Table of Contents

• Preamble
• Controller
• Overview of Processing Activities
• Applicable Legal Bases
• Security Measures
• Transmission of Personal Data
• International Data Transfers
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Business Processes and Procedures
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Contact and Inquiry Management
• Web Analysis, Monitoring and Optimization
• Presences in Social Networks (Social Media)
• Plugins and Embedded Functions and Content
• Changes and Updates
• Definitions
• Video conferencing, online meetings, webinars and screen sharing
• Cloud services

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of Processed Data

• Master Data
• Payment Data
• Contact Data
• Content Data
• Contract Data
• Usage Data
• Meta, Communication and Procedure Data
• Image and/or Video Recordings
• Audio Recordings
• Log Data

Categories of Data Subjects

• Service Recipients and Clients
• Employees
• Interested Parties
• Communication Partners
• Users
• Business and Contract Partners
• Depicted Persons
• Third Parties

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations
• Communication
• Security measures
• Reach measurement
• Tracking
• Office and organizational procedures
• Audience formation
• Organizational and administrative procedures
• Feedback
• Marketing
• Profiles with user-related information
• Provision of our online offering and user-friendliness
• Information technology infrastructure
• Financial and payment management
• Public relations
• Sales promotion
• Business processes and economic procedures

Weitere Hinweise zu Verarbeitungsprozessen, Verfahren und Diensten:

Aufbewahrung und Löschung von Daten: Die folgenden allgemeinen Fristen gelten für die Aufbewahrung und Archivierung nach deutschem Recht: Wir löschen personenbezogene Daten, die wir verarbeiten, gemäß den gesetzlichen Bestimmungen, sobald die zugrundeliegenden Einwilligungen widerrufen werden oder keine weiteren rechtlichen Grundlagen für die Verarbeitung bestehen. Dies betrifft Fälle, in denen der ursprüngliche Verarbeitungszweck entfällt oder die Daten nicht mehr benötigt werden. Ausnahmen von dieser Regelung bestehen, wenn gesetzliche Pflichten oder besondere Interessen eine längere Aufbewahrung oder Archivierung der Daten erfordern.

• 10 Jahre - Aufbewahrungsfrist für Bücher und Aufzeichnungen, Jahresabschlüsse, Inventare, Lageberichte, Eröffnungsbilanz sowie die zu ihrem Verständnis erforderlichen Arbeitsanweisungen und sonstigen Organisationsunterlagen (§ 147 Abs. 1 Nr. 1 i.V.m. Abs. 3 AO, § 14b Abs. 1 UStG, § 257 Abs. 1 Nr. 1 i.V.m. Abs. 4 HGB).
• 8 Jahre - Buchungsbelege, wie z. B. Rechnungen und Kostenbelege (§ 147 Abs. 1 Nr. 4 und 4a i.V.m. Abs. 3 Satz 1 AO sowie § 257 Abs. 1 Nr. 4 i.V.m. Abs. 4 HGB).
• 6 Jahre - Übrige Geschäftsunterlagen: empfangene Handels- oder Geschäftsbriefe, Wiedergaben der abgesandten Handels- oder Geschäftsbriefe, sonstige Unterlagen, soweit sie für die Besteuerung von Bedeutung sind, z. B. Stundenlohnzettel, Betriebsabrechnungsbögen, Kalkulationsunterlagen, Preisauszeichnungen, aber auch Lohnabrechnungsunterlagen, soweit sie nicht bereits Buchungsbelege sind und Kassenstreifen (§ 147 Abs. 1 Nr. 2, 3, 5 i.V.m. Abs. 3 AO, § 257 Abs. 1 Nr. 2 u. 3 i.V.m. Abs. 4 HGB).
• 3 Jahre - Daten, die erforderlich sind, um potenzielle Gewährleistungs- und Schadensersatzansprüche oder ähnliche vertragliche Ansprüche und Rechte zu berücksichtigen sowie damit verbundene Anfragen zu bearbeiten, basierend auf früheren Geschäftserfahrungen und üblichen Branchenpraktiken, werden für die Dauer der regulären gesetzlichen Verjährungsfrist von drei Jahren gespeichert (§§ 195, 199 BGB).

Rechte der betroffenen Personen

Rechte der betroffenen Personen aus der DSGVO: Ihnen stehen als Betroffene nach der DSGVO verschiedene Rechte zu, die sich insbesondere aus Art. 15 bis 21 DSGVO ergeben:

• Widerspruchsrecht: Sie haben das Recht, aus Gründen, die sich aus Ihrer besonderen Situation ergeben, jederzeit gegen die Verarbeitung der Sie betreffenden personenbezogenen Daten, die aufgrund von Art. 6 Abs. 1 lit. e oder f DSGVO erfolgt, Widerspruch einzulegen; dies gilt auch für ein auf diese Bestimmungen gestütztes Profiling. Werden die Sie betreffenden personenbezogenen Daten verarbeitet, um Direktwerbung zu betreiben, haben Sie das Recht, jederzeit Widerspruch gegen die Verarbeitung der Sie betreffenden personenbezogenen Daten zum Zwecke derartiger Werbung einzulegen; dies gilt auch für das Profiling, soweit es mit solcher Direktwerbung in Verbindung steht.
• Widerrufsrecht bei Einwilligungen: Sie haben das Recht, erteilte Einwilligungen jederzeit zu widerrufen.
• Auskunftsrecht: Sie haben das Recht, eine Bestätigung darüber zu verlangen, ob betreffende Daten verarbeitet werden und auf Auskunft über diese Daten sowie auf weitere Informationen und Kopie der Daten entsprechend den gesetzlichen Vorgaben.
• Recht auf Berichtigung: Sie haben entsprechend den gesetzlichen Vorgaben das Recht, die Vervollständigung der Sie betreffenden Daten oder die Berichtigung der Sie betreffenden unrichtigen Daten zu verlangen.
• Recht auf Löschung und Einschränkung der Verarbeitung: Sie haben nach Maßgabe der gesetzlichen Vorgaben das Recht, zu verlangen, dass Sie betreffende Daten unverzüglich gelöscht werden, bzw. alternativ nach Maßgabe der gesetzlichen Vorgaben eine Einschränkung der Verarbeitung der Daten zu verlangen.
• Recht auf Datenübertragbarkeit: Sie haben das Recht, Sie betreffende Daten, die Sie uns bereitgestellt haben, nach Maßgabe der gesetzlichen Vorgaben in einem strukturierten, gängigen und maschinenlesbaren Format zu erhalten oder deren Übermittlung an einen anderen Verantwortlichen zu fordern.
• Beschwerde bei Aufsichtsbehörde: Entsprechend den gesetzlichen Vorgaben und unbeschadet eines anderweitigen verwaltungsrechtlichen oder gerichtlichen Rechtsbehelfs, haben Sie ferner das Recht, bei einer Datenschutzaufsichtsbehörde, insbesondere einer Aufsichtsbehörde im Mitgliedstaat, in dem Sie sich gewöhnlich aufhalten, der Aufsichtsbehörde Ihres Arbeitsplatzes oder des Ortes des mutmaßlichen Verstoßes, eine Beschwerde einzulegen, wenn Sie der Ansicht sein sollten, dass die Verarbeitung der Ihre Person betreffenden personenbezogenen Daten gegen die DSGVO verstößt.

• Types of data processed: Master data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual
• or visual messages and contributions as well as related information such as authorship or creation date); Contract data (e.g., subject of the contract, duration, customer category); Log data (e.g., log files relating to logins or data retrieval or access times); Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
• Data subjects: Service recipients and clients; interested parties; communication partners; business and contract partners; third parties; users (e.g., website visitors, users of online services); employees (e.g., employees, applicants, temporary staff, and other personnel).
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and commercial procedures; communication; marketing; sales promotion; public relations; financial and payment management; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)).
• Storage and deletion: Deletion according to the information in the section "General Information on Data Storage and Deletion".
• Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR).

Further Information on Processing Procedures, Methods and Services:

• Contact management and maintenance: Procedures required for the organization, maintenance and securing of contact information (e.g., setting up and maintaining a central contact database, regular updates of contact information, monitoring data integrity, implementing data protection measures, ensuring access controls, conducting backups and restoration of contact data, training employees in effective use of contact management software, regular review of communication history and adjustment of contact strategies); Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Accounting, accounts payable, accounts receivable: Procedures necessary for recording, processing and controlling business transactions in accounts payable and accounts receivable (e.g., creation and review of incoming and outgoing invoices, monitoring and management of open items, execution of payment transactions, handling dunning processes, account reconciliation in the context of receivables and liabilities, accounts payable and accounts receivable); Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Financial accounting and taxes: Procedures necessary for recording, managing and controlling financial business transactions as well as for calculating, reporting and paying taxes (e.g., posting and accounting of business transactions, preparation of quarterly and annual financial statements, execution of payment transactions, handling dunning processes, account reconciliation, tax consulting, preparation and submission of tax returns, handling tax matters); Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Marketing, advertising and sales promotion: Procedures necessary in the context of marketing, advertising and sales promotion (e.g., market analysis and target group determination, development of marketing strategies, planning and execution of advertising campaigns, design and production of advertising materials, online marketing including SEO and social media campaigns, event marketing and trade fair participation, customer loyalty programs, sales promotion measures, performance measurement and optimization of marketing activities, budget management and cost control); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Public relations: Procedures required for public relations and corporate communications (e.g., development and implementation of communication strategies, planning and execution of PR campaigns, preparation and distribution of press releases, maintenance of media contacts, monitoring and analysis of media response, organization of press conferences and public events, crisis communication, creation of content for social media and corporate websites, corporate branding support); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Provision of Online Services and Web Hosting

We process users' data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to deliver the content and functions of our online services to the user's browser or device.

• Types of data processed: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved); Log data (e.g., log files concerning logins or data retrieval or access times).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures; Provision of contractual services and fulfillment of contractual obligations.
• Storage and deletion: Deletion according to the information in the section "General Information on Data Storage and Deletion".

Additional information on processing procedures, processes, and services:

• Provision of online services on rented storage space: For the provision of our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also called "web hoster"); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
• 1&1 IONOS: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.ionos.de; Privacy policy: https://www.ionos.de/terms-gtc/terms-privacy. Data processing agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.
• Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files." Server log files can include the address and name of the retrieved web pages and files, date and time of retrieval, transferred data volumes, message about successful retrieval, browser type and version, user’s operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files can be used on the one hand for security purposes, e.g., to avoid server overloads (especially in case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure server utilization and stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Data deletion: Log file information is stored for a maximum duration of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidentiary purposes is exempted from deletion until the respective incident is finally clarified.

Use of Cookies

The term "cookies" refers to functions that store information on users' devices and read it from them. Cookies can also be used for various purposes, such as functionality, security, and convenience of online services, as well as creating analyses of visitor flows. We use cookies in accordance with legal regulations. If necessary, we first obtain the users' consent. If consent is not required, we rely on our legitimate interests. This applies when storing and reading information is necessary to provide expressly requested content and functions. This includes storing settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about its scope and which cookies are used.

• Notes on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, explained in this section and in the context of the respective services and procedures. Storage duration: Regarding storage duration, the following types of cookies are distinguished:
• Temporary cookies (also called "session cookies"): Temporary cookies are only stored for the duration of your use of our online offering. They are deleted when you close your browser or log out.
• Permanent cookies: Permanent cookies remain stored even after closing the browser. They are only deleted after a predetermined period or manually. These cookies enable us to save the login status and display preferred content directly when you visit our website again. They can also be used for reach measurement.
• General notes on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also object to processing according to legal requirements, including via their browser privacy settings.
• Processed types of data: Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, involved persons).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness.

Additional information on processing procedures, processes, and services:

• Processing of cookie data based on consent: We use a consent management solution in which the user's consent to the use of cookies or to the procedures and providers named in the consent management solution is obtained. This procedure serves to obtain, log, manage, and revoke consents, especially regarding the use of cookies and comparable technologies used to store, read, and process information on users' devices. In this procedure, users' consents for the use of cookies and associated data processing, including the specific processing and providers named in the consent management procedure, are obtained. Users also have the option to manage and revoke their consents. The consent declarations are stored to avoid repeated queries and to be able to prove consent in accordance with legal requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or using comparable technologies to assign the consent to a specific user or their device. Unless specific information about consent management providers is available, the following general notes apply: The storage duration of the consent is up to two years. A pseudonymous user identifier is created together with the time of consent, details about the scope of consent (e.g., affected categories of cookies and/or service providers), and information about the browser, system, and device used; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
• Real Cookie Banner: Consent management: Procedure for obtaining, logging, managing, and revoking consents, especially for the use of cookies and similar technologies for storing, reading, and processing information on users' devices and their processing; Service provider: Execution on servers and/or computers under own data protection responsibility; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://devowl.io/de/wordpress-real-cookie-banner/. Privacy policy: https://devowl.io/de/datenschutzerklaerung/.

Contact and Inquiry Management

When contacting us (e.g. by mail, contact form, email, telephone, or via social media) and within the scope of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested actions.

• Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and contributions as well as related information, such as authorship details or time of creation); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).
• Affected persons: Communication partners.
• Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion according to the information provided in the section "General information on data storage and deletion."
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Further information on processing activities, procedures, and services:

• Contact form: When contacting us via our contact form, email, or other means of communication, we process the personal data transmitted to us in order to respond to and handle the respective request. This typically includes information such as name, contact information, and possibly other details that are provided to us and are necessary for appropriate processing. We use this data solely for the specified purpose of contact and communication; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Cloud Services

We use software services accessible via the internet and operated on the servers of their providers (so-called "cloud services", also referred to as "Software as a Service") for storing and managing content (e.g., document storage and management, sharing of documents, content and information with specific recipients or publishing content and information).

In this context, personal data may be processed and stored on the providers' servers, to the extent that they are part of communications with us or are otherwise processed by us as outlined in this privacy policy. This data may include in particular master and contact data of users, data related to operations, contracts, and other processes and their content. The providers of the cloud services also process usage data and metadata, which are used by them for security purposes and service optimization.

If we provide forms or other documents and content for other users or publicly accessible websites via the cloud services, the providers may store cookies on users' devices for the purposes of web analysis or to remember user settings (e.g., in the case of media control).

• Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and contributions as well as related information, such as authorship details or time of creation). Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
• Affected persons: Interested parties; communication partners; business and contractual partners.
• Purposes of processing: Office and organizational procedures. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)).
• Retention and deletion: Deletion according to the information provided in the section "General information on data storage and deletion."
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)

Further information on processing activities, procedures, and services:

• Microsoft Cloud Services: Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://microsoft.com/de-de; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter; Data Processing Agreement: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA. Basis for third-country transfers: Data Privacy Framework (DPF).

Web Analytics, Monitoring and Optimization

Web analytics (also referred to as "reach measurement") is used to evaluate visitor flows to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can identify, for example, when our online offering or its functions or content are most frequently used or invite reuse. It also allows us to understand which areas need optimization.

In addition to web analytics, we may use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles (i.e., data aggregated into a usage process) can be created and information can be stored in a browser or on a device and then read. The data collected includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the operating system, and usage times. If users have consented to the collection of their location data by us or the providers of the services we use, location data may also be processed.

In addition, the users' IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear data of users (such as email addresses or names) is stored as part of web analysis, A/B testing, and optimization, but pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

Legal notice: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and recipient-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

• Processed data types: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, identification of returning visitors). Profiles with user-related information (creation of user profiles).
• Retention and deletion: Deletion according to the information provided in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of up to two years).
• Security measures: IP masking (pseudonymization of IP address).

Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

• Matomo (without cookies): Matomo is a privacy-friendly web analytics software used without cookies, and the identification of returning users is carried out using a so-called "digital fingerprint", which is stored anonymously and changed every 24 hours; The "digital fingerprint" captures user movements within our online offering using pseudonymized IP addresses combined with user-side browser settings in such a way that conclusions about the identity of individual users are not possible. The data collected when using Matomo is processed only by us and is not shared with third parties; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Website: https://matomo.org/

Presence in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about us.

We point out that user data may be processed outside the European Union. This can pose risks for users, for example, because the enforcement of user rights might be more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and resulting interests. These profiles may be used to display advertisements inside and outside the networks that presumably match user interests. Cookies are usually stored on users’ devices for this purpose, which store their usage behavior and interests. Additionally, data may be stored in user profiles regardless of the devices used (especially if users are members of the respective platforms and are logged in).

For a detailed presentation of the respective processing forms and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

Even in cases of information requests and the assertion of data subject rights, we point out that these can be most effectively addressed to the providers. Only they have access to the user data and can take appropriate measures and provide information. If you still need assistance, you can contact us.

• Types of data processed: Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image messages and posts and related information such as author details or creation time). Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Communication; Feedback (e.g., collecting feedback via online form). Public relations.
• Retention and deletion: Deletion according to the section "General Information on Data Storage and Deletion".
• Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

• LinkedIn: Social Network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of data from visitors used to create “Page Insights” (statistics) for our LinkedIn profiles. This data includes information about content types users view or interact with and the actions they take. It also includes details about the used devices, such as IP addresses, operating system, browser type, language settings and cookie data, as well as profile information such as job function, country, industry, hierarchy level, company size and employment status. Privacy information on LinkedIn’s processing of user data can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy. We have concluded a specific agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum”, https://legal.linkedin.com/pages-joint-controller-addendum), which defines which security measures LinkedIn must observe and confirms that LinkedIn will fulfill data subject rights (i.e., users can direct access or deletion requests to LinkedIn). These agreements do not restrict user rights (especially the right to information, deletion, objection and lodging a complaint with the supervisory authority). Joint responsibility only applies to the collection and transmission of data to LinkedIn Ireland Unlimited Company, which is based in the EU. The further processing of data is the sole responsibility of LinkedIn Ireland Unlimited Company, particularly with regard to data transfers to its parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Third-country transfer basis: Data Privacy Framework (DPF). Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos or maps (hereinafter referred to uniformly as "content").

The integration always requires that the third-party providers of this content process the users’ IP address, as they could not send the content to their browsers without the IP address. The IP address is therefore necessary for displaying this content or functions. We strive to only use content whose providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users’ devices and may contain technical information about the browser and operating system, referring websites, time of visit, and other information about the use of our online offering, and may also be linked with such information from other sources.

Legal basis note: If we ask users for their consent to use third-party providers, the legal basis for processing is this consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer you to our information on the use of cookies in this privacy policy.

• VTypes of data processed: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication- and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; Reach measurement (e.g., access statistics, recognition of returning visitors); Tracking (e.g., interest/behavior-based profiling, use of cookies); Audience building. Marketing.
• Retention and deletion: Deletion according to the section "General Information on Data Storage and Deletion". Cookie storage of up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for up to two years).
• Legal bases: Consent (Art. 6 Para. 1 Sentence 1 lit. a GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

• YouTube Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for displaying ads: https://myadcenter.google.com/personalizationoff.

Changes and Updates

We ask you to regularly check the contents of our privacy policy. We adapt the privacy policy as soon as the changes in our data processing require it. We will inform you when such changes require your cooperation (e.g., consent) or other individual notifications.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that these addresses may change over time and we ask you to verify them before making contact.

Legal Basis Notes: If we ask users for their consent to the use of third-party providers, this constitutes the legal basis for the data processing. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

Definitions of Terms

• In this section, you will find an overview of the terms used in this privacy policy. Where terms are defined by law, their legal definitions apply. The following explanations are intended to aid understanding.
• Employees: Employees are individuals in an employment relationship, whether as workers, staff, or similar roles. An employment relationship is a legal connection between an employer and an employee defined by a contract or agreement. It involves the employer’s obligation to pay a salary in return for work performed by the employee. Employment includes phases such as initiation (contract signing), execution (performing work), and termination (through dismissal, mutual agreement, etc.). Employee data includes all information related to such individuals in the context of their employment, such as personal identification, ID numbers, salary and bank details, working hours, leave entitlements, health data, and performance reviews.
• Inventory Data: Inventory data includes essential information necessary to identify and manage contracting parties, user accounts, profiles, and similar assignments. This may include personal and demographic data such as names, contact details (addresses, phone numbers, email addresses), birth dates, and user IDs.
• Content Data: Content data includes information generated during the creation, editing, and publishing of all kinds of content. This may include text, images, videos, audio files, and other multimedia content, along with metadata such as tags, descriptions, author info, and publishing dates.
• Contact Data: Contact data refers to essential information that enables communication with individuals or organizations. It includes phone numbers, mailing addresses, email addresses, and communication handles like social media and instant messaging IDs.
• Meta, Communication, and Process Data: These categories include information on how data is processed, transmitted, and managed. Metadata describes the context, origin, and structure of other data. It can include file size, creation date, document author, and edit history. Communication data records interactions via various channels (e.g., emails, calls, chats), including timestamps and involved parties. Process data documents workflows, transaction logs, and audit trails for traceability and verification.
• Usage Data: Usage data captures how users interact with digital products, services, or platforms. This includes information about feature usage, time spent on pages, navigation paths, frequency of usage, timestamps, IP addresses, device details, and location data. Such data is used to analyze user behavior, personalize content, optimize user experiences, and improve services.
• Personal Data: "Personal data" refers to any information relating to an identified or identifiable natural person ("data subject"). A person is considered identifiable if they can be identified directly or indirectly via identifiers such as name, ID number, location data, online ID (e.g., cookies), or one or more characteristics reflecting their identity (physical, physiological, genetic, mental, economic, cultural, or social).
• User Profile Data: The processing of "user profile data" (or simply "profiles") includes any kind of automated handling of personal data that involves analyzing, evaluating, or predicting personal aspects of a person, such as demographics, behavior, interests, interactions with websites, or location. Cookies and web beacons are often used for profiling purposes.
• Log Data: Log data includes records of events or activities within a system or network. This typically contains timestamps, IP addresses, user actions, error messages, and operational data. Logs are used for system analysis, security monitoring, or performance reporting.
• Log Data: Log data includes records of events or activities within a system or network. This typically contains timestamps, IP addresses, user actions, error messages, and operational data. Logs are used for system analysis, security monitoring, or performance reporting.
• Reach Measurement: Reach measurement (also called web analytics) assesses visitor flows on online services and may include behavior and interests regarding specific content. It helps operators understand when users visit their site and what content interests them, allowing better content tailoring. Pseudonymous cookies and web beacons are commonly used for this.
• Tracking: "Tracking" refers to monitoring user behavior across different online services. Typically, behavior and interest data is stored in cookies or provider servers and may be used to display interest-based advertisements.
• Controller: The "controller" is the natural or legal person, authority, agency, or other body that alone or jointly determines the purposes and means of processing personal data.
• Controller: The "controller" is the natural or legal person, authority, agency, or other body that alone or jointly determines the purposes and means of processing personal data.
• Processing: "Processing" refers to any operation performed on personal data, whether by automated means or not. This includes collecting, analyzing, storing, transmitting, or deleting data.
• Contract Data: Contract data refers to information relating to formal agreements between parties. This includes details about the services or products, terms and conditions, pricing, payment terms, rights of termination, extension options, and any specific clauses. It forms the legal foundation for the relationship.
• Payment Data: Payment data includes all information required to process financial transactions. This includes credit card numbers, bank details, payment amounts, transaction data, verification numbers, and billing information. It may also include chargeback information, authorizations, and fees.
• Audience Targeting: Audience targeting (also called "custom audiences") refers to identifying groups for advertising purposes. For example, if a user shows interest in certain products, they may later be shown ads for similar items. "Lookalike audiences" are groups of users with similar profiles or interests. Cookies and web beacons are typically used for this.