Privacy policy

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used. Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person (data subject), e.g. name, address, e-mail addresses, user behaviour. This is data with which we can identify you. In addition, you will also find information on data processing processes outside of this website (e.g. video conferences or newsletters).

Person responsible for data processing

Responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR) CHRONEXT AG c/o Donum Consulting AG
Industriestrasse 6 6300 ZugCH +41 41 588 06 84 support@chronext.com

Data Protection Officer exkulpa gmbhWaldfeuchter Str. 26652525 HeinsbergPhone : 02452 / 99 33 11E-mail : datenschutz@chronext.com

General

This privacy statement complies with the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour when visiting a website. Information for which we cannot (or can only with disproportionate effort) establish a link to your person, e.g. through anonymisation, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose. Stored personal data are deleted as soon as the purpose of the processing has been achieved and there are no legitimate grounds for further retention of the data. We will inform you in the individual processing operations about the specific storage periods or criteria for storage. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and if there are statutory retention obligations.

Information according to Art. 13 DS-GVO

This information is intended for customers, interested parties, suppliers and employees. Your personal data will be processed by us for the following purposes:

• To fulfil our contractual obligations to you (Art. 6 para. 1 lit. b DSGVO).
• To carry out pre-contractual obligations (Art. 6 para. 1 lit. b DSGVO).
• To respond to enquiries (Art. 6 para. 1 lit. b DSGVO).
• If you have given us your consent to process your personal data for certain purposes (for example, to receive our newsletter), the data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO).
• To fulfil legal obligations to which our company is subject (Art. 6 para. 1 lit. c DSGVO).
• To the extent necessary, we also process your data to protect our legitimate interests, in particular to assert legal claims and defend ourselves in legal disputes or to ensure IT security, to consult and exchange data with credit agencies to determine creditworthiness and default risks, for direct advertising and market research insofar as you have not objected to the use of your data for this purpose, for measures to manage business and further develop services and products, for measures to optimise products and sales, for measures to manage risk, to prevent or investigate criminal offences (Art. 6 para. 1 lit. f DSGVO).

Categories of recipients of personal data

Within our company, only those employees have access to the data who absolutely need it to perform their tasks (need-to-know principle). Individual processes and services are carried out by carefully selected service providers who are based within the EEA and who comply with data protection regulations. If service providers commissioned by us receive access to personal data when performing your services, order processing agreements have been concluded with them in accordance with Art. 28 (3) DSGVO.

Duration of data storage

The data processed by us is stored for the duration of the existence and processing of the contractual relationship and in compliance with statutory retention periods. These are, in particular, retention obligations under commercial and tax law in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular retention and documentation periods are up to ten years. If there is no contractual relationship, we only process the data for as long as the specific purpose requires.

Your data subject rights

As a data subject, you have the following rights with regard to the personal data concerning you:

• Right to information about the data we process about you.
• Right to rectification or deletion if incorrect, out of date or unlawfully collected by us.
• Right to restriction of processing if complete deletion is not possible, e.g. because we have to comply with statutory retention obligations.
• Right to object to processing where the data processing is based on a balance of interests (the so-called legitimate interest), as described above under "Purpose of the processing". This is the case if the processing is not necessary, in particular, for the performance of a contract with you. When exercising your right to object, we ask you to explain the reasons why we should not process your data as we have done. Of course, you can also object to the processing of your personal data for advertising purposes at any time. Please send your objection to our address given in the imprint or write us an e-mail to the address given in the imprint.
• Right of revocation if you have given us consent to process your data. You can assert your right of revocation against our company at any time without giving reasons. To do so, please contact us at the address given in the imprint.
• In addition, you have the right to complain to a data protection supervisory authority about the processing of your personal data by our company. If you have any questions regarding data protection, please contact us by e-mail at the address given in the imprint.

Cookies

Cookies are small text files that are sent by us to the browser of your end device when you visit our website and are stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, however, enable us to carry out various analyses, so that we are able, for example, to recognise the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses. We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.

Your rights

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject: Information pursuant to Art. 15 DSGVO on the data stored about you in the form of meaningful information on the details of the processing as well as a copy of your data; Correction according to Art. 16 DSGVO of incorrect or incomplete data stored by us; Deletion pursuant to Art. 17 DSGVO of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims; Restriction of processing pursuant to Art. 18 DSGVO, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you object to their deletion because you need them for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO. Data portability pursuant to Art. 20 DSGVO, insofar as you have provided us with personal data within the scope of consent pursuant to Art. 6 Para. 1 lit. a DSGVO or on the basis of a contract pursuant to Art. 6 Para. 1 lit. b DSGVO and these have been processed by us with the aid of automated procedures. You will receive your data in a structured, common and machine-readable format or we will transfer the data directly to another responsible party, insofar as this is technically feasible. Objection according to Art. 21 DSGVO against the processing of your personal data, insofar as this is carried out on the basis of Art. 6 Para. 1 lit. e, f DSGVO and there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding compelling legitimate grounds for the processing can be demonstrated or the processing is carried out for the assertion, exercise or defence of legal claims. Where the right to object does not exist for individual processing operations, this is indicated there. Revocation pursuant to Art. 7 (3) DSGVO of your consent with effect for the future. Complain to a supervisory authority pursuant to Art. 77 DSGVO if you believe that the processing of your personal data violates the DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

Data processing in detail

In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

Provision of the website

When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which the access is made (referrer URL)
• Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider. Our website is not hosted by ourselves, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 DSGVO for the purpose of providing the website. The hoster is used for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). We use the following hoster: FRONTASTIC GmbH Eichenaue 14 48157 Münster Contact form

Nature and scope of the processing

When you send us enquiries (e.g. via contact form, e-mail or telephone), we store all data resulting from this (e.g. name, e-mail address, subject of the enquiry, etc.). We need this data to process your enquiry and to be able to answer follow-up questions. We do not pass on this data without your consent.

Purpose and legal basis

The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if you have given it beforehand.

Storage period

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.

Zenloop

We use services and functions of zenloop on this website, which are offered by zenloop GmbH, Habersaathstraße 58, 10115 Berlin, Germany. We use zenloop, a business-to-business software-as-a-service platform, for customer surveys and product reviews. We share your email address with the provider so they can send you an invitation to the survey. When you use the feedback tool, zenloop collects information about your location, device and browser, and the website you came from. zenloop also uses cookies and similar technologies to collect information about users in general. In addition, zenloop stores your survey responses. When using zenloop, we rely on your consent pursuant to Art. 6 para. 1 lit. a DS-GVO as the legal basis for the processing and disclosure of your personal data. You can revoke your consent at any time. You can find more information on data processing in zenloop's privacy policy at https://www.zenloop.com/de/legal/privacy.

Job processing

We have concluded an order processing agreement (AVV) with zenloop for data processing. The contract guarantees that zenloop will only process the data collected through the analysis according to our instructions and will comply with the regulations of the General Data Protection Regulation (DS-GVO). Contact form for applicants

Nature and scope of the processing

You have the opportunity to apply to us on our website (e.g. by e-mail, post or via the online application form).

Purpose and legal basis

We process the personal data of applicants in accordance with the legal requirements for the purpose of processing the application procedure and carrying out pre-contractual measures within the meaning of Art. 6 para. 1 lit. b. DSGVO and § 26 BDSG according to German law (initiation of an employment relationship) and - if you have given your consent - Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application. If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 (1) lit. b DSGVO for the purpose of implementing the employment relationship.

Storage period

Your data will be stored for a period of 6 months beyond the end of the application process. This is usually done to fulfil legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or anonymise your data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of women or men in applications, number of applications per period, etc.). If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.

Admission to the applicant pool

As part of the application process, we offer applicants the opportunity to be included in our "talent pool" for a period of 12 months on the basis of consent within the meaning of Art. 6 Para. 1 lit. a. DS-GVO to be included. The application documents in the talent pool will be processed solely in the context of future job advertisements and the employee search and will be destroyed at the latest after the deadline. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future. If you receive an offer of employment with us as part of the application process and accept it, we store the personal data collected as part of the application process for at least the duration of the employment relationship.

Newsletter

We offer you our newsletter on this website. If you would like to subscribe to it, we need your e-mail address and other data proving that it is your e-mail address and that you agree to receive the newsletter. No other personal data is collected unless you provide it voluntarily (e.g. name, telephone number, place of residence, etc.). When processing the data you provide when registering for the newsletter, we rely exclusively on your consent pursuant to Art. 6 (1) lit. a DS-GVO as the legal basis. You can revoke your consent to the processing and storage of your personal data at any time (e.g. via the "unsubscribe" link in the newsletter) for the future. We store your personal data that you have provided for the purpose of receiving the newsletter until you unsubscribe from the newsletter with us or the dispatch service provider. This does not apply to data that we have stored from you for other purposes. If you unsubscribe from the newsletter mailing list, your email address will be stored in a blacklist by us or the mailing service provider for an indefinite period of time. This is done to prevent future mailings to you. The data from the blacklist will only be used for this purpose and will not be merged with other data. This is not only in your interest, but also in our legitimate interest according to Art. 6 para. 1 lit. f DS-GVO to fulfil our legal obligations when sending newsletters. You can object to the storage if your personal interests outweigh our legitimate interest.

Emarsys

This website uses Emarsys to send newsletters. The provider is Emarsys eMarketing Systems AG, Stralauer Platz 34, 10243 Berlin. Emarsys is a service that organises and analyses the sending of newsletters. Data that you enter to receive newsletters (e.g. your email address) is stored on Emarsys' servers.

Data analysis by Emarsys

Emarsys offers the possibility to view the performance of our newsletter. We can determine whether a newsletter was opened, which links were clicked on and which further actions were carried out after opening/clicking on the newsletter, e.g. a purchase. This allows us to analyse and evaluate our newsletter campaigns with the help of Emarsys. In addition, Emarsys offers the possibility to better adapt the newsletter to our target groups by dividing the newsletter recipients according to different categories, such as age, gender or place of residence. If you are against analysis by Emarsys, you can unsubscribe from the newsletter by clicking on a link. This link is available in every newsletter you receive.

Legal basis

The processing of the data is based on your consent (Art. 6 para. 1 lit. a DS-GVO). This consent can be revoked at any time. The lawfulness of the data processing operations already carried out remains unaffected. You can find the Emarsys privacy policy here: https://emarsys.com/de/datenschutzrichtlinie/.

Storage period

Data that you provide to us for the purpose of sending the newsletter will be stored by us or the newsletter service provider. This applies until you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this. If you unsubscribe from our newsletter, we may store your email address in a blacklist. In this way, we ensure that we do not send newsletters to people who have unsubscribed. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves your and our interest (Art. 6 para. 1 lit. f DS-GVO) with regard to compliance with the legal requirements for newsletter dispatch. The storage of your data in the blacklist is not limited in time. You have the right to object to the storage of data if your interest outweighs our legitimate interest.

Job processing

To ensure that personal data is processed according to our specifications and in compliance with the GDPR, we have concluded a contract on commissioned processing (GCP) with the provider.

Registration of a customer account

Processing customer and contract data

We collect, process and use your personal data only insofar as they are necessary for the establishment, amendment or fulfilment of a legal relationship. This is done for the fulfilment of a contract or pre-contractual measures according to Art. 6 para. 1 lit. b DSGVO. The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transmission ¬upon conclusion of a contract for online shops, traders and dispatch of goods

We only transmit personal data if this is necessary for the processing of the contract, for example to shipping service providers or the credit institution commissioned with the processing of payments. Any further transmission of data will not take place or will only take place if you have expressly consented to the transmission. The basis for data processing is the fulfilment of a contract or pre-contractual measures pursuant to Art. 6 para. 1 lit. b DSGVO.

Credit checks

In the case of a purchase on account or any other method of payment for which we make advance payments, we may carry out a credit assessment (scoring). For this purpose, we transmit your entered data (e.g. name, address, age or bank details) to a credit agency. Based on this data, the probability of a payment default is determined. In the event of an excessive risk of non-payment, we may refuse the payment method in question. Under certain circumstances, we or the payment service provider carry out a credit check. The payment service provider uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes e.g. name, address, age or bank data. The basis for data processing is the fulfilment of a contract or pre-contractual measures according to Art. 6 para. 1 lit. b DSGVO, as well as for the prevention of payment defaults (legitimate interest according to Art. 6 para. 1 lit. f DSGVO). If you have previously given your consent to data processing, the processing of your data will take place solely on the basis of Art. 6 para. 1 lit. a DS-GVO; the consent can be revoked at any time.

Payment services

We integrate third-party payment services on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing; the respective contract and data protection provisions of the respective providers apply. The basis for the data processing is the fulfilment of a contract or pre-contractual measures according to Art. 6 para. 1 lit. b DSGVO as well as in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f DSGVO). If you have previously given your consent to data processing, the processing of your data will take place solely on the basis of Art. 6 para. 1 lit. a DS-GVO; the consent can be revoked at any time. The payment processing of the payment methods provided is carried out via the payment service provider Adyen (Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands). To ensure that personal data is processed according to our specifications and in compliance with the GDPR, we have concluded a contract on commissioned processing (GCP) with the provider. For the purpose of fraud prevention and detection, we transmit your IP address to Adyen. All data is transmitted in encrypted form. Adyen collects and stores the data and only shares it with the companies involved in the payment process. In addition, we use SIFT SCIENCE, INC., 525 Market St Fl 6, San Francisco, CA 94105-2714, USA to prevent fraud in our shop. We offer the following payment methods:

German Bank

The provider of this payment service is Deutsche Bank AG, Taunusanlage 12, 60235 Frankfurt am Main (hereinafter "Deutsche Bank"). For details, please refer to Deutsche Bank's privacy policy: https://www.deutsche-bank.de/pk/lp/datenschutz.html.

CreditPlus

The provider of this payment service is CreditPlus Bank AG, Augustenstraße 7, 70178 Stuttgart (hereinafter "CreditPlus"). For details, please refer to the CreditPlus privacy policy: https://www.creditplus.de/datenschutz.

Ratepay

The provider of this payment service is Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin, Germany (hereinafter "Ratepay"). Ratepay offers various payment options (e.g. hire purchase). If you choose to pay with Ratepay, your personal data will be passed on to Ratepay for the purpose of invoice processing. For further information on data processing, please refer to Ratepay's privacy policy: https://www.ratepay.com/datenschutz/.

American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter "American Express"). American Express may transfer data to its parent company in the USA. The data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/. For more information, please see the American Express privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard"). Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter "VISA"). The United Kingdom is considered a safe third country under data protection law. This means that the UK has a level of data protection that is equivalent to the level of data protection in the European Union. VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html. For more information, please see VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. For details, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Presence on social media platforms

Data processing by social networks

We operate publicly accessible profiles on social networks. The social networks we use in detail can be found below. Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour extensively. By visiting our social media presences, the following data protection-relevant processing operations are triggered: If you are logged into your social media account and visit our profile, the operator of this social medium can track this visit. Independently of this, the operator may also process your data (e.g. IP address) under certain circumstances if you are not logged into your account or you do not have an account at all. The operator summarises this data in user profiles in which your preferences and interests are stored. These profiles are used to display personalised advertising inside and outside the respective social media presence. If you have an account with the respective social network, the personalised advertising can be displayed on all devices on which you are or were logged in. Depending on the platform, further processing operations may be carried out by the operators of the social media portals; we have no influence on this. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes carried out by the operators of the social networks may be based on different legal bases, which are to be specified by the respective providers.

Responsible person and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook). Despite the joint responsibility with the social media portal operators, we have no full influence on the data processing procedures of the portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected. We have no influence on the storage period of the data collected by the social networks. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Facebook page

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data collected is also transferred to the USA and other third countries. We have entered into a Joint Processing Agreement (Controller Addendum) with Facebook which sets out which data processing operations we and Facebook are responsible for. You can view this agreement at the following link: https://www.facebook.com/legal/terms/pagecontrolleraddendum. You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EUdatatransfer_addendum and https://de-de.facebook.com/help/566994660333381. You can find more information on data processing by Facebook at https://www.facebook.com/about/privacy/.

Instagram page

We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EUdatatransfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381. For details on how they handle your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.

Twitter page

We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. You can adjust your Twitter privacy settings yourself in your user account. To do so, click on the following link and log in: https://twitter.com/personalization. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. For details, please refer to Twitter's privacy policy: https://twitter.com/de/privacy.

LinkedIn page

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you would like to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. For details on how they handle your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

Video conferencing

Data processing

We use online conferencing tools to communicate with our clients. The specific tools we use are listed below. When you communicate with us via video or audio conferencing, your personal data will be collected and processed by us and the provider of the relevant tool. The tools collect the data you provide, including your email address and phone number. They also process the duration of the conference, when you attended the conference, number of participants and other metadata. In addition, the provider of the tool processes all technical data that are necessary for the handling of the conference. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speakers, and the type of connection. When you share content in this service, it is stored on the providers' servers. This includes cloud recordings, chat messages, voice messages and photos and videos you have shared while using this service. Please note that we do not have full influence on the data processing procedures of the tools used. For further information on data processing by the conference tools, please refer to the data protection declarations of the respective tools used.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b DSGVO). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO). If you have previously given your consent to data processing, your data will be processed solely on the basis of Art. 6 para. 1 lit. a DS-GVO; your consent can be revoked at any time.

Storage period

The data collected directly by us via the video and conference tools is deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Twilio

Type and scope of data transmissionOur

website uses functions of the communication platform Twilio Inc. , Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA. We use Twilio to generate tokens and to send SMS and voice. Twilio is a customer engagement platform that makes communication programmable. The company helps us integrate communication channels such as voice (phone) and SMS using APIs to create a better customer experience for our customers. Twilio takes care of provisioning a phone number, sending and receiving SMS and additionally interfaces (API) with which the sending and receiving of SMS can be controlled. We use these interfaces to control all SMS communication. For this purpose, we transmit your telephone number to Twilio, where it is stored. Twilio stores the content and data, but guarantees not to pass on or sell personal data to third parties. In addition, you can request deletion of personal data at any time, provided that this does not prevent the execution of business functions.

Purpose and legal basis

The legal basis for the use of Twilio is Art. 6 para. lit. b DS-GVO. Twilio offers the conclusion of standard contractual clauses to legitimise the transfer of data. Further information on data protection can be found in Twilio's privacy policy at https://www.twilio.com/legal/privacy.

Matomo

Type and scope of data transmission

We use services and functions of the open source web analytics service Matomo (formerly Piwik) on this website. Matomo allows us to analyse the user behaviour of our website visitors and to determine, for example, at what times and from which location the visitors viewed a particular page. Furthermore, we collect and store data such as IP addresses, browser used and operating systems. This information helps us to understand what you have done on our website (e.g. clicked on certain pages, made purchases, etc.). Matomo uses technologies (e.g. cookies or fingerprinting systems) to recognise visitors when they return to the website. The information that Matomo collects about how you use this website is stored on our server. Your IP address is anonymised before it is stored.

Purpose and legal basis

When using Matomo, we rely on Art. 6 (1) lit. f DS-GVO as the legal basis for processing personal data, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online presence and offers for you. If you have previously given your consent to the processing of data on this website by Matomo, the processing of your data takes place solely on the legal basis of Art. 6 (1) lit. a DS-GVO. You can revoke your consent at any time.

IP anonymisation

When using Matomo on this website, we use a function in which your IP address is shortened before analysis so that it can no longer be clearly assigned to you.

Hosting

The data is hosted by XAD spoteffects GmbH, Saarstraße 7, D-80797 Munich. To ensure that personal data is processed according to our specifications and in compliance with the DS-GVO, we have concluded a contract on commissioned processing (AVV) with spoteffects.

AWIN

Nature and scope of the processing

We participate in affiliate partner programmes. The operator of the affiliate network is AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter: "AWIN"). If you click on an advertisement for our website and then buy something, we receive money from the companies that advertise with us. For this to work, our advertising partners need to be able to track that you have clicked on an ad and then bought the product. They do this using cookies or similar technologies.

Purpose and legal basis

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the correct calculation of its affiliate remuneration. If you have previously given your consent to data processing, the processing of your data will take place solely on the basis of Art. 6 para. 1 lit. a DS-GVO; the consent can be revoked at any time. We are jointly responsible with AWIN and, where applicable, with the advertiser for data processing in connection with the affiliate programme. We have concluded a joint processing agreement with the provider, according to which you as a data subject can contact any of the controllers with your concern. This agreement is available in AWIN's T&Cs under the following link: https://s3.amazonaws.com/docs.awin.com/Legal/Publisher+Terms/2020/DE+Publisher+Terms+GDPR+Annex.pdf.

AWS CloudFront

Nature and scope of the processing

We use AWS CloudFront to properly deliver the content on our website. AWS CloudFront is a service provided by Amazon Web Services, Inc. which acts as a Content Delivery Network (CDN) on our website. A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Amazon Web Services, Inc., whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of AWS CloudFront.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Amazon Web Services, Inc. Further information can be found in the privacy policy for AWS CloudFront: https://aws.amazon.com/de/privacy/.

Bing Ads

Nature and scope of the processing

We have integrated Bing Ads on our website. Bing Ads is a service provided by Microsoft Corporation to display targeted advertising to users. Bing Ads uses cookies and other browser technologies to analyse user behaviour and recognise users. Bing Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Furthermore, Bing Ads delivers targeted advertising based on behavioural profiling and geographic location. The provider is provided with your IP address and other identifiers such as your user agent. In this case, your data will be passed on to the operator of Bing Ads, Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, United States.

Purpose and legal basis

We process your data with the help of Bing Ads for the purpose of optimising our website and for marketing purposes on the basis of your consent pursuant to Art. 6 para. 1 lit. a. DSGVO.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Microsoft Corporation. Further information can be found in the privacy policy for Bing Ads: https://privacy.microsoft.com/de-de/privacystatement.

Bing Pixel

Nature and scope of the processing

We use Bing Pixel or Clarity from Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, United States, to create so-called Custom Audiences, i.e. to segment visitor groups of our online offer, to determine conversion rates and to subsequently optimise them. This happens in particular when you interact with advertisements that we have placed with Microsoft Corporation. In particular, Clarity records mouse movements and creates a graphical representation of which part of the website users scroll to most frequently (heat maps). Clarity may also record sessions so that we can view site usage in the form of videos. We also receive information about general user behaviour within our website. Clarity uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or use of device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.

Purpose and legal basis

We process your data with help for the purpose of optimising our website and for marketing purposes on the basis of your consent pursuant to Art. 6 para. 1 lit. a. DSGVO. For further information on data protection at Microsoft, please refer to Microsoft's data protection notices at privacy.microsoft.com/en/privacystatement and at https://docs.microsoft.com/en-us/clarity/faq.

Clarity

Nature and scope of the processing

We have integrated Clarity on our website. Clarity is a service of Microsoft Corporation and provides optimisation tools that analyse the behaviour and feedback of users of our website through analytics and feedback tools. Clarity uses cookies and other browser technologies to evaluate user behaviour and recognise users. This information is used, among other things, to compile reports on website activity and to statistically analyse visitor data. Furthermore, Clarity records clicks, mouse movements and scroll heights in order to create so-called heat maps and session replays. In this case, your data will be passed on to the operator of Clarity, Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, United States.

Purpose and legal basis

We process your data with the help of Clarity for the purpose of optimising our website and for marketing purposes based on your consent pursuant to Art. 6 para. 1 lit. a. DSGVO.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Microsoft Corporation. Further information can be found in the data protection declaration for Clarity: https://privacy.microsoft.com/en-us/privacystatement.

Cloudinary CDN

Nature and scope of the processing

We use Cloudinary CDN to properly deliver the content on our website. Cloudinary CDN is a service provided by Cloudinary Ltd. which acts as a Content Delivery Network (CDN) on our website. A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cloudinary Ltd, 38 Chancery Lane, The Cursitor Building, London WC2A 1EN, United Kingdom, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of Cloudinary CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.

Storage period

The concrete storage period of the processed data cannot be influenced by us, but is determined by Cloudinary Ltd. Further information can be found in the privacy policy for Cloudinary CDN: https://cloudinary.com/privacy.

Contentful CDN

Nature and scope of the processing

We use Contentful CDN to properly deliver the content of our website. Contentful CDN is a service provided by Contentful GmbH, which acts as a content delivery network (CDN) on our website. A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Contentful GmbH, Ritterstr. 12-14 10969 Berlin Germany, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Contentful CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.

Storage period

The concrete storage period of the processed data cannot be influenced by us, but is determined by Contentful GmbH. Further information can be found in the data protection declaration for Contentful CDN: https://www.contentful.com/legal/de/privacy/.

Facebook Pixel

Nature and scope of the processing

We use the Facebook pixel on this website, which is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The Facebook pixel allows us to analyse the behaviour of our website visitors when they are redirected to our website by clicking on a Facebook ad. We use the user data to measure the success of our Facebook ads and to optimise the ads. For this purpose, we as the website operator only receive anonymised data so that we cannot identify you as a user. Facebook, on the other hand, processes the data in such a way that it is assigned to a specific user and used for its own advertising purposes. This allows Facebook to display personalised advertisements on Facebook and other websites. We as the website operator have no influence on this. You can find more information on data processing in Facebook's privacy policy at https://www.facebook.com/about/privacy/. You can disable this Facebook "Custom Audiences" remarketing feature in your personal account at https://www.facebook.com/ads/preferences/?entryproduct=adsettings_screendeaktivieren. If you do not have an account with Facebook but would like to deactivate this advertising function, you can do so via the website of the European Interactive Digital Advertising Alliance athttp://www.youronlinechoices.com/de/praferenzmanagement/.

Purpose and legal basis

When using Facebook Pixel, we rely on Art. 6 (1) lit. f DS-GVO as the legal basis, as we have a legitimate interest in optimising our online presence and offers for you through social media platforms. If you have previously given your consent to data processing by Facebook Pixel on this website, the processing of your data takes place solely on the legal basis of Art. 6 (1) lit. a DS-GVO. You can revoke your consent at any time. The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://www.facebook.com/legal/EUdatatransferaddendum and https://de-de.facebook.com/help/566994660333381. If personal data is collected on this website through this service and passed on to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland bear joint responsibility for the processing of your personal data (Art. 26 DS-GVO). Here, however, we are only responsible for the collection of your data and its transmission to Facebook, while Facebook is responsible for what happens to the data afterwards. The obligations we impose on each other in the context of joint responsibility are set out in a data sharing agreement. You can find the exact text of the agreement at the following link: https://www.facebook.com/legal/controlleraddendum. Accordingly, we must provide you with information on data protection when using the Facebook tool and ensure that the tool is implemented on our website in a data protection compliant manner. Facebook itself is responsible for the security of its own products. If you wish to exercise your data subject rights and, for example, request information about your data processed by Facebook, you can contact Facebook directly. If you assert your rights as a data subject with us, we bear the obligation to transmit your request to Facebook.

Google APIs

Nature and scope of the processing

We use Google APIs from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to access additional services and data from Google Ireland Limited. This involves a transfer of your IP address to Google Ireland Limited. Please note that there is a separate section in this privacy policy for each additional service we use from Google Ireland Limited.

Purpose and legal basis

The use of Google APIs is based on our legitimate interests, i.e. interest in optimising our online offer in accordance with Art. 6 para. 1 lit. f. DSGVO. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO; the consent can be revoked at any time.

Further information can be found in the privacy policy for Google APIs: https://policies.google.com/privacy.

Google Ads

Nature and scope of the processing

We use Google Ads services and functions on this website, which are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With the help of Google Ads, we can display online advertisements in the Google search engine or on other websites when users search for certain terms. In addition, ads can be served to specific target groups based on user data. For example, the ads are targeted to users' interests and location. We analyse this user data and the number of clicks to measure the success of our ads.

Purpose and legal basis

When using Google Ads, we rely on Art. 6 (1) lit. f DS-GVO as the legal basis, as we have a legitimate interest in analysing the use of our website in order to successfully market our services and products. The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Analytics

Nature and scope of the processing

We use Google Analytics services and functions on this website, which are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With the help of Google Analytics, we as website operators can determine how our website is used. As part of the analysis, we find out how often our website is accessed, how long visitors stay on the page and which devices or systems they use to access the website. In addition, we may use Google Analytics to track your mouse movements and clicks. This information may be stored and used by Google to build a profile about you. In doing so, Google Analytics uses machine learning technologies to analyse and supplement your data. Furthermore, Google Analytics uses technologies to recognise website visitors in order to analyse user behaviour. The processing of the collected data usually takes place on Google servers in the USA.

Purpose and legal basis

When using Google Analytics, we rely on Art. 6 (1) lit. f DS-GVO as the legal basis for the storage and analysis of personal data, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online presence and offers for you. If you have previously given your consent to the processing of data on this website by Google Analytics, the processing of your data takes place solely on the legal basis of Art. 6 (1) lit. a DS-GVO. You can revoke your consent at any time. The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

When using Google Analytics on this website, we use a function whereby Google shortens your IP address before it is transmitted to Google servers in the USA. This only happens if you are in the European Union or in a country of the European Economic Area. Your full IP address will only be transmitted to the USA in exceptional cases and then shortened there. Google Analytics uses this information to track how you use our website. Your IP address will not be merged with any other data held by Google.

Browser plugin

You can prevent Google from collecting and processing data about you. To do this, you must download the browser plugin at https://tools.google.com/dlpage/gaoptout?hl=de and install it in your browser. You can find more information on the processing of user data in the Google Analytics privacy policy at https://support.google.com/analytics/answer/6004245?hl=de.

Job processing

When using Google Analytics, we comply with the strict regulations of the German data protection authorities, as we have concluded an order processing contract with Google.

Storage period

Google stores data linked to cookies, user IDs or advertising IDs. This data is stored for two months and then anonymised or deleted. You can find more information about the storage period or the deletion of your data at https://support.google.com/analytics/answer/7667196?hl=de.

Google DoubleClick

Nature and scope of the processing

We use Google DoubleClick services and functions on this website, which are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google DoubleClick enables us to show our users targeted advertisements in Google applications connected to DoubleClick that are based on the users' interests. In order to show users ads that are relevant to them, Google DoubleClick must be able to identify users and associate them with the websites they visit, their clicks and other information about their behaviour. For this purpose, Google DoubleClick uses cookies and technologies to recognise users and creates pseudonymised profiles of users based on the data collected. You can deactivate this personalised advertising in your personal Google account at. You can find more information on this at https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

Purpose and legal basis

When using Google DoubleClick, we rely on Art. 6 (1) lit. f DS-GVO as the legal basis, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online presence and offers for you. If you have previously given your consent to data processing by Google DoubleClick on this website, the processing of your data will take place solely on the legal basis of Art. 6 (1) lit. a DS-GVO. You can revoke your consent at any time.

Google Tag Manager

Nature and scope of the processing

We use services and functions from Google Tag Manager on this website, which are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that allows us to use other tools on our website. It does not create user profiles, it does not store cookies and it does not perform independent analysis. However, it does collect your IP address and may transmit it to the US. The Google Tag Manager itself is only used to manage these tools that are integrated through it.

Purpose and legal basis

When using the Google Tag Manager on this website, we rely on Art. 6 (1) lit. f DS-GVO as the legal basis, as we have a legitimate interest in implementing and directing tracking tools on this website easily and quickly. If you have previously given your consent to data processing on this website by Google Tag Manager, the processing of your data will take place solely on the legal basis of Art. 6 (1) lit. a DS-GVO. You can revoke your consent at any time.

Google reCAPTCHA

Nature and scope of the processing

This website uses Google reCAPTCHA. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With the help of reCAPTCHA, the data entry (e.g. in a contact form) on this website is to be checked. Specifically, whether this is done by a human or by an automated programme. Google reCAPTCHA analyses the behaviour of the visitor to the website on the basis of various characteristics. The analysis begins automatically as soon as the visitor calls up the website. The data collected during the analysis, such as the IP address, the time spent on the website by the visitor or the mouse movements made, are forwarded to Google. Visitors to the website are not informed that an analysis is taking place, these run completely in the background. You can find Google's privacy policy and terms of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

Purpose and legal basis

The storage and analysis of the data is based on our legitimate interest in protecting our web offers from abusive automated spying and from SPAM (Art. 6 para. 1 lit. f DSGVO). If a corresponding consent has been requested, the data is processed exclusively on the basis of your consent in accordance with Art. 6 Para. 1 lit. a DS-GVO. This consent can be revoked at any time.

Hotjar Behavior Analytics

Nature and scope of the processing

We use on this website services and features of Hotjar offered by Hotjar Limited, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta Europe. With the help of Hotjar, we as website operators can determine how our website is used. As part of the analysis, we learn what you do with the mouse, how long you look at something and much more. Based on this information, Hotjar can create so-called "heat maps". The heat maps show us which parts of our website are most frequently accessed by visitors. Through Hotjar, we also receive information about how long you were on a page, when you left it and when you abandoned your entries in a contact form. Furthermore, as a visitor to our website, you can also provide direct feedback on the website. To analyse the use of our website, Hotjar uses technologies (e.g. cookies or fingerprinting systems) to recognise visitors when they visit the website again.

Purpose and legal basis

When using Hotjar, we rely on Art. 6 (1) lit. f DS-GVO as the legal basis for processing personal data, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online presence and offers for you. If you have previously given your consent to the processing of data on this website by Hotjar, the processing of your data takes place solely on the legal basis of Art. 6 (1) lit. a DS-GVO. You can revoke your consent at any time.

Disable Hotjar

If you do not want your personal data to be processed by Hotjar, you can deactivate the tracking. However, this must be turned off separately for each browser or end device. You can find detailed instructions on how to do this at https://www.hotjar.com/opt-out. You can find more information on the processing of your user data in Hotjar's privacy policy at https://www.hotjar.com/privacy.

Contract on order processing

To ensure that personal data is processed according to our specifications and in compliance with the GDPR, we have concluded a contract on commissioned processing (GCP) with the provider.

Hotjar CDN

Nature and scope of the processing

We use Hotjar CDN to properly deliver the content of our website. Hotjar CDN is a service of Hotjar Ltd. which acts as a Content Delivery Network (CDN) on our website to ensure the functionality of other services of Hotjar Ltd. You will find a separate section in this privacy policy for said services. This section only deals with the use of the CDN. A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you connect to servers of Hotjar Ltd, Hotjar Ltd, Level 2, St Julians Business Centre 3 Elia Zammit Street St Julians STJ 3155 Malta, where your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of Hotjar CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Hotjar Ltd. Further information can be found in the privacy policy for Hotjar CDN: https://www.hotjar.com/privacy/.

Intercom Widget

Nature and scope of the processing

We use Intercom Widget (hereinafter: "Intercom") to process user enquiries via our support channels or via live chat systems. The provider is Intercom UK Limited, Elscot House, Arcadia Avenue, London, United Kingdom, N3 2JU. Messages you send to us may be stored in the Intercom ticket system or answered by our staff in live chat. When you communicate with us via Intercom, all the data you entered before starting the chat (e.g. name or chat ID, address and telephone number) as well as your IP address, country of origin, browser used as well as terminal device, website accessed and messages exchanged are summarised in a profile and stored on Intercom's servers. The messages sent to us remain with us until you request us to delete them or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been completed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected. We also use Tidio to analyse the behaviour of our users. In this way, we can determine, for example, how many users have called up our website or filled out the contact form.

Purpose and legal basis

The use of Intercom Widget is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in processing your requests as quickly, reliably and efficiently as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time. You can find more information in the provider's privacy policy: https://www.intercom.com/legal/privacy

Kameleoon

Nature and scope of the processing

We use Kameleoon from Kameleoon SAS, 12 rue de la Chaussée d'Antin - 75009 Paris, France, to perform so-called A/B tests on our online offer. This involves simultaneously publishing different versions of our online offer and measuring which of these versions is more user-friendly. When testing the versions, data such as the operating system used, the user agent of the browser and the time of the call can be collected to measure the success of the version. Web tracking technologies are used to associate the above data with the version of our online offering being tested.

Purpose and legal basis

The use of Kameleoon is based on our legitimate interests, i.e. interest in optimising our online offer in accordance with Art. 6 para. 1 lit. f. DSGVO. If you have given your consent to the transfer of data, the processing is based on Art. 6 para. 1 lit. a DSGVO.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Kameleoon SAS. Further information can be found in the data protection declaration for Kameleoon: https://www.kameleoon.com/de/datenschutz.

RTB House Ads

Nature and scope of the processing

We have integrated RTB House Ads on our website. RTB House Ads is a service of RTB House S.A. that displays targeted advertising to users. RTB House Ads uses cookies and other browser technologies to analyse user behaviour and recognise users. RTB House Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Furthermore, RTB House Ads delivers targeted advertising based on behavioural profiling and geographic location. The provider is provided with your IP address and other identifiers such as your user agent. In this case, your data will be passed on to the operator of RTB House Ads, RTB House S.A., Złota 61/101, 00-819 Warszawa, Poland. Web tracking technologies are used to create pseudonymised user profiles. These profiles cannot be linked to you as a natural person, but are used, for example, for segmentation when displaying advertisements.

Purpose and legal basis

We process data using RTB House Ads for the purpose of optimising our advertising campaigns and for marketing purposes on the basis of your consent pursuant to Art. 6 para. 1 lit. a. DSGVO.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by RTB House S.A.. Further information can be found in the privacy policy for RTB House Ads: https://www.rtbhouse.com/privacy-center/.

Scarab Research

Nature and scope of the processing

We have integrated components from Scarab Research on our website. Scarab Research is a service of Emarsys eMarketing Systems AG and offers marketing automation software for marketing services and products, including lead management, email marketing, product recommendations and web analytics. Scarab Research uses cookies and other browser technologies to analyse user behaviour, recognise users and personalise displayed advertising. This information is used, among other things, to compile reports on website activity. In this case, your data will be passed on to the operator of Scarab Research, Emarsys eMarketing Systems AG, Stralauer Allee 6, 10245 Berlin, Germany.

Purpose and legal basis

We process your data with the help of Scarab Research for the purpose of optimising our website and for marketing purposes on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Emarsys eMarketing Systems AG. Further information can be found in the privacy policy for Scarab Research: https://emarsys.com/de/datenschutzrichtlinie/.

Trustpilot Widget

Nature and scope of the processing

We have integrated Trustpilot Widget components on our website. Trustpilot Widget is a rating service that allows users to rate our services. If you rate our services, data about the service used may be transmitted to Trustpilot, Inc. to verify authenticity. Trustpilot Widget enables us to obtain content such as ratings directly from Trustpilot, Inc. and display it on our website. For this purpose, your current IP address is usually transmitted to the service. Furthermore, Trustpilot Widget stores information by means of cookies in order to find out which online offers have been visited. In this case, your data is passed on to the operator of Trustpilot Widget, Trustpilot, Inc, 245 5th Avenue, 4th floor, New York, NY 10016, United States.

Purpose and legal basis

The use of Trustpilot Widget is based on Art. 6 para. 1 lit. f. DSGVO to inform users about the quality of our services. If the user consents to the processing of his data, the legal basis for the processing is Art. 6 para. 1 lit. a. DSGVO. For further information, please see the privacy policy for Trustpilot Widget: https://legal.trustpilot.com/end-user-privacy-terms.

Vimeo video

Nature and scope of the processing

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you start a Vimeo video on this website, a connection is established to their servers. The Vimeo server is informed which of our pages you have visited. Vimeo also obtains your IP address. However, we have made the settings so that Vimeo cannot track your user activities and will not set any cookies.

Purpose and legal basis

The use of Vimeo is based on our legitimate interest in an appealing presentation of our online offers (Art. 6 para. 1 lit. f DSGVO). If a corresponding consent has been requested, the data is processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a DS-GVO. This consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find Vimeo's privacy policy here: https://vimeo.com/privacy.

imgix CDN

Nature and scope of the processing

We use imgix CDN to properly deliver the content of our website. imgix CDN is a service provided by Zebrafish Labs Inc. which acts as a Content Delivery Network (CDN) on our website. A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Zebrafish Labs Inc, 423 Tehama St, 94103 San Francisco, United States, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of imgix CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.

Storage period

The concrete storage period of the processed data cannot be influenced by us, but is determined by Zebrafish Labs Inc. Further information can be found in the privacy policy for imgix CDN: https://www.imgix.com/privacy.

Data processing through our app

Access rights of the app

In order to provide our services through the App, we require the access rights listed below which allow us to access certain features of your Device.

• Tracking
• Notifications
• Camera
• Photos

Access to the device functions is necessary to ensure the functionalities of the app. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO, your consent within the meaning of Art. 6 (1) lit. a DSGVO and/or - if a contract has been concluded - the fulfilment of our contractual obligations (Art. 6 (1) lit. b DSGVO).

Collection of personal data in the context of app use

General

When you use our app, we collect the following personal data from you:

• First and last name
• E-mail address
• Usage data
• IP address
• Unit identifier
• Metadata

The processing of this personal data is necessary to ensure the functionalities of the app. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO, your consent within the meaning of Art. 6 (1) lit. a DSGVO and/or - if a contract has been concluded - the fulfilment of our contractual obligations (Art. 6 (1) lit. b DSGVO).

Data analysis

When you access our app, your behaviour may be statistically evaluated using certain analysis tools and analysed for advertising and market research purposes or to improve our offers. When using such tools, we ensure compliance with the statutory data protection provisions. When using external service providers (order processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.

Google Analytics Firebase

We use Google Analytics Firebase (hereinafter Google Firebase) to analyse user behaviour. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Firebase includes various features that allow us to analyse your in-app behaviour. This allows us to analyse, for example, your screen views, button presses, in-app purchases or the effectiveness of advertising efforts. We can also determine which features within our app are used frequently or infrequently. For these purposes, Google Firebase stores, among other things, the number and duration of sessions, operating systems, device models, region and a range of other data. A detailed overview of the data collected by Google Firebase can be found at:

https://support.google.com/firebase/answer/6318039?hl=de

When using Google Firebase, we rely on Art. 6 (1) lit. f DS-GVO as the legal basis for the storage and analysis of personal data, as we have a legitimate interest in analysing the use of our app. This enables us to optimise our online presence and offers for you. If you have previously given your consent to the processing of data on this website by Google Firebase, the processing of your data takes place solely on the legal basis of Art. 6 (1) lit. a DS-GVO. You can revoke your consent at any time. The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at:

https://privacy.google.com/businesses/controllerterms/mccs/.

For more information on Google Firebase, please visit:

https://firebase.google.com/

https://www.firebase.com/terms/privacy-policy.html