Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can be used to personally identify you. Detailed information on data protection can be found in our privacy policy below.

Data Collection on This Website

Who is Responsible for Data Collection on This Website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the "Notice Regarding the Responsible Party" section of this privacy policy.

How Do We Collect Your Data?

Your data is collected in two ways:

1. Data You Provide – This includes any data you enter into a contact form or otherwise submit to us.

2. Automatically Collected Data – Some data is collected automatically or with your consent when you visit our website. This includes technical data such as your internet browser, operating system, or the time of your page visit. These data are collected automatically as soon as you enter the website.

3. How Do We Use Your Data?

4. Some of the collected data is necessary to ensure the website functions properly. Other data may be used to analyze user behavior.

5. What Are Your Rights Regarding Your Data?

6. You have the right to receive free information at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data.

7. If you have given consent for data processing, you can revoke this consent at any time with future effect. Additionally, under certain circumstances, you have the right to request the restriction of processing your personal data. Furthermore, you have the right to file a complaint with the relevant supervisory authority.

8. For these and any other data protection-related inquiries, you can contact us at any time.

9. Analytics and Third-Party Tools

10. When you visit this website, your browsing behavior may be analyzed statistically. This is primarily done using analytics programs.

11. For detailed information on these analytics tools, please refer to the privacy policy below.

12. 2. Hosting

13. Revocation of Your Consent to Data Processing

14. Many data processing operations are only possible with your explicit consent. You can revoke any previously given consent at any time. The legality of the data processing carried out up to the point of revocation remains unaffected by the revocation.

15. Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

16. IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).

17. IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING IN CONNECTION WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

18. Right to Lodge a Complaint with the Competent Supervisory Authority

19. In the event of violations of the GDPR, affected individuals have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, workplace, or the location of the alleged violation. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

20. Right to Data Portability

21. You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

22. Right to Information, Rectification, and Erasure

23. Within the scope of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing and, if applicable, a right to rectification or erasure of this data. You can contact us at any time regarding this or other questions on the subject of personal data.

24. Right to Restriction of Processing

25. You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing applies in the following cases:

26. (Here, you would list the specific cases in which processing may be restricted.)

27. We Host Our Website with the Following Provider:

28. Contract for Data Processing

29. We have entered into a data processing agreement (DPA) with the above-mentioned service provider. This legally required agreement ensures that personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

30. External Hosting

31. This website is externally hosted. The personal data collected on this website is stored on the servers of our hosting provider(s). This may include, but is not limited to, IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website visits, and other data generated via the website.

32. External hosting is carried out for the purpose of fulfilling contractual obligations towards our potential and existing customers (Article 6(1)(b) GDPR) and to ensure the secure, fast, and efficient provision of our online offering by a professional provider (Article 6(1)(f) GDPR). If consent is requested, processing is carried out solely on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TTDSG. Consent can be revoked at any time.

33. Our hosting provider(s) will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

34. We Use the Following Hosting Provider:

35. World4You Internet Services GmbH
    Hafenstraße 35
    4020 Linz, Austria

36. Contract for Data Processing

37. We have entered into a data processing agreement (DPA) with the above-mentioned provider to ensure that personal data is processed only according to our instructions and in compliance with the GDPR.

38. 3. General Information and Mandatory Notices

39. Data Protection

40. The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

41. When you use this website, various personal data is collected. Personal data includes all data that can personally identify you. This privacy policy explains which data we collect, how we use it, and for what purposes.

42. Please note that data transmission over the internet (e.g., communication via email) may have security vulnerabilities. Complete protection of data from third-party access is not possible.

43. Data Retention Period

44. Unless a specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you request deletion of your data or revoke your consent to data processing, your data will be deleted, provided that we have no other legally permissible reasons to retain it (e.g., tax or commercial retention periods); in such cases, deletion will occur after these reasons cease to apply.

45. Legal Basis for Data Processing on This Website

46. If you have given consent for data processing, we process your personal data based on Article 6(1)(a) GDPR or, in the case of special categories of data, Article 9(2)(a) GDPR. If your consent includes the transfer of personal data to third countries, processing is also based on Article 49(1)(a) GDPR. If consent has been given for the storage of cookies or access to user devices (e.g., device fingerprinting), data processing is also based on Section 25(1) TTDSG. Consent can be revoked at any time.

47. If your data is required for contract fulfillment or pre-contractual measures, processing is based on Article 6(1)(b) GDPR. If data processing is necessary for compliance with legal obligations, it is based on Article 6(1)(c) GDPR. Additionally, data processing may be based on our legitimate interest under Article 6(1)(f) GDPR. Specific legal bases are outlined in the relevant sections of this privacy policy.

48. Recipients of Personal Data

49. In the course of our business operations, we collaborate with various external parties. This may include the transfer of personal data to third parties when necessary for contract fulfillment, when legally required (e.g., data transfer to tax authorities), when we have a legitimate interest under Article 6(1)(f) GDPR, or when another legal basis permits data transfer.

50. When using data processors, we only transfer customer personal data based on a valid data processing agreement. In cases of joint processing, a joint processing agreement is concluded.

51. Revocation of Your Consent to Data Processing

52. Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of the data processing carried out before revocation remains unaffected by the revocation.

53. Right to Object to Data Collection in Special Cases and to Direct Advertising (Article 21 GDPR)

54. IF DATA PROCESSING IS BASED ON ARTICLE 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21(1) GDPR).

55. IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ARTICLE 21(2) GDPR).

56. Right to Lodge a Complaint with the Competent Supervisory Authority

57. In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, workplace, or the location of the alleged breach. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

58. Right to Data Portability

59. You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

60. Right to Information, Correction, and Deletion

61. Within the framework of the applicable legal provisions, you have the right to obtain free information at any time about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, the right to correct or delete this data. For this purpose and for any further questions on the subject of personal data, you can contact us at any time.

62. Right to Restrict Processing

63. You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do so. The right to restrict processing applies in the following cases:

64. If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

65. If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.

66. If we no longer need your personal data, but you require it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.

67. If you have objected under Article 21(1) GDPR, a balance must be struck between your and our interests. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

68. If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

69. SSL/TLS Encryption

70. For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the padlock symbol in your browser line.

71. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

72. Encrypted Payment Transactions on This Website

73. If, after concluding a paid contract, you are required to provide us with your payment data (e.g., account number for direct debit authorization), this data is necessary for payment processing.

74. Payment transactions via common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the padlock symbol in your browser line.

75. With encrypted communication, your payment data, which you transmit to us, cannot be read by third parties.

76. Objection to Advertising Emails

77. We hereby object to the use of contact data published within the framework of the legal notice obligation for sending unsolicited advertising and information materials. The website operators expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

78. Data Collection on This Website

79. Cookies

80. Our websites use “cookies.” Cookies are small data packets that do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

81. Cookies may be set by us (first-party cookies) or by third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

82. Cookies have various functions. Many cookies are technically necessary since certain website functions would not work without them (e.g., shopping cart function or video display). Other cookies may be used to analyze user behavior or for advertising purposes.

83. The storage of cookies that are required for electronic communication, the provision of certain functions you request (e.g., shopping cart function), or the optimization of the website (e.g., cookies for audience measurement) is based on Article 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services. If consent for storing cookies and similar recognition technologies has been requested, processing is based solely on this consent (Article 6(1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time.

84. You can configure your browser to notify you about cookie settings, allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

85. The cookies and services used on this website can be found in this privacy policy

86. . Analysis Tools and Advertising

87. Google Tag Manager

88. We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

89. Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It is solely used for managing and deploying the tools integrated through it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

90. The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the fast and straightforward integration and management of various tools on its website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) as defined by TTDSG. Consent can be revoked at any time.

91. The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards in data processing in the USA. Each company certified under the DPF is committed to adhering to these data protection standards. More information can be found at the following link:
    Data Privacy Framework

92. Google Analytics

93. This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

94. Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and user origin. These data are assigned to the respective user's device. No user ID is assigned.

95. Furthermore, Google Analytics can track mouse and scroll movements as well as clicks. Additionally, Google Analytics employs various modeling approaches to supplement the collected data and utilizes machine learning technologies for data analysis.

96. Google Analytics uses technologies that enable user recognition for the purpose of behavior analysis (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

97. The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

98. Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here:
    Google Privacy

99. The company is certified under the "EU-US Data Privacy Framework" (DPF). More information can be found here:
    Data Privacy Framework

100. IP Anonymization

101. Google Analytics IP anonymization is activated. As a result, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity, and provide other services related to website usage and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

102. Browser Plugin

103. You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link:
     Google Opt-Out

104. More information on how Google Analytics handles user data can be found in Google’s privacy policy:
     Google Analytics Privacy Policy

105. Google Ads

106. The website operator uses Google Ads. Google Ads is an online advertising program by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

107. Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms (keyword targeting). Additionally, targeted ads can be displayed based on user data available from Google (e.g., location data and interests) (audience targeting). The website operator can analyze these data quantitatively, such as determining which search terms led to the display of ads and how many ads resulted in clicks.

108. The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

109. Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here:
     Google Privacy Framework
     Google Business Terms

110. The company is certified under the "EU-US Data Privacy Framework" (DPF). More information can be found here:
     Data Privacy Framework

111. Legal Basis and Data Transfer

112. The use of this service is based on your consent under Article 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.
     Data transfer to the USA is based on the European Commission’s Standard Contractual Clauses. Details can be found here:
     https://privacy.google.com/businesses/controllerterms/mccs/

113. The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. Further information can be found at the following link:
     https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

114. IP Anonymization

115. Google Analytics IP anonymization is activated. This means that before transmission to the USA, Google shortens your IP address within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

116. On behalf of this website’s operator, Google uses this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

117. Browser Plugin

118. You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link:
     https://tools.google.com/dlpage/gaoptout?hl=en

119. More information on how Google Analytics handles user data can be found in Google’s Privacy Policy:
     https://support.google.com/analytics/answer/6004245?hl=en

120. Google Signals

121. We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, YouTube history, and demographic data (visitor data). These data can be used by Google Signals for personalized advertising. If you have a Google account, the visitor data from Google Signals are linked to your Google account and used for personalized advertisements. The data are also used to generate anonymized statistics on user behavior.

122. Data Processing Agreement

123. We have entered into a data processing agreement with Google and fully implement the strict requirements of German data protection authorities when using Google Analytics.

124. Google Analytics E-Commerce Tracking

125. This website uses the "E-Commerce Tracking" feature of Google Analytics. E-Commerce tracking allows website operators to analyze the purchasing behavior of visitors to improve online marketing campaigns. It collects information such as completed orders, average order values, shipping costs, and the time taken from viewing a product to making a purchase. These data can be compiled by Google under a transaction ID assigned to the respective user or device.

126. Clarity (Microsoft)

127. This website uses Clarity, provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
     https://docs.microsoft.com/en-us/clarity/

128. Clarity is a tool for analyzing user behavior on this website. Clarity records mouse movements and generates graphical representations of frequently visited areas on the website (heatmaps). It can also record sessions, allowing us to view website usage in video format. Additionally, we receive information about general user behavior on our website.

129. Clarity uses technologies that enable user recognition for behavioral analysis (e.g., cookies or device fingerprinting). Your personal data are stored on Microsoft’s servers (Microsoft Azure Cloud Service) in the USA.

130. If consent has been obtained, the use of the aforementioned service is based exclusively on Article 6(1)(a) GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, this service is used based on Article 6(1)(f) GDPR, as the website operator has a legitimate interest in effective user analysis.

131. Further details on Clarity’s privacy practices can be found here:
     https://docs.microsoft.com/en-us/clarity/faq

132. The company is certified under the "EU-US Data Privacy Framework" (DPF). More information can be found at the following link:
     https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active

133. Data Processing Agreement

134. We have signed a data processing agreement (DPA) for the use of this service. This legally required agreement ensures that personal data of our website visitors are processed only according to our instructions and in compliance with the GDPR.

135. Google Ads

136. This website uses Google Ads, an online advertising program provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

137. Google Ads allows us to display advertisements in Google’s search engine or on third-party websites when users enter specific search terms (keyword targeting). It also enables targeted advertising based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can analyze the data to determine which search terms triggered our ads and how many ads resulted in clicks.

138. The use of this service is based on your consent under Article 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

139. Data transfer to the USA is based on the European Commission’s Standard Contractual Clauses. Details can be found here:
     https://policies.google.com/privacy/frameworks
     https://business.safety.google/controllerterms/

140. The company is certified under the "EU-US Data Privacy Framework" (DPF). Further information can be found at the following link:
     https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

141. Google Ads Remarketing

142. This website uses Google Ads Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

143. Google Ads Remarketing allows us to assign visitors of our online offerings to specific target groups and show them interest-based advertising in Google’s advertising network (remarketing or retargeting).

144. Additionally, the remarketing audiences created with Google Ads can be linked to Google’s cross-device features. This enables personalized, interest-based ads tailored to past usage and browsing behavior on one device (e.g., smartphone) to be displayed on another device (e.g., tablet or PC).

145. If you have a Google account, you can opt out of personalized advertising at the following link:
     https://adssettings.google.com/anonymous?hl=en

146. Further information and Google’s privacy policy can be found here:
     https://policies.google.com/technologies/ads?hl=en

147. Google Customer Match

148. For audience targeting, we use Google Ads Customer Match. This involves sharing certain customer data (e.g., email addresses) from our customer lists with Google. If the respective customers are Google users and logged into their Google accounts, they receive matching ads within the Google network (e.g., YouTube, Gmail, or Google Search).

149. Google Conversion Tracking

150. This website uses Google Conversion Tracking, which allows Google and us to recognize whether users have performed specific actions.

151. The use of this service is based on your consent under Article 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

152. Google Tag Manager

153. We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

154. Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It is solely used for managing and deploying the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

155. The use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on their website. If appropriate consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) as defined by TTDSG. Consent can be revoked at any time.

156. The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. Further information can be found at the following link:
     https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

157. Google Analytics

158. This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

159. Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on pages, operating systems used, and user origins. These data are assigned to the respective user's device. However, they are not linked to a user ID.

160. Furthermore, Google Analytics allows us to record mouse and scroll movements as well as clicks. Additionally, Google Analytics applies various modeling techniques to supplement the collected data and uses machine learning technologies for data analysis.

161. Google Analytics uses technologies that enable the recognition of users for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

162. Google Fonts

163. This site uses Google Fonts to ensure a uniform display of fonts, which are provided by Google. When you visit a page, your browser loads the required fonts into its cache to correctly display text and fonts.

164. To do this, the browser you are using must connect to Google’s servers. As a result, Google becomes aware that your IP address was used to access this website. The use of Google Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform presentation of fonts on their website. If consent has been requested, processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by TTDSG. Consent can be revoked at any time.

165. If your browser does not support Google Fonts, a standard font from your computer will be used instead.

166. More information about Google Fonts can be found at:
     Google Fonts FAQ
     Google's Privacy Policy: Google Privacy Policy

167. The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards when processing data in the USA. Every company certified under the DPF is committed to adhering to these data protection standards. More information is available at:
     Data Privacy Framework

168. Google Maps

169. This site uses the Google Maps mapping service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With this service, we can embed maps on our website.

170. To use Google Maps’ functions, it is necessary to store your IP address. This information is typically transmitted to a Google server in the USA and stored there. The provider of this site has no control over this data transfer. If Google Maps is activated, Google may also use Google Fonts for the uniform display of fonts. When you access Google Maps, your browser loads the required web fonts into its cache to properly display text and fonts.

171. The use of Google Maps is in the interest of an appealing presentation of our online offerings and easy location of the places indicated on our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by TTDSG. Consent can be revoked at any time.

172. Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here:
     Google GDPR Controller Terms
     Google SCCs

173. More information on how user data is handled can be found in Google’s privacy policy:
     Google Privacy Policy

174. The company is certified under the "EU-US Data Privacy Framework" (DPF). More information is available at:
     Data Privacy Framework

175. hCaptcha

176. We use hCaptcha (hereinafter "hCaptcha") on this website. The provider is Intuition Machines, Inc., 2211 Selig Drive, Los Angeles, CA 90026, USA (hereinafter "IMI").

177. hCaptcha is used to verify whether data entered on this website (e.g., in a contact form) is by a human or an automated program. For this purpose, hCaptcha analyzes visitor behavior based on various characteristics.

178. This analysis begins automatically as soon as the visitor accesses a website with an active hCaptcha. hCaptcha evaluates different information (e.g., IP address, duration of the visit, or mouse movements made by the user). The data collected during the analysis is forwarded to IMI. If hCaptcha is used in "invisible mode," the analysis runs entirely in the background. Website visitors are not informed that an analysis is taking place.

179. Storage and Analysis of Data

180. The storage and analysis of data are based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated surveillance and SPAM. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, insofar as consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under TTDSG. Consent can be revoked at any time.

181. Data processing is based on standard contractual clauses included in the Data Processing Addendum to the General Terms and Conditions of IMI or in data processing agreements.

182. For more information on hCaptcha, please refer to their Privacy Policy and Terms of Service at the following links:
     🔗 Privacy Policy
     🔗 Terms of Service

183. The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA ensuring compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to these standards. More information is available at the following link:
     🔗 EU-US Data Privacy Framework

184. ManageWP

185. We manage this website using the ManageWP tool, provided by GoDaddy.com WP Europe, Trg republike 5, 11000 Belgrade, Serbia (hereinafter referred to as ManageWP).

186. With ManageWP, we can monitor our website's security and performance and create automatic backups. ManageWP has access to all website content, including our databases. The service is hosted on the provider's servers.

187. The use of ManageWP is based on Article 6(1)(f) GDPR, as the website operator has a legitimate interest in the most efficient and secure operation of their website(s). If consent has been requested, processing is carried out solely on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, insofar as consent includes the storage of cookies or access to user device information (e.g., device fingerprinting). Consent can be revoked at any time.

188. The company is certified under the "EU-US Data Privacy Framework" (DPF). More details are available at the following link:
     🔗 EU-US Data Privacy Framework Certification

189. Data Processing Agreement (DPA)

190. We have signed a Data Processing Agreement (DPA) for using the service mentioned above. This legally required contract ensures that the provider processes personal data of our website visitors only according to our instructions and in compliance with the GDPR.

191. 8. eCommerce and Payment Providers

192. Processing of Customer and Contract Data

193. We collect, process, and use personal customer and contract data for establishing, structuring, and modifying our contractual relationships. We only collect, process, and use usage data of this website if necessary to enable the user to utilize the service or for billing purposes. The legal basis is Article 6(1)(b) GDPR.

194. Collected customer data is deleted after order completion or after the end of the business relationship and expiration of legal retention periods. Legal retention periods remain unaffected.

195. Data Transfer Upon Contract Conclusion for Online Shops, Retailers, and Shipping Services

196. If you order goods from us, we share your personal data with the shipping company responsible for delivery and with the payment service provider handling the payment process. Only necessary data will be transferred for the service to be performed. The legal basis is Article 6(1)(b) GDPR (contract fulfillment).

197. If you gave consent under Article 6(1)(a) GDPR, we will pass your email address to the shipping company, allowing them to inform you about your order status via email. Consent can be revoked at any time.

198. Data Transfer Upon Contract Conclusion for Services and Digital Content

199. We only transfer personal data to third parties when necessary for contract processing, such as to the payment service provider handling payments.

200. There is no further transfer of data unless explicit consent has been given. We do not share your data with third parties for advertising purposes.

201. The legal basis for data processing is Article 6(1)(b) GDPR (contract fulfillment).

202. Payment Services

203. We integrate third-party payment services on our website. When you make a purchase, your payment data (e.g., name, amount, bank details, credit card number) is processed by the payment service provider for transaction purposes. Each provider's contractual and privacy terms apply.

204. The use of payment providers is based on Article 6(1)(b) GDPR (contract fulfillment) and Article 6(1)(f) GDPR (legitimate interest in a smooth and secure payment process). If consent is required, Article 6(1)(a) GDPR applies, and consent can be revoked at any time.

205. We use the following payment services/payment providers:

206. PayPal (🔗 Privacy Policy)

207. Stripe (🔗 Privacy Policy)

208. Sofortüberweisung (Klarna) (🔗 Privacy Policy)

209. giropay (🔗 Privacy Policy)

210. Mastercard (🔗 Privacy Policy)

211. VISA (🔗 Privacy Policy)

212. Our Social Media Presence

213. Data Processing by Social Networks

214. We maintain publicly accessible profiles on social networks. The specific networks we use are listed below.

215. Social networks like Facebook and Twitter can analyze user behavior when you visit their websites or interact with embedded social media content on other sites (e.g., Like buttons).

216. If you log into your social media account while visiting our profile, the social media platform may associate your visit with your account. Even if you are not logged in or do not have an account, data may still be collected via cookies or IP tracking.

217. Legal Basis

218. Our social media presence aims to provide the broadest possible online visibility and is therefore based on Article 6(1)(f) GDPR (legitimate interest).

219. Social media platforms may rely on different legal bases for their data processing, such as user consent under Article 6(1)(a) GDPR.

220. Social Networks in Detail

221. Facebook

222. We have a profile on Facebook operated by Meta Platforms Ireland Ltd., Dublin, Ireland.

223. 📜 Privacy Policy: Facebook Privacy Policy
     📜 Facebook Data Transfer Policy: EU Data Transfer Addendum

224. To manage your Facebook ad preferences, go to:
     🔗 Facebook Ad Settings