top of page

Data Protection

Table of Contents

- Responsible Party

- Overview of Processing Activities

- Relevant Legal Grounds

- Security Measures

- International Data Transfers

- Rights of the Affected Individuals

- Business Services

- Payment Procedures

- Provision of Online Offerings and Web Hosting

- Use of Cookies

- Single Sign-On Login

- Newsletter and Electronic Notifications

- Web Analysis, Monitoring, and Optimization

- Offering of an Affiliate Program

- Presence on Social Networks (Social Media)

- Plug-ins and Embedded Functions and Content

- Changes and Updates


 

**Responsible Party**  

Elena Campitiello Life Coach  

Am Kiesteich 59  

13589 Berlin  

Germany  

Email Address: info@ananta-you.com  

 

**Overview of Processing Activities**  

The following overview summarizes the types of data processed and the purposes of their processing and refers to the affected individuals.

 

**Types of Processed Data**  

- Inventory data.

- Payment data.

- Contact data.

- Content data.

- Contract data.

- Usage data.

- Meta, communication, and procedural data.

- Log data.

 

**Categories of Affected Individuals**  

- Service recipients and clients.

- Interested parties.

- Communication partners.

- Users.

- Business and contractual partners.

 

**Purposes of Processing**

- Provision of contractual services and fulfillment of contractual obligations.

- Communication.

- Security measures.

- Direct marketing.

- Reach measurement.

- Office and organizational procedures.

- Affiliate tracking.

- Organizational and administrative procedures.

- Feedback.

- Profiles with user-related information.

- Registration procedures.

- Provision of our online offerings and user-friendliness.

- Information technology infrastructure.

- Public relations.

- Business processes and economic procedures.

 

**Relevant Legal Grounds**

- **Relevant legal grounds under the GDPR:** The following is an overview of the legal grounds under the GDPR on which we process personal data. Please note that, in addition to the GDPR regulations, national data protection provisions may apply in your or our country of residence. Should more specific legal grounds be applicable in individual cases, we will inform you of these in the privacy policy.

  - **Consent (Art. 6(1) sentence 1 lit. a GDPR):** The data subject has given consent to the processing of their personal data for one or more specific purposes.

  - **Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR):** The processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures that are requested by the data subject.

  - **Legal obligation (Art. 6(1) sentence 1 lit. c GDPR):** The processing is necessary for compliance with a legal obligation to which the controller is subject.

  - **Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR):** The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

 

**National Data Protection Regulations in Germany:** In addition to the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains specific provisions on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases including profiling. Additionally, data protection laws of the individual federal states may apply.

 

**Security Measures**  

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.  

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling both physical and electronic access to the data, as well as access, input, transfer, availability, and separation of data. Additionally, we have established procedures that ensure the exercise of data subject rights, data deletion, and responses to data threats. Furthermore, we take into account the protection of personal data already in the development or selection of hardware, software, and procedures according to the principle of data protection through technology design and through privacy-friendly default settings.

 

**Securing Online Connections through TLS/SSL Encryption Technology (HTTPS):**  

To protect the data of users transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transfers meet the highest security standards. When a website is secured by an SSL/TLS certificate, it is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

 

**International Data Transfers**  

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place within the scope of the use of services provided by third parties or the disclosure or transmission of data to other persons, entities, or companies, this only occurs in accordance with the legal requirements. If the data protection level in the third country is recognized through an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only occur if the data protection level is otherwise ensured, particularly through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49(1) GDPR). Furthermore, we will inform you of the basis of the third country transfer in the privacy notices of the individual providers from the third country, where adequacy decisions serve as the primary basis. Information on third country transfers and existing adequacy decisions can be found in the EU Commission's information offering: [EU Commission - International Dimension of Data Protection](https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de).

 

**EU-US Trans-Atlantic Data Privacy Framework:**  

Within the framework of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as secure within the framework of the adequacy decision of 10.07.2023. The list of certified companies and further information about the DPF can be found on the website of the US Department of Commerce at [Data Privacy Framework](https://www.dataprivacyframework.gov/) (in English). We inform you in our privacy notices which of our service providers are certified under the Data Privacy Framework.

 

**Rights of the Affected Individuals**  

Rights of the Affected Individuals under the GDPR: As an affected individual, you have various rights under the GDPR, which primarily arise from Articles 15 to 21 GDPR:

- **Right to Object:** You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing.

- **Right to Withdraw Consent:** You have the right to withdraw consent at any time.

- **Right of Access:** You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and certain other information, as well as to receive a copy of the data as per the legal requirements.

- **Right to Rectification:** You have the right to obtain the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed, as per the legal requirements.

- **Right to Erasure and Restriction of Processing:** You have the right to obtain the erasure of personal data concerning you without undue delay, or alternatively, the restriction of processing, as per the legal requirements.

- **Right to Data Portability:** You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller, as per the legal requirements.

- **Right to Lodge a Complaint with a Supervisory Authority:** You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR, without prejudice to any other administrative or judicial remedy.

 

**Business Services**  

We process data of our contractual and business partners, such as customers and prospects (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships, as well as related measures and with regard to communication with contractual partners (or pre-contractually), for example, to respond to inquiries. We use this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed-upon services, any obligations to update, and remedy defects in warranty and other performance disruptions. Additionally, we use the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations and company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and economic business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., participation of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further processing, such as for marketing purposes, within the framework of this privacy policy. We inform contractual partners about which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, by special labeling (e.g., colors) or symbols (e.g., asterisks), or personally. We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, for example, as long as it must be archived for legal reasons (usually ten years for tax purposes). Data disclosed to us by contractual partners within the scope of an order is deleted according to the specifications and generally after the end of the order.

 

**Processed Data Types:** Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses or telephone numbers); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).

 

**Affected Individuals:** Service recipients and clients; Prospects; Business and contractual partners.

 

**Purposes of Processing:** Provision of contractual services and fulfillment of contractual obligations; Security measures; Communication; Office and organizational procedures; Organizational and administrative procedures; Business processes and economic procedures.

 

**Retention and Deletion:** Deletion according to the information in the section "General Information on Data Storage and Deletion."

 

**Legal Bases:** Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Legal obligation (Art. 6(1) sentence 1 lit. c) GDPR); Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

 

**Further Information on Processing Processes, Procedures, and Services:**  

Online shop, order forms, e-commerce, and delivery: We process the data of our customers to enable them to select, purchase, or order the selected products, goods, and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, especially postal, forwarding, and shipping companies, to carry out delivery or execution to our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The necessary details are indicated as such in the context of the ordering or comparable acquisition process and include the information required for delivery or provision and invoicing as well as contact information to enable any queries; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR).

 

**Payment Procedures**  

In the context of contractual and other legal relationships, based on legal obligations, or otherwise based on our legitimate interests, we offer affected individuals efficient and secure payment options and use additional service providers, collectively referred to as "payment service providers."

 

The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, sum, and recipient-related information. This information is necessary to carry out transactions. However, the data entered is processed and stored only by the payment service providers. This means that we do not receive account- or credit card-related information but only information confirming or denying the payment. Under certain circumstances, the data may be transmitted to credit reporting agencies by the payment service providers. This transmission is for the purpose of identity and creditworthiness checks. We refer to the terms and conditions and privacy policies of the payment service providers for further information.

 

For payment transactions, the terms and conditions and privacy policies of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and the exercise of withdrawal, information, and other data subject rights.

 

**Processed Data Types:** Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved); Contact data (e.g., postal and email addresses or telephone numbers).

 

**Affected Individuals:** Service recipients and clients; Business and contractual partners; Prospects.

 

**Purposes of Processing:** Provision of contractual services and fulfillment of contractual obligations; Business processes and economic procedures.

 

**Retention and Deletion:** Deletion according to the information in the section "General Information on Data Storage and Deletion."

 

**Legal Bases:** Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

 

**Further Information on Processing Processes, Procedures, and Services:**  

Apple Pay: Payment services (technical integration of online payment methods); Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Website: https://www.apple.com/de/apple-pay/. Privacy policy: https://www.apple.com/legal/privacy/de-ww/.

 

Giropay: Payment services (technical integration of online payment methods); Service provider: giropay GmbH, An der Welle 4, 60322 Frankfurt, Germany; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Website: https://www.giropay.de. Privacy policy: https://www.giropay.de/rechtliches/datenschutzerklaerung/.

 

Google Pay: Payment services (technical integration of online payment methods); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Website: https://pay.google.com/intl/de_de/about/. Privacy policy: https://policies.google.com/privacy.

 

Klarna: Payment services (technical integration of online payment methods); Service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Website: https://www.klarna.com/de. Privacy policy: https://www.klarna.com/de/datenschutz.

 

Mastercard: Payment services (technical integration of online payment methods); Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Website: https://www.mastercard.de/de-de.html. Privacy policy: https://www.mastercard.de/de-de/datenschutz.html.

 

PayPal: Payment services (technical integration of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Website: https://www.paypal.com/de. Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

 

Visa: Payment services (technical integration of online payment methods); Service provider: Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, GB; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Website: https://www.visa.de; Privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html. Basis for third country transfers: Adequacy decision (GB).


 

**Use of Cookies**

 

Cookies are small text files or other storage mechanisms that store information on devices and retrieve it from them. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the functions used in an online offering. Cookies can also be used for various purposes, such as functionality, security, and convenience of online offerings, as well as for creating analyses of visitor flows.

 

**Consent Information:** We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless it is not required by law. Permission is not necessary, in particular, if storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offering) expressly requested by them. The revocable consent is clearly communicated to users and includes information about the respective cookie usage.

 

**Legal Basis for Data Processing:** The legal basis on which we process users' personal data using cookies depends on whether we request their consent. If users accept, the legal basis for the use of their data is the consent given. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the efficient operation of our online offering and improving its usability) or, if the use of cookies is necessary in fulfilling our contractual obligations, when required to fulfill our contractual obligations. We clarify the purposes for which cookies are used in the course of this privacy policy or as part of our consent and processing processes.

 

**Storage Duration:** With regard to the storage duration, the following types of cookies are distinguished:

 

1. Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).

2. Persistent cookies: Persistent cookies remain stored even after the device is closed. For example, the login status can be saved, and preferred content can be displayed directly when the user revisits a website. Likewise, user data collected using cookies may be used for audience measurement. If we do not provide explicit information to users about the type and storage duration of cookies (e.g., as part of obtaining consent), they should assume that these are persistent and may be stored for up to two years.

 

**General Information on Revocation and Objection (Opt-out):** Users can revoke any consent given at any time and also object to processing in accordance with legal requirements, including via the privacy settings of their browser.

 

**Processed Data Types:** Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).

 

**Affected Individuals:** Users (e.g., website visitors, users of online services).

 

**Legal Bases:** Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR). Consent (Art. 6(1) sentence 1 lit. a) GDPR).

 

**Further Information on Processing Processes, Procedures, and Services:**

 

Processing of cookie data based on consent: We use a consent management solution to obtain user consent for the use of cookies or for the procedures and providers mentioned within the consent management solution. This procedure is used to obtain, log, manage, and revoke consents, particularly regarding the use of cookies and similar technologies used to store, retrieve, and process information on users' devices. Within this process, user consent for the use of cookies and the associated processing of information, including specific processing and providers mentioned within the consent management process, is obtained. Users also have the option to manage and revoke their consents. The consent declarations are stored to avoid repeated queries and to provide evidence of consent in accordance with legal requirements. Storage is done server-side and/or in a cookie (so-called opt-in cookie) or using comparable technologies to assign consent to a specific user or device. If no specific information about providers of consent management services is available, the following general information applies: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information about the scope of consent (e.g., relevant categories of cookies and/or service providers), and information about the browser, system, and device used; Legal basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR).

 

**Single Sign-On Authentication**

 

"Single Sign-On" or "Single Sign-On Authentication" refers to procedures that allow users to log in to our online offering using a user account with a Single Sign-On provider (e.g., a social network). The prerequisite for Single Sign-On authentication is that users are registered with the respective Single Sign-On provider and enter the required access data in the provided online form, or they are already logged in with the Single Sign-On provider and confirm the Single Sign-On authentication via a button.

 

Authentication takes place directly with the respective Single Sign-On provider. As part of such authentication, we receive a user ID indicating that the user is logged in with that user ID at the respective Single Sign-On provider and an ID (known as a "User Handle") that is not further usable by us for other purposes. Whether additional data is transmitted to us depends solely on the Single Sign-On procedure used, the chosen data releases during authentication, and also on what data users have released in the privacy or other settings of their user account with the Single Sign-On provider. Depending on the Single Sign-On provider and the user's choices, various data may be transmitted, usually including the email address and username. The password entered at the Single Sign-On provider during the Single Sign-On procedure is neither visible to us nor stored by us.

 

Users are advised that their information stored with us can be automatically compared with their user account with the Single Sign-On provider, but this may not always be possible or actually done. For example, if users change their email addresses, they must manually change them in their user account with us.

 

We may use Single Sign-On authentication as agreed with users, as part of or before fulfilling a contract, to the extent that users have been asked for it, or otherwise based on our legitimate interests and the users' interests in an effective and secure login system.

 

If users decide not to use the connection of their user account with the Single Sign-On provider for the Single Sign-On procedure anymore, they must sever this connection within their user account with the Single Sign-On provider. If users want their data deleted from us, they must terminate their registration with us.

 

**Processed Data Types:** Master data (e.g., full name, address, contact information, customer number); Contact data (e.g., postal and email addresses or telephone numbers); Usage data (e.g., page views and length of stay, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).

 

**Data Subjects:** Users (e.g., website visitors, users of online services).

 

**Purposes of Processing:** Provision of contractual services and fulfillment of contractual obligations; Security measures; Authentication procedures; Provision of our online offering and user-friendliness.

 

**Storage and Deletion:** Deletion according to information in the section "General Information on Data Storage and Deletion". Deletion after termination.

 

**Legal Bases:** Contractual performance and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

 

**Further Information on Processing Processes, Procedures, and Services:**

 

Google Single Sign-On: Authentication services for user logins, provision of Single Sign-On functions, management of identity information, and application integrations; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: [Google](https://www.google.de); Privacy Policy: [Google Privacy Policy](https://policies.google.com/privacy); Basis for transfers to third countries: Data Privacy Framework (DPF). Opt-out options: Settings for displaying advertisements: [Google Ad Settings](https://myadcenter.google.com/).

 

**Newsletter and Electronic Notifications**

 

We send newsletters, emails, and other electronic notifications ("Newsletter") only with the consent of the recipients or based on a legal basis. If the content of the newsletter is specified during registration, this content is decisive for the consent of the users. Usually, providing your email address is sufficient for subscribing to our newsletter. However, to offer you a personalized service, we may ask for your name for personalization in the newsletter or for additional information if necessary for the purpose of the newsletter.

 

**Deletion and Restriction of Processing:** We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove a previously given consent. The processing of this data is limited to the purpose of potential defense against claims. Individual deletion requests are possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist.

 

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper execution. If we commission a service provider to send emails, this is done based on our legitimate interests in an efficient and secure delivery system.

 

**Contents:** Information about us, our services, promotions, and offers.

 

**Processed Data Types:** Master data (e.g., full name, address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved). Usage data (e.g., page views and length of stay, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions).

 

**Data Subjects:** Communication partners.

 

**Purposes of Processing:** Direct marketing (e.g., by email or postal).

 

**Storage and Deletion:** 3 years - Contractual claims (AT) (Data necessary to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB)). 10 years - Contractual claims (CH) (Data necessary to consider potential compensation claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and industry practices, are stored for the period of the statutory limitation period of ten years, unless a shorter period of 5 years is applicable in certain cases (Art. 127, 130 OR)).

 

**Legal Bases:** Consent (Art. 6(1) sentence 1 lit. a) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

 

**Opt-Out Options:** You can unsubscribe from our newsletter at any time, i.e., revoke your consent or object to further receipt. You can find a link to unsubscribe from the newsletter either at the end of each newsletter or use one of the contact options provided above, preferably email.

 

**Further Information on Processing Processes, Procedures, and Services:**

 

Measurement of opening and click rates: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our or its server, if we use a delivery service provider, when the newsletter is opened. As part of this retrieval, technical information such as browser and system information, as well as your IP address and the time of retrieval, are initially collected. This information is used for the technical improvement of our newsletter based on technical data or target groups and their reading behavior based on their retrieval locations (determinable via the IP address) or access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The information is assigned to the individual newsletter recipients and stored in their profiles until deletion. The evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. Measurement of opening and click rates and storage of the measurement results in the profiles of the users. Legal basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR).

 

**Mailchimp:** Email marketing, automation of marketing processes, collection, storage, and management of contact data, measurement of campaign performance, recording and analysis of recipient interaction with content, content personalization; Service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: [Mailchimp](https://mailchimp.com); Privacy Policy: [Mailchimp Privacy Policy](https://mailchimp.com/legal/); Data Processing Agreement: [Mailchimp DPA](https://mailchimp.com/legal/); Basis for transfers to third countries: Data Privacy Framework (DPF). Further information: Special security measures: [Mailchimp European Data Transfers](https://mailchimp.com/de/help/mailchimp-european-data-transfers/).

 

**Web Analysis, Monitoring, and Optimization**

 

Web analysis (also known as "reach measurement") is used to evaluate the visitor traffic of our online offering and can include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. Through reach analysis, we can, for example, identify the times at which our online offering or its features or content are most frequently used, or invite reuse. Similarly, we can determine which areas need optimization.

 

In addition to web analysis, we can also use testing procedures to test and optimize different versions of our online offering or its components.

 

Unless otherwise stated below, profiles, i.e., data summarized for a usage process, may be created and information may be stored in a browser or on an end device for these purposes and then read out. The information collected includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have agreed to the collection of their location data by us or by the providers of the services we use, the processing of location data is also possible.

 

Furthermore, the IP addresses of the users are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect the users. Generally, no clear data of the users (such as email addresses or names) are stored in the context of web analysis, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the purpose of the respective procedures.

 

**Legal Basis:** If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to point out the information on the use of cookies in this privacy policy.

 

**Processed Data Types:** Usage data (e.g., page views and length of stay, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).

 

**Data Subjects:** Users (e.g., website visitors, users of online services).

 

**Purposes of Processing:** Reach measurement (e.g., access statistics, identification of recurring visitors); Profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.

 

**Storage and Deletion:** Deletion according to information in the section "General Information on Data Storage and Deletion". Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods can be stored on users' devices for a period of two years.).

 

**Security Measures:** IP masking (pseudonymization of the IP address).

 

**Additional Information on Processing Processes, Procedures, and Services:**

 

**Google Analytics:** We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It is used to assign analysis information to an end device to recognize which content users have accessed within one or different usage processes, which search terms they have used, revisited, or interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users referring to our online offering and technical aspects of their end devices and browsers.

 

Pseudonymous profiles of users are created with information from the use of different devices, with cookies possibly being used. Google Analytics does not log or store individual IP addresses for EU users. However, it provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is solely used for this geolocation data derivation before being immediately deleted. They are not logged, not accessible, and not used for any further purposes. When Google Analytics collects measurement data, all IP queries are conducted on EU-based servers before traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR); Website: [Google Analytics](https://marketingplatform.google.com/intl/de/about/analytics/); Security Measures: IP masking (pseudonymization of the IP address); Privacy Policy: [Google Privacy Policy](https://policies.google.com/privacy); Data Processing Agreement: [Google Ads Data Processing Terms](https://business.safety.google/adsprocessorterms/); Basis for transfers to third countries: Data Privacy Framework (DPF); Opt-Out Options: Opt-Out Plugin: [Google Analytics Opt-Out](https://tools.google.com/dlpage/gaoptout?hl=de), Settings for displaying ads: [Google Ad Settings](https://myadcenter.google.com/personalizationoff). Further information: [Google Ads Services](https://business.safety.google/adsservices/) (Types of processing and processed data).

 

**Offer of an Affiliate Program**

 

We offer an affiliate program, which means providing commissions or other benefits (collectively referred to as "commission") to users (referred to as "affiliates") who refer to our offers and services. Referral is done through a link or other methods (e.g., discount codes) assigned to each affiliate, enabling us to recognize that the use of our services was based on the referral (collectively referred to as "affiliate links").

 

To track whether users have perceived our services based on the affiliate links used by affiliates, it is necessary for us to know if users have followed an affiliate link. The assignment of affiliate links to specific transactions or the use of our services serves solely the purpose of commission accounting and will be discontinued once it is no longer necessary for that purpose.

 

For the purposes of the aforementioned assignment of affiliate links, affiliate links may be supplemented with certain values that are part of the link or may be stored elsewhere, such as in a cookie. These values may include the referring website (referrer), the timestamp, an online identifier of the website operator where the affiliate link was located, an online identifier.

 

**Processed Data Types:** Contract Data (e.g., contract subject, duration, customer category); Usage Data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions); Log Data (e.g., log files concerning logins or data retrieval).

 

**Data Subjects:** Users (e.g., website visitors, users of online services); Business and Contractual Partners.

 

**Purposes of Processing:** Provision of contractual services and fulfillment of contractual obligations; Affiliate tracking.

 

**Storage and Deletion:** Deletion in accordance with the information in the section "General Information on Data Storage and Deletion."

 

**Legal Bases:** Legitimate Interests (Art. 6(1)(f) GDPR).

 

**Presence on Social Networks (Social Media)**

 

We maintain online presences within social networks and process user data within this framework to communicate with active users or provide information about us.

 

We would like to point out that user data may be processed outside the European Union in this context. This may pose risks for users because, for example, the enforcement of user rights could be made more difficult.

 

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user behavior and resulting interests may be used to create usage profiles. The latter may in turn be used, for example, to display advertisements within and outside the networks that presumably correspond to the interests of the users. Therefore, cookies are generally stored on the users' computers in which user behavior and interests are stored. In addition, data may be stored in usage profiles independently of the devices used by the users (especially if they are members of the respective platforms and logged in).

 

For a detailed presentation of the respective processing methods and the possibility of objection (opt-out), we refer to the data protection declarations and information of the respective operators of the networks.

 

Even in the case of requests for information and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the latter have access to user data and can directly take appropriate measures and provide information. Should you still require assistance, you can contact us.

 

**Processed Data Types:** Contact Data (e.g., postal and email addresses or phone numbers); Content Data (e.g., text and image messages as well as the information concerning them, such as authorship or time of creation); Usage Data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions).

 

**Data Subjects:** Users (e.g., website visitors, users of online services).

 

**Purposes of Processing:** Communication; Feedback (e.g., collecting feedback via online form); Public relations.

 

**Storage and Deletion:** Deletion in accordance with the information in the section "General Information on Data Storage and Deletion."

 

**Legal Bases:** Legitimate Interests (Art. 6(1)(f) GDPR).

 

**Additional Notes on Processing Methods, Procedures, and Services:**

 

**Instagram:** Social network, allows sharing of photos and videos, commenting and favoriting posts, messaging, subscribing to profiles and pages; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR); Website: [https://www.instagram.com](https://www.instagram.com); Privacy Policy: [https://privacycenter.instagram.com/policy/](https://privacycenter.instagram.com/policy/). Basis for Third-Country Transfers: Data Privacy Framework (DPF).

 

**Facebook Pages:** Profiles within the Facebook social network - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content that users view or interact with, or the actions they take (see under "Things you and others do and provide" in the Facebook Data Policy: [https://www.facebook.com/privacy/policy/](https://www.facebook.com/privacy/policy/)), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in the Facebook Data Policy: [https://www.facebook.com/privacy/policy/](https://www.facebook.com/privacy/policy/)). As explained in the Facebook Data Policy under "How do we use this information?" Facebook also collects and uses information to provide analytics services, so-called "Page Insights," to page owners so that they can gain insights into how people interact with their pages and associated content. We have concluded a special agreement with Facebook ("Information on Page Insights," [https://www.facebook.com/legal/terms/page_controller_addendum](https://www.facebook.com/legal/terms/page_controller_addendum)), which regulates in particular the security measures Facebook must observe and in which Facebook has agreed to fulfill data subjects' rights (i.e., users can direct inquiries or deletion requests directly to Facebook). Users' rights (especially regarding access, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" ([https://www.facebook.com/legal/terms/information_about_page_insights_data](https://www.facebook.com/legal/terms/information_about_page_insights_data)). Joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, especially concerning the transmission of the data to the parent company Meta Platforms, Inc. in the USA; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR); Website: [https://www.facebook.com](https://www.facebook.com); Privacy Policy: [https://www.facebook.com/privacy/policy/](https://www.facebook.com/privacy/policy/). Basis for Third-Country Transfers: Data Privacy Framework (DPF).

 

**YouTube:** Social network and video platform; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR); Privacy Policy: [https://policies.google.com/privacy](https://policies.google.com/privacy); Basis for Third-Country Transfers: Data Privacy Framework (DPF). Option to Object (Opt-Out): [https://myadcenter.google.com/personalizationoff](https://myadcenter.google.com/personalizationoff).

 

**Plug-ins and Embedded Functions as well as Content**

 

We integrate functional and content elements into our online offering, which are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content").

 

The integration always requires that the third-party providers of this content process the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore necessary for the presentation of this content or functions. We endeavor to use only those contents whose respective providers use the IP address solely for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users' devices and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, as well as further information about the use of our online offering, but may also be linked with such information from other sources.

 

**Notes on Legal Bases:** If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

 

**Processed Data Types:** Usage Data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions); Meta, Communication, and Process Data (e.g., IP addresses, time data, identification numbers, persons involved); Inventory Data (e.g., full name, residential address, contact information, customer number, etc.); Contact Data (e.g., postal and email addresses or phone numbers); Content Data (e.g., textual or pictorial messages and contributions as well as the information concerning them, such as authorship or time of creation).

 

**Data Subjects:** Users (e.g., website visitors, users of online services).

 

**Purposes of Processing:** Provision of our online offering and user-friendliness.

 

**Storage and Deletion:** Deletion in accordance with the information in the section "General Information on Data Storage and Deletion." Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years.).

 

**Legal Bases:** Consent (Art. 6(1)(a) GDPR). Legitimate Interests (Art. 6(1)(f) GDPR).

 

**Additional Notes on Processing Methods, Procedures, and Services:**

 

**Google Fonts (Obtained from Google Server):** Acquisition of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform presentation, and consideration of possible licensing restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted, which is necessary for providing the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA - When visiting our online offering, users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) of Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referring URL (i.e., the website where the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families that the user wants to load. This data is logged so that Google can determine how often a particular font family is requested. In the Google Fonts Web API, the user agent must adapt the font generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referring URL is logged so that the data can be used for production maintenance and an aggregated report on top integrations can be generated based on the number of font requests. According to its own information, Google does not use any of the information collected by Google Fonts to create profiles of end users or to display targeted advertisements; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR); Website: [https://fonts.google.com/](https://fonts.google.com/); Privacy Policy: [https://policies.google.com/privacy](https://policies.google.com/privacy); Basis for Third-Country Transfers: Data Privacy Framework (DPF). Further information: [https://developers.google.com/fonts/faq/privacy?hl=de](https://developers.google.com/fonts/faq/privacy?hl=de).

 

**YouTube Videos:** Video content; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6(1)(a) GDPR); Website: [https://www.youtube.com](https://www.youtube.com); Privacy Policy: [https://policies.google.com/privacy](https://policies.google.com/privacy); Basis for Third-Country Transfers: Data Privacy Framework (DPF). Option to Object (Opt-Out): Opt-Out Plugin: [https://tools.google.com/dlpage/gaoptout?hl=de](https://tools.google.com/dlpage/gaoptout?hl=de), Settings for Displaying Advertisements: [https://myadcenter.google.com/personalizationoff](https://myadcenter.google.com/personalizationoff).

 

Change and Update

We kindly ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing we carry out require it. We will inform you as soon as the changes necessitate an action on your part (e.g., consent) or any other individual notification is required.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time, and we ask you to verify the information before contacting.

As of: June 5, 2024

Created with the free Privacy Policy Generator by Dr. Thomas Schwenke

bottom of page