Facebook, or Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Facebook uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) DSGVO). Through the EU-US Data Privacy Framework and through the Standard Contractual Clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. What function Standard Contractual Clauses have and where you can find the underlying EU decision, you can read in the "Standard Contractual Clauses (SCC)" section above.

The Facebook data processing terms, which refer to the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

We hope we have brought you the most important information about the use and data processing by the Facebook tools. If you want to learn more about how Facebook uses your data, we recommend the data policies at https://www.facebook.com/privacy/policy/.

Instagram privacy policy

What is Instagram?

We have integrated functions of Instagram into our website. Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and belongs to the Facebook products. Embedding Instagram content on our website is called embedding. As a result, we can show you content such as buttons, photos or videos from Instagram directly on our website. When you call up web pages of our web presence that have integrated an Instagram function, data is transmitted to, stored and processed by Instagram. Instagram uses the same systems and technologies as Facebook. Your data is thus processed across all Facebook companies.

In the following we want to give you a more detailed insight into why Instagram collects data, what data is involved and how you can largely control the data processing. Since Instagram belongs to Meta Platforms Inc., we obtain our information on the one hand from the Instagram policies, but on the other hand also from the Meta data protection policies themselves.

Instagram is one of the best-known social media networks worldwide. Instagram combines the advantages of a blog with the advantages of audiovisual platforms such as YouTube or Vimeo. On "Insta" (as many users casually call the platform) you can upload photos and short videos, edit them with various filters and also distribute them on other social networks. And if you do not want to be active yourself, you can also just follow other interesting users.

Why do we use Instagram on our website?

Instagram is that social media platform that really went through the roof in recent years. And of course we, too, have responded to this boom. We want you to feel as comfortable as possible on our website. That is why a varied presentation of our content is a matter of course for us. Through the embedded Instagram functions we can enrich our content with helpful, funny or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the collected data can also be useful to us for personalised advertising on Facebook. This way only people who really are interested in our products or services receive our advertisements.

Instagram also uses the collected data for measurement and analysis purposes. We receive aggregated statistics and thus more insight into your wishes and interests. It is important to mention that these reports do not identify you personally.

Which data is stored by Instagram?

When you come across one of our pages that have Instagram functions (such as Instagram pictures or plug-ins) built in, your browser automatically connects to Instagram's servers. In doing so, data is sent to, stored and processed by Instagram. And this regardless of whether you have an Instagram account or not. This includes information about our website, about your computer, about purchases made, about advertisements you see and how you use our offering. Furthermore, the date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that this is exactly the case with Instagram. Customer data is, for example, name, address, phone number and IP address. This customer data is only transmitted to Instagram once it has previously been "hashed". Hashing means a data set is converted into a character string. This allows the contact data to be encrypted. In addition, the above-mentioned "event data" is also transmitted. By "event data", Facebook – and consequently also Instagram – understands data about your user behaviour. It can also happen that contact data is combined with event data. The collected contact data is matched with the data Instagram already has about you.

Via small text files (cookies), which are mostly set in your browser, the collected data is transmitted to Facebook. Depending on the Instagram functions used and on whether you yourself have an Instagram account, varying amounts of data are stored.

We assume that the data processing at Instagram works the same as at Facebook. This means: if you have an Instagram account or have visited www.instagram.com, Instagram has set at least one cookie. If that is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram function. After 90 days at the latest (after matching), this data is deleted or anonymised again. Although we have dealt intensively with the data processing of Instagram, we cannot say very precisely which data Instagram exactly collects and stores.

In the following we show you cookies that are set in your browser at minimum when you click on an Instagram function (such as a button or an Insta picture). In our test we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies are of course set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: ""
Purpose: This cookie is most probably set for security reasons in order to prevent forgery of requests. However, we could not find out more precisely.
Expiry date: after one year

Name: mid
Value: ""
Purpose: Instagram sets this cookie in order to optimise its own services and offers in and outside of Instagram. The cookie sets a unique user ID.
Expiry date: after the end of the session

Name: fbsr_312026304124024
Value: no information
Purpose: This cookie stores the log-in request for users of the Instagram app.
Expiry date: after the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date: after the end of the session

Name: urlgen
Value: "{"194.96.75.33": 1901}:1iEtYv:Y833k2_UjKvXgYe312026304"
Purpose: This cookie serves Instagram's marketing purposes.
Expiry date: after the end of the session

Note: We cannot claim completeness here. Which cookies are set in the individual case depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information received between the Facebook companies with external partners and with people with whom you connect worldwide. The data processing takes place in compliance with its own data policy. Your data is, among other things for security reasons, distributed across the Facebook servers all over the world. Most of these servers are located in the USA.

How can I delete my data or prevent the storage of data?

Thanks to the General Data Protection Regulation, you have the right of access, portability, rectification and erasure of your data. In the Instagram settings you can manage your data. If you want to completely delete your data on Instagram, you have to permanently delete your Instagram account.

And this is how deleting the Instagram account works:

First open the Instagram app. On your profile page, scroll down and click on "Help Centre". Now you come to the company's website. On the website, click on "Managing the account" and then on "Delete your account".

If you delete your account completely, Instagram deletes posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and is consequently not deleted.

As already mentioned above, Instagram stores your data primarily via cookies. You can manage, deactivate or delete these cookies in your browser. Depending on your browser, the management always works a little differently. Under the "Cookies" section you will find the corresponding links to the respective instructions of the best-known browsers.

You can also generally set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to data of yours being able to be processed and stored by integrated social media elements, this consent serves as the legal basis for the data processing (Art. 6(1)(a) DSGVO). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements insofar as you have given consent. Most social media platforms also set cookies in your browser in order to store data. We therefore recommend that you read our data protection text on cookies carefully and look at the privacy policy or the cookie policies of the respective service provider.

Instagram also processes data of yours, among other places, in the USA. Instagram, or Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Instagram uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) DSGVO). Through the EU-US Data Privacy Framework and through the Standard Contractual Clauses, Instagram undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. What function Standard Contractual Clauses have and where you can find the underlying EU decision, you can read in the "Standard Contractual Clauses (SCC)" section above.

We have tried to bring you the most important information about the data processing by Instagram. At https://privacycenter.instagram.com/policy/ you can engage even more closely with Instagram's data policies.

TikTok privacy policy

What is TikTok?

On our website we use the TikTok integration. The service provider is the Chinese company Beijing Bytedance Technology Ltd. For the European area, the Irish company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible. TikTok is a social media platform popular especially among young people, on which users can create, share and view short video clips.

In this privacy policy we inform you about which data is processed by TikTok, how long the data is stored and how you can manage your privacy settings.

Why do we use TikTok on our website?

We have built TikTok into our website so that you can, if you feel like it, watch TikTok videos and, where applicable, interact with the videos. TikTok is known in particular for funny and creative content, and of course we do not want to withhold such content from you. After all, we ourselves also like to watch the odd creative TikTok video.

Which data is processed by TikTok?

When you watch TikTok videos on our website or interact with them, TikTok can collect information about your usage behaviour and your device. This can include data such as your IP address, the browser type, the operating system, the location and other technical information. TikTok can also use cookies and similar technologies to collect information and personalise your user experience.

If you yourself have a TikTok account, further information can also be collected and processed. This includes, for example, user information (such as name, date of birth or your e-mail address) and data about your communication with other TikTok users.

How long and where is the data stored?

The storage period and storage locations of the data collected by TikTok can vary greatly and are subject to TikTok's privacy policies. TikTok can also store data on servers in the USA and other countries. The storage period is generally based on the respective legal requirements and internal policies. However, we have not yet been able to find out exactly how long data is stored. As soon as we have more detailed information, we will of course inform you about it.

How can I delete my data or prevent the storage of data?

If you have a TikTok account, you can manage your privacy settings directly on TikTok. For example, in the settings of your TikTok account you can determine which information may be shared and which not. Beyond that, you can manage and deactivate cookies in your web browser in order to limit the data collection. That is of course also possible without a TikTok account. Please note, however, that this can affect the functionality of our website and your TikTok experience.

Legal basis

If you have consented to data of yours being able to be processed and stored by TikTok, this consent serves as the legal basis for the data processing (Art. 6(1)(a) DSGVO). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements insofar as you have given consent. TikTok can also set cookies in your browser in order to store data. We therefore recommend that you read our data protection text on cookies carefully and look at the privacy policy or the cookie policies of the respective service provider.

TikTok also processes data of yours, among other places, in the USA. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This can entail various risks for the lawfulness and security of the data processing.

As the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for a transfer of data there, TikTok uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) DSGVO). Through these clauses, TikTok undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. What function Standard Contractual Clauses have and where you can find the underlying EU decision, you can read in the "Standard Contractual Clauses (SCC)" section above.

You can find further information on TikTok's privacy policy and on the collection of data by TikTok on the TikTok website at https://www.tiktok.com/legal/page/eea/privacy-policy/en as well as in the general information on TikTok at https://www.tiktok.com/en/.

X (formerly: Twitter) privacy policy

What is X?

On our website we have built in functions of X. These are, for example, embedded tweets, timelines, buttons or hashtags. X is a short-message service and a social media platform of the American company X Corp., 1355 Market Street, Suite 900 San Francisco, CA 94103, USA. For the European area, the company Twitter International Unlimited Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland) is responsible for processing personal data.

To our knowledge, in the European Economic Area and in Switzerland, no personal data or data about your web activities is yet transmitted to X simply by integrating X functions. Only when you interact with the X functions, such as clicking a button, can data be sent to X, stored there and processed. We have no influence on this data processing and bear no responsibility. Within the scope of this privacy policy we want to give you an overview of which data X stores, what X does with this data and how you can largely protect yourself from the data transmission.

For some, X is a news service, for others a social media platform, and still others speak of a microblogging service. All these designations have their justification and mean more or less the same thing.

Both private individuals and companies use X to communicate with interested people via short messages. Per message, X allows only 280 characters. These messages are called "tweets". Unlike, for example, Facebook, the service does not focus on building up a network for "friends" but wants to be understood as a worldwide and open news platform. On X you can also keep an anonymous account, and tweets can be deleted both by the company and by the users themselves.

Why do we use X on our website?

Like many other websites and companies, we try to offer our services via various channels and to communicate with our customers. Especially X (probably still better known to many as Twitter) has grown dear to us as a useful "little" news service. Again and again we tweet or retweet exciting, funny or interesting content. We are aware that you cannot follow every channel separately. After all, you have other things to do. That is why we have also integrated X functions on our website. You can experience our X activity "on the spot" or come to our X page via a direct link. Through the integration we want to strengthen our service and the usability on our website.

Which data is stored by X?

On some of our sub-pages you will find the built-in X functions. When you interact with the X content, such as clicking a button, X can collect and store data. And this also when you yourself do not have an X account. X calls this data "log data". This includes demographic data, browser cookie IDs, the ID of your smartphone, hashed e-mail addresses, and information about which pages you have visited on X and which actions you have carried out. X stores more data, of course, if you have an X account and are logged in. Up to now this storage took place via cookies. Cookies are small text files that are mostly set in your browser and transmit different information to X.

Which cookies are set when you are not logged in to X but visit a website with built-in X functions, we now show you. Please consider this list as an example. We can by no means guarantee completeness here, since the choice of cookies constantly changes and depends on your individual actions with the X content.

These cookies were used in our test:

Name: personalization_id
Value: "v1_cSJIsogU51SeE312026304"
Purpose: This cookie stores information about how you use the website and via which advertising you may have come to X.
Expiry date: after 2 years

Name: lang
Value: de
Purpose: This cookie stores your preset or preferred language.
Expiry date: after the end of the session

Name: guest_id
Value: 312026304v1%3A157132626
Purpose: This cookie is set in order to identify you as a guest.
Expiry date: after 2 years

Name: fm
Value: 0
Purpose: Unfortunately, we could not find out the purpose of this cookie.
Expiry date: after the end of the session

Name: external_referer
Value: 3120263042beTA0sf5lkMrlGt
Purpose: This cookie collects anonymous data, such as how often you visit X and how long you visit X.
Expiry date: after 6 days

Name: eu_cn
Value: 1
Purpose: This cookie stores user activity and serves various advertising purposes of X.
Expiry date: after one year

Name: ct0
Value: c1179f07163a365d2ed7aad84c99d966
Purpose: Unfortunately, we found no information on this cookie.
Expiry date: after 6 hours

Name: _twitter_sess
Value: 53D%253D–dd0248312026304-
Purpose: With this cookie you can use functions within the X website.
Expiry date: after the end of the session

Note: X also works together with third-party providers. That is why, in our test, we also recognised the three Google Analytics cookies _ga, _gat, _gid.

X uses the collected data, on the one hand, to better understand user behaviour and thus improve its own services and advertising offers, and on the other hand, the data also serves internal security measures.

How long and where is the data stored?

When X collects data from other websites, this is deleted, aggregated or otherwise obscured after a maximum of 30 days. The X servers are located in various server centres in the United States. Accordingly, it can be assumed that the collected data is gathered and stored in America. According to our research, we could not clearly determine whether X also has its own servers in Europe. In principle, X can store the collected data until it is no longer useful to the company, you delete the data, or a statutory deletion period applies.

How can I delete my data or prevent the storage of data?

In its privacy policies, X repeatedly emphasises that it does not store any data from external website visits if you or your browser are located in the European Economic Area or in Switzerland. If, however, you interact directly with X, X of course also stores data of yours.

If you have an X account, you can manage your data by clicking on "More" under the "Profile" button. Then click on "Settings and privacy". Here you can manage the data processing individually.

If you do not have an X account, you can go to twitter.com and then click on "Personalisation". Under the item "Personalisation and data" you can manage your collected data.

Most data is, as already mentioned above, stored via cookies, and you can manage, deactivate or delete these in your browser. Please note that you only "edit" the cookies in the browser you have chosen. This means: if you use a different browser in future, you have to manage your cookies there again according to your wishes. Under the "Cookies" section you will find the corresponding links to the respective instructions of the best-known browsers.

You can also manage your browser so that you are informed about each individual cookie. Then you can always decide individually whether you allow a cookie or not.

X also uses the data for personalised advertising in and outside of X. In the settings, under "Personalisation and data", you can switch off personalised advertising. If you use X on a browser, you can deactivate personalised advertising at https://optout.aboutads.info/?c=2&lang=EN.

Legal basis

If you have consented to data of yours being able to be processed and stored by integrated social media elements, this consent serves as the legal basis for the data processing (Art. 6(1)(a) DSGVO). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements insofar as you have given consent. Most social media platforms also set cookies in your browser in order to store data. We therefore recommend that you read our data protection text on cookies carefully and look at the privacy policy or the cookie policies of the respective service provider.

X also processes data of yours, among other places, in the USA. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This can entail various risks for the lawfulness and security of the data processing.

As the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for a transfer of data there, X uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) DSGVO). Through these clauses, X undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. What function Standard Contractual Clauses have and where you can find the underlying EU decision, you can read in the "Standard Contractual Clauses (SCC)" section above.

You can find more information on the Standard Contractual Clauses at X at https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

We hope we have given you a basic overview of the data processing by X. We do not receive any data from X and also bear no responsibility for what X does with your data. If you have any further questions on this topic, we recommend the X privacy policy at https://twitter.com/de/privacy.

Audio & video introduction

What are audio and video elements?

We have integrated audio and video elements into our website so that you can, for example, watch videos or listen to music/podcasts directly via our website. The content is provided by service providers. All content is therefore also obtained from the corresponding servers of the providers.

These are integrated functional elements of platforms such as YouTube, Vimeo or Spotify. The use of these portals is generally free of charge, but paid content can also be published. With the help of these integrated elements you can listen to or watch the respective content via our website.

When you use audio or video elements on our website, personal data of yours can also be transmitted to, processed and stored by the service providers.

Why do we use audio & video elements on our website?

Of course we want to deliver you the best offering on our website. And we are aware that content is no longer conveyed merely in text and static image. Instead of simply giving you a link to a video, we offer you audio and video formats directly on our website that are entertaining or informative and, ideally, even both. This extends our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video and/or audio content.

Which data is stored by audio & video elements?

When you call up a page on our website that has, for example, an embedded video, your server connects to the server of the service provider. In doing so, data of yours is also transmitted to the third-party provider and stored there. Some data is collected and stored quite independently of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your end device. Furthermore, most providers also obtain information about your web activity. This includes, for example, session duration, bounce rate, which button you clicked, or via which website you use the service. All this information is mostly stored via cookies or pixel tags (also called web beacons). Pseudonymised data is mostly stored in cookies in your browser. Which data exactly is stored and processed you can always find out in the privacy policy of the respective provider.

Duration of data processing

How long the data is stored exactly on the servers of the third-party providers you can find out either further below in the data protection text of the respective tool or in the privacy policy of the provider. In principle, personal data is always only processed for as long as is strictly necessary to provide our services or products. This generally also applies to third-party providers. Mostly you can assume that certain data is stored for several years on the servers of the third-party providers. Data can, especially in cookies, be stored for varying lengths of time. Some cookies are deleted again as soon as you leave the website, others can be stored in your browser for several years.

Right to object

You also have the right and the option at any time to withdraw your consent to the use of cookies or third-party providers. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent the collection of data by cookies by managing, deactivating or deleting the cookies in your browser. The lawfulness of the processing up to the withdrawal remains unaffected.

Since cookies are mostly also used by the integrated audio and video functions on our page, you should also read our general privacy policy on cookies. In the privacy policies of the respective third-party providers you can find out more about the handling and storage of your data.

Legal basis

If you have consented to data of yours being able to be processed and stored by integrated audio and video elements, this consent serves as the legal basis for the data processing (Art. 6(1)(a) DSGVO). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated audio and video elements insofar as you have given consent.

Vimeo privacy policy

What is Vimeo?

On our website we also use videos from the company Vimeo. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in we can thus show you interesting video material directly on our website. In doing so, certain data of yours can be transmitted to Vimeo. In this privacy policy we show you which data is involved, why we use Vimeo and how you can manage or prevent your data or the data transmission.

Vimeo is a video platform that was founded in 2004 and has enabled the streaming of videos in HD quality since 2007. Since 2015 it has also been possible to stream in 4k Ultra HD. The use of the portal is free of charge, but paid content can also be published. Compared to the market leader YouTube, Vimeo places primary value on high-quality content in good quality. The portal thus offers, on the one hand, many artistic contents such as music videos and short films, and on the other hand also informative documentaries on the most diverse topics.

Why do we use Vimeo on our website?

The goal of our web presence is to deliver you the best possible content. And as easily accessible as possible. Only when we have achieved this are we satisfied with our service. The video service Vimeo supports us in achieving this goal. Vimeo offers us the possibility of presenting high-quality content to you directly on our website. Instead of just giving you a link to an interesting video, you can thus watch the video right here with us. This extends our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video content.

Which data is stored on Vimeo?

When you call up a page on our website that has a Vimeo video embedded, your browser connects to Vimeo's servers. In doing so, a data transmission takes place. This data is collected, stored and processed on the Vimeo servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, your operating system or quite basic device information. Furthermore, Vimeo stores information about which website you use the Vimeo service via and which actions (web activities) you carry out on our website. These web activities include, for example, session duration, bounce rate or which button you clicked on our website with the built-in Vimeo function. Vimeo can track and store these actions with the help of cookies and similar technologies.

If you are logged in to Vimeo as a registered member, more data can usually be collected, since more cookies may already have been set in your browser. In addition, your actions on our website are linked directly with your Vimeo account. To prevent this, you have to log out of Vimeo while "surfing" on our website.

In the following we show you cookies that are set by Vimeo when you are on a website with an integrated Vimeo function. This list does not claim to be complete and assumes that you do not have a Vimeo account.

Name: player
Value: ""
Purpose: This cookie stores your settings before you play an embedded Vimeo video. As a result, the next time you watch a Vimeo video, you get your preferred settings again.
Expiry date: after one year

Name: vuid
Value: pl1046149876.614422590312026304-4
Purpose: This cookie collects information about your actions on websites that have a Vimeo video embedded.
Expiry date: after 2 years

Note: These two cookies are always set as soon as you are on a website with an embedded Vimeo video. If you watch the video and click on the button, for example to "share" or "like" the video, further cookies are set. These are also third-party cookies such as _ga or _gat_UA-76641-8 from Google Analytics or _fbp from Facebook. Which cookies are set here exactly depends on your interaction with the video.

The following list shows an excerpt of possible cookies that are set when you interact with the Vimeo video:

Name: _abexps
Value: %5B%5D
Purpose: This Vimeo cookie helps Vimeo to remember the settings you have made. This can be, for example, a preset language, a region or a username. In general, the cookie stores data about how you use Vimeo.
Expiry date: after one year

Name: continuous_play_v3
Value: 1
Purpose: This cookie is a first-party cookie from Vimeo. The cookie collects information about how you use the Vimeo service. For example, the cookie stores when you pause or resume a video.
Expiry date: after one year

Name: _ga
Value: GA1.2.1522249635.1578401280312026304-7
Purpose: This cookie is a third-party cookie from Google. By default, analytics.js uses the _ga cookie to store the user ID. In principle, it serves to distinguish website visitors.
Expiry date: after 2 years

Name: _gcl_au
Value: 1.1.770887836.1578401279312026304-3
Purpose: This third-party cookie from Google AdSense is used to improve the efficiency of advertisements on websites.
Expiry date: after 3 months

Name: _fbp
Value: fb.1.1578401280585.310434968
Purpose: This is a Facebook cookie. This cookie is used to display advertisements or advertising products from Facebook or other advertisers.
Expiry date: after 3 months

Vimeo uses this data, among other things, to improve its own service, to enter into communication with you and to set its own targeted advertising measures. Vimeo emphasises on its website that, with embedded videos, only first-party cookies (i.e. cookies from Vimeo itself) are used as long as you do not interact with the video.

How long and where is the data stored?

Vimeo has its headquarters in White Plains in the state of New York (USA). The services are, however, offered worldwide. In doing so, the company uses computer systems, databases and servers in the USA and also in other countries. Your data can thus also be stored and processed on servers in America. The data remains stored at Vimeo until the company no longer has an economic reason for the storage. Then the data is deleted or anonymised.

How can I delete my data or prevent the storage of data?

You always have the possibility of managing cookies in your browser according to your wishes. If, for example, you do not want Vimeo to set cookies and thus collect information about you, you can delete or deactivate cookies at any time in your browser settings. Depending on the browser, this works a little differently. Please note that, after deactivating/deleting cookies, various functions may no longer be available to their full extent. Under the "Cookies" section you will find the corresponding links to the respective instructions of the best-known browsers.

If you are a registered Vimeo member, you can also manage the cookies used in the settings at Vimeo.

Legal basis

If you have consented to data of yours being able to be processed and stored by integrated Vimeo elements, this consent serves as the legal basis for the data processing (Art. 6(1)(a) DSGVO). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated Vimeo elements insofar as you have given consent. Vimeo also sets cookies in your browser in order to store data. We therefore recommend that you read our data protection text on cookies carefully and look at the privacy policy or the cookie policies of the respective service provider.

Vimeo also processes data of yours, among other places, in the USA. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This can entail various risks for the lawfulness and security of the data processing.

As the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for a transfer of data there, Vimeo uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) DSGVO). Through these clauses, Vimeo undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. What function Standard Contractual Clauses have and where you can find the underlying EU decision, you can read in the "Standard Contractual Clauses (SCC)" section above.

You can find more information on the Standard Contractual Clauses at Vimeo at https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights.

You can find out more about the use of cookies at Vimeo at https://vimeo.com/cookie_policy; information on data protection at Vimeo can be read at https://vimeo.com/privacy.

YouTube privacy policy

What is YouTube?

On our website we have built in YouTube videos. This way we can present interesting videos to you directly on our page. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you call up a page on our website that has a YouTube video embedded, your browser automatically connects to the servers of YouTube or Google. In doing so, various data is transmitted (depending on the settings). For the entire data processing in the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible.

In the following we want to explain to you in more detail which data is processed, why we have integrated YouTube videos and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on and upload videos themselves free of charge. Over the past years YouTube has become one of the most important social media channels worldwide. So that we can display videos on our website, YouTube provides a code snippet that we have built into our page.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We endeavour to offer you the best possible user experience on our website. And of course interesting videos must not be missing in this. With the help of our embedded videos we provide you, in addition to our texts and images, with further helpful content. In addition, our website is more easily found on the Google search engine through the embedded videos. Also, when we place advertisements via Google Ads, Google can – thanks to the collected data – really only show these ads to people who are interested in our offers.

Which data is stored by YouTube?

As soon as you visit one of our pages that has a YouTube video built in, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged in to your YouTube account, YouTube can usually assign your interactions on our website to your profile with the help of cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet provider. Further data can be contact data, any ratings, the sharing of content via social media or adding to your favourites on YouTube.

If you are not logged in to a Google account or a YouTube account, Google stores data with a unique identifier that is linked with your device, browser or app. This way, for example, your preferred language setting is retained. But many interaction data cannot be stored, since fewer cookies are set.

In the following list we show cookies that were set in a test in the browser. On the one hand we show cookies that are set without a logged-in YouTube account. On the other hand we show cookies that are set with a logged-in account. The list cannot claim to be complete, because the user data always depends on the interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y312026304-1
Purpose: This cookie registers a unique ID in order to store statistics of the video watched.
Expiry date: after the end of the session

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Via PREF, Google receives statistics on how you use YouTube videos on our website.
Expiry date: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices in order to track the GPS location.
Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie tries to estimate the user's bandwidth on our pages (with a built-in YouTube video).
Expiry date: after 8 months

Further cookies that are set when you are logged in with your YouTube account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7312026304-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalised advertisements.
Expiry date: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user's consent to the use of various Google services. CONSENT also serves security, to verify users and protect user data from unauthorised attacks.
Expiry date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps to be able to display personalised advertising.
Expiry date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: In this cookie, information about your login data is stored.
Expiry date: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and your device. It is used to create a profile of your interests.
Expiry date: after 2 years

Name: SID
Value: oQfNKjAsI312026304-
Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.
Expiry date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the website and which advertising you may have seen before visiting our page.
Expiry date: after 3 months

How long and where is the data stored?

The data that YouTube receives and processes about you is stored on the Google servers. Most of these servers are located in America. At https://www.google.com/about/datacenters/locations/?hl=de you can see exactly where the Google data centres are located. Your data is distributed across the servers. This way the data is more quickly retrievable and better protected against manipulation.

Google stores the collected data for different lengths of time. Some data you can delete at any time, other data is automatically deleted after a limited time, and still other data is stored by Google over a longer period. Some data (such as elements from "My Activity", photos or documents, products) that is stored in your Google account remains stored until you delete it. Even if you are not logged in to a Google account, you can delete some data that is linked with your device, browser or app.

How can I delete my data or prevent the storage of data?

In principle, you can delete data in the Google account manually. With the automatic deletion function for location and activity data introduced in 2019, information is stored – depending on your decision – for either 3 or 18 months and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser so that cookies from Google are deleted or deactivated. Depending on which browser you use, this works in different ways. Under the "Cookies" section you will find the corresponding links to the respective instructions of the best-known browsers.

If you generally do not want any cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way you can decide for each individual cookie whether you allow it or not.

Legal basis

If you have consented to data of yours being able to be processed and stored by integrated YouTube elements, this consent serves as the legal basis for the data processing (Art. 6(1)(a) DSGVO). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated YouTube elements insofar as you have given consent. YouTube also sets cookies in your browser in order to store data. We therefore recommend that you read our data protection text on cookies carefully and look at the privacy policy or the cookie policies of the respective service provider.

YouTube also processes data of yours, among other places, in the USA. YouTube, or Google, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) DSGVO). Through the EU-US Data Privacy Framework and through the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. What function Standard Contractual Clauses have and where you can find the underlying EU decision, you can read in the "Standard Contractual Clauses (SCC)" section above.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about the handling of your data, we recommend the privacy policy at https://policies.google.com/privacy?hl=de.

Web design introduction

What is web design?

On our website we use various tools that serve our web design. Web design is not, as is often assumed, only about our website looking pretty, but also about functionality and performance. But of course the appropriate look of a website is also one of the great goals of professional web design. Web design is a sub-area of media design and deals with both the visual and the structural and functional design of a website. The goal is to improve your experience on our website with the help of web design. In web design jargon, one speaks in this connection of user experience (UX) and usability. User experience is understood to mean all impressions and experiences that the website visitor has on a website. A sub-item of the user experience is usability. This is about the user-friendliness of a website. Here, value is placed above all on content, sub-pages or products being clearly structured and on your finding what you are looking for easily and quickly. In order to offer you the best possible experience on our website, we also use so-called web design tools from third-party providers. In this privacy policy, the category "web design" therefore covers all services that improve our website in terms of design. These can be, for example, fonts, various plugins or other integrated web design functions.

Why do we use web design tools?

How you take in information on a website depends very strongly on the structure, the functionality and the visual perception of the website. Therefore good and professional web design has also become ever more important for us. We are constantly working on the improvement of our website and also see this as an extended service for you as a website visitor. Furthermore, a beautiful and functioning website also has economic advantages for us. After all, you will only visit us and make use of our offers if you feel completely at ease.

Which data is stored by web design tools?

When you visit our website, web design elements can be integrated into our pages that can also process data. Which data exactly is involved depends, of course, strongly on the tools used. Further below you can see exactly which tools we use for our website. For more detailed information about the data processing, we also recommend that you read the respective privacy policy of the tools used. Mostly you will learn there which data is processed, whether cookies are used and how long the data is kept. Through fonts such as Google Fonts, for example, information such as language settings, IP address, version of the browser, screen resolution of the browser and name of the browser is also automatically transmitted to the Google servers.

Duration of data processing

How long data is processed is very individual and depends on the web design elements used. If cookies are used, for example, the retention period can last just a minute, but also a few years. Please inform yourself in this regard. For this we recommend, on the one hand, our general text section on cookies as well as the privacy policies of the tools used. There you will generally learn which cookies are used exactly and which information is stored in them. Google font files, for example, are stored for one year. This is intended to improve the loading time of a website. In principle, data is always only kept for as long as is necessary for the provision of the service. In the case of statutory requirements, data can also be stored for longer.

Right to object

You also have the right and the option at any time to withdraw your consent to the use of cookies or third-party providers. This works either via our cookie management tool or via other opt-out functions. You can also prevent the collection of data by cookies by managing, deactivating or deleting the cookies in your browser. Among web design elements (mostly with fonts), however, there is also data that cannot be deleted quite so easily. That is the case when data is collected automatically directly upon a page view and transmitted to a third-party provider (such as Google). In that case, please contact the support of the respective provider. In the case of Google you can reach the support at https://support.google.com/?hl=de.

Legal basis

If you have consented that web design tools may be used, the legal basis of the corresponding data processing is this consent. According to Art. 6(1)(a) DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as can occur in the case of collection by web design tools. On our side there is also a legitimate interest in improving the web design on our website. After all, only then can we deliver you a beautiful and professional web offering. The corresponding legal basis for this is Art. 6(1)(f) DSGVO (legitimate interests). Nevertheless, we only use web design tools insofar as you have given consent. We definitely want to emphasise this again here.

Information on specific web design tools is provided – where available – in the following sections.

Google Fonts privacy policy

What are Google Fonts?

On our website we use Google Fonts. These are the "Google fonts" of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

To use Google fonts, you do not have to log in or store a password. Furthermore, no cookies are stored in your browser either. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you need not worry that your Google account data will be transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will look at exactly what the data storage looks like in detail.

Google Fonts (formerly Google Web Fonts) is a directory with over 800 fonts that Google makes available to its users free of charge.

Many of these fonts are published under the SIL Open Font License, while others were published under the Apache License. Both are free software licences.

Why do we use Google Fonts on our website?

With Google Fonts we can use fonts on our own website and do not have to upload them to our own server. Google Fonts is an important building block for keeping the quality of our website high. All Google fonts are automatically optimised for the web, and this saves data volume and is, especially for use on mobile devices, a great advantage. When you visit our page, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can, in part, visually distort texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So we use the Google Fonts so that we can present our entire online service as beautifully and uniformly as possible.

Which data is stored by Google?

When you visit our website, the fonts are reloaded via a Google server. Through this external call, data is transmitted to the Google servers. This way Google also recognises that you, or your IP address, have visited our website. The Google Fonts API was developed to reduce the use, storage and collection of end-user data to what is necessary for a proper provision of fonts. API, incidentally, stands for "Application Programming Interface" and serves, among other things, as a data transmitter in the software field.

Google Fonts stores CSS and font requests securely at Google and is thus protected. Through the collected usage figures, Google can determine how well the individual fonts go down. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the BigQuery database of Google Fonts. Entrepreneurs and developers use the Google web service BigQuery to be able to examine and move large amounts of data.

However, it should still be borne in mind that, through every Google Font request, information such as language settings, IP address, version of the browser, screen resolution of the browser and name of the browser is also automatically transmitted to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This enables us to use the fonts with the help of a Google stylesheet. A stylesheet is a format template via which one can easily and quickly change, for example, the design or the font of a website.

The font files are stored by Google for one year. With this Google pursues the goal of improving the loading time of web pages in principle. If millions of web pages refer to the same fonts, they are cached after the first visit and appear immediately again on all other web pages visited later. Sometimes Google updates font files in order to reduce the file size, increase the coverage of language and improve the design.

How can I delete my data or prevent the storage of data?

Those data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google upon the page view. To be able to delete this data prematurely, you have to contact the Google support at https://support.google.com/?hl=de&tid=312026304. In this case you only prevent data storage if you do not visit our page.

Unlike other web fonts, Google allows us unrestricted access to all fonts. We can thus access an ocean of fonts without limit and so get the optimum out for our website. More about Google Fonts and further questions you can find at https://developers.google.com/fonts/faq?tid=312026304. There Google does address data-protection-relevant matters, but really detailed information about data storage is not included. It is relatively difficult to get really precise information from Google about stored data.

Legal basis

If you have consented that Google Fonts may be used, the legal basis of the corresponding data processing is this consent. According to Art. 6(1)(a) DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as can occur in the case of collection by Google Fonts.

On our side there is also a legitimate interest in using Google Fonts in order to optimise our online service. The corresponding legal basis for this is Art. 6(1)(f) DSGVO (legitimate interests). Nevertheless, we only use Google Fonts insofar as you have given consent.

Google also processes data of yours, among other places, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) DSGVO). Through the EU-US Data Privacy Framework and through the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. What function Standard Contractual Clauses have and where you can find the underlying EU decision, you can read in the "Standard Contractual Clauses (SCC)" section above.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

Which data is in principle collected by Google and what this data is used for, you can also read at https://www.google.com/intl/de/policies/privacy/.

Closing words

Congratulations! If you are reading these lines, you have really "fought" your way through our entire privacy policy or at least scrolled this far. As you can see from the scope of our privacy policy, we take the protection of your personal data anything but lightly.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. In doing so, we want not only to tell you which data is processed but also to bring you closer to the motives for the use of various software programs. As a rule, privacy policies sound very technical and legal. Since most of you, however, are not web developers or lawyers, we also wanted to take a different path linguistically and explain the matter in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore the most important terms are explained in more detail at the end of the privacy policy.
If you have questions about the topic of data protection on our website, please do not hesitate to contact us or the responsible body. We wish you a pleasant time and hope to be able to welcome you again soon on our website.

All texts are protected by copyright.

Source: Privacy policy created with the Privacy Policy Generator for Germany by AdSimple. Have a look at our sample privacy policy too.