Privacy Policy - UNBROKEN

EN | DE

Table of Content

Introduction and Overview

We have drafted this privacy policy (version 26.03.2023-112452278) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short: data) we as the data controllers – and the processors we commission (e.g., service providers) – process, will process in the future, and the lawful options available to you. The terms used are to be understood as gender-neutral. In short: We provide comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal terminology. This privacy policy aims to describe the most important things to you as simply and transparently as possible. Where beneficial for transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data within the scope of our business activities if there is a corresponding legal basis. This is certainly not possible if one gives brief, unclear, and legally-technical explanations, as is often standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative and that there may be one or two pieces of information that you did not know before.

If you still have questions, we kindly ask you to contact the responsible party mentioned below or in the imprint, follow the provided links, and look at further information on third-party sites. You can also find our contact details in the imprint.

Scope of Application

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

All online presences (websites, online shops) that we operate
Social media presences and email communication
Mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas where personal data is processed in the company through the mentioned channels in a structured manner. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Bases

In the following privacy policy, we provide transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which allow us to process personal data. Concerning EU law, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at EUR-Lex.

We only process your data if at least one of the following conditions applies:

Consent (Article 6 Paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you entered in a contact form.
Contract (Article 6 Paragraph 1 lit. b GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a purchase contract with you, we need personal information in advance.
Legal Obligation (Article 6 Paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
Legitimate Interests (Article 6 Paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and efficiently. This processing is thus a legitimate interest.

Other conditions such as the performance of a task carried out in the public interest or in the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. If such a legal basis should nevertheless be applicable, it will be indicated at the appropriate place.

In addition to the EU Regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), abbreviated as DSG.
In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies.

If other regional or national laws apply, we will inform you in the following sections.

Contact Information of the Responsible Party

If you have questions about data protection or the processing of personal data, you can find the contact details of the responsible person or entity below: Stefan Schuh
Römerstraße 352,
8232 Grafendorf bei Hartberg,
Austria

Email: stefan.schuh@unbroken.at

Storage Duration

As a general criterion, we only store personal data for as long as it is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to retain certain data even after the original purpose has ceased to exist, for example, for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.

We will inform you about the specific duration of the respective data processing further below, if we have additional information on this.

Rights Under the General Data Protection Regulation

In accordance with Articles 13 and 14 GDPR, we inform you of the following rights you have to ensure fair and transparent data processing:

Right to Information (Article 15 GDPR): You have the right to know whether we process data about you. If this is the case, you have the right to obtain a copy of the data and be informed about the following:
- The purpose for which we carry out the processing;
- The categories or types of data being processed;
- The recipients of these data and, if the data are transmitted to third countries, how the security is ensured;
- The duration of data storage;
- The existence of the right to rectification, erasure, restriction of processing, and the right to object to processing;
- That you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
- The source of the data if we did not collect them from you;
- Whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
Right to Rectification (Article 16 GDPR): You have the right to have incorrect data corrected if you find any errors.
Right to Erasure (Article 17 GDPR): You have the right to request the deletion of your data („right to be forgotten“).
Right to Restriction of Processing (Article 18 GDPR): You have the right to restrict processing, meaning we may only store the data but not use it further.
Right to Data Portability (Article 20 GDPR): You have the right to receive your data in a commonly used format upon request.
Right to Object (Article 21 GDPR): You have the right to object to the processing of your data, which will result in a change in the processing. If the processing of your data is based on Article 6 Paragraph 1 lit. e (public interest, exercise of official authority) or Article 6 Paragraph 1 lit. f (legitimate interest), you can object to the processing. We will then promptly check whether we can legally comply with this objection.
If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may no longer use your data for direct marketing thereafter.
If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
Right Not to Be Subject to Automated Decision-Making (Article 22 GDPR): You have the right not to be subject to a decision based solely on automated processing (e.g., profiling) under certain circumstances.
Right to Lodge a Complaint (Article 77 GDPR): You have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of personal data concerning you violates the GDPR.

In short: You have rights—do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Processing Agreement (DPA)

In this section, we explain what a Data Processing Agreement (DPA) is and why it is necessary. Since the term „Data Processing Agreement“ is quite a mouthful, we will often use the acronym DPA in this text. Like most companies, we do not work alone but also use the services of other companies or individuals. By involving various companies or service providers, we may share personal data for processing. These partners then act as data processors with whom we enter into a contract called a Data Processing Agreement (DPA). The most important thing for you to know is that the processing of your personal data is carried out exclusively according to our instructions and must be regulated by the DPA.

Who are Data Processors?

As a company and website owner, we are responsible for all data we process from you. Besides the controllers, there can also be data processors. This includes any company or person that processes personal data on our behalf. More precisely, according to the GDPR definition, any natural or legal person, public authority, agency, or other body that processes personal data on our behalf is considered a data processor. Data processors can include service providers such as hosting or cloud providers, payment or newsletter providers, or large companies like Google or Microsoft.

To better understand the terminology, here is an overview of the three roles in the GDPR:

Data Subject (You as a customer or interested party) → Controller (We as the company and client) → Data Processor (Service providers like web hosts or cloud providers)

Content of a Data Processing Agreement

As mentioned above, we have entered into a DPA with our partners who act as data processors. It primarily stipulates that the data processor processes the data to be processed exclusively according to the GDPR. The agreement must be concluded in writing, but electronic agreement is also considered „written“ in this context. The processing of personal data only takes place based on the contract. The contract must include the following:

Obligation to follow our instructions as the controller
Duties and rights of the controller
Categories of data subjects
Type of personal data
Nature and purpose of data processing
Subject and duration of data processing
Location of data processing

Additionally, the contract includes all duties of the data processor. The most important duties are:

Ensuring data security measures
Taking possible technical and organizational measures to protect the rights of the data subject
Keeping a record of data processing activities
Cooperating with the data protection supervisory authority upon request
Conducting a risk analysis concerning the received personal data
Sub-processors may only be engaged with the written consent of the controller

For an example of what a DPA looks like, you can visit this link where a sample contract is presented.

Cookies

Summary of Cookies

Data Subjects: Visitors of the website
Purpose: Depending on the respective cookie. More details can be found below or from the software manufacturer setting the cookie.
Processed Data: Depending on the cookie used. More details can be found below or from the software manufacturer setting the cookie.
Storage Duration: Depending on the respective cookie, can range from hours to years
Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data. Below, we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are known as cookies.

One thing is undeniable: cookies are really useful helpers. Almost all websites use cookies. More precisely, they use HTTP cookies, as there are other cookies for other applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, the „brain“ of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as language or personal page settings. When you revisit our site, your browser sends the „user-related“ information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, like Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser uses again when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other „malware.“ Cookies cannot access information on your PC either.

Example of cookie data:

Name: _ga
Value: GA1.2.1326744211.152112452278-9
Purpose: Differentiating website visitors
Expiration date: After 2 years

A browser should support the following minimum sizes:

At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total

Types of Cookies

The question of which cookies we specifically use depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly explain the different types of HTTP cookies.

There are 4 types of cookies:

Essential Cookies: These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user places a product in the shopping cart, then continues browsing other pages, and later returns to the checkout. These cookies prevent the shopping cart from being deleted even if the user closes their browser window.
Functional Cookies: These cookies collect information about user behavior and whether the user receives any error messages. Additionally, these cookies measure the load time and behavior of the website in different browsers.
Targeted Cookies: These cookies provide better user-friendliness. For example, entered locations, font sizes, or form data are saved.
Advertising Cookies: These cookies are also known as targeting cookies. They are used to deliver customized advertising to the user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you will be asked which types of cookies you wish to allow. And, of course, this decision is also saved in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend RFC 6265, the „HTTP State Management Mechanism“ of the Internet Engineering Task Force (IETF).

Purpose of Processing via Cookies

The purpose ultimately depends on the respective cookie. More details can be found below or from the software manufacturer setting the cookie.

Which Data is Processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data within the following privacy policy.

Storage Duration of Cookies

The storage duration depends on the respective cookie and will be specified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also „Right to Object“ below). Furthermore, cookies based on consent are deleted at the latest after you withdraw your consent, without affecting the legality of storage until then.

Right to Object – How Can I Delete Cookies?

You decide for yourself whether and how you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies are stored in your browser, change cookie settings, or delete cookies, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome
Safari: Manage cookies and website data with Safari
Firefox: Delete cookies to remove data that websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies

If you generally do not want any cookies, you can set your browser to always inform you when a cookie is to be set. This way, you can decide whether to allow each individual cookie or not. The procedure varies depending on the browser. It is best to search for the instructions on Google with the search term „delete cookies Chrome“ or „disable cookies Chrome“ if you use a Chrome browser.

Legal Basis

Since 2009, there have been so-called „cookie guidelines.“ These state that storing cookies requires your consent (Article 6(1)(a) GDPR). However, there are very different reactions to these guidelines within EU countries. In Austria, the implementation of this guideline took place in Section 96(3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, the implementation of this guideline largely took place in Section 15(3) of the Telemedia Act (TMG).

For absolutely necessary cookies, even without consent, legitimate interests (Article 6(1)(f) GDPR) exist, which are mostly of an economic nature. We aim to provide visitors to the website with a pleasant user experience, and certain cookies are often absolutely necessary for this.

As far as non-essential cookies are used, this only happens with your consent. The legal basis is Article 6(1)(a) GDPR.

In the following sections, you will be informed in more detail about the use of cookies if the software used employs cookies.

Web Analytics Privacy Policy Summary

Data Subjects: Visitors of the website
Purpose: Evaluation of visitor information to optimize the web offering.
Processed Data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found in the web analytics tool used.
Storage Duration: Depending on the web analytics tool used
Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Web Analytics?

We use software on our website to analyze the behavior of website visitors, referred to as web analytics. Data is collected by the respective analytics tool provider (also called a tracking tool), stored, managed, and processed. Using this data, analyses of user behavior on our website are created and provided to us as the website operator. Additionally, most tools offer various testing options. For example, we can test which offers or content are most appealing to our visitors. We show you two different offers for a limited period. After the test (called an A/B test), we know which product or content our website visitors find more interesting. Such testing procedures, as well as other analytics methods, can also create user profiles and store data in cookies.

Why Do We Conduct Web Analytics?

We have a clear goal with our website: we want to provide the best web offering in our industry. To achieve this goal, we want to offer the best and most interesting content and ensure that you feel completely comfortable on our website. Using web analytics tools, we can closely examine the behavior of our website visitors and then improve our web offering accordingly. For example, we can identify the average age of our visitors, where they come from, when our website is most visited, or which content or products are particularly popular. All this information helps us optimize the website and tailor it to your needs, interests, and desires.

What Data is Processed?

The specific data stored depends on the analytics tools used. Generally, data such as the content you view on our website, the buttons or links you click, the time you access a page, the browser you use, the device (PC, tablet, smartphone, etc.) you visit the website with, or the computer system you use is stored. If you have consented to location data being collected, this can also be processed by the web analytics tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is usually stored in a pseudonymized form (i.e., in an unrecognizable and shortened form). For testing, web analytics, and web optimization purposes, no direct data such as your name, age, address, or email address is stored. All such data, if collected, is stored pseudonymized. Therefore, you cannot be identified as a person.

The following example schematically shows how Google Analytics works as an example of client-based web tracking with JavaScript code.

Duration of Data Processing

Right to Object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done through our cookie management tool or other opt-out functions. For example, you can prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser.

Legal Basis

The use of web analytics requires your consent, which we obtained with our cookie popup. This consent forms the legal basis for processing personal data under Art. 6(1)(a) GDPR.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offer technically and economically. Using web analytics, we can identify website errors, detect attacks, and improve efficiency. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We only use the tools if you have given your consent.

Since web analytics tools use cookies, we recommend reading our general privacy policy on cookies. To learn which data is exactly stored and processed, you should read the privacy policies of the respective tools.

Information on specific web analytics tools, if available, can be found in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary

Data Subjects: Visitors of the website
Purpose: Evaluation of visitor information to optimize the web offering.
Processed Data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found below in this privacy policy.
Storage Duration: Depending on the properties used
Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Google Analytics?

We use the web analytics tool Google Analytics (GA) from the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. With the reports we receive from Google Analytics, we can better tailor our website and service to your needs. Below, we delve into the tracking tool and inform you about the data stored and how you can prevent it.

Google Analytics is a tracking tool used to analyze the traffic on our website. To enable Google Analytics, a tracking code is integrated into the code of our website. When you visit our website, this code records various actions you take on our website. Once you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and provides us with reports about your user behavior. These reports can include:

Audience Reports: These help us better understand our users and know more precisely who is interested in our service.
Ad Reports: These make it easier for us to analyze and improve our online advertising.
Acquisition Reports: These provide useful information on how to attract more people to our service.
Behavior Reports: These tell us how you interact with our website, the path you take on our site, and which links you click.
Conversion Reports: These show how our marketing efforts are turning visitors into customers or newsletter subscribers.
Real-Time Reports: These allow us to see what is happening on our website at any moment.

Why Do We Use Google Analytics on Our Website?

Our goal with this website is clear: to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal. The analyzed data shows us a clear picture of the strengths and weaknesses of our website. We can optimize our site to be more easily found by interested people on Google and better understand you as a visitor. This data also helps us to make our advertising and marketing efforts more personalized and cost-effective, showing our products and services to people who are interested in them.

What Data is Stored by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID linked to your browser cookie. This ID helps Google Analytics recognize you as a new user. When you visit our site again, you are recognized as a „returning“ user. All collected data is stored together with this user ID, allowing for pseudonymous user profiles.

To analyze our website with Google Analytics, a property ID is inserted into the tracking code. Data is then stored in the respective property. The default for newly created properties is the Google Analytics 4 property. Alternatively, you can still create the Universal Analytics property. The storage duration of your data depends on the property used.

Cookies and app instance IDs measure your interactions on our website. If you use other Google systems (e.g., a Google account), data generated by Google Analytics can be linked to third-party cookies. Google does not share Google Analytics data unless we, as website operators, permit it. Exceptions occur if required by law.

Google Analytics Cookies Used

Name: _ga
- Value: 2.1326744211.152112452278-5
- Purpose: Used to distinguish users.
- Expiration: After 2 years
Name: _gid
- Value: 2.1687193234.152112452278-1
- Purpose: Also used to distinguish users.
- Expiration: After 24 hours
Name:gat_gtag_UA
- Value: 1
- Purpose: Used to throttle request rate.
- Expiration: After 1 minute
Name: AMP_TOKEN
- Value: None
- Purpose: Contains a token to retrieve a client ID from the AMP Client ID service.
- Expiration: 30 seconds to 1 year
Name: __utma
- Value: 1564498958.1564498958.1564498958.1
- Purpose: Used to track your behavior on the website and measure performance.
- Expiration: After 2 years
Name: __utmt
- Value: 1
- Purpose: Used to throttle request rate.
- Expiration: After 10 minutes
Name: __utmb
- Value: 3.10.1564498958
- Purpose: Used to determine new sessions.
- Expiration: After 30 minutes
Name: __utmc
- Value: 167421564
- Purpose: Used to determine new sessions for returning visitors.
- Expiration: End of browser session
Name: __utmz
- Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
- Purpose: Used to identify the source of traffic to our website.
- Expiration: After 6 months
Name: __utmv
- Value: None
- Purpose: Used to store custom user data.
- Expiration: After 2 years

This list may not be exhaustive, as Google can change the selection of its cookies.

Overview of Key Data Collected by Google Analytics

Heatmaps: Shows where you click on our site, providing insights into your navigation patterns.
Session Duration: Measures the time you spend on our site without leaving. After 20 minutes of inactivity, the session ends automatically.
Bounce Rate: Indicates if you visit only one page on our site before leaving.
Account Creation: Tracks if you create an account or make a purchase.
IP Address: Stored in a truncated form to prevent identification.
Location: Determines your country and approximate location via IP address.
Technical Information: Includes your browser type, internet provider, and screen resolution.
Source: Shows which website or advertisement brought you to our site.
Additional Data: Contact details, reviews, media playback, social media sharing, and adding favorites.

Data Storage Duration and Location

Google’s servers are distributed worldwide, mainly in the USA. Your data is stored on various physical storage devices, providing faster access and better protection against manipulation. Each Google data center has emergency programs for your data to minimize the risk of service interruption due to hardware failures or natural disasters.

The data retention duration depends on the properties used. For Google Analytics 4 properties, user data is stored for 14 months. For Universal Analytics properties, the default is 26 months, but we can choose between 14, 26, 38, 50 months, or no automatic deletion. Data is deleted monthly after the set period unless you revisit our site, resetting the retention period.

How to Delete or Prevent Data Storage

You have the right to access, update, delete, or restrict your data. You can prevent Google Analytics from using your data by downloading and installing the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js). Note that this add-on only deactivates Google Analytics data collection.

For general cookie management, deletion, or deactivation, see the „Cookies“ section for links to browser instructions.

Legal Basis

The use of Google Analytics requires your consent, obtained via our cookie popup. This consent forms the legal basis for processing personal data under Art. 6(1)(a) GDPR. Additionally, we have a legitimate interest in analyzing visitor behavior to improve our offering technically and economically. Google Analytics helps us identify website errors, detect attacks, and improve efficiency. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We only use Google Analytics if you have given your consent.

Google processes your data, including in the USA. We note that the European Court of Justice currently sees no adequate protection level for data transfer to the USA, which can pose risks for data processing legality and security.

For data processing by recipients in third countries (outside the EU, Iceland, Liechtenstein, Norway, and especially the USA) or data transfers there, Google uses Standard Contractual Clauses (Art. 46. Abs. 2 and 3 GDPR). These clauses ensure your data meets European privacy standards even when stored, processed, and managed in third countries. The EU Commission provides these clauses, which you can view here. The Google Ads Data Processing Terms referring to these clauses can be found here.

We hope this provides essential information about Google Analytics data processing. For more details, visit Google Analytics Terms and Google Analytics Help.

Data Processing Agreement (DPA) Google Analytics

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Google. You can read about what a DPA is and what it must contain in our general section „Data Processing Agreement (DPA)“.

This contract is legally required because Google processes personal data on our behalf. It stipulates that Google may only process the data received from us according to our instructions and must comply with the GDPR. The link to the data processing terms can be found at Google Ads Data Processing Terms.

Google Analytics Reports on Demographics and Interests

We have enabled advertising reporting features in Google Analytics. These reports include demographic and interest data such as age, gender, and interests. This information helps us better understand our users without being able to attribute this data to individual persons. You can learn more about the advertising features at Google Analytics Help.

You can opt-out of using your Google account activities and information under „Advertising settings“ at Google Ads Settings.

Google Analytics Consent Mode

Depending on your consent, personal data may be processed by Google Analytics in consent mode. You can choose whether to accept Google Analytics cookies or not, determining which data Google Analytics may process. This data is primarily used to measure user behavior on the website, deliver targeted advertising, and provide us with web analysis reports. Generally, you consent to data processing by Google through a cookie consent tool. If you do not consent to data processing, only aggregated data will be collected and processed, meaning no user profiles are created. You can also consent only to statistical measurement, where no personal data is processed and thus not used for advertising or measuring advertising success.

Google Analytics IP Anonymization

We have implemented Google Analytics IP address anonymization on this website. This function was developed by Google to ensure that this website can comply with the applicable privacy regulations and recommendations of local data protection authorities when they prohibit the storage of the full IP address. The anonymization or masking of the IP takes place as soon as the IP addresses are received in the Google Analytics data collection network and before any storage or processing occurs.

More information on IP anonymization can be found at Google Analytics Help.

Push Notifications Introduction

Push Notifications Summary

Data Subjects: Push notifications subscribers
Purpose: Notification of system-relevant and interesting events
Processed Data: Data entered during registration, usually including location data. More details can be found in the privacy policy of the respective push notification tool used.
Storage Duration: Data is typically stored as long as necessary to provide the service.
Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract)

What are Push Notifications?

We also use push notification services on our website to keep our users up to date. This means that if you have agreed to receive such push notifications, we can send you short news updates via a software tool. Push notifications are a form of text messages that appear directly on your smartphone or other devices like tablets or PCs if you have signed up for them. You receive these notifications even if you are not on our website or actively using our service. Data about your location and usage behavior may also be collected and stored.

Why Do We Use Push Notifications?

We use push notifications to fully deliver the services we have contractually agreed with you and to support our online marketing. These notifications help us bring our services or products closer to you. Particularly when there are news updates in our company, we can inform you immediately. We aim to understand the preferences and habits of all our users as well as possible to continuously improve our offerings.

What Data is Processed?

To receive push notifications, you must confirm that you want to receive these messages. The data collected during the consent process is stored, managed, and processed to prove and recognize that a user has agreed to receive push notifications. A device token or push token is stored in your browser for this purpose. Typically, location data or the location of your device is also stored.

We also statistically evaluate the handling of these messages to ensure we always send interesting and important push notifications. This way, we can see, for example, whether and when you open the message. These insights help us tailor our communication strategy to your preferences and interests. Although these stored data can be attributed to you, we are not interested in monitoring you as an individual. Instead, we are interested in the collective data of all our users to make optimizations. The exact data stored can be found in the privacy policies of the respective service providers.

Duration of Data Processing

The duration of data processing and storage depends primarily on the tool we use. You can learn more about the data processing of individual tools below. The privacy policies of the providers typically state which data is stored and processed and for how long. In general, personal data is only processed as long as it is necessary to provide our services. When data is stored in cookies, the storage duration can vary significantly. Data can be deleted right after leaving a website or can be stored for several years. Therefore, you should review each cookie in detail if you want to know more about data storage. The privacy policies of the individual providers often contain informative details about the cookies.

Legal Basis

Push notifications may be necessary to fulfill certain obligations stated in a contract, for example, to inform you about technical or organizational updates. The legal basis in this case is Art. 6(1)(b) GDPR.

If this is not the case, push notifications are sent based on your consent. Our push notifications can particularly contain advertising content. The notifications may also be sent based on your location as indicated by your device. The analytical evaluations mentioned above are also based on your consent to receive such notifications. The legal basis is Art. 6(1)(a) GDPR. You can, of course, withdraw your consent or change various settings at any time.

OneSignal Privacy Policy

We use OneSignal, a mobile marketing platform, for our website. The service provider is the American company OneSignal, located at 2850 S Delaware St #201, San Mateo, CA 94403, USA.

OneSignal processes data in the USA, among other locations. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of data protection for data transfer to the USA. This can pose various risks to the legality and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfer there, OneSignal uses standard contractual clauses approved by the EU Commission (Art. 46. Abs. 2 and 3 GDPR). These clauses require OneSignal to comply with the EU data protection level when processing relevant data outside the EU. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the clauses here: EU Commission Standard Contractual Clauses.

For more information about the data processed by OneSignal, please refer to their privacy policy at OneSignal Privacy Policy.

Blogs and Publication Media Introduction

Blogs and Publication Media Privacy Policy Summary

Data Subjects: Visitors of the website
Purpose: Presentation and optimization of our services, communication between website visitors, security measures, and administration
Processed Data: Data such as contact details, IP address, and published content. More details can be found in the tools used.
Storage Duration: Depends on the tools used
Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests), Art. 6(1)(b) GDPR (Contract)

What Are Blogs and Publication Media?

We use blogs and other communication media on our website to interact with you and allow you to communicate with us. Data from you may be stored and processed for content presentation, communication functionality, and increased security. Our privacy policy generally addresses which data may be processed. Specific data processing details depend on the tools and features used. You can find precise information on data processing in the privacy policies of each provider.

Why Do We Use Blogs and Publication Media?

Our main goal with our website is to provide you with interesting and exciting content while valuing your opinions and contributions. We aim to create a good interactive exchange between us and you. With various blogs and publication options, we can achieve this. For example, you can comment on our content, respond to other comments, or in some cases, create your own posts.

What Data is Processed?

The exact data processed depends on the communication functions we use. Typically, IP addresses, usernames, and the published content are stored. This is primarily done to ensure security, prevent spam, and address unlawful content. Cookies may also be used for data storage. These are small text files stored in your browser with information. For more details on the collected and stored data, refer to our individual sections and the privacy policy of the respective provider.

Duration of Data Processing

We will inform you further below about the duration of data processing if we have additional information. For example, contribution and comment functions store data until you withdraw your consent to data storage. Generally, personal data is stored only as long as necessary to provide our services.

Right to Object

You also have the right and the ability to withdraw your consent to the use of cookies or third-party communication tools at any time. This can be done through our cookie management tool or other opt-out functions. For example, you can prevent data collection by managing, disabling, or deleting cookies in your browser.

Since publication media can also use cookies, we recommend reading our general privacy policy on cookies. To learn which data is specifically stored and processed, you should read the privacy policies of the respective tools.

Legal Basis

We use communication tools primarily based on our legitimate interests (Art. 6(1)(f) GDPR) for quick and efficient communication with you, other customers, business partners, and visitors. If the use serves to fulfill contractual relationships or their initiation, the legal basis is Art. 6(1)(b) GDPR.

Certain processing activities, particularly the use of cookies and comment or messaging functions, require your consent. If you have consented to data processing and storage by embedded publication media, this consent forms the legal basis for data processing (Art. 6(1)(a) GDPR). Most communication functions we use place cookies in your browser to store data. Therefore, we recommend reading our privacy policy on cookies and the privacy policy or cookie guidelines of the respective service provider.

Information on specific tools, if available, can be found in the following sections.

WordPress Emojis Privacy Policy

We also use so-called emojis and smileys in our blog. Emojis are graphical elements or files such as smiling, angry, or sad faces that we provide and are loaded from another server. The service provider for retrieving WordPress emojis and smileys is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. This third party stores your IP address to transmit the emoji files to your browser.

WordPress processes data from you, including in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of data protection for data transfer to the USA. This can pose various risks to the legality and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfer there, WordPress uses Standard Contractual Clauses (Art. 46. Abs. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data meets European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, WordPress commits to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: EUR-Lex Standard Contractual Clauses.

The data processing terms (Data Processing Agreements), which correspond to the Standard Contractual Clauses, can be found at WordPress Data Processing Agreements.

For more information about the data processed by Automattic, please refer to their privacy policy at Automattic Privacy Policy.

Online Marketing Introduction

Online Marketing Privacy Policy Summary

Data Subjects: Visitors of the website
Purpose: Evaluation of visitor information to optimize the web offering
Processed Data: Access statistics including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data like name or email address may also be processed. More details can be found with each online marketing tool used.
Storage Duration: Depends on the online marketing tools used
Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Online Marketing?

Online marketing refers to all measures taken online to achieve marketing goals such as increasing brand awareness or completing a transaction. Our online marketing efforts aim to attract people to our website. We use online marketing to showcase our offerings to many interested people, usually through online advertising, content marketing, or search engine optimization. To use online marketing efficiently and effectively, personal data is stored and processed. This data helps us show our content only to those interested and measure the success of our online marketing efforts.

Why Do We Use Online Marketing Tools?

We want to show our website to everyone interested in our offerings. We are aware that this is not possible without deliberate actions, so we engage in online marketing. Various tools make it easier for us to work on our online marketing efforts and continually provide improvement suggestions through data. This way, we can target our campaigns more precisely at our audience. The purpose of these online marketing tools is ultimately to optimize our offerings.

What Data is Processed?

For our online marketing to work and measure the success of the measures, user profiles are created, and data is stored, for example, in cookies (small text files). This data helps us not only place advertisements in a classic sense but also display our content directly on our website as you prefer. Various third-party tools offer these functions and accordingly collect and store data from you. The cookies, for example, store which websites you visited on our site, how long you viewed these pages, which links or buttons you clicked, or which website you came from. Technical information such as your IP address, which browser you use, the device you visit our website from, or the time you accessed and left our website can also be stored. If you have consented to us determining your location, we can also store and process this data.

Your IP address is stored in a pseudonymized form (i.e., shortened). Unique data that directly identifies you, such as name, address, or email address, is also stored in a pseudonymized form during advertising and online marketing procedures. This means we cannot identify you as a person, but we only have the pseudonymized stored information in the user profiles.

The cookies may also be used, analyzed, and employed for advertising purposes on other websites that use the same advertising tools. The data can then also be stored on the servers of the advertising tools providers.

In exceptional cases, unique data (names, email addresses, etc.) may be stored in the user profiles. This storage occurs, for example, if you are a member of a social media channel we use for our online marketing efforts, and the network connects previously entered data with the user profile.

For all advertising tools we use that store data on their servers, we always receive only aggregated information and never data that makes you identifiable as an individual. The data only shows how well certain advertising measures worked. For example, we see which measures prompted you or other users to visit our website and purchase a service or product. Based on the analyses, we can improve our advertising offer in the future and tailor it even more precisely to the needs and wishes of interested persons.

Duration of Data Processing

We will inform you further below about the duration of data processing if we have additional information. Generally, we process personal data only as long as it is absolutely necessary to provide our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted after leaving the website, while others can be stored in your browser for several years. The respective privacy policies of the individual providers usually provide detailed information about the cookies used by the provider.

Right to Object

You also have the right and the ability to withdraw your consent to the use of cookies or third-party providers at any time. This can be done through our cookie management tool or other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser. The legality of the processing remains unaffected until the withdrawal.

Since online marketing tools usually use cookies, we recommend reading our general privacy policy on cookies. To find out exactly which data is stored and processed, you should read the privacy policies of the respective tools.

Legal Basis

If you have consented to the use of third-party providers, the legal basis for the corresponding data processing is this consent. This consent forms the legal basis for processing personal data as they occur when collected by online marketing tools, according to Art. 6(1)(a) GDPR.

We also have a legitimate interest in measuring online marketing measures in anonymized form to optimize our offer and measures with the data obtained. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). We only use the tools if you have given your consent.

Information on specific online marketing tools, if available, can be found in the following sections.

PayPal Marketing Solutions Privacy Policy

We use PayPal Marketing Solutions, a sales optimization tool, on our website. The service provider is the American company PayPal Pte. Ltd, 2211 North First Street, San Jose, California 95131, USA.

PayPal processes data from you, including in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of data protection for data transfer to the USA. This can pose various risks to the legality and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfer there, PayPal uses Standard Contractual Clauses (Art. 46. Abs. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data meets European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, PayPal commits to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: EUR-Lex Standard Contractual Clauses.

For more information about the Standard Contractual Clauses and the data processed by PayPal Marketing Solutions, please refer to their privacy policy at PayPal Privacy Policy.

Payment Providers Introduction

Payment Providers Privacy Policy Summary

Data Subjects: Visitors of the website
Purpose: Enabling and optimizing the payment process on our website
Processed Data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data. More details can be found with each payment provider tool used.
Storage Duration: Depends on the payment provider used
Legal Basis: Art. 6(1)(b) GDPR (Performance of a contract)

What is a Payment Provider?

We use online payment systems on our website to ensure a secure and smooth payment process for both you and us. This may involve sending, storing, and processing personal data to the respective payment provider. Payment providers are online payment systems that allow you to make an order via online banking. The payment transaction is carried out by the payment provider you choose. We then receive information about the completed payment. This method can be used by any user with an active online banking account with PIN and TAN. There are hardly any banks that do not offer or accept such payment methods.

Why Do We Use Payment Providers on Our Website?

We aim to provide the best possible service with our website and integrated online shop to ensure you feel comfortable and can make use of our offerings. We know your time is valuable, and payment processes must function quickly and smoothly. For these reasons, we offer various payment providers. You can choose your preferred payment provider and pay in the usual manner.

What Data is Processed?

The exact data processed depends on the respective payment provider. Generally, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are stored. These are necessary data to carry out a transaction. Contract data and user data, such as when you visit our website, which content you are interested in, or which subpages you click on, may also be stored. Most payment providers also store your IP address and information about your computer.

The data is usually stored and processed on the servers of the payment providers. We, as the website operator, do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, payment providers may forward data to the relevant authorities. The business and privacy policies of the respective provider always apply to all payment transactions. Therefore, please always review the terms and conditions and privacy policy of the payment provider. You also have the right to have data deleted or corrected at any time. Please contact the respective service provider regarding your rights (right to withdraw, right to information, and right to data portability).

Duration of Data Processing

We will inform you further below about the duration of data processing if we have additional information. Generally, we process personal data only as long as it is absolutely necessary to provide our services and products. If it is legally required, such as in the case of accounting, this storage duration may be exceeded. For example, we keep booking records related to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) from the time they arise.

Right to Object

You always have the right to access, rectify, and delete your personal data. If you have any questions, you can contact the responsible parties of the payment provider used at any time. Contact details can be found either in our specific privacy policy or on the website of the respective payment provider.

You can delete, deactivate, or manage cookies used by payment providers for their functions in your browser. Depending on the browser you use, this works differently. However, please note that the payment process may no longer function if you do so.

Legal Basis

We offer other payment service providers in addition to conventional banks/credit institutions to fulfill contractual or legal relationships (Art. 6(1)(b) GDPR). The data processing and storage details are provided in the privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay, or Discover). For questions regarding data protection issues, you can always contact the responsible parties.

Information on specific payment providers, if available, can be found in the following sections.

Google Pay Datenschutzerklärung

Wir nutzen auf unserer Website den Online-Zahlungsanbieter Google Pay. Dienstanbieter ist das amerikanische Unternehmen Google Inc. Für den europäischen Raum ist das Unternehmen Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Irland) für alle Google-Dienste verantwortlich.

Google verarbeitet Daten von Ihnen u.a. auch in den USA. Wir weisen darauf hin, dass nach Meinung des Europäischen Gerichtshofs derzeit kein angemessenes Schutzniveau für den Datentransfer in die USA besteht. Dies kann mit verschiedenen Risiken für die Rechtmäßigkeit und Sicherheit der Datenverarbeitung einhergehen.

Als Grundlage der Datenverarbeitung bei Empfängern mit Sitz in Drittstaaten (außerhalb der Europäischen Union, Island, Liechtenstein, Norwegen, also insbesondere in den USA) oder einer Datenweitergabe dorthin verwendet Google sogenannte Standardvertragsklauseln (= Art. 46. Abs. 2 und 3 DSGVO). Standardvertragsklauseln (Standard Contractual Clauses – SCC) sind von der EU-Kommission bereitgestellte Mustervorlagen und sollen sicherstellen, dass Ihre Daten auch dann den europäischen Datenschutzstandards entsprechen, wenn diese in Drittländer (wie beispielsweise in die USA) überliefert und dort gespeichert werden. Durch diese Klauseln verpflichtet sich Google, bei der Verarbeitung Ihrer relevanten Daten, das europäische Datenschutzniveau einzuhalten, selbst wenn die Daten in den USA gespeichert, verarbeitet und verwaltet werden. Diese Klauseln basieren auf einem Durchführungsbeschluss der EU-Kommission. Sie finden den Beschluss und die entsprechenden Standardvertragsklauseln u.a. hier: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Die Datenverarbeitungsbedingungen für Google Werbeprodukte (Google Ads Controller-Controller Data Protection Terms), welche auf die Standardvertragsklauseln verweisen, finden Sie unter https://business.safety.google/adscontrollerterms/.

Mehr über die Daten, die durch die Verwendung von Google Pay verarbeitet werden, erfahren Sie in der Privacy Policy auf https://policies.google.com/privacy.

PayPal Privacy Policy

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. For the European region, the company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfer there, PayPal uses Standard Contractual Clauses (Art. 46. Abs. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data meets European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, PayPal commits to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: EUR-Lex Standard Contractual Clauses.

For more information about the Standard Contractual Clauses and the data processed by PayPal, please refer to their privacy policy at PayPal Privacy Policy.

Audio & Video Introduction

Audio & Video Privacy Policy Summary

Data Subjects: Visitors of the website
Purpose: Optimization of our service
Processed Data: Data such as contact information, user behavior, device information, and IP address may be stored. More details can be found below in the corresponding privacy texts.
Storage Duration: Data is generally stored as long as it is necessary for the service
Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are Audio and Video Elements?

We have integrated audio and video elements into our website so that you can watch videos or listen to music/podcasts directly from our site. The content is provided by service providers. All content is thus also sourced from the respective providers‘ servers.

These are embedded functional elements from platforms such as YouTube, Vimeo, or Spotify. The use of these portals is usually free, but paid content can also be published. With these embedded elements, you can listen to or watch the respective content directly on our website.

When you use audio or video elements on our website, personal data may also be transmitted to, processed, and stored by the service providers.

Why Do We Use Audio & Video Elements on Our Website?

We aim to provide the best possible offer on our website. We are aware that content is no longer just conveyed through text and static images. Instead of simply providing a link to a video, we offer audio and video formats directly on our website, which are entertaining or informative and ideally both. This expands our service and makes it easier for you to access interesting content. Thus, we offer not only texts and images but also video and/or audio content.

What Data is Stored by Audio & Video Elements?

When you access a page on our website that includes an embedded video, your server connects to the service provider’s server. Data is also transmitted to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your device. Most providers also collect information about your web activity, such as session duration, bounce rate, which buttons you clicked, or which website you used the service from. All this information is usually stored via cookies or pixel tags (also called web beacons). Pseudonymized data is often stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.

Duration of Data Processing

How long data is stored on the servers of third-party providers can be found either further down in the privacy text of the respective tool or in the provider’s privacy policy. Generally, personal data is always processed only as long as it is absolutely necessary to provide our services or products. This usually also applies to third-party providers. You can usually assume that certain data is stored on the servers of third-party providers for several years. Data stored in cookies can be stored for different lengths of time. Some cookies are deleted after you leave the website, while others can be stored in your browser for several years.

Right to Object

You always have the right and the option to withdraw your consent to the use of cookies or third-party providers. This can be done either through our cookie management tool or other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser. The legality of the processing remains unaffected until the withdrawal.

Since cookies are usually used by the embedded audio and video functions on our site, you should also read our general privacy policy on cookies. In the privacy policies of the respective third-party providers, you will find more detailed information about how your data is handled and stored.

Legal Basis

If you have consented to the processing and storage of your data through embedded audio and video elements, this consent forms the legal basis for data processing (Art. 6(1)(a) GDPR). Generally, your data is also stored and processed based on our legitimate interest (Art. 6(1)(f) GDPR) in quick and good communication with you or other customers and business partners. We only use the embedded audio and video elements if you have given your consent.

YouTube Privacy Policy

YouTube Privacy Policy Summary

Data Subjects: Visitors of the website
Purpose: Optimization of our service
Processed Data: Data such as contact information, user behavior, device information, and IP address may be stored. More details can be found below in this privacy policy.
Storage Duration: Data is generally stored as long as it is necessary for the service
Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is YouTube?

We have embedded YouTube videos on our website to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has a YouTube video embedded, your browser automatically connects to YouTube or Google servers. Various data is transmitted depending on the settings. For data processing in the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible.

Below, we explain what data is processed, why we have embedded YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the years, YouTube has become one of the most important social media channels worldwide. To display videos on our website, YouTube provides a code snippet that we have embedded on our site.

Why Do We Use YouTube Videos on Our Website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website, and interesting videos are an essential part of this. By embedding videos, we provide you with additional helpful content alongside our texts and images. Additionally, our website is easier to find on the Google search engine thanks to the embedded videos. Even when we run Google Ads, Google can show these ads to people who are genuinely interested in our offerings, thanks to the collected data.

What Data is Stored by YouTube?

As soon as you visit one of our pages with an embedded YouTube video, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can associate your interactions on our website with your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution, or your internet provider. Other data may include contact details, ratings, sharing content via social media, or adding videos to your favorites on YouTube.

If you are not logged into a Google or YouTube account, Google stores data with a unique identifier linked to your device, browser, or app. For example, your preferred language setting is retained. However, many interaction data cannot be stored because fewer cookies are set.

The following list shows cookies that were set in a browser test. We show cookies set without a logged-in YouTube account and those set with a logged-in account. The list is not exhaustive because user data depends on interactions on YouTube.

Without a logged-in YouTube account:

Name: YSC
- Value: b9-CV6ojI5Y112452278-1
- Purpose: This cookie registers a unique ID to store statistics of the viewed videos.
- Expiration: At the end of the session
Name: PREF
- Value: f1=50000000
- Purpose: This cookie registers your unique ID. Google receives statistics about how you use YouTube videos on our website.
- Expiration: After 8 months
Name: GPS
- Value: 1
- Purpose: This cookie registers your unique ID on mobile devices to track the GPS location.
- Expiration: After 30 minutes
Name: VISITOR_INFO1_LIVE
- Value: 95Chz8bagyU
- Purpose: This cookie estimates the user’s bandwidth on our websites (with embedded YouTube video).
- Expiration: After 8 months

With a logged-in YouTube account:

Name: APISID
- Value: zILlvClZSkqGsSwI/AU1aZI6HY7112452278-
- Purpose: This cookie is used to create a profile about your interests. The data is used for personalized advertisements.
- Expiration: After 2 years
Name: CONSENT
- Value: YES+AT.de+20150628-20-0
- Purpose: This cookie stores the user’s consent status for using various Google services. CONSENT also serves security purposes to check users and protect user data from unauthorized attacks.
- Expiration: After 19 years
Name: HSID
- Value: AcRwpgUik9Dveht0I
- Purpose: This cookie is used to create a profile about your interests. This data helps display personalized advertising.
- Expiration: After 2 years
Name: LOGIN_INFO
- Value: AFmmF2swRQIhALl6aL…
- Purpose: This cookie stores information about your login data.
- Expiration: After 2 years
Name: SAPISID
- Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
- Purpose: This cookie uniquely identifies your browser and device. It is used to create a profile about your interests.
- Expiration: After 2 years
Name: SID
- Value: oQfNKjAsI112452278-
- Purpose: This cookie stores your Google account ID and your last login time in a digitally signed and encrypted form.
- Expiration: After 2 years
Name: SIDCC
- Value: AN0-TYuqub2JOcDTyL
- Purpose: This cookie stores information about how you use the website and which advertisements you may have seen before visiting our site.
- Expiration: After 3 months

How Long and Where are the Data Stored?

The data collected by YouTube is stored on Google’s servers. Most of these servers are located in the USA. You can see exactly where Google’s data centers are located here: Google Data Centers. Your data is distributed across the servers, which allows for faster retrieval and better protection against manipulation.

The collected data is stored by Google for different lengths of time. Some data can be deleted at any time, while other data is automatically deleted after a limited period, and some data is stored by Google for longer periods. Some data (such as items from „My Activity“, photos, or documents, products) stored in your Google account remain stored until you delete them. Even if you are not logged into a Google account, you can delete some data linked to your device, browser, or app.

How Can I Delete My Data or Prevent Data Storage?

You can manually delete data in your Google account. With the automatic deletion feature introduced in 2019 for location and activity data, information is stored and then deleted depending on your decision—either after 3 or 18 months.

Regardless of whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. The method varies depending on the browser you use. Under the „Cookies“ section, you will find the corresponding links to the instructions for the most popular browsers.

If you generally do not want cookies, you can set your browser to notify you whenever a cookie is about to be set. This allows you to decide whether to allow each cookie.

Legal Basis

If you have consented to the processing and storage of your data through embedded YouTube elements, this consent forms the legal basis for data processing (Art. 6(1)(a) GDPR). Generally, your data is also stored and processed based on our legitimate interest (Art. 6(1)(f) GDPR) in quick and good communication with you or other customers and business partners. We only use the embedded YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. Therefore, we recommend that you read our privacy policy on cookies and the privacy policy or cookie guidelines of the respective service provider.

YouTube processes data in the USA, among other places. We point out that, according to the European Court of Justice, there is currently no adequate level of data protection for data transfer to the USA. This can pose various risks to the legality and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfer there, YouTube uses Standard Contractual Clauses (Art. 46. Abs. 2 and 3 GDPR) approved by the EU Commission. These clauses require YouTube to comply with the EU data protection level when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding clauses here: EU Commission SCCs.

Since YouTube is a subsidiary of Google, there is a shared privacy policy. If you want to learn more about how your data is handled, we recommend reading the privacy policy at Google Privacy Policy.

Explanation of Terms

We strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when dealing with technical and legal topics. It often makes sense to use legal terms (such as personal data) or specific technical expressions (such as cookies, IP address). We do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently explained in the previous privacy policy. If these terms are derived from the GDPR and are definitions, we will also provide the GDPR texts here and, where necessary, add our own explanations.

Cookies

Definition: Cookies are small text files that websites place on your device as you are browsing. They are processed and stored by your web browser. Cookies can be used to store information about your visit to a website, such as your language preference, login information, or other settings. They help provide a smoother and more personalized browsing experience.

GDPR Reference: Recital 30: Natural persons may be associated with online identifiers provided by their devices, applications, tools, and protocols, such as internet protocol addresses, cookie identifiers, or other identifiers.

Explanation: Cookies can be essential for the proper functioning of a website (essential cookies), used to enhance performance (performance cookies), or employed to track user behavior for advertising purposes (advertising cookies).

IP Address

Definition: An IP address (Internet Protocol address) is a unique string of numbers separated by periods or colons that identifies each computer using the Internet Protocol to communicate over a network.

GDPR Reference: Recital 30: Online identifiers provided by devices, applications, tools, and protocols, such as internet protocol addresses, may be used to create profiles of the natural persons and identify them.

Explanation: IP addresses can be used to identify a user’s device and approximate location. They are necessary for devices to communicate over the internet.

Personal Data

Definition: Any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

GDPR Reference: Article 4(1): ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’).

Explanation: Personal data includes a wide range of information, including names, email addresses, location data, and online identifiers. It covers anything that can be used to identify an individual, either directly or indirectly.

Processing

Definition: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

GDPR Reference: Article 4(2): ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data.

Explanation: Processing includes virtually any action taken with personal data, from its initial collection to its eventual deletion.

Data Controller

Definition: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

GDPR Reference: Article 4(7): ‘Controller’ means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Explanation: The data controller is responsible for deciding why and how personal data is processed. They have the main responsibility for compliance with data protection regulations.

Data Processor

Definition: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

GDPR Reference: Article 4(8): ‘Processor’ means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Explanation: Data processors handle personal data on behalf of the data controller, often providing specialized services such as hosting, analytics, or marketing. They must process data according to the instructions of the data controller and are subject to strict contractual terms to ensure data protection.

Consent

Definition: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

GDPR Reference: Article 4(11): ‘Consent’ of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes.

Explanation: Consent must be an active, affirmative action by the data subject. It cannot be inferred from silence, pre-ticked boxes, or inactivity.

By providing these explanations, we hope to make our privacy policy clearer and help you better understand how your data is used and protected.

Copyright Notice

All texts are protected by copyright.

Source: Created with the Privacy Policy Generator from AdSimple