Customer Data

Customer Data Summary Data Subjects
👥: Customers or Business and Contractual Partners
🤝 Purpose: Provision of the contractually or pre-contractually agreed services, including related communication
📓 Processed data: Name, address, contact details, e-mail address, telephone number, payment information (such as invoices and bank details), contract data (such as term and subject matter of the contract), IP address, order data
📅 Storage period: the data will be deleted as soon as it is no longer required for the performance of our business purposes and there is no legal obligation to retain it.
⚖️ Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR), contract (Art. 6 para. 1 lit. b GDPR)

What is customer data?

In order to be able to offer our service or our contractual services, we also process data of our customers and business partners. This data always includes personal data. Customer data is understood to be all information that is processed on the basis of a contractual or pre-contractual cooperation in order to be able to provide the services offered. So, customer data is all the collected information that we collect and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important one is that we simply need different data to provide our services. Sometimes your e-mail address is enough, but if you purchase a product or service, for example, we also need data such as name, address, bank details or contract details. We then also use the data for marketing and sales optimizations so that we can improve our overall service to our customers. Another important point is our customer service, which is always very close to our hearts. We want you to be able to come to us at any time with questions about our offers and for this we need at least your e-mail address.

What data is processed?

At this point, exactly which data is stored can only be reproduced on the basis of categories. This always depends on which services you receive from us. In some cases, you simply provide us with your email address so that we can get in touch with you or answer your questions, for example. In other cases, you purchase a product or service from us and for this we need significantly more information, such as your contact details, payment details and contract details.

Here is a list of possible data that we receive and process from you:

• Name
• Contact Address
• E-mail-Address
• Telephone number
• Date of birth
• Payment data (invoices, bank details, payment history, etc.)
• Contract data (duration, content)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)
• 
  

How long is the data stored?

As soon as we no longer need the customer data to fulfil our contractual obligations and our purposes and the data is also not necessary for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. According to this, the limitation period is usually 3 years, although longer periods are possible in individual cases. Of course, we also comply with the legal retention obligations. Your customer data will certainly not be passed on to third parties if you have not explicitly given your consent to do so.

Legal basis

The legal basis for the processing of your data is Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (contract or pre-contractual measures), Art. 6 (1) (f) GDPR (legitimate interests) and, in special cases (e.g. in the case of medical services), Art. 9 (2) (a) GDPR (processing of special categories).

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 (2) (c) GDPR. For the purposes of health care, occupational medicine, medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Art. 9 (2) (h) GDPR. If you voluntarily provide special category data, the processing will be carried out on the basis of Art. 9 (2) (a) GDPR.

Registrierung

Registrierung Zusammenfassung 
👥 Betroffene: Alle Personen, die sich registrieren, ein Konto anlegen, sich anmelden und das Konto nutzen.
📓 Verarbeitete Daten: E-Mail-Adresse, Name, Passwort und weitere Daten, die im Zuge der Registrierung, Anmeldung und Kontonutzung erhoben werden.
🤝 Zweck: Zurverfügungstellung unserer Dienstleistungen. Kommunikation mit Kunden in Zusammenhang mit den Dienstleistungen. 
📅 Speicherdauer: Solange das mit den Texten verbundene Firmenkonto besteht und danach i.d.R. 3 Jahre.
⚖️ Rechtsgrundlagen: Art. 6 Abs. 1 lit. b DSGVO (Vertrag), Art. 6 Abs. 1 lit. a DSGVO (Einwilligung), Art. 6 Abs. 1 lit. f DSGVO (Berechtigte Interessen)   Wenn Sie sich bei uns registrieren, kann es zur Verarbeitung personenbezogener Daten kommen, sofern Sie Daten mit Personenbezug eingeben bzw. Daten wie die IP-Adresse im Zuge der Verarbeitung erfasst werden. Was wir mit dem doch recht sperrigen Begriff “personenbezogene Daten” meinen, können Sie weiter unten nachlesen.

Bitte geben Sie nur solche Daten ein, die wir für die Registrierung benötigen und für die Sie die Freigabe eines Dritten haben, falls Sie die Registrierung im Namen eines Dritten durchführen. Verwenden Sie nach Möglichkeit ein sicheres Passwort, welches Sie sonst nirgends verwenden und eine E-Mail-Adresse, die Sie regelmäßig abrufen.

Im Folgenden informieren wir Sie über die genaue Art der Datenverarbeitung, denn Sie sollen sich bei uns wohl fühlen!

Was ist eine Registrierung?

Bei einer Registrierung nehmen wir bestimmte Daten von Ihnen entgegen und ermöglichen es Ihnen sich später bei uns einfach online anzumelden und Ihr Konto bei uns zu verwenden. Ein Konto bei uns hat den Vorteil, dass Sie nicht jedes Mal alles erneut eingeben müssen. Spart Zeit, Mühe und verhindert letztendlich Fehler bei der Erbringung unserer Dienstleistungen.

Warum verarbeiten wir personenbezogene Daten?

Kurz gesagt verarbeiten wir personenbezogene Daten, um die Erstellung und Nutzung eines Kontos bei uns zu ermöglichen. 
  Würden wir das nicht tun, müssten Sie jedes Mal alle Daten eingeben, auf eine Freigabe von uns warten und alles noch einmal eingeben. Das fänden wir und viele, viele Kunden nicht so gut. Wie würden Sie das finden?

Welche Daten werden verarbeitet?

Alle Daten, die Sie im Zuge der Registrierung angegeben haben, bei der Anmeldung eingeben oder im Rahmen der Verwaltung Ihrer Daten im Konto eingeben.

Bei der Registrierung verarbeiten wir folgende Arten von Daten: 

• Vorname
• Nachname
• E-Mail-Adresse
• Firmenname
• Straße + Hausnummer
• Wohnort
• Postleitzahl
• Land

Bei der Anmeldung verarbeiten wir die Daten, die Sie bei der Anmeldung eingeben wie zum Beispiel Benutzername und Passwort und im Hintergrund erfasste Daten wie Geräteinformationen und IP-Adressen.

Bei der Kontonutzung verarbeiten wir Daten, die Sie während der Kontonutzung eingeben und welche im Rahmen der Nutzung unserer Dienstleistungen erstellt werden.

Speicherdauer

Wir speichern die eingegebenen Daten zumindest für die Zeit, solange das mit den Daten verknüpfte Konto bei uns besteht und verwendet wird, solange vertragliche Verpflichtungen zwischen uns bestehen und, wenn der Vertrag endet, bis die jeweiligen Ansprüche daraus verjährt sind. Darüber hinaus speichern wir Ihre Daten solange und soweit wir gesetzlichen Verpflichtungen zur Speicherung unterliegen. Danach bewahren wir zum Vertrag gehörige Buchungsbelege (Rechnungen, Vertragsurkunden, Kontoauszüge u.a.) sowie sonstige relevante Geschäftsunterlagen für die gesetzlich vorgeschriebene Dauer (i.d.R. einige Jahre) auf.

Widerspruchsrecht

Sie haben sich registriert, Daten eingegeben und möchten die Verarbeitung widerrufen? Kein Problem. Wie Sie oben lesen können, bestehen die Rechte laut Datenschutz-Grundverordnung auch bei und nach der Registrierung, Anmeldung oder dem Konto bei uns. Kontaktieren Sie den weiter oben stehenden Verantwortlichen für Datenschutz, um Ihre Rechte wahrzunehmen. Sollten Sie bereits ein Konto bei uns haben, können Sie Ihre Daten und Texte ganz einfach im Konto einsehen bzw. verwalten.

Rechtsgrundlage

Mit Durchführung des Registrierungsvorgangs treten Sie vorvertraglich an uns heran, um einen Nutzungsvertrag über unsere Plattform zu schließen (wenn auch nicht automatisch eine Zahlungspflicht entsteht). Sie investieren Zeit, um Daten einzugeben und sich zu registrieren und wir bieten Ihnen unsere Dienstleistungen nach Anmeldung in unserem System und die Einsicht in Ihr Kundenkonto. Außerdem kommen wir unseren vertraglichen Verpflichtungen nach. Schließlich müssen wir registrierte Nutzer bei wichtigen Änderungen per E-Mail am Laufenden halten. Damit trifft Art. 6 Abs. 1 lit. b DSGVO (Durchführung vorvertraglicher Maßnahmen, Erfüllung eines Vertrags) zu.

Gegebenenfalls holen darüber hinaus auch Ihre Einwilligung ein, z.B. wenn Sie freiwillig mehr als die unbedingt notwendigen Daten angeben oder wir Ihnen Werbung senden dürfen. Art. 6 Abs. 1 lit. a DSGVO (Einwilligung) trifft somit zu.

Wir haben außerdem ein berechtigtes Interesse, zu wissen, mit wem wir es zu tun haben, um in bestimmten Fällen in Kontakt zu treten. Außerdem müssen wir wissen wer unsere Dienstleistungen in Anspruch nimmt und ob sie so verwendet werden, wie es unsere Nutzungsbedingungen vorgeben, es trifft also Art. 6 Abs. 1 lit. f DSGVO (Berechtigte Interessen) zu.

Hinweis: folgende Abschnitte sind von Usern (je nach Bedarf) anzuhaken:

Registrierung mit Klarnamen

Da wir im geschäftlichen Betrieb wissen müssen, mit wem wir es zu tun haben, ist die Registrierung nur mit Ihrem richtigen Namen (Klarnamen) möglich und nicht mit Pseudonymen.

Registrierung mit Pseudonymen

Bei der Registrierung können Pseudonyme verwendet werden, das heißt Sie müssen sich bei uns nicht mit Ihrem richtigen Namen registrieren. Damit ist sichergestellt, dass Ihr Name nicht von uns verarbeitet werden kann. 

Speicherung der IP-Adresse

Im Zuge der Registrierung, Anmeldung und Kontonutzung speichern wir aus Sicherheitsgründen die IP-Adresse im Hintergrund, um die rechtmäßige Nutzung feststellen zu können.

Öffentliche Profil

Die Nutzerprofile sind öffentlich sichtbar, d.h. man kann Teile des Profils auch ohne Angabe von Benutzername und Passwort im Internet sehen.

2-Faktor-Authentifizierung (2FA)

Eine Zwei-Faktor-Authentifizierung (2FA) bietet zusätzlich Sicherheit bei der Anmeldung, da sie verhindert, dass man sich z.B. ohne Smartphone anmeldet. Diese technische Maßnahme zur Absicherung Ihres Kontos schützt Sie also vor dem Verlust von Daten oder unzulässigen Zugriffen auch wenn Benutzername und Passwort bekannt wären.  Welches 2FA zum Einsatz kommt, erfahren Sie bei der Registrierung, Anmeldung und im Konto selbst.

Web Hosting Introduction

Web hosting Summary
👥 Data subjects: Visitors to the website
🤝 Purpose: professional hosting of the website and safeguarding of operations
📓 Processed data: IP address, time of website visit, browser used and other data. You can find more details below or from the respective web hosting provider.
📅 Storage period: depending on the respective provider, but usually 2 weeks
⚖️ Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is web hosting?

Today, when you visit websites, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, by the way, we mean the entirety of all websites on a domain, i.e. everything from the homepage to the very last subpage (like this one). By domain, for example, we mean beispiel.de or musterbeispiel.com.

If you want to view a website on a computer, tablet, or smartphone, use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We call it browser or web browser for short.

To view the website, the browser must connect to another computer where the website's code is stored: the web server. The operation of a web server is a complicated and time-consuming task, which is why this is usually done by professional providers. They offer web hosting and thus ensure reliable and error-free storage of data from websites. A lot of technical terms, but please stay tuned, it gets even better!

When the browser connects to your computer (desktop, laptop, tablet or smartphone) and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server also needs to store data for a while to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the Internet and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and safeguarding of its operation
2. to maintain operational and IT security
3. Anonymous evaluation of access behaviour to improve our offer and, if necessary, for criminal prosecution or prosecution of claims

What data is processed?

Even while you are visiting our website, our web server, which is the computer on which this website is stored, usually automatically stores data such as

• the complete Internet address (URL) of the accessed website
• Browser and browser version (e.g. Chrome 87)
• The operating system used (e.g. Windows 10)
• die Adresse (URL) der zuvor besuchten Seite (Referrer URL) (z. B. https://www.beispielquellsite.de/vondabinichgekommen/)
• The hostname and IP address of the device being accessed (e.g., COMPUTER NAME and 194.23.43.121)
• Date and Time
• in files, the so-called web server log files

How long is data stored?

As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed by authorities in the event of unlawful conduct.

In short, your visit is logged by our provider (the company that runs our website on special computers (servers), but we do not share your data without consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 (1) (f) GDPR (safeguarding legitimate interests), because the use of professional hosting with a provider is necessary in order to be able to present the company on the Internet in a secure and user-friendly way and, if necessary, to be able to prosecute attacks and claims arising from this.

As a rule, there is a contract for order processing in accordance with Art. 28 et seq. GDPR between us and the hosting provider, which ensures compliance with data protection and guarantees data security.

1&1 IONOS Web Hosting Privacy Policy

To host our website, we use the web hosting services of the company IONOS by 1&1. In Germany, 1&1 IONOS SE is headquartered at Elgendorfer Str. 57 in 56410 Montabaur.

What is 1&1 IONOS Web Hosting?

IONOS offers the following web hosting services: Domain, Website & Shop, Hosting & WordPress, Marketing, Email & Office, IONOS Cloud and Server. With over 22 million domains, almost 9 million customer contracts and 100,000 servers, IONOS is one of the biggest German top dogs in the field of web hosting.
We have already mentioned it in our introductory words on the subject of web hosting: through hosting, data about you or your device is also stored on the IONOS servers. First and foremost, your IP address, which is known to be personal data, is stored. In addition, technical data such as the URL of our website, the name of the Internet browser or which operating system you are using are also stored.

Why do we use 1&1 IONOS web hosting?

IONOS was founded in Germany in 1988 and thus has over 30 years of experience under its belt. But that doesn't mean the company isn't constantly evolving in terms of technology. In our view, it is precisely this combination of experience and innovative spirit that provides a good basis for our website. After all, we want our website to run smoothly 24 hours a day while maintaining a high level of security. Since IONOS does not limit monthly data traffic and provides a lot of storage space, our website remains powerful even with many visitors. We are very satisfied with the speed of the website and the price-performance ratio currently fits our requirements.

You can find much more information about data protection at IONOS in the privacy policy on https://www.ionos.de/terms-gtc/datenschutzerklaerung/. If you have any further questions about data protection, you can also contact the IONOS data protection team by sending an email to datenschutz@ionos.de.

Order Processing Agreement (DPA) IONOS

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a data processing agreement (DPA) with IONOS. You can read exactly what a DPA is and, above all, what must be included in a DPA in our general section "Data Processing Agreement (DPA)".

This contract is required by law because IONOS processes personal data on our behalf. It clarifies that IONOS may only process data that you receive from us in accordance with our instructions and must comply with the GDPR. The link to the Data Processing Agreement (DPA) can be found under https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Web Analytics Introduction

Web Analytics Privacy Policy Summary
👥 Data subjects: Visitors to the website
🤝 Purpose: Evaluation of visitor information to optimize the web offer.
📓 Processed data: Access statistics that include data such as locations of accesses, device data, access duration and time, navigation behavior, click behavior and IP addresses. You can find more details on this in the web analytics tool used in each case.
📅 Storage period: depending on the web analytics tool
⚖️ used Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Web Analytics?

On our website, we use software to evaluate the behaviour of website visitors, known as web analytics or web analysis for short. This collects data that is stored, managed, and processed by the respective analytics tool provider (also known as a tracking tool). With the help of the data, analyses of user behaviour on our website are created and made available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors. For this purpose, we show you two different offers for a limited period of time. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles can also be created and the data can be stored in cookies.

Why do we do web analytics?

With our website, we have a clear goal in mind: we want to provide the best web offer on the market for our industry. To achieve this goal, we want to offer the best and most interesting offer on the one hand and make sure that you feel completely comfortable on our website on the other. With the help of web analysis tools, we can take a closer look at the behaviour of our website visitors and then improve our website accordingly for you and us. For example, we can see how old our visitors are on average, where they come from, when our website is visited the most, or what content or products are particularly popular. All this information helps us to optimize the website and thus adapt it to your needs, interests and wishes.

What data is processed?

Of course, exactly which data is stored depends on the analysis tools used. However, as a rule, for example, what content you view on our website, which buttons or links you click, when you call up a page, which browser you use, with which device (PC, tablet, smartphone, etc.) you are visiting the website or what computer system you are using. If you agreed that location data may also be collected, this may also be processed by the web analysis tool provider.

In addition, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored pseudonymized (i.e. in an unrecognizable and abbreviated form). For the purpose of testing, web analysis and web optimization, no direct data such as your name, age, address or e-mail address is stored. All this data, if it is collected, is stored pseudonymously. This means that you cannot be identified as a person.

The following example schematically shows how Google Analytics works as an example of client-based web tracking with Java script code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of the data processing below, if we have further information. In general, we only process personal data for as long as it is strictly necessary for the provision of our services and products. If it is required by law, as in the case of accounting, for example, this storage period can also be exceeded.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 (1) (a) GDPR (consent), this consent represents the legal basis for the processing of personal data as it may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors and thus improving our offer technically and economically. With the help of web analytics, we can detect website errors, identify attacks and improve profitability. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). Nevertheless, we only use the tools if they have given their consent.

Since web analytics tools use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data about you is stored and processed, you should read the privacy policies of the respective tools.

Information on specific web analytics tools, if available, can be found in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary
👥 Data subjects: Visitors to the website
🤝 Purpose: Evaluation of visitor information to optimize the web offer.
📓 Processed data: Access statistics that include data such as access locations, device data, access duration and time, navigation behavior and click behavior. You can find more details about this further down in this privacy policy.
📅 Storage period: individually adjustable, by default Google Analytics 4 stores data for 14 months
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

On our website, we use the analysis tracking tool Google Analytics in the version Google Analytics 4 (GA4) of the American company Google Inc. For Europe, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. However, by combining different technologies such as cookies, device IDs and login information, you as a user can be identified across different devices. This allows your actions to be analyzed across platforms.

For example, if you click on a link, this event is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us better tailor our website and service to your preferences. In the following, we will go into more detail about the tracking tool and, above all, inform you about what data is processed and how you can prevent it.

Google Analytics is a tracking tool that is used to analyze the traffic of our website. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not contain any personal data such as name or address, but is used to assign events to an end device. GA4 uses an event-based model that captures detailed information about user interactions such as page views, clicks, scrolling, and conversion events. In addition, various machine learning functions have also been built into GA4 to better understand user behavior and certain trends. GA4 relies on modelling with the help of machine learning functions. This means that missing data can also be extrapolated on the basis of the collected data in order to optimize the analysis and also to be able to make forecasts.

In order for Google Analytics to work in principle, a tracking code is built into the code of our website. When you visit our website, this code records various events that you perform on our website. GA4's event-based data model allows us as website owners to define and track specific events to obtain analytics of user interactions. Thus, in addition to general information such as clicks or page views, special events that are important for our business can also be tracked. Such special events can be, for example, sending a contact form or purchasing a product.

As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports on your user behavior. These can include the following reports:

• Audience reports: Audience reports help us get to know our users better and know more about who is interested in our service.
• Ad Reporting: Ad reporting helps us analyze and improve our online advertising.
• Acquisition Reports: Acquisition reports give us helpful information on how we can attract more people to our service.
• Behavioral Reports: This is where we learn how you interact with our website. We can track which route you take on our site and which links you click.
• Conversion reporting: Conversion is the process of taking a desired action based on a marketing message. For example, when you go from being a mere website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing efforts are resonating with you. This is how we want to increase our conversion rate.
• Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are reading this text right now.

In addition to the analytics reports mentioned above, Google Analytics 4 also offers the following features, among others:

• Event-based data model: This model captures very specific events that may take place on our website. For example, playing a video, buying a product, or signing up for our newsletter.
• Advanced analytics features: These features allow us to better understand your behavior on our website or certain general trends. For example, we can segment user groups, carry out comparative analyses of target groups or trace your path or path on our website.
• Predictive modeling: Based on collected data, machine learning can be used to extrapolate missing data that predicts future events and trends. This can help us develop better marketing strategies.
• Cross-platform analysis: The collection and analysis of data from both websites and apps is possible. This gives us the opportunity to analyze user behavior across platforms, provided that you have of course consented to data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it can be found more easily by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. We therefore know very well what we need to improve on our website in order to offer you the best possible service. The data also serves us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What data does Google Analytics store?

Google Analytics uses a tracking code to create a random, unique ID associated with your browser cookie. Google Analytics recognizes you as a new user and a user ID is assigned to you. The next time you visit our site, you will be recognized as a "returning" user. All collected data is stored together with this user ID. This is the only way to evaluate pseudonymous user profiles.

In order to be able to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each new property created, the Google Analytics 4 property is the default. Depending on the property used, data is stored for different lengths of time.

Through labels such as cookies, app instance IDs, user IDs or user-defined event parameters, your interactions are measured across platforms, if you have consented. Interactions are all kinds of actions that you take on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we as the website operator authorize it. Exceptions may be made if required by law.

According to Google, Google Analytics 4 does not log or store IP addresses. However, Google uses the IP address data to derive location data and deletes it immediately afterwards. All IP addresses collected from users in the EU are therefore deleted before the data is stored in a data center or on a server.

Because Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions (such as Google Universal Analytics). Nevertheless, there are some specific cookies used by GA4. These include, for example:

Name: _ga
Value: 2.1326744211.152312682902-5
Purpose: By default, analytics.js uses the cookie _ga to store the user ID. Basically, it serves to distinguish website visitors.
Expiration date: after 2 years

Name: _gid
Value: 2.1687193234.152312682902-1
Purpose: The cookie is also used to distinguish website visitors
Expiry date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Usage: Used to lower the request rate. When Google Analytics is provided through Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.
Expiration date: after 1 minute

Note: This list cannot claim to be complete, as Google changes the choice of its cookies from time to time. GA4 also aims to improve data protection. Therefore, the tool offers a few ways to control data collection. For example, we can set the storage duration ourselves and also control the data collection.

Here's an overview of the main types of data collected with Google Analytics:

Heat maps: Google creates so-called heat maps. Heatmaps show exactly the areas you click on. This gives us information about where you are on our site.

Session Duration: Session duration is the amount of time you spend on our site without leaving the page. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce rate is when you only look at one page on our website and then leave our website.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, shortly before the IP address is deleted, derivatives are used for location data.

Technical information: Technical information may include your browser type, Internet service provider, or screen resolution.

Source of origin: Google Analytics or we are of course also interested in which website or advertising you came to our site.

Other data includes contact details, any ratings, playing media (e.g. when you play a video through our site), sharing content via social media or adding it to your favourites. The list is not exhaustive and only serves as a general orientation of data storage by Google Analytics.

How long and where is the data stored?

Google has distributed their servers all over the world. You can read exactly where Google's data centers are located here: https://www.google.com/about/datacenters/locations/?hl=de

Your data is distributed on different physical data carriers. This has the advantage that the data can be retrieved more quickly and is better protected against manipulation. Every Google data center has emergency programs for your data. If, for example, Google's hardware fails or natural disasters paralyze servers, the risk of a service interruption at Google remains low.

The retention period of the data depends on the properties used. The storage period is always set separately for each individual property. Google Analytics offers us four options to control the storage period:

• 2 months: this is the shortest storage period.
• 14 months: by default, GA4 stores data for 14 months.
• 26 months: you can also store the data for 26 months.
• Data is not deleted until we delete it manually

In addition, there is also the option that data will only be deleted if you no longer visit our website within the period we have chosen. In this case, the retention period will be reset each time you visit our website again within the specified period.

When the specified period has expired, the data is deleted once a month. This retention period applies to your data that is linked to cookies, user recognition and advertising IDs (e.g. cookies of the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a fusion of individual data into a larger unit.

How can I delete my data or prevent data from being stored?

Under European Union data protection law, you have the right to access, update, delete or restrict your data. You can use the Google Analytics JavaScript Opt-Out Browser Add-on (analytics.js, gtag.js) to prevent Google Analytics 4 from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables data collection by Google Analytics.

If you want to deactivate, delete or manage cookies in general, you will find the corresponding links to the respective instructions of the most popular browsers under the section "Cookies".

Legal basis

The use of Google Analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 (1) (a) GDPR (consent), this consent represents the legal basis for the processing of personal data as it may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors and thus improving our offer technically and economically. With the help of Google Analytics, we can detect website errors, identify attacks and improve profitability. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Google Analytics if you have given your consent.

Google processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the US. You can find more information on https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called standard contractual clauses (= Art. 46 paras. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we have been able to provide you with the most important information about data processing in Google Analytics. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

If you want to learn more about data processing, use the Google privacy policy on https://policies.google.com/privacy?hl=de.

Social Media Introduction

Social Media Privacy Policy Summary
👥 Data subjects: Visitors to the website
🤝 Purpose: Presentation and optimisation of our service, contact with visitors, interested parties, etc., advertising Processed
📓 data: Data such as telephone numbers, e-mail addresses, contact data, data on user behaviour, information about your device and your IP address.
You can find more details on this in the social media tool used in each case.
📅 Storage period: depending on the social media platforms
⚖️ used Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Social Media?

In addition to our website, we are also active on various social media platforms. In doing so, user data may be processed so that we can specifically address users who are interested in us via social networks. In addition, elements of a social media platform may also be embedded directly into our website. This is the case, for example, if you click on a so-called social button on our website and are redirected directly to our social media presence. So-called social media or social media are websites and apps through which registered members can produce content, exchange content openly or in certain groups and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. With our social media presences, we can bring our products and services closer to interested parties. The social media elements embedded on our website help you to switch to our social media content quickly and without complications.

The data that is stored and processed through your use of a social media channel is primarily intended to be able to carry out web analyses. The aim of these analyses is to be able to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can be used to draw appropriate conclusions about your interests and create so-called user profiles. This also makes it possible for the platforms to present you with tailor-made advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behavior.

We usually assume that we remain responsible under data protection law, even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is then reproduced below at the affected platform.

Please note that when using the social media platforms or our built-in elements, data about you may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may no longer be able to easily assert or enforce your rights in relation to your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective provider of the social media platform. But usually it is data such as telephone numbers, e-mail addresses, data you enter into a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the social media channel you visited and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers' servers. This means that only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly what data is stored and processed by the social media providers and how they can object to data processing, you should carefully read the respective privacy policy of the company. If you have any questions about data storage and data processing or would like to assert corresponding rights, we recommend that you contact the provider directly.

Duration of data processing

We will inform you about the duration of the data processing below, if we have further information. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. However, customer data that is compared with your own user data is deleted within two days. In general, we only process personal data for as long as it is strictly necessary for the provision of our services and products. If it is required by law, as in the case of accounting, for example, this storage period can also be exceeded.

Right to object

You also have the right and option to withdraw your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent the collection of data by cookies by managing, deactivating or deleting cookies in your browser.

Since cookies can be used in social media tools, we also recommend that you read our general privacy policy on cookies. To find out exactly what data about you is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored through integrated social media elements, this consent is considered the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, if you have given your consent, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy on cookies and look at the privacy policy or cookie policy of the respective service provider.

You can find information about specific social media platforms, if any, in the following sections.

Purpose: This cookie stores the log-in request for users of the Instagram app.
Expiration date: after the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiration date: after the end of the session

Name: urlgen
Value: "{"194.96.75.33": 1901}:1iEtYv:Y833k2_UjKvXgYe312682902"
Purpose: This cookie is used for Instagram's marketing purposes.
Expiration date: after the end of the session

Note: We cannot claim to be complete here. Which cookies are set in each individual case depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information it receives between Facebook companies, with external partners, and with people you connect with around the world. Data processing is carried out in compliance with its own data policy. Your data is distributed on Facebook servers around the world, among other things for security reasons. Most of these servers are located in the USA.

How can I delete my data or prevent data from being stored?

Thanks to the General Data Protection Regulation, you have the right to information, portability, correction and deletion of your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you need to delete your Instagram account permanently.

Here's how Instagram account deletion works:

First, open the Instagram app. On your profile page, go down and click on "Help Section". Now you come to the company's website. On the website, click on "Manage Account" and then click on "Delete Your Account".

If you delete your account entirely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you is not part of your account and therefore will not be deleted.

As mentioned above, Instagram primarily stores your data through cookies. You can manage, disable or delete these cookies in your browser. Depending on your browser, the administration always works a little differently. Under the "Cookies" section, you will find the corresponding links to the respective instructions of the most popular browsers.

You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to your data being processed and stored through integrated social media elements, this consent is considered the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy on cookies and look at the privacy policy or cookie policy of the respective service provider.

Instagram processes your data in the USA, among other places. Instagram or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure data transfer of personal data of EU citizens to the USA. You can find more information on https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Instagram uses so-called standard contractual clauses (= Art. 46 paras. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Instagram undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We have tried to bring you closer to the most important information about data processing by Instagram. On https://privacycenter.instagram.com/policy/,  you can take a closer look at Instagram's data policies.

Payment Provider Introduction

Payment Provider Privacy Policy Summary
👥 Affected: Visitors to the website
🤝 Purpose: Enabling and optimizing the payment process on our website
📓 Data processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data
You can find more details in the payment provider tool you use.
📅 Storage period: depends on the payment provider used
⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract)

What is a payment provider?

We use online payment systems on our website that enable us and you to make payments safely and smoothly. Personal data may also be sent to the respective payment provider, stored there and processed there. Payment providers are online payment systems that allow you to place an order via online banking. The payment is processed by the payment provider you have chosen. We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks that do not offer or accept such payment methods.

Why do we use payment providers on our website?

We naturally want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and use our offers. We know that your time is valuable and that payment transactions in particular must work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.

Which data is processed?

Which data is processed depends, of course, on the respective payment provider. However, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are generally stored. This is necessary data in order to be able to carry out a transaction at all. In addition, any contract data and user data, such as when you visit our website, which content you are interested in or which subpages you click on, can also be stored. Your IP address and information about the computer you are using are also stored by most payment providers.

The data is usually stored and processed on the payment providers' servers. We as website operators do not receive this data. We are only informed whether the payment was successful or not. Payment providers may forward data to the relevant department for identity and credit checks. The business and data protection principles of the respective provider always apply to all payment transactions. Therefore, please always read the general terms and conditions and the data protection declaration of the payment provider. You also have the right to have data deleted or corrected at any time, for example. Please contact the respective service provider regarding your rights (right of withdrawal, right to information and right to be affected).

Duration of data processing

We will inform you about the duration of data processing below if we have further information. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products. If it is required by law, such as in the case of accounting, this storage period can also be exceeded. For example, we keep accounting documents relating to a contract (invoices, contract documents, bank statements, etc.) for 10 years (Section 147 AO) and other relevant business documents for 6 years (Section 247 HGB) after they arise.

Right of objection

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the person responsible for the payment provider used at any time. You can find contact details either in our specific data protection declaration or on the website of the relevant payment provider.

You can delete, deactivate or manage cookies that payment providers use for their functions in your browser. This works in different ways depending on which browser you use. Please note, however, that the payment process may then no longer work.

Legal basis

In addition to traditional banking/credit institutions, we also offer other payment service providers for the processing of contractual or legal relationships (Article 6, Paragraph 1, Letter b of GDPR). The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) provide you with a detailed overview of data processing and data storage. In addition, you can always contact the responsible persons if you have any questions about data protection-related topics. Information about the specific payment providers – if available – can be found in the following sections.

PayPal privacy policy

PayPal Privacy Policy Summary 

👥 Affected: Visitors to the website

🤝 Purpose: Optimizing the payment process on our website 

📓 Data processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data can be processed.

You can find more details about this in this privacy policy. 

📅 Storage period: Data is generally stored until the cooperation with PayPal is terminated

⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (contract execution), Art. 6 para. 1 lit. a GDPR (consent)

What is PayPal?

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal Europe (S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.

With PayPal, all users can send and receive money electronically. The company was founded in 1998 and is now one of the best-known and largest online payment service providers in the world with over 325 million active customers.

Why do we use PayPal for our website?

There are various reasons why we use PayPal and offer it on our website. Since PayPal is one of the best-known online payment providers, many of our website visitors also use and trust this service. PayPal also offers high security standards for digital money transfers. The service uses various encryption methods to protect your personal data as best as possible. We also appreciate the ease of use of PayPal and the possibility of international payments in various currencies. Transactions are usually completed very quickly, which is another advantage for both us and you as a customer.

What data does PayPal process?

In its privacy policy, PayPal distinguishes between different categories of personal data that can be processed through the use of the service. These include login and contact data, identification and signature data, payment information, information on imported contacts, data from your account profile, device data such as your IP address, location data and so-called derived data. This refers to information that can be derived through transactions or other data. This can include purchasing habits, behavioral patterns, creditworthiness or personal preferences.

Then there is also personal data collected by third parties (such as identity verifiers, fraud detection providers or your bank). This data includes information from credit reporting agencies, transaction data, regulatory information, technical usage data, location data and also derived data.

PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons and widgets to recognize you as a user, customize content and conduct analytics for interest-based advertising.

How long and where is the data stored?

In principle, PayPal stores data for as long as it is necessary to fulfil its obligations and for the purpose. Personal data that is necessary for the customer relationship is stored for up to 10 years after the relationship has ended. If PayPal is subject to a legal obligation, the retention period for personal data is determined by the applicable law (e.g. insolvency law). PayPal also stores personal data for as long as necessary if retention is advisable in view of legal disputes.

Since PayPal is a global company, the service also has data centers around the world where your data can be stored. This means that your data can also be stored on PayPal servers outside your country and outside the scope of the GDPR.

How can I delete my data or prevent data storage?

You have the right to information, correction or deletion and restriction of the processing of your personal data at any time. You can also revoke your consent to the processing of the data at any time.

If you generally want to deactivate, delete or manage cookies, you will find the relevant links to the instructions for the most popular browsers under the “Cookies” section.

Legal basis

We have a legitimate interest in integrating an external payment service with PayPal and thus making our offer more attractive and improving it technically and economically. The legal basis for this is Art. 6 Paragraph 1 Letter f of GDPR (Legitimate Interests). We would like to point out that you can only use PayPal if you enter into a contractual relationship with PayPal. In this case, it may be necessary to provide further data protection and contractual declarations (e.g. consent).

PayPal processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

PayPal uses so-called standard contractual clauses (= Art. 46, Paragraphs 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about the standard contractual clauses and the data processed through the use of PayPal, please see the privacy policy on https://www.paypal.com/webapps/mpp/ua/privacy-full

Closing remarks

As you can see from the scope of our privacy policy, we do not take the protection of your personal data lightly.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. We do not only want to tell you which data is processed, but also explain the reasons for using various software programs. Data protection declarations usually sound very technical and legal. However, since most of you are not web developers or lawyers, we wanted to take a different approach linguistically and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the data protection declaration.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible party. We wish you a pleasant stay and hope to welcome you back to our website soon.

All texts are protected by copyright.

Source: Created with the Data Protection Generator by AdSimple.

Last update: December 4, 2023.