Privacy Policy

Introduction and Overview

We have written this privacy policy (version 2026-02-23-112893550) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as controllers – and the processors commissioned by us (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We inform you comprehensively about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it promotes transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that we only process personal data as part of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides the briefest, unclear, and legal-technical explanations that are often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is a piece of information or two that you did not yet know.
If questions nevertheless remain, we would ask you to contact the responsible body named below or in the legal notice, follow the existing links, and look at further information on third-party sites. You can, of course, also find our contact details in the legal notice.

Scope of Application

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• social media presences and email communication
• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Bases

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your data entered into a contact form.
2. Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase contract with you, we require personal information in advance.
3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data in order to be able to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions such as the performance of tasks in the public interest and the exercise of official authority, as well as the protection of vital interests, do not usually occur with us. Should such a legal basis be relevant, it will be identified at the appropriate point.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), DSG for short.
• In Germany, the Federal Data Protection Act, BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Controller

Should you have any questions about data protection or the processing of personal data, you will find the contact details of the controller in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR) below:
KathaWedding – Katharina Rieplhuber
Katharina Rieplhuber
Widagasse 11
6850 Dornbirn
Austria

Email: info@kathawedding.com
Phone: +43 664 1815283
Legal Notice: https://kathawedding.com/impressum/

Storage Duration

The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

Should you wish for your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights to which you are entitled so that fair and transparent data processing takes place:

• According to Article 15 of the GDPR, you have a right of access as to whether we process data from you. If this is the case, you have the right to receive a copy of the data and to learn the following information:
  • for what purpose we carry out the processing;
  • the categories, i.e., the types of data being processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
  • that you can complain to a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to arrive at a personal profile of you.
• According to Article 16 of the GDPR, you have a right to rectification of the data, which means that we must correct data if you find errors.
• According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the deletion of your data.
• According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but no longer use it.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
• According to Article 21 of the GDPR, you have a right to object, which, once enforced, entails a change in processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
  • If data is used for direct marketing, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  • If data is used for profiling, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Cookies

Cookies Summary 👥 Data subjects: Website visitors 🤝 Purpose: depends on the respective cookie. More details can be found below or from the software manufacturer that sets the cookie. 📓 Processed data: Depends on the respective cookie used. More details can be found below or from the software manufacturer that sets the cookie. 📅 Storage duration: depends on the respective cookie, can vary from hours to years ⚖️ Legal bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, effectively the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you visit our site again, your browser transmits the “user-related” information back to our site. Thanks to the cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site; third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware.” Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152112893550-9
Purpose: Differentiation of website visitors
Expiration date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

One can distinguish between 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues surfing on other pages, and only goes to the checkout later. These cookies ensure that the shopping cart is not deleted, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.

Target-oriented Cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes, or form data are stored.

Advertising Cookies
These cookies are also called targeting cookies. They serve to deliver individually adapted advertising to the user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and do not shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small helpers for many different tasks. What data is stored in cookies cannot unfortunately be generalized, but we will inform you about the processed or stored data within the framework of the following privacy policy.

Storage duration of cookies

The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You also have an influence on the storage duration yourself. You can manually delete all cookies at any time via your browser (see also “Right to object” below). Furthermore, cookies based on consent will be deleted at the latest after revocation of your consent, whereby the lawfulness of the storage until then remains unaffected.

Right to object – how can I delete cookies?

You decide for yourself how and if you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to determine which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, allow and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Clear cookies and site data in Firefox

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search for the instructions in Google with the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.

Legal Basis

Since 2009, there have been so-called “cookie guidelines.” These state that the storage of cookies requires consent (Article 6(1)(a) GDPR) from you. Within the EU countries, however, there are still very different reactions to these guidelines. In Austria, however, this guideline was implemented in Section 165(3) of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, this guideline was largely implemented in Section 15(3) of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.

For strictly necessary cookies, even if no consent is given, legitimate interests (Article 6(1)(f) GDPR) exist, which in most cases are of an economic nature. We want to provide website visitors with a pleasant user experience, and for this, certain cookies are often strictly necessary.

Insofar as cookies that are not strictly necessary are used, this only happens in the case of your consent. The legal basis in this respect is Art. 6(1)(a) GDPR.

In the following sections, you will be informed more precisely about the use of cookies, provided that the software used uses cookies.

Web Hosting Introduction

Web Hosting Summary 👥 Data subjects: Website visitors 🤝 Purpose: professional hosting of the website and securing operation 📓 Processed data: IP address, time of website visit, browser used, and other data. More details can be found below or from the respective web hosting provider used. 📅 Storage duration: depends on the respective provider, but usually 2 weeks ⚖️ Legal bases: Art. 6(1)(f) GDPR (Legitimate interests)

What is web hosting?

When you visit websites today, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all web pages on a domain, i.e., everything from the start page (homepage) to the very last subpage (like this one). By domain, we mean, for example, example.de or sample-example.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We call them browsers or web browsers for short.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and expensive task, which is why this is usually handled by professional providers. These offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay tuned, it gets even better!

When the browser on your computer (desktop, laptop, tablet, or smartphone) establishes a connection and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a while to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and securing operation
2. to maintain operational and IT security
3. Anonymous evaluation of access behavior to improve our offer and, if necessary, for criminal prosecution or the enforcement of claims

What data is processed?

Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

• the complete internet address (URL) of the accessed web page
• browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g., https://www.examplesource.de/fromwhereicame/)
• the host name and the IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
• date and time
• in files, the so-called web server log files

How long is data stored?

As a rule, the data mentioned above is stored for two weeks and then automatically deleted. We do not pass this data on, but we cannot rule out that this data may be inspected by authorities in the event of unlawful behavior.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not pass on your data without consent!

Legal Basis

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6(1)(f) GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary to present the company securely and in a user-friendly manner on the internet and to be able to track attacks and claims resulting therefrom if necessary.

There is usually a contract for data processing between us and the hosting provider in accordance with Art. 28 et seq. GDPR, which ensures compliance with data protection and guarantees data security.

Website Builder Systems Introduction

Website Builder Systems Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of our service performance 📓 Processed data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps as well as contact details, IP address, or your geographical location. More details can be found further down in this privacy policy and in the privacy policy of the providers. 📅 Storage duration: depends on the provider ⚖️ Legal bases: Art. 6(1)(f) GDPR (Legitimate interests), Art. 6(1)(a) GDPR (Consent)

What are website builder systems?

We use a website builder system for our website. Builder systems are special forms of a content management system (CMS). With a builder system, website operators can create a website very easily and without programming knowledge. In many cases, web hosters also offer builder systems. Through the use of a builder system, personal data from you can also be collected, stored, and processed. In this privacy text, we provide you with general information about data processing by builder systems. More detailed information can be found in the provider’s privacy policy.

Why do we use website builder systems for our website?

The biggest advantage of a builder system is its ease of use. We want to offer you a clear, simple, and well-structured website that we can easily operate and maintain ourselves – without external support. A builder system now offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and offer you an informative and pleasant time on our website.

What data is stored by a builder system?

Exactly what data is stored naturally depends on the website builder system used. Each provider processes and collects different data from the website visitor. However, as a rule, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are collected. Furthermore, tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) can also be processed. In addition, personal data can also be recorded and stored. This is usually contact data such as email address, phone number (if you have provided it), IP address, and geographical location data. Exactly what data is stored can be found in the provider’s privacy policy.

How long and where is the data stored?

We will inform you about the duration of the data processing below in connection with the website builder system used, provided we have further information on this. You can find detailed information about this in the provider’s privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data from you according to its own standards, over which we have no influence.

Right to object

You always have the right to access, rectification, and erasure of your personal data. If you have any questions, you can also contact the controller of the website builder system used at any time. Contact details can be found either in our privacy policy or on the website of the corresponding provider.

Cookies that providers use for their functions can be deleted, deactivated, or managed in your browser. Depending on which browser you use, this works in different ways. Please note, however, that then some functions may no longer work as usual.

Legal Basis

We have a legitimate interest in using a website builder system to optimize our online service and to present it efficiently and in a user-friendly manner for you. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate interests). We nevertheless only use the builder system if you have given your consent.

Insofar as the processing of data is not strictly necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis in this respect is Art. 6(1)(a) GDPR.

With this privacy policy, we have brought you closer to the most important general information regarding data processing. If you would like to find out more about this, you will find further information – if available – in the following section or in the provider’s privacy policy.

Elementor Privacy Policy

We use the Elementor builder system for our website. The service provider is the Israeli company Elementor Ltd., Rehov Tuval 40, 5252247 Ramat Gan, Israel.

Your data may be transferred to Israel. Israel is outside the scope of the GDPR. However, on the basis of Art. 45(1) GDPR, the European Commission has decided that Israel offers a level of protection comparable to the standard of the GDPR. You can view the decision here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32011D0061

You can find out more about the data processed through the use of Elementor in the privacy policy at https://elementor.com/about/privacy/.

Web Analytics Introduction

Web Analytics Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Evaluation of visitor information to optimize the web offer. 📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found in the respective web analytics tool used. 📅 Storage duration: depends on the web analytics tool used ⚖️ Legal bases: Art. 6 Para. 1(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)

What is Web Analytics?

We use software on our website to evaluate the behavior of website visitors, known as web analytics or web analysis for short. Data is collected, which the respective analytics tool provider (also called a tracking tool) stores, manages, and processes. With the help of the data, analyses of user behavior on our website are created and made available to us as website operators. In addition, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors. To do this, we show you two different offers for a limited period of time. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why do we perform Web Analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offer on the market for our industry. To achieve this goal, we want to offer the best and most interesting offer on the one hand and ensure that you feel completely comfortable on our website on the other. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our web offer for you and us accordingly. For example, we can recognize how old our visitors are on average, where they come from, when our website is visited most, or which content or products are particularly popular. All this information helps us to optimize the website and thus adapt it best to your needs, interests, and wishes.

What data is processed?

Exactly what data is stored naturally depends on the analysis tools used. However, as a rule, it is stored, for example, which content you view on our website, which buttons or links you click, when you access a page, which browser you use, with which device (PC, tablet, smartphone, etc.) you visit the website, or which computer system you use. If you have agreed that location data may also be collected, this can also be processed by the web analysis tool provider.

In addition, your IP address is also stored. Under the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is generally stored in pseudonymized form (i.e., anonymized and shortened). For the purposes of testing, web analytics and website optimization, no direct data such as your name, age, address or email address is stored. If any of this data is collected, it is stored in pseudonymized form. This means you cannot be identified as an individual.

The following example schematically shows how Google Analytics works as an example of client-based web tracking using JavaScript code.

How long the respective data is stored always depends on the provider. Some cookies store data only for a few minutes or until you leave the website again; other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of data processing further below, provided we have additional information. In general, we process personal data only for as long as is absolutely necessary to provide our services and products. If it is legally required, for example in the case of accounting, this storage period may be exceeded.

Right to object

You also have the right and the option at any time to withdraw your consent to the use of cookies and/or third-party providers. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we obtained via our cookie pop-up. According to Art. 6(1)(a) GDPR (consent) this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thereby improving our offering technically and economically. With the help of web analytics, we can identify website errors, detect attacks, and improve efficiency. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests) . However, we only use the tools if you have given your consent.

Since web analytics tools use cookies, we also recommend reading our general cookie privacy policy. To find out exactly which data about you is stored and processed, you should read the privacy policies of the respective tools.

Information on specific web analytics tools can be found—if available—in the following sections.

Social Media Introduction

Social Media Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Presentation and optimization of our services, contact with visitors, interested parties, etc., advertising 📓 Processed data: Data such as phone numbers, email addresses, contact details, data on user behavior, information about your device and your IP address. More details can be found in the respective social media tool used. 📅 Storage period: depends on the social media platforms used ⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is social media?

In addition to our website, we are also active on various social media platforms. In doing so, user data may be processed so that we can specifically address users who are interested in us via social networks. In addition, elements of a social media platform may be embedded directly into our website. This is the case, for example, if you click a so-called social button on our website and are redirected directly to our social media presence. So-called social media are websites and apps through which registered members can create content, share content openly or within certain groups, and connect with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. With our social media presences, we can bring our products and services closer to interested parties. The social media elements embedded on our website help you switch to our social media content quickly and without complications.

The data stored and processed through your use of a social media channel primarily serves the purpose of conducting web analyses. The aim of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can be used to draw conclusions about your interests and create so-called user profiles. This also enables the platforms to show you tailored ads. Cookies are usually set in your browser for this purpose, storing data about your usage behavior.

As a rule, we assume that we remain responsible under data protection law even when we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. Where this is the case, we will point this out separately and work on the basis of a corresponding agreement. The key content of the agreement is then reproduced further below for the relevant platform.

Please note that when using social media platforms or our embedded elements, your data may also be processed outside the European Union, since many social media channels, such as Facebook or Twitter, are American companies. As a result, you may no longer be able to assert or enforce your rights regarding your personal data as easily.

What data is processed?

Which data is stored and processed in detail depends on the respective social media platform provider. However, it is usually data such as phone numbers, email addresses, data you enter into a contact form, usage data such as which buttons you click, what you like or who you follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. In particular, if you have a profile with the social media channel you visit and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers’ servers. This means that only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly which data is stored and processed by social media providers and how you can object to data processing, you should carefully read the company’s respective privacy policy. If you have questions about data storage and processing or want to assert corresponding rights, we recommend contacting the provider directly.

Duration of data processing

We will inform you about the duration of data processing further below, provided we have additional information. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. Customer data that is matched with its own user data is deleted within two days. In general, we process personal data only for as long as is absolutely necessary to provide our services and products. If it is legally required, for example in the case of accounting, this storage period may be exceeded.

Right to object

You also have the right and the option at any time to withdraw your consent to the use of cookies and/or third-party providers such as embedded social media elements. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling or deleting cookies in your browser.

Since cookies may be used with social media tools, we also recommend our general cookie privacy policy. To find out exactly which data about you is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to data about you being processed and stored via embedded social media elements, this consent is considered the legal basis for data processing (Art. 6(1)(a) GDPR). In principle, if consent is given, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our cookie privacy text carefully and review the privacy policy or cookie guidelines of the respective service provider.

Information on specific social media platforms can be found—if available—in the following sections.

Facebook Privacy Policy

Facebook Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Optimization of our services 📓 Processed data: Data such as customer data, data on user behavior, information about your device and your IP address. More details can be found further below in the privacy policy. 📅 Storage period: until the data is no longer useful for Facebook’s purposes ⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network of Meta Platforms Inc., or for the European region, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can provide you and people who are interested in our products and services with the best possible offering.

If data about you is collected and forwarded via our embedded Facebook elements or via our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible. Facebook alone is responsible for the further processing of this data. Our joint obligations are also set out in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum. It states, among other things, that we must clearly inform you about the use of Facebook tools on our site. We are also responsible for ensuring that the tools are integrated into our website in a data-protection-compliant manner. Facebook, on the other hand, is responsible, for example, for the data security of Facebook products. If you have any questions about data collection and data processing by Facebook, you can contact the company directly. If you address the question to us, we are obliged to forward it to Facebook.

Below we provide an overview of the various Facebook tools, which data is sent to Facebook, and how you can delete this data.

In addition to many other products, Facebook also offers the so-called “Facebook Business Tools”. This is Facebook’s official term. However, since the term is hardly known, we have decided to simply call them Facebook tools. These include, among others:

• Facebook Pixel
• social plug-ins (such as the “Like” or “Share” button)
• Facebook Login
• Account Kit
• APIs (application programming interface)
• SDKs (collection of programming tools)
• platform integrations
• plugins
• codes
• specifications
• documentation
• technologies and services

With these tools, Facebook expands its services and has the ability to obtain information about user activities outside of Facebook.

Why do we use Facebook tools on our website?

We want to show our services and products only to people who are genuinely interested in them. With the help of ads (Facebook Ads), we can reach exactly these people. However, for users to be shown suitable advertising, Facebook needs information about people’s wishes and needs. This provides the company with information about user behavior (and contact data) on our website. As a result, Facebook collects better user data and can show interested people suitable ads for our products and/or services. The tools thus enable tailored advertising campaigns on Facebook.

Facebook refers to data about your behavior on our website as “event data”. This is also used for measurement and analysis services. Facebook can thus create “campaign reports” on the effectiveness of our advertising campaigns on our behalf. In addition, analyses give us better insight into how you use our services, website or products. This allows us to optimize your user experience on our website with some of these tools. For example, you can use social plug-ins to share content from our site directly on Facebook.

What data is stored by Facebook tools?

By using individual Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number and IP address may be transmitted.

Facebook uses this information to match the data with data it already has about you (provided you are a Facebook member). Before customer data is transmitted to Facebook, so-called “hashing” takes place. This means that a data set of any size is transformed into a string of characters. This also serves to encrypt data.

In addition to contact data, “event data” is also transmitted. “Event data” refers to the information we receive about you on our website—for example, which subpages you visit or which products you buy from us. Facebook does not share the information received with third parties (such as advertisers) unless the company has explicit permission or is legally required to do so. “Event data” can also be linked to contact data. This enables Facebook to offer better personalized advertising. After the matching process mentioned above, Facebook deletes the contact data again.

In order to deliver ads in an optimized way, Facebook uses event data only if it has been combined with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development and research purposes. Many of these data are transmitted to Facebook via cookies. Cookies are small text files used to store data and/or information in browsers. Depending on the tools used and whether you are a Facebook member, different numbers of cookies are created in your browser. In the descriptions of the individual Facebook tools, we go into more detail about specific Facebook cookies. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.

How long and where is the data stored?

In principle, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers distributed around the world where its data is stored. However, customer data is deleted within 48 hours after it has been matched with its own user data.

How can I delete my data or prevent data storage?

In accordance with the General Data Protection Regulation, you have the right to access, rectification, portability and deletion of your data.

Complete deletion of the data only takes place if you fully delete your Facebook account. Here’s how to delete your Facebook account:

1) Click Settings on the right-hand side of Facebook.

2) Then click “Your Facebook Information” in the left column.

3) Now click “Deactivation and Deletion”.

4) Now select “Delete Account” and then click “Continue and Delete Account”

5) Now enter your password, click “Continue” and then “Delete Account”

The data that Facebook receives via our site is stored, among other things, via cookies (e.g., for social plug-ins). In your browser, you can disable, delete or manage individual cookies or all cookies. Depending on which browser you use, this works in different ways. In the “Cookies” section you will find the relevant links to the instructions for the most common browsers.

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal basis

If you have consented to data about you being processed and stored via embedded Facebook tools, this consent is considered the legal basis for data processing (Art. 6(1)(a) GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our cookie privacy text carefully and review Facebook’s privacy policy or cookie guidelines.

Facebook processes data about you, among other things, in the USA. Facebook/Meta Platforms is an active participant in the EU–US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Facebook also uses so-called standard contractual clauses (= Art. 46(2) and (3) GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are template clauses provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through the EU–US Data Privacy Framework and the standard contractual clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find Facebook’s data processing terms, which refer to the standard contractual clauses, at https://www.facebook.com/legal/terms/dataprocessing.

We hope we have provided you with the most important information about the use and data processing of Facebook tools. If you would like to learn more about how Facebook uses your data, we recommend reading the data policy at https://www.facebook.com/privacy/policy/.

Facebook Login Privacy Policy

We have integrated the convenient Facebook Login on our site. This allows you to log in with your Facebook account easily, without having to create an additional user account. If you decide to register via Facebook Login, you will be redirected to the Facebook social media network. There, you log in using your Facebook user data. This login process stores data about you and/or your user behavior and transmits it to Facebook.

To store the data, Facebook uses various cookies. Below we show you the most important cookies that are set in your browser or already exist when you log in to our site via Facebook Login:

Name: fr
Value: 0jieyh4c2GnlufEJ9..Bde09j…1.0.Bde09j
Purpose: This cookie is used to ensure that the social plug-in works as well as possible on our website.
Expiry date: after 3 months

Name: datr
Value: 4Jh7XUA2112893550SEmPsSfzCOO4JFFl
Purpose: Facebook sets the “datr” cookie when a web browser accesses facebook.com, and the cookie helps identify login activity and protect users.
Expiry date: after 2 years

Name: _js_datr
Value: deleted
Purpose: Facebook sets this session cookie for tracking purposes, even if you do not have a Facebook account or are logged out.
Expiry date: after the end of the session

Note: The cookies listed are only a small selection of the cookies available to Facebook. Other cookies include _fbp, sb or wd, for example. A complete list is not possible, as Facebook has a large number of cookies and uses them variably.

Facebook Login offers you, on the one hand, a fast and easy registration process; on the other hand, it allows us to share data with Facebook. This enables us to better tailor our offering and promotions to your interests and needs. Data we receive from Facebook in this way includes public data such as

• your Facebook name
• your profile picture
• an email address on file
• friends lists
• button information (e.g., “Like” button)
• date of birth
• language
• place of residence

In return, we provide Facebook with information about your activities on our website. This includes, among other things, information about the device you use, which subpages you visit, or which products you purchased from us.

By using Facebook Login, you consent to data processing. You can revoke this agreement at any time. If you would like more information about data processing by Facebook, we recommend Facebook’s privacy policy at https://www.facebook.com/privacy/policy/.

If you are logged in to Facebook, you can change your ad settings yourself at https://www.facebook.com/adpreferences/advertisers/?entry_product=ad_settings_screen.

Instagram Privacy Policy

Instagram Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Optimization of our services 📓 Processed data: Data such as user behavior data, information about your device and your IP address. More details can be found further below in the privacy policy. 📅 Storage period: until Instagram no longer needs the data for its purposes ⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is Instagram?

We have integrated functions from Instagram on our website. Instagram is a social media platform of Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is part of Facebook’s products. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you access pages of our website that have an Instagram function integrated, data is transmitted to Instagram, stored and processed. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.

Below, we would like to give you a more detailed insight into why Instagram collects data, what data is involved, and how you can largely control data processing. Since Instagram belongs to Meta Platforms Inc., we obtain our information partly from Instagram’s guidelines and partly from Meta’s privacy policies.

Instagram is one of the best-known social media networks worldwide. Instagram combines the benefits of a blog with the benefits of audiovisual platforms such as YouTube or Vimeo. You can upload photos and short videos to “Insta” (as many users casually call the platform), edit them with various filters, and share them on other social networks. And if you don’t want to be active yourself, you can simply follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really taken off in recent years. And of course, we have responded to this boom as well. We want you to feel as comfortable as possible on our website. That’s why presenting our content in a varied way is a given for us. With the embedded Instagram functions, we can enrich our content with helpful, fun or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the collected data can also be useful for personalized advertising on Facebook. This way, our ads are shown only to people who are genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive aggregated statistics and thus gain more insight into your wishes and interests. It is important to mention that these reports do not personally identify you.

What data is stored by Instagram?

When you come across one of our pages that has Instagram functions (such as Instagram images or plug-ins) built in, your browser automatically connects to Instagram’s servers. Data is sent to Instagram, stored and processed—regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, ads you see, and how you use our offering. In addition, the date and time of your interaction with Instagram are stored. If you have an Instagram account and/or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume this is also the case for Instagram. Customer data includes, for example, name, address, phone number and IP address. This customer data is only transmitted to Instagram after it has been “hashed”. Hashing means converting a data set into a string of characters, which encrypts the contact data. In addition, the “event data” mentioned above is also transmitted. “Event data” refers to Facebook—and therefore Instagram—data about your user behavior. It can also happen that contact data is combined with event data. The collected contact data is matched with the data Instagram already has about you.

The collected data is transmitted to Facebook via small text files (cookies), which are usually set in your browser. Depending on the Instagram functions used and whether you have an Instagram account, different amounts of data are stored.

We assume that data processing works the same way on Instagram as it does on Facebook. This means: if you have an Instagram account or have visited www.instagram.com, Instagram has set at least one cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram function. At the latest after 90 days (after matching), this data is deleted or anonymized again. Although we have studied Instagram’s data processing in depth, we cannot say exactly which data Instagram collects and stores.

Below we show you cookies that are set in your browser at a minimum when you click on an Instagram function (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies will of course be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent forged requests. However, we were not able to find out more precisely.
Expiry date: after one year

Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimize its own services and offerings on and outside of Instagram. The cookie sets a unique user ID.
Expiry date: after the end of the session

Name: fbsr_112893550124024
Value: no information
Purpose: This cookie stores the login request for users of the Instagram app.
Expiry date: after the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date: after the end of the session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe112893550”
Purpose: This cookie serves Instagram’s marketing purposes.
Expiry date: after the end of the session

Note: We cannot claim completeness here. Which cookies are set in an individual case depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information received between the Facebook companies, with external partners, and with people you connect with worldwide. Data processing is carried out in compliance with its own data policy. Your data is distributed across Facebook servers around the world, among other things for security reasons. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to access, portability, rectification and deletion of your data. You can manage your data in the Instagram settings. If you want to delete your data on Instagram completely, you must permanently delete your Instagram account.

Here’s how to delete your Instagram account:

First open the Instagram app. On your profile page, scroll down and click “Help Center”. You will then be taken to the company’s website. On the website, click “Managing Your Account” and then “Delete Your Account”.

If you delete your account completely, Instagram deletes posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and is therefore not deleted.

As mentioned above, Instagram primarily stores your data via cookies. You can manage, disable or delete these cookies in your browser. Depending on your browser, management works a little differently. In the “Cookies” section you will find the relevant links to the instructions for the most common browsers.

You can also set up your browser so that you are always informed when a cookie is about to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. Nevertheless, we only use integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Instagram also processes your data in the USA, among other places. Instagram or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Instagram uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Instagram undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We have tried to provide you with the most important information about data processing by Instagram. At https://privacycenter.instagram.com/policy/, you can take a closer look at Instagram’s data policies.

Pinterest Privacy Policy

Pinterest Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of our service performance 📓 Processed data: Data such as user behavior data, information about your device, your IP address, and search terms. More details can be found further down in the privacy policy. 📅 Storage period: until Pinterest no longer needs the data for its purposes ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is Pinterest?

We use buttons and widgets from the social media network Pinterest, owned by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA, on our site. For the European region, the Irish company Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data protection-relevant aspects.

Pinterest is a social network specializing in graphic representations and photographs. The name is composed of the two words “pin” and “interest”. Users can exchange ideas about various hobbies and interests via Pinterest and view the respective profiles with images openly or in defined groups.

Why do we use Pinterest?

Pinterest has been around for several years now and this social media platform is still one of the most visited and valued platforms. Pinterest is particularly suitable for our industry because the platform is primarily known for beautiful and interesting images. That is why we are also represented on Pinterest and want to showcase our content appropriately outside of our website. The data collected can also be used for advertising purposes so that we can show advertising messages precisely to those people who are interested in our services or products.

What data is processed by Pinterest?

So-called log data can be stored. This includes information about your browser, IP address, the address of our website and the activities carried out on it (for example, when you click the Save or Pin button), search history, date and time of the request, and cookie and device data. When you interact with an embedded Pinterest feature, cookies that store various data can also be set in your browser. Usually, the log data mentioned above, preset language settings, and clickstream data are stored in cookies. Pinterest understands clickstream data as information about your website behavior.

If you have a Pinterest account yourself and are logged in, the data collected via our site can be added to your account and used for advertising purposes. When you interact with our integrated Pinterest features, you will usually be redirected to the Pinterest site. Here you can see an exemplary selection of cookies that are then set in your browser.

Name: _auth
Value: 0
Purpose: The cookie is used for authentication. For example, a value such as your “username” can be stored in it.
Expiry date: after one year

Name: _pinterest_referrer
Value: 1
Purpose: The cookie stores that you reached Pinterest via our website. The URL of our website is therefore stored.
Expiry date: after the end of the session

Name: _pinterest_sess
Value: …9HRHZvVE0rQlUxdG89
Purpose: The cookie is used to log in to Pinterest and contains user IDs, authentication tokens, and timestamps.
Expiry date: after one year

Name: _routing_id
Value: “8d850ddd-4fb8-499c-961c-77efae9d4065112893550-8”
Purpose: The cookie contains an assigned value used to identify a specific routing destination.
Expiry date: after one day

Name: cm_sub
Value: denied
Purpose: This cookie stores a user ID and the timestamp.
Expiry date: after one year

Name: csrftoken
Value: 9e49145c82a93d34fd933b0fd8446165112893550-1
Purpose: This cookie is most likely set for security reasons to prevent request forgery. However, we were not able to find out more details about this.
Expiry date: after one year

Name: sessionFunnelEventLogged
Value: 1
Purpose: We have not yet been able to find out any more detailed information about this cookie.
Expiry date: after one day

How long and where is the data stored?

Pinterest generally stores the collected data until it is no longer needed for the company’s purposes. As soon as data retention is no longer necessary, for example to comply with legal regulations, the data is either deleted or anonymized so that you can no longer be identified as a person. The data can also be stored on American servers.

Right to object

You also have the right and the possibility to withdraw your consent to the use of cookies or third-party providers such as Pinterest at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Since cookies can be used with embedded Pinterest elements, we also recommend our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. Nevertheless, we only use the tool if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Pinterest also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks for the lawfulness and security of data processing.

Pinterest uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., especially in the USA) or for data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Pinterest undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

More information about the Standard Contractual Clauses at Pinterest can be found at https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.

We have tried to provide you with the most important information about data processing by Pinterest. At https://policy.pinterest.com/de/privacy-policy, you can take a closer look at Pinterest’s data policies.

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary 👥 Data subjects: Website visitors 🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of certain tools 📓 Processed data: Data for managing the set cookie settings such as IP address, time of consent, type of consent, individual consents. More details can be found in the respective tool used. 📅 Storage period: Depends on the tool used; you should expect periods of several years ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is a Cookie Consent Management Platform?

We use Consent Management Platform (CMP) software on our website, which makes it easier for us and you to handle the scripts and cookies used correctly and securely. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides a legally required cookie consent for you, and helps us and you keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorized. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or do not allow. The following graphic shows the relationship between the browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the area of data protection. In addition, we are also legally obliged to do so. We want to inform you as well as possible about all tools and all cookies that can store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with information in accordance with the GDPR. You can then accept or reject cookies via the consent system.

What data is processed?

Within the framework of our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to ask you every time you visit our website and so that we can also prove your consent if legally necessary. This is stored either in an opt-in cookie or on a server. The storage period of your cookie consent varies depending on the provider of the cookie management tool. Usually, this data (such as pseudonymous user ID, time of consent, detailed information on the cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing further down, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, others can be stored in your browser for several years. The exact duration of data processing depends on the tool used; usually, you should expect a storage period of several years. In the respective privacy policies of the individual providers, you will usually receive precise information about the duration of data processing.

Right to object

You also have the right and the possibility to withdraw your consent to the use of cookies at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Information on specific cookie management tools can be found – if available – in the following sections.

Legal basis

If you agree to cookies, personal data will be processed and stored via these cookies. If we are allowed to use cookies through your consent (Article 6 para. 1 lit. a GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. In order to be able to manage the consent to cookies and to enable you to give your consent, a cookie consent management platform software is used. The use of this software enables us to operate the website in a legally compliant and efficient manner, which represents a legitimate interest (Article 6 para. 1 lit. f GDPR).

BorlabsCookie Privacy Policy

We use BorlabsCookie on our website, which is, among other things, a tool for storing your cookie consent. The service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany.

You can find out more about the data processed through the use of BorlabsCookie in the Privacy Policy at https://de.borlabs.io/datenschutz/.

Audio & Video Introduction

Audio & Video Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of our service performance 📓 Processed data: Data such as contact details, user behavior data, information about your device, and your IP address can be stored. More details can be found further down in the corresponding privacy texts. 📅 Storage period: Data generally remains stored as long as it is necessary for the service purpose ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What are audio and video elements?

We have integrated audio and video elements on our website so that you can watch videos or listen to music/podcasts directly via our website. The content is provided by service providers. All content is therefore also obtained from the corresponding servers of the providers.

These are integrated functional elements from platforms such as YouTube, Vimeo, or Spotify. Use of these portals is usually free of charge, but paid content can also be published. With the help of these integrated elements, you can listen to or watch the respective content via our website.

When you use audio or video elements on our website, personal data can also be transmitted to the service providers, processed, and stored.

Why do we use audio & video elements on our website?

Of course, we want to provide you with the best offer on our website. And we are aware that content is no longer just conveyed in text and static images. Instead of just giving you a link to a video, we offer audio and video formats directly on our website that are entertaining or informative and, ideally, even both. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video and/or audio content.

What data is stored by audio & video elements?

When you visit a page on our website that has an embedded video, for example, your server connects to the service provider’s server. In the process, your data is also transferred to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your end device. Furthermore, most providers also obtain information about your web activity. This includes, for example, session duration, bounce rate, which button you clicked, or which website you use the service through. All of this information is usually stored via cookies or pixel tags (also known as web beacons). Pseudonymized data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.

Duration of data processing

You can find out exactly how long the data is stored on the servers of the third-party providers either further down in the privacy text of the respective tool or in the provider’s privacy policy. In principle, personal data is only processed for as long as is absolutely necessary for the provision of our services or products. This usually also applies to third-party providers. Usually, you can assume that certain data will be stored on the third-party providers’ servers for several years. Data can be stored for different lengths of time, especially in cookies. Some cookies are deleted as soon as you leave the website, others can be stored in your browser for several years.

Right to object

You also have the right and the possibility to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. The lawfulness of the processing until withdrawal remains unaffected.

Since cookies are usually also used by the integrated audio and video functions on our site, you should also read our general privacy policy on cookies. In the privacy policies of the respective third-party providers, you can find out more about the handling and storage of your data.

Legal basis

If you have consented to your data being processed and stored by integrated audio and video elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. Nevertheless, we only use the integrated audio and video elements if you have given your consent.

Vimeo Privacy Policy

Vimeo Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of our service performance 📓 Processed data: Data such as contact details, user behavior data, information about your device, and your IP address can be stored. More details can be found further down in this privacy policy. 📅 Storage period: Data generally remains stored as long as it is necessary for the service purpose ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is Vimeo?

We also use videos from the company Vimeo on our website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plugin, we can display interesting video material directly on our website. In the process, certain data from you can be transmitted to Vimeo. In this privacy policy, we show you what data is involved, why we use Vimeo, and how you can manage or prevent your data or the data transfer.

Vimeo is a video platform that was founded in 2004 and has allowed the streaming of videos in HD quality since 2007. Since 2015, it has also been possible to stream in 4k Ultra HD. Use of the portal is free of charge, but paid content can also be published. Compared to the market leader YouTube, Vimeo primarily values high-quality content. Thus, the portal offers many artistic contents such as music videos and short films on the one hand, but also interesting documentaries on a wide variety of topics on the other.

Why do we use Vimeo on our website?

The goal of our web presence is to provide you with the best possible content. And to make it as easily accessible as possible. Only when we have achieved this are we satisfied with our service. The video service Vimeo helps us achieve this goal. Vimeo offers us the possibility to present high-quality content directly on our website. Instead of just giving you a link to an interesting video, you can watch the video right here with us. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video content.

What data is stored on Vimeo?

When you visit a page on our website that has a Vimeo video embedded, your browser connects to Vimeo’s servers. This results in a data transfer. This data is collected, stored, and processed on the Vimeo servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, your operating system, or very basic device information. Furthermore, Vimeo stores information about which website you use the Vimeo service through and what actions (web activities) you perform on our website. These web activities include, for example, session duration, bounce rate, or which button you clicked on our website with the built-in Vimeo function. Vimeo can track and store these actions with the help of cookies and similar technologies.

If you are logged in as a registered member of Vimeo, more data can usually be collected, as more cookies may have already been set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while “surfing” our website.

Below we show you cookies that are set by Vimeo when you are on a website with an integrated Vimeo function. This list does not claim to be exhaustive and assumes that you do not have a Vimeo account.

Name: player
Value: “”
Purpose: This cookie stores your settings before you play an embedded Vimeo video. This way, the next time you watch a Vimeo video, you will get your preferred settings again.
Expiry date: after one year

Name: vuid
Value: pl1046149876.614422590112893550-4
Purpose: This cookie collects information about your actions on websites that have an embedded Vimeo video.
Expiry date: after 2 years

Note: These two cookies are always set as soon as you are on a website with an embedded Vimeo video. If you watch the video and click the button to “share” or “like” the video, for example, further cookies are set. These are also third-party cookies such as _ga or _gat_UA-76641-8 from Google Analytics or _fbp from Facebook. Which cookies are set here exactly depends on your interaction with the video.

The following list shows a selection of possible cookies that are set when you interact with the Vimeo video:

Name: _abexps
Value: %5B%5D
Purpose: This Vimeo cookie helps Vimeo remember the settings you have made. This can be, for example, a preset language, a region, or a username. In general, the cookie stores data about how you use Vimeo.
Expiry date: after one year

Name: continuous_play_v3
Value: 1
Purpose: This cookie is a first-party cookie from Vimeo. The cookie collects information on how you use the Vimeo service. For example, the cookie stores when you pause or play a video.
Expiry date: after one year

Name: _ga
Value: GA1.2.1522249635.1578401280112893550-7
Purpose: This cookie is a third-party cookie from Google. By default, analytics.js uses the _ga cookie to store the user ID. Basically, it serves to distinguish website visitors.
Expiry date: after 2 years

Name: _gcl_au
Value: 1.1.770887836.1578401279112893550-3
Purpose: This third-party cookie from Google AdSense is used to improve the efficiency of advertisements on websites.
Expiry date: after 3 months

Name: _fbp
Value: fb.1.1578401280585.310434968
Purpose: This is a Facebook cookie. This cookie is used to display advertisements or advertising products from Facebook or other advertisers.
Expiry date: after 3 months

Vimeo uses this data, among other things, to improve its own service, to communicate with you, and to set its own targeted advertising measures. Vimeo emphasizes on its website that for embedded videos, only first-party cookies (i.e., cookies from Vimeo itself) are used as long as you do not interact with the video.

How long and where is the data stored?

Vimeo is headquartered in White Plains, New York (USA). However, the services are offered worldwide. In doing so, the company uses computer systems, databases, and servers in the USA and also in other countries. Your data can therefore also be stored and processed on servers in America. The data remains stored at Vimeo until the company no longer has an economic reason for storing it. Then the data is deleted or anonymized.

How can I delete my data or prevent data storage?

You always have the possibility to manage cookies in your browser according to your wishes. For example, if you do not want Vimeo to set cookies and thus collect information about you, you can delete or deactivate cookies in your browser settings at any time. This works a little differently depending on the browser. Please note that after deactivating/deleting cookies, various functions may no longer be available to the full extent. Under the “Cookies” section, you will find the corresponding links to the respective instructions for the most popular browsers.

If you are a registered Vimeo member, you can also manage the cookies used in the settings at Vimeo.

Legal basis

If you have consented to your data being processed and stored by integrated Vimeo elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. Nevertheless, we only use the integrated Vimeo elements if you have given your consent. Vimeo also sets cookies in your browser to store data. We therefore recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Vimeo also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks for the lawfulness and security of data processing.

Vimeo uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., especially in the USA) or for data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Vimeo undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information about the Standard Contractual Clauses at Vimeo can be found at https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights.

You can find out more about the use of cookies at Vimeo at https://vimeo.com/cookie_policy; information on data protection at Vimeo can be read at https://vimeo.com/privacy.

YouTube Privacy Policy

YouTube Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of our service performance 📓 Processed data: Data such as contact details, user behavior data, information about your device, and your IP address can be stored. More details can be found further down in this privacy policy. 📅 Storage period: Data generally remains stored as long as it is necessary for the service purpose ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is YouTube?

We have integrated YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you access a page on our website that has an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. In the process, various data are transmitted (depending on your settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European area.

In the following, we want to explain in more detail which data is processed, why we have integrated YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the last few years, YouTube has become one of the most important social media channels worldwide. To enable us to display videos on our website, YouTube provides a code snippet that we have integrated into our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, interesting videos are a must. With the help of our embedded videos, we provide you with additional helpful content alongside our texts and images. Furthermore, our website is more easily found on the Google search engine thanks to the embedded videos. Even when we run advertisements via Google Ads, Google can—thanks to the collected data—show these ads only to people who are truly interested in our offers.

What data is stored by YouTube?

As soon as you visit one of our pages that has a YouTube video integrated, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution, or your internet provider. Further data can include contact details, any ratings, sharing content via social media, or adding videos to your favorites on YouTube.

If you are not logged into a Google or YouTube account, Google stores data with a unique identifier linked to your device, browser, or app. This ensures, for example, that your preferred language setting is maintained. However, many interaction data points cannot be stored because fewer cookies are set.

In the following list, we show cookies that were set in a browser test. We show cookies set without a logged-in YouTube account on one hand, and cookies set with a logged-in account on the other. The list does not claim to be exhaustive, as user data always depends on the interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y112893550-1
Purpose: This cookie registers a unique ID to store statistics of the video watched.
Expiry: after the end of the session

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics via PREF on how you use YouTube videos on our website.
Expiry: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track GPS location.
Expiry: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts to estimate the user’s bandwidth on our websites (with integrated YouTube video).
Expiry: after 8 months

Other cookies that are set when you are logged into your YouTube account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7112893550-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalized advertisements.
Expiry: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user’s consent to use various Google services. CONSENT also serves security purposes to verify users and protect user data from unauthorized attacks.
Expiry: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps in displaying personalized advertising.
Expiry: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: This cookie stores information about your login data.
Expiry: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile of your interests.
Expiry: after 2 years

Name: SID
Value: oQfNKjAsI112893550-
Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.
Expiry: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information on how you use the website and which advertisements you may have seen before visiting our site.
Expiry: after 3 months

How long and where is the data stored?

The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. At https://datacenters.google/ you can see exactly where the Google data centers are located. Your data is distributed across the servers. This allows the data to be retrieved faster and better protected against manipulation.

Google stores the collected data for different lengths of time. Some data you can delete at any time, others are automatically deleted after a limited period, and still others are stored by Google for a longer period. Some data (such as items from “My Activity”, photos or documents, products) stored in your Google account remain stored until you delete them. Even if you are not logged into a Google account, you can delete some data associated with your device, browser, or app.

How can I delete my data or prevent data storage?

In principle, you can manually delete data in your Google account. With the automatic deletion function for location and activity data introduced in 2019, information is stored for either 3 or 18 months depending on your decision and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser to delete or deactivate cookies from Google. Depending on which browser you use, this works in different ways. In the “Cookies” section, you will find the corresponding links to the respective instructions for the most popular browsers.

If you generally do not want any cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal Basis

If you have consented to your data being processed and stored by integrated YouTube elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. Nevertheless, we only use the integrated YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. We therefore recommend that you read our privacy text about cookies carefully and look at the privacy policy or cookie guidelines of the respective service provider.

YouTube also processes your data in the USA, among other places. YouTube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend the privacy policy at https://policies.google.com/privacy?hl=en.

YouTube Subscribe Button Privacy Policy

We have integrated the YouTube Subscribe button on our website. You can usually recognize the button by the classic YouTube logo. The logo shows the words “Subscribe” or “YouTube” in white font on a red background, and to the left of it, the white “play symbol”. However, the button can also be displayed in a different design.

Our YouTube channel regularly offers you funny, interesting, or exciting videos. With the integrated “Subscribe button”, you can subscribe to our channel directly from our website without having to visit the YouTube website specifically. We want to make access to our comprehensive content as easy as possible for you. Please note that YouTube can store and process your data as a result.

If you see an integrated subscribe button on our page, YouTube—according to Google—sets at least one cookie. This cookie stores your IP address and our URL. YouTube can also learn information about your browser, your approximate location, and your default language. In our test, the following four cookies were set without being logged into YouTube:

Name: YSC
Value: b9-CV6ojI5112893550Y
Purpose: This cookie registers a unique ID to store statistics of the video watched.
Expiry: after the end of the session

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics via PREF on how you use YouTube videos on our website.
Expiry: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track GPS location.
Expiry: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 11289355095Chz8bagyU
Purpose: This cookie attempts to estimate the user’s bandwidth on our websites (with integrated YouTube video).
Expiry: after 8 months

Note: These cookies were set after a test and do not claim to be exhaustive.

If you are logged into your YouTube account, YouTube can store many of your actions/interactions on our website using cookies and assign them to your YouTube account. As a result, YouTube receives information such as how long you browse our site, what browser type you use, what screen resolution you prefer, or what actions you perform.

YouTube uses this data on the one hand to improve its own services and offers, and on the other hand to provide analyses and statistics for advertisers (who use Google Ads).

YouTube IFrame Player Privacy Policy

We also use the YouTube IFrame Player to embed videos on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data in the USA, among other places. YouTube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

You can learn more about the data processed through the use of the YouTube IFrame Player in the Privacy Policy at https://policies.google.com/privacy?hl=en.

YouTube Video Widget Privacy Policy

We also use the YouTube video widget on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data in the USA, among other places. YouTube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

You can learn more about the data processed through the use of the YouTube video widget in the Privacy Policy at https://policies.google.com/privacy?hl=en.

Explanation of Terms Used

We always strive to write our privacy policy as clearly and understandably as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). But we do not want to use these without explanation. Below you will find an alphabetical list of important terms used that we may not have addressed sufficiently in the previous privacy policy. If these terms were taken from the GDPR and are definitions, we will also list the GDPR texts here and, if necessary, add our own explanations.

Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the controllers, there can also be so-called processors. This includes every company or person who processes personal data on our behalf. Consequently, processors can be, in addition to service providers such as tax consultants, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: On websites, such consent usually takes place via a cookie consent tool. You probably know this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree or consent to the data processing. Usually, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data may be processed from you. In principle, consent can of course also be given in writing, i.e., not via a tool.

Personal Data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data are therefore all those data that can identify you as a person. These are usually data such as:

• Name
• Address
• Email address
• Postal address
• Telephone number
• Date of birth
• Identification numbers such as social security number, tax identification number, ID card number or student ID number
• Bank data such as account number, credit information, account balances and much more.

According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, you as the subscriber. Therefore, storing an IP address also requires a legal basis in the sense of the GDPR. There are also so-called “special categories” of personal data that are also particularly worthy of protection. These include:

• racial and ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• genetic data such as data taken from blood or saliva samples
• biometric data (this is information on psychological, physical or behavioral characteristics that can identify a person).
  Health data
• Data on sexual orientation or sex life

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Explanation: In profiling, various pieces of information about a person are gathered to learn more about that person. In the web sector, profiling is often used for advertising purposes or also for credit checks. Web or advertising analysis programs, for example, collect data about your behavior and your interests on a website. This results in a special user profile, with the help of which advertising can be targeted to a specific audience.

 

Controller

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and consequently the “controller”. If we pass on collected data to other service providers for processing, these are “processors”. For this, a “Data Processing Agreement (DPA)” must be signed.

 

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we speak of processing in our privacy policy, we mean any type of data processing. This includes, as mentioned above in the original GDPR explanation, not only the collection but also the storage and processing of data.

All texts are protected by copyright.