Introduction

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter referred to as “data”) we process, for which purposes, and to what extent.
This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, mobile platforms as well as within external online presences such as our social media profiles (collectively referred to as the “Online Offer”).
All terms used are intended to be gender-neutral.
Last updated: 13 May 2024

Table of Contents

 

Controller

MLHolding / Alano
Ferdinandstraße 47
20095 Hamburg
Germany

Email: info@just4today.de

Imprint: https://just4today.shop/impressum/

Contact Data Protection Officer

MLHolding / Alano
Ferdinandstraße 47
20095 Hamburg
Germany

Overview of Processing Activities

The following overview summarizes the types of data we process, the purposes for which we process them, and the categories of individuals affected.

Types of Data Processed

  • Master Data (e.g., names, addresses)
  • Content Data (e.g., information entered into online forms)
  • Contact Data (e.g., email addresses, phone numbers)
  • Meta / Communication Data (e.g., device information, IP addresses)
  • Usage Data (e.g., websites visited, interest in content, access times)
  • Location Data (information regarding the geographic position of a device or person)
  • Contract Data (e.g., contract details, duration, customer categories)
  • Payment Data (e.g., bank account details, invoices, payment history)

 

Categories of Data Subjects

  • Business and contractual partners
  • Prospective customers
  • Communication partners
  • Customers
  • Users (e.g., website visitors, users of online services)

 

Purposes of Processing

  • Assessment of creditworthiness and financial reliability
  • Provision of our online services and ensuring user‑friendliness
  • Analysis of visitor actions
  • Office and organizational procedures
  • Cross‑device tracking (processing user data across multiple devices for marketing purposes)
  • Direct marketing (e.g., by email or postal mail)
  • Interest‑based and behavioral marketing
  • Handling contact inquiries and communication
  • Conversion measurement (evaluating the effectiveness of marketing activities)
  • Profiling (creating user profiles)
  • Remarketing
  • Audience measurement (e.g., access statistics, identification of returning visitors)
  • Security measures
  • Tracking (e.g., interest‑ or behavior‑based profiling, use of cookies)
  • Provision of contractual services and customer support
  • Management and response to inquiries
  • Audience segmentation (identifying marketing‑relevant target groups or controlling the delivery of content)

 

Automated Individual Decisions

  • Credit check (decision based on a credit assessment)

 

Relevant Legal Bases

The following section outlines the legal bases under the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the GDPR, national data protection laws applicable in your or our country of residence may also apply. If more specific legal bases apply in individual cases, we will inform you of these within this Privacy Policy.
  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a Contract and Pre‑Contractual Requests (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Legal Obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate Interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data.

 

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements. These measures consider the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, availability, and separation of the data. Furthermore, we have implemented procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also take the protection of personal data into account during the development or selection of hardware, software, and procedures in accordance with the principles of privacy by design and privacy‑friendly default settings.
SSL Encryption (https): To protect the data you transmit via our Online Offer, we use SSL encryption. You can identify encrypted connections by the prefix https:// in your browser’s address bar.

Disclosure and Transmission of Personal Data

In the course of processing personal data, it may occur that such data is transmitted to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of this data may include, for example, payment institutions involved in processing transactions, IT service providers, or providers of services and content integrated into a website. In such cases, we comply with all legal requirements and, in particular, conclude contracts or agreements with the recipients to ensure the protection of your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if processing takes place through the use of services provided by third parties, or through the disclosure or transfer of data to other persons, entities, or companies, this is done only in accordance with legal requirements.
Unless there is explicit consent, or a transfer is required by contract or by law, we process data in third countries only if they have a recognized level of data protection, if contractual obligations exist through the EU Commission’s Standard Contractual Clauses, if certifications are in place, or if binding internal data protection rules apply (Art. 44–49 GDPR; information from the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Within the framework of the Data Privacy Framework (DPF), the EU Commission has also recognized certain U.S. companies as providing an adequate level of data protection, as determined in the adequacy decision of July 10, 2023.
The list of certified companies, as well as additional information about the DPF, can be found on the website of the U.S. Department of Commerce at:
https://www.dataprivacyframework.gov/.
We indicate within our Privacy Policy which of the service providers we use are certified under the Data Privacy Framework.

Use of Cookies

Cookies are small text files or other storage markers that save information on end devices and read information from them. For example, they may store the login status of a user account, the contents of a shopping cart in an online store, accessed content, or features used within an online service.
Cookies can also be used for various purposes, such as ensuring functionality, security, and user convenience, as well as generating analytics on visitor flows.

Notes on Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless such consent is not legally required. Consent is not necessary in particular if storing and reading information—including cookies—is strictly necessary to provide a telemedia service expressly requested by the user (i.e., our Online Offer).
The revocable consent is clearly communicated to users and includes information on the specific use of cookies.

Notes on Legal Bases: The legal basis on which we process personal data through cookies depends on whether we request users’ consent. If users provide consent, the legal basis is their explicit consent. Otherwise, cookie‑based processing is carried out on the basis of our legitimate interests (e.g., efficient operation and improved usability of our Online Offer) or, where necessary for contractual fulfillment, to meet our contractual obligations. Details on the purposes for which we use cookies are provided throughout this Privacy Policy or within our consent and processing mechanisms.

Retention Period: Regarding storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also called session cookies): These are deleted at the latest once a user leaves the Online Offer and closes their device (e.g., browser or mobile app).
  • Persistent cookies: These remain stored even after the device is closed. For example, they may keep a user logged in or display preferred content when the user revisits the site. Data collected using cookies may also be used for audience measurement. If we do not explicitly state the type and duration of cookies (e.g., during consent collection), users should assume cookies are persistent and may be stored for up to two years.

General Information on Withdrawal and Objection (Opt‑Out):

Depending on whether processing is based on consent or legal permission, you may withdraw any consent you have previously given at any time or object to the processing of your data through cookie technologies (collectively referred to as “opt‑out”). You may first express your objection through your browser settings, for example by disabling the use of cookies (though this may limit the functionality of our Online Offer). An objection to the use of cookies for online marketing purposes can also be submitted through various services—particularly in the case of tracking—via the websites https://optout.aboutads.info and https://www.youronlinechoices.com.
In addition, you may find further instructions on how to object within the information provided by the individual service providers and cookies used.

Processing Cookie Data Based on Consent: We use a cookie consent‑management procedure through which users’ consent to the use of cookies—or to the processing and providers referenced within the consent‑management process—is obtained, managed, and revoked. The consent declaration is stored to avoid having to request it again and to document the consent in accordance with legal requirements. Storage may take place server‑side and/or in a cookie (known as an opt‑in cookie or using comparable technologies) in order to associate the consent with a specific user or their device. Unless otherwise specified by the cookie‑management providers, the following applies: the consent may be stored for up to two years. A pseudonymous user identifier is created and stored together with the time of consent, information regarding the scope of the consent (e.g., which categories of cookies and/or service providers were approved), and technical details about the browser, operating system, and device used.

Cookie Settings / Opt‑Out Options: If you use a cookie consent banner (which is recommended), you can insert the option to access it here (e.g., a link or a so‑called [shortcode] that your software automatically converts into a button or link).

Notes on the processing of cookie data based on consent: You should only keep this option (and otherwise remove it) if you collect a “real” opt‑in, meaning explicit user consent to the use of cookies (for example through so‑called “cookie consent / consent / opt‑in banners” or as part of a registration process).

Since, according to the European Court of Justice, a cookie opt‑in is generally required when using marketing tools commonly used in e‑commerce (such as Google Analytics or Facebook Pixel), this option is preselected.

This means that before users have given their consent, you do not set any cookies and do not use any third‑party services within your website that themselves set cookies. The only permissible cookies prior to consent are those strictly necessary and reasonably expected by users, such as a shopping cart function in an online store or local audience measurement using the Matomo tool.

 

Commercial and business services

We process the data of our contractual and business partners, such as customers and prospective customers (collectively referred to as “contract partners”), within the framework of contractual and comparable legal relationships, as well as related measures and communication with the contract partners (including pre‑contractual communication), for example to respond to inquiries.

We process this data to fulfill our contractual obligations, to safeguard our rights, and for administrative purposes associated with such information, as well as for business organization. We only disclose the data of contract partners to third parties in accordance with applicable law and only to the extent necessary for the aforementioned purposes, for compliance with legal obligations, or based on the consent of the individuals concerned (for example to telecommunications, transport, and other support services, subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Contract partners are informed of any additional forms of processing, such as for marketing purposes, within this privacy policy.

Which data is required for the aforementioned purposes is communicated to the contract partners before or during the data collection process, for example in online forms, through specific markings (such as colors) or symbols (such as asterisks), or personally.

We delete the data after the expiry of statutory warranty periods and comparable obligations, generally after four years, unless the data is stored in a customer account, for example if it must be retained for legal reasons (typically ten years for tax purposes). Data that has been disclosed to us by the contract partner within the scope of an assignment is deleted in accordance with the terms of the assignment, generally upon completion of the assignment.

Customer account: Contract partners may create an account within our online offering (for example a customer or user account, referred to as a “customer account”). If the registration of a customer account is required, contract partners will be informed of this as well as of the information necessary for registration. Customer accounts are not public and cannot be indexed by search engines. During registration, subsequent logins, and the use of the customer account, we store the IP addresses of customers along with the times of their access in order to document the registration and prevent any misuse of the customer account.
When customers have terminated their customer account, the data relating to the customer account is deleted, unless its retention is required for legal reasons. It is the customer’s responsibility to secure their data before the customer account is terminated.
Economic analyses and market research: For business management purposes and to identify market trends and the preferences of contract partners and users, we analyze the data available to us relating to business transactions, contracts, inquiries, and similar matters, whereby the affected groups may include contract partners, prospective customers, customers, visitors, and users of our online offering.
The analyses are carried out for the purpose of business evaluations, marketing, and market research (for example to identify customer groups with different characteristics). In doing so, we may, where available, take into account the profiles of registered users along with their information, such as the services they have used. The analyses are for our internal purposes only and are not disclosed externally unless they involve anonymous analyses with aggregated, anonymized values. Furthermore, we respect the privacy of users and process the data for analytical purposes in a pseudonymized manner wherever possible and, where feasible, in an anonymized form (for example as aggregated data).
Shop and e‑commerce: We process the data of our customers in order to enable them to select, purchase, or order the desired products, goods, and related services, as well as to facilitate payment and delivery or performance. If required for the execution of an order, we use service providers, in particular postal, freight, and shipping companies, to carry out the delivery or performance for our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The information required for this is identified as such during the ordering or comparable purchase process and includes the details necessary for delivery, provision, and billing, as well as contact information needed for any necessary follow‑up communication.

 

  • Types of data processed: master data (e.g., names, addresses), payment data (e.g., bank account details, invoices, payment history), contact data (e.g., email addresses, phone numbers), contract data (e.g., contract subject matter, duration, customer category), usage data (e.g., websites visited, interest in content, access times), meta and communication data (e.g., device information, IP addresses).
  • Categories of data subjects: prospective customers, business and contractual partners, customers.
  • Purposes of processing: performance of contractual services and customer support, handling contact inquiries and communication, administrative and organizational procedures, management and response to inquiries, security measures, evaluation of visitor actions, interest‑based and behavioral marketing, profiling (creation of user profiles).
  • Legal bases: performance of a contract and pre‑contractual requests (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

 

Payment service providers

In the context of contractual and other legal relationships, due to legal obligations or based on our legitimate interests, we offer the affected individuals efficient and secure payment options and, in addition to banks and credit institutions, use other payment service providers (collectively referred to as “payment service providers”).

The data processed by the payment service providers includes master data such as name and address, banking information such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract‑related, transaction‑related, and recipient‑related information. This information is required in order to carry out the transactions. However, the data entered is processed and stored exclusively by the payment service providers. This means that we do not receive any account or credit card details, but only information confirming whether a payment was successful or declined. In some cases, the payment service providers may transmit data to credit agencies for the purpose of identity and credit checks. For this, we refer to the terms and conditions and privacy notices of the respective payment service providers.
For payment transactions, the terms and conditions and privacy notices of the respective payment service providers apply, which are accessible on their respective websites or transaction applications. We also refer to these for further information and for asserting rights of withdrawal, access, and other data subject rights.
  • Types of data processed: master data (such as names and addresses), payment data (such as bank account details, invoices, payment history), contract data (such as contract subject matter, duration, customer category), usage data (such as websites visited, interest in content, access times), and meta or communication data (such as device information and IP addresses).
  • Affected individuals: customers, prospective customers.
  • Purposes of processing: performance of contractual services and customer service.
  • Legal bases: performance of a contract and pre‑contractual requests (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Services and service providers used:

Provision of the online offer and web hosting

To provide our online offering securely and efficiently, we use the services of one or more web‑hosting providers whose servers (or servers managed by them) allow the online offering to be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

The data processed in the course of providing the hosting services may include all information relating to the users of our online offering that arises in the context of use and communication. This regularly includes the IP address, which is necessary to deliver the content of online offerings to browsers, as well as all entries made within our online offering or on websites.

E-Mail-Versand und -Hosting: Die von uns in Anspruch genommenen Webhosting-Leistungen umfassen ebenfalls den Versand, den Empfang sowie die Speicherung von E-Mails. Zu diesen Zwecken werden die Adressen der Empfänger sowie Absender als auch weitere Informationen betreffend den E-Mailversand (z.B. die beteiligten Provider) sowie die Inhalte der jeweiligen E-Mails verarbeitet. Die vorgenannten Daten können ferner zu Zwecken der Erkennung von SPAM verarbeitet werden. Wir bitten darum, zu beachten, dass E-Mails im Internet grundsätzlich nicht verschlüsselt versendet werden. Im Regelfall werden E-Mails zwar auf dem Transportweg verschlüsselt, aber (sofern kein sogenanntes Ende-zu-Ende-Verschlüsselungsverfahren eingesetzt wird) nicht auf den Servern, von denen sie abgesendet und empfangen werden. Wir können daher für den Übertragungsweg der E-Mails zwischen dem Absender und dem Empfang auf unserem Server keine Verantwortung übernehmen.

Erhebung von Zugriffsdaten und Logfiles: Wir selbst (bzw. unser Webhostinganbieter) erheben Daten zu jedem Zugriff auf den Server (sogenannte Serverlogfiles). Zu den Serverlogfiles können die Adresse und Name der abgerufenen Webseiten und Dateien, Datum und Uhrzeit des Abrufs, übertragene Datenmengen, Meldung über erfolgreichen Abruf, Browsertyp nebst Version, das Betriebssystem des Nutzers, Referrer URL (die zuvor besuchte Seite) und im Regelfall IP-Adressen und der anfragende Provider gehören.

The server log files may be used for security purposes, for example to prevent server overload (in particular in the case of abusive attacks such as DDoS attacks), and also to ensure the utilization and stability of the servers.

  • Types of data processed: content data (such as entries in online forms), usage data (such as websites visited, interest in content, access times), and meta or communication data (such as device information and IP addresses).
  • Affected individuals: users (such as website visitors and users of online services).
  • Legal bases: legitimate interests (Art. 6(1)(f) GDPR).

Contact

When contacting us (e.g. via contact form, email, telephone, or social media), the details of the inquiring persons will be processed to the extent necessary to respond to the contact requests and any requested measures.

The response to contact inquiries within the context of contractual or pre‑contractual relationships is carried out in order to fulfill our contractual obligations or to respond to (pre‑)contractual requests, and is otherwise based on our legitimate interests in responding to such inquiries.

  • Types of data processed: master data (such as names and addresses), contact data (such as email addresses and phone numbers), content data (such as entries in online forms), usage data (such as websites visited, interest in content, access times), and meta or communication data (such as device information and IP addresses).
  • Affected individuals: communication partners, prospective customers.
  • Purposes of processing: contact inquiries and communication, administration and response to inquiries.
  • Legal bases: performance of a contract and pre‑contractual requests (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Services and service providers used:

  • Contact form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context in order to handle the request. For this purpose, we process personal data within the framework of pre‑contractual and contractual business relationships insofar as this is necessary for their fulfillment, and otherwise on the basis of our legitimate interests as well as the interests of the communication partners in having their inquiries answered, as well as our legal retention obligations.

Web analysis, monitoring and optimization

Web analysis (also referred to as “reach measurement”) serves to evaluate the visitor flows of our online offering and may include pseudonymous information about visitor behavior, interests, or demographic characteristics such as age or gender. With the help of reach measurement, we can determine, for example, at what times our online offering or its functions or content are used most frequently or encourage repeat use. We can also identify which areas require optimization.

In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offering or its components.

For these purposes, user profiles may be created and stored in a file (referred to as a “cookie”), or similar procedures may be used for the same purpose. Such information may include, for example, viewed content, visited websites and the elements used there, as well as technical details such as the browser used, the computer system in use, and information on usage times. If users have consented to the collection of their location data, this data may also be processed depending on the provider.

IP addresses of users are also collected. However, we use an IP‑masking procedure (that is, pseudonymization by shortening the IP address) to protect users. In general, no plain‑text user data (such as email addresses or names) is stored as part of web analysis, A/B testing, or optimization; instead, pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask users for their consent to use third‑party services, the legal basis for processing the data is that consent. Otherwise, user data is processed on the basis of our legitimate interests (that is, our interest in efficient, economical, and user‑friendly services). In this context, we also refer you to the information regarding the use of cookies in this privacy policy.

  • Types of data processed: usage data (such as websites visited, interest in content, access times) and meta or communication data (such as device information and IP addresses).
  • Affected individuals: users (such as website visitors and users of online services).
  • Purposes of processing: audience measurement (such as access statistics and identification of returning visitors), tracking (such as interest‑ or behavior‑based profiling and the use of cookies), analysis of visitor actions, profiling (creation of user profiles).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: consent (Art. 6(1)(a) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Services and service providers used:

  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analytical information to a device in order to understand which content users have accessed within one or multiple usage processes, which search terms they have used, whether they have returned to certain content, or how they have interacted with our online offering. The time and duration of use are also stored, as well as the sources that refer users to our online offering and technical details of their devices and browsers. Pseudonymous user profiles may be created using information from the use of different devices, and cookies may be used in the process. In Analytics, data about the geographical location is provided at a higher level, with metadata collected via IP lookup including “city” (and the derived latitude and longitude of the city), “continent”, “country”, “region”, “subcontinent” (and their ID‑based equivalents). To protect user data within the EU, Google receives and processes all user data through domains and servers located within the EU. The IP address of users is not logged and is shortened by the last two digits by default. This IP truncation takes place on EU servers for EU users. In addition, all sensitive data collected from users in the EU is deleted before it is captured through EU domains and servers. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: consent (Art. 6(1)(a) GDPR); website: https://marketingplatform.google.com/intl/de/about/analytics/; privacy policy: https://policies.google.com/privacy; data processing agreement: https://business.safety.google/adsprocessorterms/; basis for third‑country transfer: Data Privacy Framework, Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); opt‑out option: opt‑out plugin at https://tools.google.com/dlpage/gaoptout?hl=de, ad settings at https://adssettings.google.com/authenticated; further information: https://privacy.google.com/businesses/adsservices (types of processing and data processed).
  • Google Tag Manager is a solution that allows us to manage so‑called website tags through an interface and thereby integrate other services into our online offering (for further details, please refer to additional information in this privacy policy). The Tag Manager itself (which implements the tags) does not create user profiles or store cookies. Google only receives the user’s IP address, which is necessary to execute the Google Tag Manager; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; privacy policy: https://policies.google.com/privacy; data processing agreement: https://business.safety.google/adsprocessorterms; basis for third‑country transfer: Data Privacy Framework, Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); further information: https://privacy.google.com/businesses/adsservices (types of processing and data processed).

 

Plugins and embedded functions as well as content

We integrate functional and content elements into our online offering that are retrieved from the servers of their respective providers (referred to as “third‑party providers”). These may include, for example, graphics, videos, social media buttons, or posts (collectively referred to as “content”).

The integration of such content always requires that the third‑party providers of these elements process the users’ IP address, since they cannot send the content to the users’ browsers without the IP address. The IP address is therefore necessary for displaying these contents or functions. We make every effort to use only those contents whose providers use the IP address solely for delivering the content. Third‑party providers may also use so‑called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through these pixel tags, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users’ devices and may include technical information about the browser and operating system, referring websites, visit times, and other details regarding the use of our online offering, and may also be combined with such information from other sources.

Notes on legal bases: If we ask users for their consent to use third‑party providers, the legal basis for processing the data is that consent. Otherwise, user data is processed on the basis of our legitimate interests (that is, our interest in efficient, economical, and user‑friendly services). In this context, we also refer you to the information on the use of cookies provided in this privacy policy.

  • Types of data processed: usage data (such as websites visited, interest in content, access times), meta or communication data (such as device information and IP addresses), location data (information on the geographical position of a device or a person), content data (such as entries in online forms), master data (such as names and addresses), and contact data (such as email addresses and telephone numbers).
  • Affected individuals: users (such as website visitors and users of online services), communication partners.
  • Purposes of processing: provision of our online offering and user‑friendliness, performance of contractual services and customer support, contact inquiries and communication, tracking (such as interest‑ or behavior‑based profiling and the use of cookies), interest‑based and behavioral marketing, profiling (creation of user profiles), security measures, administration and response to inquiries.
  • Legal bases: legitimate interests (Art. 6(1)(f) GDPR), consent (Art. 6(1)(a) GDPR), performance of a contract and pre‑contractual requests (Art. 6(1)(b) GDPR).

Services and service providers used:

  • Google Fonts: We integrate the fonts (“Google Fonts”) provided by Google, whereby user data is used solely for the purpose of displaying the fonts in the users’ browsers. The integration is based on our legitimate interests in a technically secure, maintenance‑free, and efficient use of fonts, their uniform display, and in consideration of potential licensing restrictions regarding their integration; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://fonts.google.com/; privacy policy: https://policies.google.com/privacy.
  • Google Maps: We integrate the maps of the “Google Maps” service provided by Google. The data processed may include, in particular, the users’ IP addresses and location data, which, however, are not collected without their consent (usually granted within the settings of their mobile devices); service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://cloud.google.com/maps-platform; privacy policy: https://policies.google.com/privacy; opt‑out option: opt‑out plugin at https://tools.google.com/dlpage/gaoptout?hl=de, ad settings at https://adssettings.google.com/authenticated.
  • reCAPTCHA: We integrate the “reCAPTCHA” function to determine whether entries (for example in online forms) are made by humans or by automated systems (“bots”). The data processed may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with reCAPTCHA on other websites, and, in some cases, cookies as well as the results of manual verification steps (such as answering questions or selecting objects in images); service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.google.com/recaptcha/; privacy policy: https://policies.google.com/privacy; opt‑out option: opt‑out plugin at https://tools.google.com/dlpage/gaoptout?hl=de, ad settings at https://adssettings.google.com/authenticated.

Deletion of data

The data we process is deleted in accordance with legal requirements as soon as the consent permitting its processing is withdrawn or other permissions no longer apply (for example when the purpose for processing this data no longer exists or the data is no longer required for that purpose).

If the data is not deleted because it is required for other purposes permitted by law, its processing is restricted to those purposes. This means that the data is blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or to data whose storage is necessary for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person.

Further information regarding the deletion of personal data may also be provided within the individual data protection notices contained in this privacy policy.

Changes and updates to this privacy policy

We ask that you regularly inform yourself about the content of our privacy policy. We update the privacy policy whenever changes to our data processing activities make this necessary. We will inform you if such changes require an action on your part (for example consent) or any other form of individual notification.

Sofern wir in dieser Datenschutzerklärung Adressen und Kontaktinformationen von Unternehmen und Organisationen angeben, bitten wir zu beachten, dass die Adressen sich über die Zeit ändern können und bitten die Angaben vor Kontaktaufnahme zu prüfen.

Rights of data subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data that is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
  • Right of access: You have the right to request confirmation as to whether personal data concerning you is being processed, as well as access to this data and additional information, and to receive a copy of the data in accordance with legal requirements.
  • Right to rectification: In accordance with legal requirements, you have the right to request the completion of data concerning you or the correction of inaccurate data relating to you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be deleted without delay, or, alternatively, to request a restriction of the processing of such data in accordance with legal requirements.
  • Right to data portability: You have the right to receive the data concerning you that you have provided to us, in a structured, commonly used, and machine‑readable format, or to request that it be transmitted to another controller, in accordance with legal requirements.
  • Right to lodge a complaint with a supervisory authority: In accordance with legal requirements, you also have the right to file a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work, or the place of the alleged violation, if you believe that the processing of your personal data violates the GDPR.

Definitions

In this section, you will find an overview of the terminology used in this privacy policy. Many of the terms are taken from the law and are defined primarily in Article 4 of the GDPR. These legal definitions are binding. The following explanations, however, are intended mainly to aid understanding. The terms are listed in alphabetical order.

Conversion tracking: “Conversion tracking” refers to a method used to determine the effectiveness of marketing measures. For this purpose, a cookie is typically stored on users’ devices within the websites where the marketing activities take place and retrieved again on the target website. This enables us, for example, to determine whether the advertisements we placed on other websites were successful.

  • Credit assessment: Automated decisions are based on automated data processing without human involvement (for example in the case of an automatic rejection of a purchase on account, an online loan application, or an online application process without any human interaction). Such automated decisions are only permitted under Article 22 GDPR if the individuals concerned provide consent, if they are necessary for the fulfillment of a contract, or if national laws permit such decisions.
  • Cross‑device tracking: Cross‑device tracking is a form of tracking in which behavioral and interest‑based information about users is recorded across multiple devices in so‑called profiles by assigning users an online identifier. This allows user information to be analyzed for marketing purposes regardless of the browsers or devices used (for example mobile phones or desktop computers). The online identifier is not linked to plain‑text data such as names, postal addresses, or email addresses in most systems.
  • IP masking: “IP masking” refers to a method in which the last octet, meaning the last two numbers of an IP address, is removed so that the IP address can no longer be used to uniquely identify a person. IP masking is therefore a means of pseudonymizing processing procedures, particularly in online marketing.
  • Interest‑based and behavioral marketing: Interest‑based and/or behavioral marketing refers to the practice of determining users’ potential interests in advertisements and other content as accurately as possible. This is done on the basis of information about their past behavior (for example visiting certain websites and spending time on them, purchasing behavior, or interactions with other users), which is stored in a so‑called profile. Cookies are generally used for these purposes.
  • Conversion measurement: Conversion measurement is a method used to determine the effectiveness of marketing activities. For this purpose, a cookie is typically stored on the users’ devices within the websites where the marketing activities take place and then retrieved again on the target website. This allows us, for example, to determine whether the advertisements we placed on other websites were successful.
  • Personal data: “Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (such as a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiling: “Profiling” refers to any type of automated processing of personal data in which this personal data is used to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include information relating to age, gender, location and movement data, interaction with websites and their content, purchasing behavior, or social interactions with others). Cookies and web beacons are frequently used for profiling purposes.
  • Audience measurement: Audience measurement (also referred to as web analytics) is used to evaluate visitor flows to an online offering and may include analyzing visitor behavior or interests in certain information such as website content. With the help of audience analysis, website operators can determine, for example, at what times visitors access their website and which content they are interested in. This enables them to better adapt website content to the needs of their visitors. Pseudonymous cookies and web beacons are frequently used for audience measurement in order to recognize returning visitors and obtain more accurate insights into the use of an online offering.
  • Remarketing: “Remarketing” or “retargeting” refers to the practice of noting which products a user has shown interest in on a website, for example for advertising purposes, in order to remind the user of these products on other websites, such as through advertisements.
  • Location data: Location data is generated when a mobile device (or another device with the technical capability for location determination) connects to a cell tower, a Wi‑Fi network, or similar technical intermediaries and location‑determining functions. Location data indicates the geographically identifiable position of the device on Earth. Such data can be used, for example, to display map functions or other information that depends on a specific location.
  • Tracking: “Tracking” refers to the practice of monitoring user behavior across multiple online services. As a rule, behavioral and interest‑based information related to the online services used is stored in cookies or on the servers of the providers of tracking technologies (so‑called profiling). This information can then be used, for example, to display advertisements to users that are likely to match their interests.
  • Controller: A “controller” is the natural or legal person, authority, institution, or other entity that, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: “Processing” refers to any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and includes virtually any handling of data, such as collecting, evaluating, storing, transmitting, or deleting it.
  • Audience targeting: “Audience targeting” (also referred to as “custom audiences”) refers to the process of defining target groups for advertising purposes, such as displaying advertisements. For example, based on a user’s interest in certain products or topics on the internet, it may be inferred that the user is likely to be interested in advertisements for similar products or for the online shop in which they viewed those products. “Lookalike audiences” (or similar audience groups) refer to situations in which content deemed suitable is shown to users whose profiles or interests presumably match those of the users from whom the original profiles were derived. Cookies and web beacons are typically used for the creation of custom audiences and lookalike audiences.