Privacy Policy

Table of contents

• Introduction and Overview
• scope
• Legal basis
• Contact details of the responsible party
• Storage duration
• Rights under the General Data Protection Regulation
• Data Processing Agreement (DPA)
• Cookies
• Web hosting introduction
• Web Analytics Introduction
• Social Media Introduction
• Content Delivery Networks Introduction
• Cookie Consent Management Platform Introduction
• Security & Anti-Spam
• Video Conferencing & Streaming Introduction
• Explanation of terms used
• Closing remarks

Introduction and Overview

We have prepared this privacy policy (version 11.01.2024-122698935) to inform you in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws explain which personal data (hereinafter referred to as "data") we, as data controllers – and the data processors we have engaged (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We will provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important things to you as simply and transparently as possible. Where it promotes transparency, technical details will be avoided. Terms explained in a reader-friendly way, links to further information are provided and Graphics We have implemented this policy. We are informing you in clear and simple language that we only process personal data in the course of our business activities when there is a corresponding legal basis. This is certainly not possible if one provides the briefest, vague, and overly technical legal explanations that are often standard practice on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps you will find some information here that you were not previously aware of.
If you still have questions, please contact the responsible party listed below or in the legal notice, follow the provided links, and consult further information on third-party websites. Our contact details can also be found in the legal notice.

scope

This privacy policy applies to all personal data processed by us within our company and to all personal data processed by companies commissioned by us (data processors). Personal data, as defined in Article 4 No. 1 GDPR, refers to information such as a person's name, email address, and postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• Social media presence and email communication
• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas where personal data is processed in a structured manner within the company via the aforementioned channels. Should we enter into a legal relationship with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, that allow us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, access this EU General Data Protection Regulation online at EUR-Lex, your gateway to EU law. https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679 Read more.

We only process your data if at least one of the following conditions applies:

1. consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
2. Contract (Article 6 paragraph 1 lit. b GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information beforehand.
3. Legal obligation (Article 6 paragraph 1 lit. c GDPR): We process your data when we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes. These typically contain personal data.
4. Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not infringe your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically. This processing therefore constitutes a legitimate interest.

Other conditions, such as the recording of images in the public interest, the exercise of public authority, or the protection of vital interests, do not generally apply in our case. If such a legal basis should apply, it will be indicated at the relevant point.

In addition to the EU regulation, national laws also apply:

• In Austria This is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), short DSG.
• In Germany Does this apply? Federal Data Protection Act, short BDSG.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible party

Should you have any questions regarding data protection or the processing of personal data, you will find the contact details of the responsible person or body below:

E-mail: office@cplusm-981.com
Phone: +43 676 32 63 534

Storage duration

We generally adhere to the principle that we only store personal data for as long as is absolutely necessary for providing our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased to exist, for example, for accounting purposes.

Should you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and provided there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights to which you are entitled, in order to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and the following information:
  
  • for what purpose we carry out the processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
• According to Article 16 of the GDPR, you have a right to rectification of your data, which means that we must correct any data you find.
• According to Article 17 of the GDPR, you have the right to erasure („right to be forgotten“), which specifically means that you can request the deletion of your data.
• According to Article 18 GDPR, you have the right to restrict processing, which means that we may only store the data but not use it further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
• According to Article 21 GDPR, you have the right to object, which, if exercised, will result in a change to the processing.
  
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
  • If your data is used for direct marketing purposes, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for direct marketing.
  • If data is used for profiling, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for profiling.
• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means you can lodge a complaint with the data protection authority at any time if you believe that the processing of your personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at [website address]. https://www.dsb.gv.at/ You can find them here. In Germany, each federal state has a data protection officer. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) Please contact us. The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Telephone number: +43 1 52 152-0
E-mail address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Processing Agreement (DPA)

In this section, we would like to explain what a data processing agreement (DPA) is and why it is necessary. Because the term "data processing agreement" is quite a mouthful, we will often use the acronym DPA in this text. Like most companies, we don't work alone, but also utilize the services of other companies or individuals. By involving various companies or service providers, we may transfer personal data for processing. These partners then act as data processors, with whom we conclude a contract, the so-called data processing agreement (DPA). Most importantly for you to know is that the processing of your personal data must be carried out exclusively according to our instructions and must be regulated by the DPA.

Who are data processors?

As a company and website owner, we are responsible for all data we process from you. In addition to the data controller, there may also be so-called data processors. This includes any company or individual that processes personal data on our behalf. More precisely, and according to the GDPR definition: any natural or legal person, public authority, agency, or other body that processes personal data on our behalf is considered a data processor. Data processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

To better understand the terminology, here is an overview of the three roles in the GDPR:

Affected (You as a customer or prospective customer) → Responsible (we as a company and client) → Data processors (Service providers such as web hosts or cloud providers)

Content of a data processing agreement

As mentioned above, we have concluded a data processing agreement (DPA) with our partners who act as data processors. This agreement stipulates, above all, that the data processor will process the data to be processed exclusively in accordance with the GDPR. The agreement must be in writing; however, in this context, an electronic agreement is also considered "in writing." Personal data will only be processed on the basis of this agreement. The agreement must contain the following:

• Loyalty to us as the responsible party
• Duties and rights of the controller
• Categories of affected persons
• Type of personal data
• Type and purpose of data processing
• Subject matter and duration of data processing
• Location of data processing

Furthermore, the contract contains all the obligations of the data processor. The most important obligations are:

• To ensure data security measures
• to take possible technical and organizational measures to protect the rights of the data subject
• to maintain a data processing directory
• to cooperate with the data protection supervisory authority upon request.
• to conduct a risk analysis regarding the personal data received
• Sub-processors may only be commissioned with the written consent of the data controller.

You can find out what such a data processing agreement (DPA) looks like, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html View. A sample contract is presented here.

Cookies

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are truly useful tools. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as your language preferences or personal website settings. When you revisit our site, your browser sends this user-related information back to us. Thanks to cookies, our website recognizes you and provides your preferred settings. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic illustrates a possible interaction between a web browser, such as Chrome, and a web server. The web browser requests a website and receives a cookie from the server, which the browser then reuses whenever another page is requested.

There are both first-party and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other malware. Cookies cannot access information on your computer.

This is what cookie data might look like, for example:

Name: _ga
Value: GA1.2.1326744211.152122698935-9
Purpose of use: Differentiation of website visitors
Expiry date: after 2 years

These are the minimum sizes a browser should be able to support:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services used and are explained in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are four types of cookies:

Essential cookies
These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed when a user adds a product to their shopping cart, then continues browsing other pages, and only later proceeds to checkout. These cookies prevent the shopping cart from being emptied, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. They also measure loading times and the website's performance across different browsers.

Targeted cookies
These cookies improve user-friendliness. For example, they save entered locations, font sizes, or form data.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very convenient, but also very annoying.

Typically, when you first visit a website, you will be asked which types of cookies you wish to allow. And of course, this decision is also stored in a cookie.

If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the specific cookie. More details can be found below or on the website of the software provider that sets the cookie.

What data is processed?

Cookies are small tools that help with many different tasks. Unfortunately, it's impossible to generalize about what data is stored in cookies, but we will inform you about the data processed and stored in the following privacy policy.

Storage duration of cookies

The storage duration depends on the specific cookie and is further specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also “Right to object” below). Furthermore, cookies based on consent will be deleted at the latest after you withdraw your consent, whereby the lawfulness of the storage remains unaffected until then.

Right to object – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of the service or website the cookies originate from, you always have the option to delete, disable, or partially allow cookies. For example, you can block third-party cookies but allow all others.

If you want to see which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this information in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally don't want to allow cookies, you can configure your browser to always notify you when a cookie is about to be set. This allows you to decide whether to allow each individual cookie. The procedure varies depending on the browser. The best way to find instructions is to search on Google using the keywords "delete cookies Chrome" or "disable cookies Chrome" if you are using the Chrome browser.

Legal basis

The so-called "Cookie Directive" has been in effect since 2009. It stipulates that storing cookies is a consent (Article 6(1)(a) GDPR) requires your consent. However, reactions to these guidelines vary considerably across EU countries. In Austria, this directive was implemented in Section 96(3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not transposed into national law. Instead, they were largely implemented in Section 15(3) of the Telemedia Act (TMG).

Strictly necessary cookies exist, even where no consent has been given. legitimate interests (Article 6 paragraph 1 letter f GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often absolutely necessary for this.

Unless strictly necessary, cookies are only used with your consent. The legal basis for this is Article 6(1)(a) GDPR.

The following sections will provide you with more detailed information about the use of cookies, if the software used employs cookies.

Web hosting introduction

What is web hosting?

When you visit websites these days, certain information – including personal data – is automatically generated and stored, and this website is no exception. This data should be processed as sparingly as possible and only with justification. By "website," we mean all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By "domain," we mean, for example, example.de or sample.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You're probably familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply call them browsers or web browsers.

To display the website, the browser needs to connect to another computer where the website's code is stored: the web server. Operating a web server is a complex and resource-intensive task, which is why it's usually handled by professional providers. These providers offer web hosting and ensure the reliable and error-free storage of website data. A lot of technical terms, but please bear with us, it gets better!

When your browser connects to the web server (desktop, laptop, tablet, or smartphone) and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server also needs to store data for a certain period of time to ensure proper operation.

A picture is worth a thousand words, therefore the following graphic illustrates the interaction between browser, the internet and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional website hosting and operational security
2. to maintain operational and IT security
3. Anonymous analysis of access behavior to improve our services and, if necessary, for law enforcement or pursuit of claims.

What data is processed?

Even while you are currently visiting our website, our web server, that is the computer on which this website is stored, usually automatically saves data such as

• the complete internet address (URL) of the accessed website
• Browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. link)
• the hostname and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
• Date and time
• in files, the so-called web server log files

How long is data stored?

The data mentioned above is generally stored for two weeks and then automatically deleted. We do not share this data, but we cannot rule out the possibility that authorities may access it in the event of unlawful activity.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we will not share your data without your consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting is based on Art. 6 para. 1 lit. f GDPR (safeguarding legitimate interests), because the use of professional hosting from a provider is necessary to present the company securely and user-friendly on the internet and to be able to pursue attacks and claims arising therefrom.

We and the hosting provider usually have a data processing agreement in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

Hetzner Privacy Policy

We use Hetzner, among other things a web hosting provider, for our website. The service provider is the German company Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

You can find out more about the data processed through the use of Hetzner in the privacy policy at https://www.hetzner.com/de/legal/privacy-policy.

Data Processing Agreement (DPA) Hetzner

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a data processing agreement (DPA) with Hetzner. You can find out exactly what a DPA is and, above all, what it must contain in our general section "Data Processing Agreement (DPA).".

This contract is legally required because Hetzner processes personal data on our behalf. It stipulates that Hetzner may only process data received from us according to our instructions and must comply with the GDPR. You can find the link to the data processing agreement (DPA) at [link to DPA]. https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.

Web Analytics Introduction

What is web analytics?

We use software on our website to analyze visitor behavior, commonly known as web analytics. This involves collecting data that is stored, managed, and processed by the respective analytics tool provider (also called a tracking tool). This data is used to create analyses of user behavior on our website and made available to us as the website operator. Most tools also offer various testing options. For example, we can test which offers or content resonate best with our visitors. To do this, we display two different offers for a limited time. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as other analytics methods, user profiles can be created and the data stored in cookies.

Why do we use web analytics?

With our website, we have a clear goal in mind: to deliver the best online offering on the market for our industry. To achieve this, we aim to provide the best and most engaging content while ensuring you feel completely comfortable on our website. Web analytics tools allow us to closely examine the behavior of our website visitors and then improve our online offerings accordingly, benefiting both you and ourselves. For example, we can determine the average age of our visitors, their geographical origin, peak traffic times, and which content or products are particularly popular. All this information helps us optimize the website and tailor it perfectly to your needs, interests, and preferences.

What data is processed?

Exactly which data is stored depends, of course, on the analytics tools used. However, it typically includes information such as which content you view on our website, which buttons or links you click, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website, and which computer system you are using. If you have consented to the collection of location data, this may also be processed by the web analytics tool provider.

Your IP address will also be stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is generally stored in pseudonymized form (i.e., in an unidentifiable and shortened form). For the purposes of testing, web analytics, and web optimization, no direct data such as your name, age, address, or email address is stored. All such data, if collected, is stored pseudonymously. This ensures that you cannot be identified as an individual.

The following example schematically illustrates how Google Analytics works as an example of client-based web tracking using JavaScript code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. Generally, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If legally required, as in the case of accounting, for example, this storage period may be exceeded.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we obtained via our cookie popup. According to [source/regulation], this consent constitutes [legal basis/consent]. Article 6 paragraph 1 letter a GDPR (consent) This represents the legal basis for the processing of personal data, such as that which may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Web analytics helps us identify website errors, detect attacks, and improve efficiency. The legal basis for this is... Article 6 paragraph 1 letter f GDPR (Legitimate interests). However, we only use these tools if you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general privacy policy regarding cookies. To learn exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Information on specific web analytics tools can be found – if available – in the following sections.

Matomo On-Premise Privacy Policy

What is Matomo On-Premise?

We use the privacy-friendly analytics program Matomo On-Premise on our website. With the on-premise version, Matomo is installed on our own server. This means we act as the operator of the software, and any data we might collect from you is stored directly by us. Data processing therefore remains entirely under our control. The tool is developed by the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.

Matomo On-Premise is a web analytics platform that takes data privacy very seriously, yet still provides us, as website operators, with accurate statistics about your behavior on our website. A major difference compared to other analytics programs is the option of storing data on our own server. Matomo On-Premise also offers various ways to anonymize the IP addresses of our website visitors and disable cookies.

Why do we use Matomo On-Premise?

Many common analytics tools collect vast amounts of personal data and can also share it with third parties. This means that maintaining control over your data becomes extremely difficult. Data privacy is very important to us, which is why we opted for Matomo On-Premise, a significantly more privacy-friendly alternative. However, we don't want to completely forgo web analytics. After all, statistics on website behavior allow us to optimize our service and tailor it to your individual needs.

What data is stored by Matomo On-Premise?

In addition to personal data such as your IP address or information about yourself (e.g., name, address, date of birth) that you actively provide to us, we primarily store information about your browsing behavior. This is generally not personal data, but rather information such as the number of visitors to the website, page views, time spent on the site, or search terms used. Furthermore, technical data such as browser type, your operating system, and screen resolution may also be stored. Matomo On-Premise can also collect information about the website from which you came to us. The collected data is stored by us and is not shared with or sold to third parties.

How long and where will the data be stored?

Matomo On-Premise is a self-hosted analytics platform, meaning we store all collected data directly on our own servers. Our server is located in Europe, so data is not processed in any third countries, i.e., countries outside the scope of the GDPR.

Generally, we store data for as long as necessary for business purposes. Unfortunately, we cannot specify exact retention periods here, as these depend heavily on our individual configurations. If you would like to learn more about our data retention periods and configurations, please do not hesitate to contact us.

How can I delete my data or prevent data storage?

You have the right and the ability to access your personal data at any time and to object to its use and processing. You can also lodge a complaint with a government supervisory authority or simply with us at any time.

Your browser also allows you to manage, delete, or disable cookies individually. Please note, however, that disabling or deleting cookies may negatively impact the functionality of our website. Managing cookies varies slightly depending on the browser you use. You can find links to instructions for the most common browsers in the "Cookies" section. If you wish to request data deletion, please feel free to contact us.

Opt-out complete; your visits to this website will not be recorded by the web analytics tool. Please note that the Matomo opt-out cookie for this website will also be deleted if you delete the cookies stored in your browser. Furthermore, if you use a different computer or a different web browser, you will need to repeat the opt-out process.

You have the option to prevent your actions here from being analyzed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users.

The tracking opt-out function requires cookies to be enabled.

Legal basis

The use of Matomo On-Premise requires your consent, which we obtained using our consent management tool (popup). According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when collected by web analytics tools.

In addition to your consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Using Matomo On-Premise, we identify optimization potential for our website and can improve its efficiency. The legal basis for this is Article 6(1)(f) GDPR (legitimate interests). However, we only use Matomo On-Premise if you have given your consent.

If you would like to learn more about data processing by Matomo On-Premise, please feel free to contact us. We also recommend reviewing Matomo's privacy policy at [link to Matomo privacy policy]. https://matomo.org/privacy-policy/.

Matomo On-Premise (without cookies)

What is Matomo On-Premise (without cookies)?

We use the privacy-friendly analytics program Matomo On-Premise on our website without the use of cookies. With the on-premise version, Matomo is installed on our own server. This means we act as the operator of the software, and any data we might collect from you is stored directly by us. Data processing therefore remains entirely under our control. The tool is developed by the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.

Matomo On-Premise is a web analytics platform that takes data privacy very seriously, yet still provides us, as website operators, with accurate statistics about your behavior on our website. A major difference compared to other analytics programs is the option of storing data on our own server. Matomo On-Premise also offers various ways to anonymize the IP addresses of our website visitors and to disable cookies. We have also opted to disable cookies. This means we use Matomo On-Premise for our website without the use of cookies.

Why do we use Matomo On-Premise?

Many common analytics tools collect vast amounts of personal data and can also share it with third parties. This means that maintaining control over your data becomes extremely difficult. Data privacy is very important to us, which is why we opted for Matomo On-Premise without the use of cookies. However, we don't want to completely forgo web analytics either. After all, statistics on website behavior allow us to optimize our service and tailor it to your individual needs.

What data is stored by Matomo On-Premise?

Primarily, information about your browsing behavior is stored. This is not personal data, but rather information such as the number of visitors to the website, page views, time spent on the site, and search terms used. Technical data such as browser type, operating system, and screen resolution may also be stored. Matomo On-Premise can also collect information about the website from which you came to our site. The collected data is stored by us and is not shared with or sold to third parties.

How long and where will the data be stored?

Matomo On-Premise is a self-hosted analytics platform, meaning we store all collected data directly on our own servers. Our server is located in Europe, so data is not processed in any third countries, i.e., countries outside the scope of the GDPR.

Generally, we store data for as long as necessary for business purposes. Unfortunately, we cannot specify exact retention periods here, as these depend heavily on our individual configurations. If you would like to learn more about our data retention periods and configurations, please do not hesitate to contact us.

How can I delete my data or prevent data storage?

You have the right and the ability to access your personal data at any time and to object to its use and processing. You can also lodge a complaint with a government supervisory authority or simply with us at any time.

Legal basis

We have a legitimate interest in analyzing the behavior of website visitors in order to improve our services both technically and economically. Using Matomo On-Premise, we identify optimization potential for our website and can improve its efficiency. The legal basis for this is Article 6(1)(f) GDPR (legitimate interests).

If you would like to learn more about data processing by Matomo On-Premise without cookies, please feel free to contact us. We also recommend reading Matomo's privacy policy at [link to privacy policy]. https://matomo.org/privacy-policy/.

Social Media Introduction

What is social media?

In addition to our website, we are also active on various social media platforms. This may involve processing user data so that we can specifically target users who are interested in our content via social networks. Furthermore, elements of a social media platform may be directly embedded in our website. This is the case, for example, when you click a "social button" on our website and are redirected directly to our social media profile. Social media platforms are websites and apps through which registered members can create content, share content openly or within specific groups, and connect with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. Our social media presence allows us to introduce our products and services to potential customers. The social media elements integrated into our website help you quickly and easily access our social media content.

The data collected and processed through your use of a social media channel primarily serves the purpose of web analytics. The goal of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the analyzed data can be used to draw conclusions about your interests and create user profiles. This allows the platforms to present you with tailored advertisements. Cookies are usually placed in your browser for this purpose, storing data about your browsing behavior.

We generally assume that we remain responsible under data protection law even when using the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Article 26 GDPR. Where this is the case, we will indicate this separately and operate on the basis of a corresponding agreement. The essential elements of the agreement are then reproduced below under the relevant platform.

Please note that when using social media platforms or our embedded elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may make it more difficult for you to assert or enforce your rights regarding your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective social media platform provider. However, it typically includes data such as phone numbers, email addresses, information you enter into a contact form, user data such as which buttons you click, whom you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Specifically, if you have a profile on the social media channel you are visiting and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the provider's servers. Therefore, only the providers have access to the data and can provide you with the relevant information or make changes.

If you want to know exactly what data is stored and processed by social media providers and how you can object to this data processing, you should carefully read the respective company's privacy policy. If you have any questions about data storage and processing or wish to exercise your rights, we also recommend contacting the provider directly.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is matched with our own user data is deleted within two days. Generally, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If legally required, as in the case of accounting, this storage period may be exceeded.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party services such as embedded social media elements at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend that you read our general privacy policy about cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored through embedded social media elements, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be processed on the basis of our legitimate interest if you have given your consent. (Art. 6 para. 1 lit. f GDPR) Your data is stored and processed to enable fast and effective communication with you, other customers, and business partners. However, we only use these tools if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Information on specific social media platforms – if available – can be found in the following sections.

Facebook Privacy Policy

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network operated by Meta Platforms Inc., or, for the European region, by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools allow us to offer you and people interested in our products and services the best possible experience.

If data about you is collected and forwarded via our embedded Facebook elements or our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook is solely responsible for the further processing of this data. Our joint obligations are also set out in a publicly available agreement at [link to agreement]. link This is enshrined in our data protection policy. It stipulates, for example, that we must clearly inform you about the use of Facebook tools on our website. Furthermore, we are responsible for ensuring that these tools are integrated into our website in a data protection-compliant manner. Facebook, on the other hand, is responsible for the data security of its products. If you have any questions regarding data collection and processing by Facebook, you can contact the company directly. If you direct your question to us, we are obligated to forward it to Facebook.

Below we provide an overview of the various Facebook tools, what data is sent to Facebook, and how you can delete this data.

In addition to many other products, Facebook also offers the so-called "Facebook Business Tools." This is Facebook's official name. However, since the term is hardly known, we have decided to simply call them Facebook Tools. These include, among other things:

• Facebook Pixel
• social plug-ins (such as the "Like" or "Share" button)
• Facebook Login
• Account Kit
• APIs (Application Programming Interfaces)
• SDKs (Collection of Programming Tools)
• Platform integrations
• Plugins
• Codes
• Specifications
• Documentation
• Technologies and services

These tools allow Facebook to expand its services and obtain information about user activity outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who are genuinely interested. Facebook ads allow us to reach precisely these people. However, to show users relevant ads, Facebook needs information about their needs and desires. Therefore, we provide the company with information about user behavior (and contact details) on our website. This allows Facebook to gather better user data and show interested people relevant ads for our products and services. These tools thus enable tailored advertising campaigns on Facebook.

Facebook refers to data about your behavior on our website as "event data." This data is also used for measurement and analytics services. Facebook can then create "campaign reports" on our behalf about the effectiveness of our advertising campaigns. Furthermore, these analyses give us a better understanding of how you use our services, website, or products. We use some of these tools to optimize your user experience on our website. For example, you can use social plugins to share content from our site directly on Facebook.

What data is stored by Facebook tools?

Using certain Facebook tools may result in personal data (customer data) being sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number, and IP address may be transmitted.

Facebook uses this information to match the data it already holds about you (if you are a Facebook member). Before customer data is transmitted to Facebook, it undergoes a process called "hashing." This means that any data set of any size is transformed into a string of characters. This also serves to encrypt the data.

In addition to contact information, "event data" is also transmitted. "Event data" refers to information we receive about you on our website, such as which subpages you visit or which products you purchase. Facebook does not share this information with third parties (such as advertisers) unless it has explicit permission or is legally obligated to do so. "Event data" can also be linked to contact information. This allows Facebook to offer more personalized advertising. After the aforementioned matching process, Facebook deletes the contact data.

To optimize ad delivery, Facebook uses event data only when it has been combined with other data (collected by Facebook through other means). Facebook also uses this event data for security, protection, development, and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files used to store data and information in browsers. Depending on the tools used and whether you are a Facebook member, a varying number of cookies will be placed in your browser. We provide more detailed information about individual Facebook cookies in the descriptions of the various Facebook tools. You can also find general information about the use of Facebook cookies on [link to Facebook's cookie policy]. https://www.facebook.com/policies/cookies.

How long and where will the data be stored?

Generally, Facebook stores data until it is no longer needed for its own services and products. Facebook has servers distributed around the world where its data is stored. However, customer data is deleted within 48 hours after it has been matched with the company's own user data.

How can I delete my data or prevent data storage?

In accordance with the General Data Protection Regulation (GDPR), you have the right to access, rectification, portability and erasure of your data.

Your data will only be completely deleted if you delete your Facebook account entirely. Here's how to delete your Facebook account:

1) Click on Settings on the right side of Facebook.

2) Next, click on „Your Facebook Information“ in the left column.

3) Now click “Deactivation and Deletion”.

4) Now select „Delete account“ and then click „Next and delete account“.“

5) Now enter your password, click "Next" and then "Delete account"„

The data that Facebook receives through our site is stored, among other things, via cookies (e.g., for social plugins). You can disable, delete, or manage individual or all cookies in your browser. Depending on which browser you use, this works differently. Under the "Cookies" section, you will find links to the instructions for the most common browsers.

If you generally do not want to allow cookies, you can configure your browser to always notify you when a cookie is about to be set. This allows you to decide whether to allow each individual cookie or not.

Legal basis

If you have consented to your data being processed and stored by integrated Facebook tools, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be processed on the basis of our legitimate interest. (Art. 6 para. 1 lit. f GDPR) The data is stored and processed to enable fast and effective communication with you, other customers, and business partners. However, we only use these tools if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review Facebook's privacy statement or cookie policy.

Facebook processes your data, among other places, in the USA. Facebook, or rather Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at [link to relevant page]. link.

Furthermore, Facebook uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: link

The Facebook data processing terms, which refer to the standard contractual clauses, can be found at link.

We hope we have provided you with the most important information about the use and processing of data by Facebook tools. If you would like to learn more about how Facebook uses your data, we recommend that you read the data policy on [link to Facebook's data policy]. https://www.facebook.com/privacy/policy/.

LinkedIn Privacy Policy

What is LinkedIn?

We use social plugins from the social media network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, on our website. These social plugins may include feeds, content sharing, or links to our LinkedIn page. The social plugins are clearly marked with the familiar LinkedIn logo and allow, for example, sharing interesting content directly from our website. For the European Economic Area and Switzerland, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin, is responsible for data processing.

By embedding such plugins, data can be sent to, stored by, and processed by LinkedIn. In this privacy policy, we want to inform you about the data involved, how the network uses this data, and how you can manage or prevent data storage.

LinkedIn is the largest social network for business contacts. Unlike Facebook, for example, the company focuses exclusively on building professional connections. Businesses can present their services and products on the platform and establish business relationships. Many people also use LinkedIn for job searches or to find suitable employees for their own companies. In Germany alone, the network has over 11 million members. In Austria, there are approximately 1.3 million.

Why do we use LinkedIn on our website?

We know how busy you are. It's impossible to monitor every social media channel individually, even though, as in our case, it would be worthwhile. We regularly post interesting news and reports that are worth sharing. That's why we've added the option to share interesting content directly on LinkedIn or link directly to our LinkedIn page on our website. We see these integrated social plugins as an enhanced service on our website. The data LinkedIn collects also helps us ensure that our advertising is only shown to people who are genuinely interested in our offerings.

What data does LinkedIn store?

LinkedIn does not store any personal data simply by integrating social plugins. LinkedIn refers to this data, generated by plugins, as passive impressions. However, if you click on a social plugin, for example to share our content, the platform stores personal data as so-called "active impressions." This occurs regardless of whether you have a LinkedIn account or not. If you are logged in, the collected data will be associated with your account.

Your browser establishes a direct connection to LinkedIn's servers when you interact with our plugins. This allows the company to log various usage data. In addition to your IP address, this can include, for example, login data, device information, or information about your internet or mobile provider. If you access LinkedIn services via your smartphone, your location can also be determined (after you have granted permission). LinkedIn may also share this data in hashed form with third-party advertisers. Hashing means that a data set is transformed into a string of characters. This allows the data to be encrypted in such a way that individuals can no longer be identified.

Most data about your user behavior is stored in cookies. These are small text files that are usually placed in your browser. LinkedIn may also use web beacons, pixel tags, ad tags, and other device identifiers.

Various tests also show which cookies are set when a user interacts with a social plug-in. The data found is not exhaustive and serves only as an example. The following cookies were set without the user being logged into LinkedIn:

Name: bcookie
Value: =2&34aab2aa-2ae1-4d2a-8baf-c2e2d7235c16122698935-
Purpose of use: The cookie is a so-called "browser ID cookie" and therefore stores your identification number (ID).
Expiry date: After 2 years

Name: long
Value: v=2&lang=de-de
Purpose of use: This cookie stores your preset or preferred language.
Expiry date: after the meeting

Name: lidc
Value: 1818367:t=1571904767:s=AQF6KNnJ0G122698935…
Purpose of use: This cookie is used for routing. Routing records the paths you took to reach LinkedIn and how you navigate the website.
Expiry date: after 24 hours

Name: rtc
Value: kt0lrv3NF3x3t6xvDgGrZGDKkX
Purpose of use: No further information could be obtained about this cookie.
Expiry date: after 2 minutes

Name: JSESSIONID
Value: ajax:1226989352900777718326218137
Purpose of use: This is a session cookie that LinkedIn uses to maintain anonymous user sessions through the server.
Expiry date: after the meeting

Name: bscookie
Value: “v=1&201910230812…
Purpose of use: This cookie is a security cookie. LinkedIn describes it as a Secure Browser ID cookie.
Expiry date: after 2 years

Name: fid
Value: AQHj7Ii23ZBcqAAAA…
Purpose of use: No further information could be found about this cookie.
Expiry date: after 7 days

Note: LinkedIn also works with third-party providers. That's why we also detected the two Google Analytics cookies _ga and _gat in our test.

How long and where will the data be stored?

LinkedIn generally retains your personal data for as long as the company deems necessary to provide its services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn retains some data in aggregated and anonymized form even after you delete your account. Once you delete your account, other people will no longer be able to see your data within one day. LinkedIn generally deletes data within 30 days. However, LinkedIn retains data if legally required to do so. Data that can no longer be associated with an individual remains stored even after the account is closed. The data is stored on various servers in America and presumably also in Europe.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. You can manage, modify, and delete your data in your LinkedIn account. You can also request a copy of your personal data from LinkedIn.

Here's how to access the account details in your LinkedIn profile:

In LinkedIn, click your profile icon and select "Settings and privacy." Then click "Privacy" and, in the "How LinkedIn uses your data" section, click "Change." You can then download selected data about your web activity and account history.

You can also prevent LinkedIn from processing your data in your browser. As mentioned above, LinkedIn stores most of its data via cookies placed in your browser. You can manage, disable, or delete these cookies. The process varies slightly depending on your browser. Under the "Cookies" section, you will find links to instructions for the most common browsers.

You can also configure your browser to always notify you when a cookie is about to be set. This allows you to decide individually whether or not to allow the cookie.

Legal basis

If you have consented to your data being processed and stored through embedded social media elements, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be processed on the basis of our legitimate interest. (Art. 6 para. 1 lit. f GDPR) Your data is stored and processed to ensure fast and effective communication with you, other customers, and business partners. However, we only use the integrated social media elements if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

LinkedIn also processes your data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

LinkedIn uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially the USA) or for transferring data to such countries. Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). These clauses oblige LinkedIn to maintain the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information about LinkedIn's standard contractual clauses can be found at https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu-sccs.

We have tried to provide you with the most important information about data processing by LinkedIn. https://www.linkedin.com/legal/privacy-policy Learn more about the data processing practices of the social media network LinkedIn.

XING Privacy Policy

What is Xing?

We use social plugins from the social media network Xing, operated by Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany, on our website. These plugins allow you, for example, to share content directly from our website on Xing, log in to Xing, or follow interesting content. You can recognize the plugins by the company name or the Xing logo. When you visit a website that uses a Xing plugin, data may be transmitted to, stored on, and analyzed by Xing's servers. This privacy policy explains what data is involved and how you can manage or prevent this data storage.

Xing is a social network headquartered in Hamburg. The company specializes in managing professional contacts. This means that, unlike other networks, Xing focuses primarily on professional networking. The platform is often used for job searches or to find employees for one's own company. In addition, Xing offers interesting content on various professional topics. Its global counterpart is the American company LinkedIn.

Why do we use Xing on our website?

There's a flood of social media channels these days, and we're well aware that your time is valuable. It's impossible to scrutinize every single company's social media channel. That's why we want to make things as easy as possible for you, so you can share or follow interesting content directly from our website on Xing. These "social plugins" expand the services we offer on our website. Furthermore, the data collected by Xing helps us to implement targeted advertising on the platform. This means our services are only shown to people who are genuinely interested in them.

What data does Xing store?

Xing offers the share button, the follow button, and the login button as plugins for websites. As soon as you open a page with a Xing social plugin, your browser connects to servers in a data center used by Xing. According to Xing, no data is stored in connection with the share button that could directly identify an individual. In particular, Xing does not store your IP address. Furthermore, no cookies are set in connection with the share button. Therefore, your user behavior is not analyzed. You can find more information on this topic at [link to Xing's privacy policy]. link

With the other Xing plugins, cookies are only set in your browser when you interact with the plugin or click on it. In this case, personal data such as your IP address, browser data, and the date and time of your page visit to Xing may be stored. If you have a Xing account and are logged in, the collected data will be associated with your personal account and the data stored therein.

The following cookies will be set in your browser if you click the "Follow" or "Log in" button and are not yet logged in to Xing. Please note that this is an example list and we cannot claim it to be exhaustive:

Name: AMCVS_0894FF2554F733210A4C98C6%40AdobeOrg
Value: 1
Purpose of use: This cookie is used to create and store identifications of website visitors.
Expiry date: after the meeting

Name: c_
Value: 157c609dc9fe7d7ff56064c6de87b019122698935-8
Purpose of use: We were unable to find any further information about this cookie.
Expiry date: after one day

Name: previousPage
Value: wbm%2FWelcome%2Flogin
Purpose of use: This cookie stores the URL of the previous website you visited.
Expiry date: after 30 minutes

Name: s_cc
Value: true
Purpose of use: This Adobe Site Catalyst cookie determines whether cookies are generally enabled in the browser.
Expiry date: after the meeting

Name: s_fid
Value: 6897CDCD1013221C-39DDACC982217CD1122698935-2
Purpose of use: This cookie is used to identify a unique visitor.
Expiry date: after 5 years

Name: visitor_id
Value: fe59fbe5-e9c6-4fca-8776-30d0c1a89c32
Purpose of use: The visitor cookie contains a unique visitor ID and the unique identifier for your account.
Expiry date: after 2 years

Name:_session_id
Value: 533a0a6641df82b46383da06ea0e84e7122698935-2
Purpose of use: This cookie creates a temporary session ID, which is used as the in-session user ID. This cookie is absolutely necessary to provide Xing's functionality.
Expiry date: after the meeting

Once you are logged in to Xing or become a member, further personal data will definitely be collected, processed, and stored. Xing also shares personal data with third parties if this is necessary for fulfilling its own business purposes, if you have given your consent, or if there is a legal obligation to do so.

How long and where will the data be stored?

Xing stores data on various servers in different data centers. The company retains this data until you delete it or until your user account is deleted. This only applies to users who are already Xing members.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. Even if you are not a Xing member, you can prevent potential data processing or manage it according to your preferences via your browser. Most data is stored using cookies. Depending on your browser, managing cookies varies slightly. In the "Cookies" section, you will find links to instructions for the most common browsers.

You can also configure your browser to always notify you when a cookie is about to be set. This allows you to decide individually whether or not to allow the cookie.

Legal basis

If you have consented to your data being processed and stored through embedded social media elements, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be processed on the basis of our legitimate interest. (Art. 6 para. 1 lit. f GDPR) Your data is stored and processed to ensure fast and effective communication with you, other customers, and business partners. However, we only use the integrated social media elements if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

We have tried to provide you with the most important information about data processing by Xing. https://privacy.xing.com/de/datenschutzerklaerung Learn more about the data processing practices of the social media network Xing.

Content Delivery Networks Introduction

What is a Content Delivery Network?

We use a Content Delivery Network (CDN) on our website. A CDN helps us load our website quickly and smoothly, regardless of your location. In this process, your personal data is stored, managed, and processed on the servers of the CDN provider. Below, we provide more general information about the service and its data processing. Detailed information about how your data is handled can be found in the provider's privacy policy.

Every Content Delivery Network (CDN) is a network of regionally distributed servers, all connected via the internet. This network allows website content (especially very large files) to be delivered quickly and smoothly, even during peak loads. The CDN creates a copy of our website on its servers. Because these servers are distributed globally, the website can be delivered quickly. Consequently, the data transfer to your browser is significantly reduced by the CDN.

Why do we use a Content Delivery Network for our website?

A fast-loading website is part of our service. We know how frustrating it is when a website loads at a snail's pace. Often, you lose patience and give up before the website has even finished loading. Naturally, we want to avoid that. Therefore, a fast-loading website is a standard feature of our website offering. Using a Content Delivery Network (CDN) significantly speeds up the loading of our website in your browser. The CDN is especially helpful if you are located abroad, as the website is delivered from a server closer to you.

What data is processed?

When you request a website or website content that is cached in a CDN, the CDN forwards the request to the server nearest to you, which then delivers the content. Content Delivery Networks are designed so that JavaScript libraries can be downloaded and hosted on npm and GitHub servers. Alternatively, most CDNs can also load WordPress plugins if they are hosted on npm and GitHub. WordPress.org Your browser may send personal data to the Content Delivery Network (CDN) we use. This includes data such as your IP address, browser type, browser version, which website is being loaded, and the date and time of your visit. This data is collected and stored by the CDN. Whether cookies are used for data storage depends on the network used. Please refer to the privacy policy of the respective service for more information.

Right to object

If you want to completely prevent this data transfer, you can use a JavaScript blocker (see, for example, https://noscript.net/) install it on your PC. Of course, our website will then no longer be able to offer its usual service (such as fast loading speeds).

Legal basis

If you have consented to the use of a Content Delivery Network, the legal basis for the corresponding data processing is this consent. According to [source/regulation], this consent constitutes [legal basis/legal basis]. Article 6 paragraph 1 letter a GDPR (consent) This represents the legal basis for the processing of personal data, as may occur when collected by a Content Delivery Network.

We also have a legitimate interest in using a Content Delivery Network to optimize and secure our online service. The corresponding legal basis for this is... Article 6 paragraph 1 letter f GDPR (Legitimate interests). However, we will only use the tool if you have given your consent.

Information on specific Content Delivery Networks can be found – if available – in the following sections.

BootstrapCDN Privacy Policy

What is BootstrapCDN?

To ensure that all our individual web pages (subpages of our website) are delivered to you quickly and securely on all devices, we use the Content Delivery Network (CDN) BootstrapCDN, an open-source service from jsdelivr.com of the Polish software company ProspectOne, Królewska 65A/1, 30-081, Kraków, Poland. A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the internet. This network enables the fast delivery of content, especially very large files, even during peak loads.

Why do we use BootstrapCDN?

Naturally, we want to offer you a comprehensive and well-functioning service with our website. This includes a fast website. Using jsdelivr.com CDN allows our website to load much faster on your device. The use of jsdelivr.com CDN is particularly helpful for users abroad, as the site can be delivered from a server closer to them.

What data is processed by BootstrapCDN?

BootstrapCDN works by delivering so-called JavaScript libraries to your browser. When your browser downloads a file from BootstrapCDN, your IP address is transmitted during the connection to the BootstrapCDN server. This means that personal data can also be sent and stored. BootstrapCDN can therefore collect and store user data such as IP address, browser type, browser version, which website is loaded, and the time and date of the page visit. This is explained in the BootstrapCDN privacy policy. jsdelivr.com It is explicitly stated that the company does not use cookies or other tracking services.

How long and where will the data be stored?

BootstrapCDN has servers distributed across various countries, and your data may also be stored outside the European Economic Area. BootstrapCDN retains personal data processed on our behalf for as long as necessary to provide the services offered, to fulfill legal obligations, to resolve disputes, and to enforce agreements.

Right to object

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the BootstrapCDN team at any time.

If you want to prevent this data transfer, you can use a JavaScript blocker (see, for example, https://noscript.net/You can install JavaScript or disable it in your browser. Please note, however, that this may prevent the website from providing its usual level of service (such as fast loading speed).

Legal basis

If you have consented to the use of BootstrapCDN, the legal basis for the corresponding data processing is this consent. According to [source/regulation], this consent constitutes [legal basis/regulation]. Article 6 paragraph 1 letter a GDPR (consent) This represents the legal basis for the processing of personal data, as may occur during collection by BootstrapCDN.

We also have a legitimate interest in using BootstrapCDN to optimize and secure our online service. The corresponding legal basis for this is... Article 6 paragraph 1 letter f GDPR (Legitimate interests). However, we only use BootstrapCDN if you have given your consent.

Please note that, according to the European Court of Justice, there is currently no adequate level of data protection for data transfers to the USA. Data processing is primarily carried out by BootstrapCDN. This may result in data being processed and stored in a non-anonymized manner. Furthermore, US government authorities may potentially access individual data points. It is also possible that this data may be linked to data from other BootstrapCDN services where you have a user account.

More information about data protection at BootstrapCDN can be found on https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.

Smush CDN Privacy Policy

We use the Smush CDN content delivery network for our website. The service provider is the American company Incsub, LLC, PO BOX 548 #88100, Birmingham, AL 35201, USA.

Please note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. Data processing is primarily carried out by Incsub. This may result in data being processed and stored in a non-anonymized manner. Furthermore, US government authorities may potentially access individual data points. It is also possible that this data may be linked to data from other Incsub services where you have a user account.

You can find out more about the data processed through the use of Smush CDN in the privacy policy at [link to privacy policy]. https://incsub.com/privacy-policy/.

Cookie Consent Management Platform Introduction

What is a Cookie Consent Management Platform?

We use a Consent Management Platform (CMP) software on our website to facilitate the correct and secure handling of scripts and cookies for both you and us. The software automatically generates a cookie popup, scans and controls all scripts and cookies, provides you with the legally required cookie consent, and helps us and you maintain an overview of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide which scripts and cookies you allow or block. The following graphic illustrates the relationship between browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the greatest possible transparency regarding data protection. We are also legally obligated to do so. We want to inform you as thoroughly as possible about all tools and cookies that can store and process your data. It is also your right to decide which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we are aware of all cookies and can provide you with GDPR-compliant information about them. You can then accept or reject cookies via the consent system.

What data is processed?

Our cookie management tool allows you to manage each individual cookie yourself and gives you complete control over the storage and processing of your data. Your consent is stored so that we don't have to ask you every time you visit our website and so that we can prove your consent if legally required. This is stored either in an opt-in cookie or on a server. The storage period for your cookie consent varies depending on the provider of the cookie management tool. This data (such as pseudonymous user ID, time of consent, details about the cookie categories or tools, browser, and device information) is usually stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information. Generally, we process personal data only as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others can remain stored in your browser for several years. The exact duration of data processing depends on the tool used; you should usually expect a storage period of several years. You can generally find detailed information about the duration of data processing in the respective privacy policies of the individual providers.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Information on specific cookie management tools can be found – if available – in the following sections.

Legal basis

If you consent to cookies, your personal data will be processed and stored via these cookies. consent (Article 6 paragraph 1 letter a GDPR) If you consent to the use of cookies, this consent also forms the legal basis for the use of cookies and the processing of your data. To manage cookie consent and enable you to grant it, we use cookie consent management platform software. This software allows us to operate the website efficiently and in compliance with the law, which is a legitimate interest (Article 6 paragraph 1 letter f GDPR).

BorlabsCookie Privacy Policy

We use BorlabsCookie on our website, which, among other things, is a tool for storing your cookie consent. The service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany. You can find out more about the data processed through the use of BorlabsCookie in the Privacy Policy on [website address]. https://de.borlabs.io/datenschutz/.

Security & Anti-Spam

What is security and anti-spam software?

With so-called security and anti-spam software, you and we can protect ourselves from various spam and phishing emails, as well as other potential cyberattacks. Spam refers to unsolicited advertising emails sent in bulk. These emails are also known as junk mail and can even incur costs. Phishing emails, on the other hand, are messages designed to gain your trust through fake messages or websites in order to obtain personal data. Anti-spam software typically protects against unwanted spam messages or malicious emails that could, for example, introduce viruses into your system. We also use general firewall and security systems that protect our computers from unwanted network attacks.

Why do we use security and anti-spam software?

We place particular emphasis on security on our website. After all, it's not just about our security, but above all, yours. Unfortunately, cyber threats are now commonplace in the world of IT and the internet. Hackers often attempt to steal personal data from IT systems using cyberattacks. Therefore, a robust defense system is absolutely essential. A security system monitors all incoming and outgoing connections to our network and computers. To achieve even greater protection against cyberattacks, we utilize additional external security services alongside the standard security systems on our computers. This effectively prevents unauthorized data traffic and protects us against cybercrime.

What data is processed by security and anti-spam software?

Exactly which data is collected and stored depends, of course, on the specific service. However, we always strive to use only programs that collect very little data or only store data necessary for fulfilling the offered service. Generally, the service may store data such as name, address, IP address, email address, and technical data like browser type and version. Performance and log data may also be collected to detect potential incoming threats in a timely manner. This data is processed within the scope of the services and in compliance with applicable laws. For US providers, this includes the GDPR (via standard contractual clauses). In some cases, these security services also collaborate with third-party providers who may store and/or process data under our instructions and in accordance with data protection guidelines and other security measures. Data storage is usually done via cookies.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information. For example, security programs store data until you or we revoke the data storage consent. Generally, personal data is only stored for as long as is absolutely necessary for the provision of the services. Unfortunately, in many cases, we lack precise information from the providers regarding the storage period.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party security software at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since such security services may also use cookies, we recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis

We primarily use security services based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in a good security system against various cyberattacks.

Certain data processing activities, in particular the use of cookies and security features, require your consent. If you have consented to the processing and storage of your data by integrated security services, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the services we use place cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Information on specific tools – if available – can be found in the following sections.

Wordfence Privacy Policy

We use Wordfence, a WordPress security plugin, for our website. The service provider is the American company Defiant, Inc., 1700 Westlake Ave N Ste 200, Seattle, WA 98109, USA.

Wordfence processes your data, among other places, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Wordfence uses so-called Standard Contractual Clauses (SCCs) as the basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or for data transfers to such countries. Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). These clauses obligate Wordfence to maintain the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The data processing terms (Data Protection Regulation), which correspond to the standard contractual clauses, can be found at https://www.wordfence.com/help/general-data-protection-regulation/.

You can find out more about the data processed through the use of Wordfence in the privacy policy at [link to privacy policy]. https://www.wordfence.com/privacy-policy/.

Video Conferencing & Streaming Introduction

What are video conferences and streaming?

We use software programs that allow us to hold video conferences, online meetings, webinars, screen sharing, and/or streaming sessions. During a video conference or stream, information is transmitted simultaneously via audio and video. With the help of such video conferencing or streaming tools, we can communicate quickly and easily with customers, business partners, clients, and employees over the internet. Naturally, we ensure compliance with all applicable legal regulations when selecting our service provider.

In principle, third-party providers can process data as soon as you interact with the software program. Third-party video conferencing and streaming solution providers use your data and metadata for various purposes. For example, the data helps to make the tool more secure and improve the service. In most cases, the data may also be used for the third-party provider's own marketing purposes.

Why do we use video conferencing and streaming on our website?

We want to communicate with you, our customers and business partners, quickly, easily, and securely, including digitally. This works best with user-friendly video conferencing solutions. Most tools work directly through your browser, and you'll be in the middle of a video meeting in just a few clicks. These tools also offer helpful additional features such as chat and screen sharing, or the ability to share content between meeting participants.

What data is processed?

When you participate in our video conference or streaming event, your data will also be processed and stored on the servers of the respective service provider.

Exactly what data is stored depends on the solution used. Each provider stores and processes different and varying amounts of data. However, most providers typically store your name, address, contact details such as your email address or phone number, and your IP address. Information about your device, usage data such as which websites you visit, when you visit a website, or which buttons you click may also be stored. Data shared within the video conference (photos, videos, text) may also be stored.

Duration of data processing

We will inform you about the duration of data processing below in connection with the service used, provided we have further information on this. Generally, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. The provider may store your data according to their own policies, over which we have no control.

Right to object

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the responsible party for the video conferencing or streaming tool used at any time. Contact details can be found either in our specific privacy policy or on the website of the respective provider.

You can delete, disable, or manage cookies used by providers for their functions in your browser. The process varies depending on the browser you use. Please note, however, that some functions may no longer work as expected.

Legal basis

If you have consented to your data being processed and stored by the video or streaming solution, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). Furthermore, we can also offer video conferencing as part of our services, provided this has been contractually agreed upon with you in advance. (Art. 6 para. 1 lit. b GDPR). In principle, your data will also be processed on the basis of our legitimate interest. (Art. 6 para. 1 lit. f GDPR) Your data is stored and processed to enable fast and effective communication with you or other customers and business partners, but only to the extent that you have given your consent. Most video and streaming solutions also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Information on specific video conferencing and streaming solutions can be found – if available – in the following sections.

Microsoft Teams Privacy Statement

We use Microsoft Teams on our website, a service for online meetings and video conferences. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft processes your data in the USA, among other locations. Microsoft is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at [link to relevant page]. https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Furthermore, Microsoft uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Microsoft commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information about Microsoft's standard contractual clauses can be found at https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

You can find out more about the data processed through the use of Microsoft in the privacy statement at [link to privacy statement]. https://privacy.microsoft.com/de-de/privacystatement.

Explanation of terms used

We always strive to make our privacy policy as clear and understandable as possible. However, this isn't always easy, especially when dealing with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we don't want to use these without explanation. Below you will find an alphabetical list of important terms used that we may not have adequately addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also include the GDPR texts here and, where necessary, add our own explanations.

Data processors

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

„Data processor“ a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the data controller, there may also be so-called data processors. This includes any company or individual who processes personal data on our behalf. Data processors can therefore include, besides service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

consent

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

„"Consent"“ any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: Websites typically obtain such consent via a cookie consent tool. You're probably familiar with this. Whenever you visit a website for the first time, you're usually asked via a banner whether you agree to or consent to data processing. In most cases, you can also adjust your settings and thus decide for yourself which data processing you allow and which you don't. If you don't consent, no personal data may be processed. Of course, consent can also be given in writing, i.e., not via a tool.

Personal data

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

„personal data“ all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore any data that can identify you as an individual. This typically includes data such as:

• name
• address
• E-mail address
• Postal address
• Telephone number
• birth date
• Identification numbers such as social security number, tax identification number, identity card number or matriculation number
• Bank details such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), yours also counts. IP address in relation to personal data. IT experts can use your IP address to determine at least the approximate location of your device and, consequently, you as the internet connection owner. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called... „"special categories"“ personal data, which is also particularly worthy of protection. This includes:

• racial and ethnic origin
• political opinions
• religious or philosophical beliefs
• union membership
• genetic data, such as data obtained from blood or saliva samples
• biometric data (that is, information about psychological, physical, or behavioral characteristics that can identify a person).
  Health data
• Data on sexual orientation or sex life

Profiling

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

„Profiling“ any type of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

Explanation: Profiling involves gathering various pieces of information about a person to learn more about them. In the online world, profiling is frequently used for advertising purposes or credit checks. Web analytics programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile, which can then be used to target advertising to a specific audience.

Responsible

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

„"Person in charge"“ the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for processing your personal data and are therefore the “controller”. If we transfer collected data to other service providers for processing, these are “processors”. A “data processing agreement (DPA)” must be signed for this.

processing

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

„"Processing"“ any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we refer to processing in our privacy policy, we mean any type of data processing. As mentioned above in the original GDPR statement, this includes not only the collection but also the storage and processing of data.

Closing remarks

Congratulations! If you're reading this, you've really made it through our entire privacy policy, or at least scrolled this far. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.
It is important to us to inform you about the processing of your personal data to the best of our knowledge and belief. We want to tell you not only which data is processed, but also explain the reasons for using various software programs. Privacy policies usually sound very technical and legal. Since most of you are not web developers or lawyers, we wanted to take a different approach and explain the matter in simple and clear language. Of course, this isn't always possible due to the complexity of the subject matter. Therefore, the most important terms are explained in more detail at the end of this privacy policy.
If you have any questions regarding data protection on our website, please do not hesitate to contact us or the responsible party. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.