Data protection

Single sign-on login

"Single sign-on" or "single sign-on registration or "authentication" refers to procedures that allow users to log in with the help of a user account with a provider of single sign-on procedures (e.g a social network), also with our online offer. The prerequisite for single sign-on authentication is that the user is registered with the respective single sign-on provider and enters the required access data in the online form provided for this purpose, or .are already registered with the single sign-on provider and confirm the single sign-on registration via the button.

The authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID that we can no longer use for other purposes (so-called "user handle "). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the selected data releases as part of the authentication and also on what data users have in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the choice of the user, it can be different data, usually it is the e-mail address and the user name. The password entered during the sign-on procedure with the single sign-on provider is neither visible to us nor is it stored by us.

Users are asked to note that their information stored by us can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actually takes place. For example, if the user's e-mail address changes, they must change it manually in their user account with us.

If agreed with the users, we can use the single sign-on registration as part of or before the fulfillment of the contract, insofar as the users have been asked to do so, process it within the framework of consent and otherwise use it on the basis of our legitimate interests and those of the interests of the users in an effective and secure registration system.

If users decide that they no longer want to use the connection to their user account with the single sign-on provider for the single sign-on process, they must cancel this connection within their user account with the single sign-on provider. If users want to delete their data from us, they must cancel their registration with us.

• Types of data processed: Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Event data (Facebook) ("Event data" is data that can be transmitted by us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to people or their actions; Data includes, for example, information about visits to websites, interactions with content, functions, installation of apps, purchases of products, etc. The event data is processed in order to form target groups for content and advertising information (custom audiences); event data do not contain the actual content (such as comments written), no login information and no contact information (i.e. no names, e-mail addresses and telephone numbers).Event data will be deleted by Facebook after a maximum of two years formed target groups with the deletion of our Facebook account).

• Affected persons: users (e.g. website visitors, users of online services).

• Purposes of processing: provision of contractual services and customer service; Safety measures; registration procedure; Marketing; Profiles with user-related information (creating user profiles).

• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Apple Single Sign-On: authentication service; Service Provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.apple.com/de/; Data protection:https://www.apple.com/legal/privacy/de-ww/.

• Auth0: authentication service; Service Provider: Auth0, Inc, 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://auth0.com/de; Data protection:https://auth0.com/privacy/.

• Facebook single sign-on: authentication service of the Facebook platform; Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.facebook.com; Data protection:https://www.facebook.com/about/privacy; Order processing contract:https://www.facebook.com/legal/terms/dataprocessing; Standard contractual clauses (ensuring the level of data protection when processing in third countries):https://www.facebook.com/legal/EU_data_transfer_addendum.

• Google single sign-on: authentication service; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.google.de; Data protection:https://policies.google.com/privacy; Possibility of objection (opt-out): Settings for the display of advertisements:https://adssettings.google.com/authenticated.

• Instagram Single Sign-On: Authentication Service - We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt as part of a transmission (but not further processing) of "Event Data" that Facebook uses the Instagram Single Sign-On On registration procedures that are carried out on our online offer, collected or received as part of a transmission for the following purposes, are jointly responsible: a) display of content advertising information that corresponds to the presumed interests of the user; b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) Improving the delivery of ads and personalizing functions and content (e.g. improving the recognition of which content or advertising information presumably corresponds to the interests of users). We have concluded a special agreement with Facebook ("Supplement for those responsible",https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill the rights of the data subject (ie users can, for example, send information or requests for deletion directly to Facebook). Note: If Facebook provides us with measurements, analyzes and reports (which are aggregated, i.e. do not contain any information on individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but on the basis of an order processing contract ("Data Processing Terms"). ,https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Conditions" (https://www.facebook.com/legal/terms/data_security_terms) as well as with regard to processing in the USA on the basis of standard contractual clauses ("Facebook-EU data transmission addendum,https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection and complaints to the competent supervisory authority) are not restricted by the agreements with Facebook. ; Service Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.instagram.com; Data protection:https://instagram.com/about/legal/privacy.

• Microsoft Single Sign-On: authentication service; Service Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, Parent Company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.microsoft.com/de-de/security/business/identity-access-management/single-sign-on; Data protection:https://privacy.microsoft.com/de-de/privacystatement; Further information:https://www.microsoft.com/de-de/trustcenter.

• OneLogin single sign-on: authentication service; Service Provider: OneLogin Inc., 848 Battery Street, San Francisco, CA 94111, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.onelogin.com/de/; Data protection:https://www.onelogin.com/privacy.

• OpenID single sign-on: authentication service; Service Provider: OpenID Foundation, 2400 Camino Ramon, Suite 375, San Ramon, CA 94583, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://openid.net; Data protection:https://openid.net/foundation/policies/.

• Snap login kit: With the help of the snap login kit, we offer users the opportunity to log in to our online offering with their Snapchat login data; Service Provider: Snap Inc., 3000 31st Street, Santa Monica, California 90405, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://kit.snapchat.com/; Data protection:https://www.snap.com/de-DE/privacy/privacy-policy, Cookie Policy:https://www.snap.com/de-DE/cookie-policy; Standard contractual clauses (ensuring the level of data protection when processing in third countries):https://businesshelp.snapchat.com/en-US/article/standard-contractual-clauses.

• Twitter single sign-on: authentication service; Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, Parent Company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://twitter.com; Data protection:https://twitter.com/privacy, (settings:https://twitter.com/personalization).

• Yahoo! Single sign-on: authentication service; Service Provider: Oath (EMEA) Limited, 5-7 Point Square, North Wall Quay, Dublin 1, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.yahoo.com/; Data protection:https://policies.oath.com/ie/en/oath/privacy/index.html.

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). The data of the readers are processed for the purposes of the publication medium only insofar as it is necessary for its presentation and the communication between authors and readers or for reasons of security. In addition, we refer to the information on the processing of visitors to our publication medium in the context of this data protection notice.

• Types of data processed: Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).

• Affected persons: users (e.g. website visitors, users of online services).

• Purposes of processing: provision of contractual services and customer service; Feedback (e.g. collecting feedback via online form); Provision of our online offer and user-friendliness; Safety measures; Management and response to inquiries.

• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Comments and Posts: When users leave comments or other posts, their IP addresses may be stored based on our legitimate interests. This is for our security if someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author. Furthermore, we reserve the right to process user information for the purpose of spam detection on the basis of our legitimate interests. On the same legal basis, in the case of surveys, we reserve the right to store the IP addresses of users for the duration of the survey and to use cookies to avoid multiple votes. The personal information provided in the comments and posts, any contact and website information as well as the content will be stored by us permanently until the user objects; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Contact and request management

When contacting us (e.g. via contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the details of the requesting person are processed to the extent necessary to answer the contact request and any requested measures.

• Types of data processed: contact details (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).

• Affected persons: communication partners.

• Purposes of processing: contact requests and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online offer and user-friendliness.

• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).

Further information on processing processes, procedures and services:

• Contact form: If users contact us via our contact form, e-mail or other communication channels, we process the data communicated to us in this context to process the communicated request; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Communication via Messenger

We use messengers for communication purposes and therefore ask you to observe the following information on the functionality of the messenger, on encryption, on the use of the metadata of the communication and on your options to object.

You can also contact us in alternative ways, e.g. by telephone or e-mail. Please use the contact options provided to you or the contact options specified within our online offer.

In the case of end-to-end encryption of content (ie the content of your message and attachments), please note that the communication content (ie the content of the message and attached images) is encrypted from end-to-end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with activated encryption to ensure that the message content is encrypted.

However, we also point out to our communication partners that the providers of the messengers cannot see the content, but can find out that and when communication partners communicate with us as well as technical information on the device used by the communication partner and, depending on the settings of their device, also location information ( so-called metadata) are processed.

Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for your consent and you contact us, for example, we use Messenger in relation to our contractual partners and in the context of contract initiation as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and fulfillment of the needs of our communication partners in communication via messenger. We would also like to point out that we will not transmit the contact data you have given us to Messenger for the first time without your consent.

Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (ie, as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information from the communication partner, if no reference to a previous conversation is to be expected and the deletion does not conflict with any statutory retention requirements.

Reservation of the reference to other communication channels: Finally, we would like to point out that for reasons of your security we reserve the right not to answer inquiries via Messenger. This is the case, for example, when internal contract details require particular secrecy or an answer via messenger does not meet the formal requirements. In such cases, we will refer you to more appropriate communication channels.

• Types of data processed: contact details (e.g. e-mail, telephone numbers); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).

• Affected persons: communication partners.

• Purposes of processing: contact requests and communication; Direct marketing (e.g. by e-mail or post).

• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Facebook Messenger: Facebook Messenger with end-to-end encryption (the end-to-end encryption of Facebook Messenger requires activation if it is not activated by default); Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.facebook.com; Data protection:https://www.facebook.com/about/privacy; Order processing contract:https://www.facebook.com/legal/terms/dataprocessing; Standard contractual clauses (ensuring the level of data protection when processing in third countries):https://www.facebook.com/legal/EU_data_transfer_addendum.

• WhatsApp: WhatsApp Messenger with end-to-end encryption; Service Provider: WhatsApp Ireland Limited, 4 Grand Canal Quay, Dublin 2, D02 KH28, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.whatsapp.com/; Data protection:https://www.whatsapp.com/legal.

Push messages

With the consent of the users, we can send the users so-called "push notifications". These are messages that are displayed on the screens, end devices or in the browsers of the users, even if our online service is not currently being actively used.

In order to register for the push notifications, users must confirm the request from their browser or end device to receive the push notifications. This approval process is documented and saved. The storage is necessary in order to recognize whether users have consented to receiving the push notifications and to be able to prove their consent. For these purposes, a pseudonymous browser identifier (so-called "push token") or the device ID of a terminal device is stored.

On the one hand, the push messages may be necessary for the fulfillment of contractual obligations (e.g. technical and organizational information relevant to the use of our online offer) and are otherwise, unless specifically mentioned below, sent on the basis of the user's consent. Users can change the receipt of push messages at any time using the notification settings of their respective browsers or end devices.

• Types of data processed: usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Location data (information about the geographical position of a device or a person).

• Affected persons: communication partners.

• Purposes of processing: Provision of our online offer and user-friendliness; Range measurement (e.g. access statistics, recognition of returning visitors); Direct marketing (e.g. by e-mail or post).

• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).

Further information on processing processes, procedures and services:

• Push notifications with promotional content: The push notifications we send may contain promotional information. The promotional push messages are processed on the basis of user consent. If the contents are specifically described as part of a consent to receive the advertising push messages, the descriptions are decisive for the consent of the user. In addition, our newsletters contain information about our services and us; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

• Location-dependent sending of push notifications: The push notifications we send can be displayed depending on the whereabouts of the user based on the location data transmitted by the end device used; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

• Analysis and success measurement: We evaluate push messages statistically and can thus recognize whether and when push messages were displayed and clicked on. This information is used to technically improve our push messages based on the technical data or the target groups and their retrieval behavior or the retrieval times. This analysis also includes determining whether the push messages are opened, when they are opened and whether users interact with their content or buttons. For technical reasons, this information can be assigned to the individual push message recipients. However, it is neither our aim nor, if used, that of the push message service provider to monitor individual users. Rather, the evaluations serve us to recognize the usage habits of our users and to adapt our push messages to them or to send different push messages according to the interests of our users. The evaluation of the push messages and the measurement of success are based on the express consent of the user, which is given with the consent to receive the push messages. Users can object to the analysis and performance measurement by unsubscribing from the push notifications. Unfortunately, a separate revocation of the analysis and performance measurement is not possible; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

cloud services

We use software services that are accessible via the Internet and run on the servers of their providers (so-called "cloud services", also referred to as "software as a service") for the storage and management of content (e.g. document storage and management, exchange of documents, content and information with specific recipients or publication of content and information).

In this context, personal data can be processed and stored on the servers of the providers, insofar as these are part of communication processes with us or are otherwise processed by us, as set out in this data protection declaration. This data can include, in particular, master data and contact details of users, data on transactions, contracts, other processes and their content. The providers of the cloud services also process usage data and metadata, which they use for security purposes and to optimize the service.

If we use the cloud services to provide forms or similar documents and content for other users or publicly accessible websites, the providers can store cookies on the users' devices for web analysis purposes or to change user settings (e.g. in the case of media control). remember, save.

• Types of data processed: Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Image and/or video recordings (e.g. photographs or video recordings of a person).

• Affected persons: customers; employees (e.g. employees, applicants, former employees); Interested persons; communication partner; Users (e.g. website visitors, users of online services).

• Purposes of processing: office and organizational procedures; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Provision of contractual services and customer service.

• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Adobe Creative Cloud: applications and cloud storage for photo editing, video editing, graphic design and web development; Service Provider: Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.adobe.com/de/creativecloud.html; Data protection:https://www.adobe.com/de/privacy.html; Order processing agreement: Provided by the service provider; Standard contractual clauses (ensuring the level of data protection when processing in third countries): inclusion in the order processing contract.

• Amazon Drive: cloud storage service; Service provider: Amazon EU S.à rl (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.amazon.de; Data protection:https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.

• Apple iCloud: cloud storage service; Service Provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.apple.com/de/; Data protection:https://www.apple.com/legal/privacy/de-ww/.

• Dropbox: cloud storage service; Service Provider: Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://www.dropbox.com/de; Data protection:https://www.dropbox.com/privacy; Order processing contract:https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf; Standard contractual clauses (ensuring the level of data protection when processing in third countries):https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf.

• Google Cloud Services: cloud infrastructure services and cloud-based application software; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://cloud.google.com/; Data protection:https://policies.google.com/privacy; Order processing contract:https://cloud.google.com/terms/data-processing-addendum; Standard contractual clauses (ensuring the level of data protection when processing in third countries):https://cloud.google.com/terms/eu-model-contract-clause; Further information:https://cloud.google.com/privacy.

• Google Cloud Storage: cloud storage, cloud infrastructure services and cloud-based application software; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://cloud.google.com/; Data protection:https://policies.google.com/privacy; Order processing contract:https://cloud.google.com/terms/data-processing-addendum; Standard contractual clauses (ensuring the level of data protection when processing in third countries):https://cloud.google.com/terms/eu-model-contract-clause; Further information:https://cloud.google.com/privacy.

• Google Workspace: Cloud-based application software (e.g. text and spreadsheet editing, appointment and contact management), cloud storage and cloud infrastructure services; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://workspace.google.com/; Data protection:https://policies.google.com/privacy; Order processing contract:https://cloud.google.com/terms/data-processing-addendum; Standard contractual clauses (ensuring the level of data protection when processing in third countries):https://cloud.google.com/terms/eu-model-contract-clause; Further information:https://cloud.google.com/privacy.

• mailbox.org: cloud storage service; Service provider: Heinlein Hosting GmbH, Schwedter Strasse 8/9A, 10119 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: mailbox.org; Data protection:https://mailbox.org/de/datenschutzerklaerung.

• Microsoft cloud services: cloud storage, cloud infrastructure services, and cloud-based application software; Service Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, Parent Company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://microsoft.com/de-de; Data protection:https://privacy.microsoft.com/de-de/privacystatement, Safety instructions:https://www.microsoft.com/de-de/trustcenter; Order processing contract:https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA; Standard contractual clauses (ensuring the level of data protection when processing in third countries):https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.

• Nextcloud: cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Nextcloud GmbH, Hauptmannsreute 44a, 70192 Stuttgart, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://nextcloud.com/de/; Data protection:https://nextcloud.com/de/privacy/.

• Nextcloud (hosting on our own server): cloud storage service in which the operation and storage of the processed data takes place on a server managed by us; Service provider: Nextcloud GmbH, Hauptmannsreute 44a, 70192 Stuttgart, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://nextcloud.com/de/; Data protection:https://nextcloud.com/de/privacy/.

• TeamDrive: cloud storage service; Service provider: TeamDrive Systems GmbH, Max-Brauer-Allee 50, 22765 Hamburg, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); site:https://teamdrive.com; CONDITIONS:https://teamdrive.com/datenschutzerklaerung/.

• Newsletters and electronic notifications

• We send newsletters, e-mails and other electronic notifications (hereinafter "newsletters") only with the consent of the recipient or legal permission. If the content of the newsletter is specifically described when registering for it, it is decisive for the consent of the user. Our newsletter also contains information about our services and us.

• In order to register for our newsletters, it is generally sufficient if you enter your e-mail address. However, we may ask you to provide a name so that we can address you personally in the newsletter, or other information if this is necessary for the purposes of the newsletter.

• Double opt-in procedure: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else's e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

• Deletion and restriction of processing: We can store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a blacklist (so-called "blocklist") solely for this purpose.

• The registration process is logged on the basis of our legitimate interests for the purpose of proving that it was carried out properly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.

• Content:

• Information about us, our services, promotions and offers.

• Types of data processed: Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Meta/communication data (e.g. device information, IP addresses); Usage data (e.g. websites visited, interest in content, access times).

• Affected persons: communication partners.

• Purposes of processing: direct marketing (e.g. by e-mail or post).

• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

• Possibility of objection (opt-out): You can cancel the receipt of our newsletter at any time, ie revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably e-mail.

• Further information on processing processes, procedures and services:

• Measurement of opening and click rates: The newsletters contain a so-called "web beacon", ie a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from their server of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected.This information is used to technically improve our newsletter on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined using the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and in their Profiles are stored until they are deleted.The evaluations are used by us s to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of the opening rates and click rates as well as the storage of the measurement results in the user profiles and their further processing are based on the consent of the user. Unfortunately, a separate revocation of the performance measurement is not possible. In this case, the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

• Promotional communication via e-mail, post, fax or telephone

• We process personal data for the purpose of advertising communication, which can take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.

• The recipients have the right to revoke their consent at any time or to object to advertising communication at any time.

• After revocation or objection, we store the data required to prove the previous authorization for contacting or sending up to three years after the end of the year of the revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. On the basis of the legitimate interest in permanently observing the revocation or objection of the user, we also store the data required to avoid being contacted again (e.g. e-mail address, telephone number, name depending on the communication channel).

• Types of data processed: Inventory data (e.g. names, addresses); Contact information (e.g. email, telephone numbers).

• Affected persons: communication partners.

• Purposes of processing: direct marketing (e.g. by e-mail or post).

• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

• Sweepstakes and Contests

• We process the personal data of participants in sweepstakes and competitions only in compliance with the relevant data protection regulations, insofar as the processing is contractually required for the provision, implementation and processing of the sweepstakes, the participants have consented to the processing or the processing serves our legitimate interests (e.g. in the security of the competition or the protection of our interests from misuse by possible collection of IP addresses when submitting competition entries).

• If entries by participants are published as part of the competition (e.g. as part of a voting or presentation of the competition entries or the winners or reporting on the competition), we would like to point out that the names of the participants may also be published in this context. The participants can object to this at any time.

• If the competition takes place within an online platform or a social network (e.g. Facebook or Instagram, hereinafter referred to as "online platform"), the usage and data protection provisions of the respective platforms also apply. In these cases, we would like to point out that we are responsible for the information provided by the participants in the context of the competition and inquiries regarding the competition are to be addressed to us.

• The participants' data will be deleted as soon as the sweepstakes or competition has ended and the data is no longer required to inform the winners or because queries about the sweepstakes are to be expected. In principle, the data of the participants will be deleted no later than 6 months after the end of the competition. Winners' data may be retained for a longer period of time, for example in order to be able to answer questions about the prizes or to be able to fulfill the prizes; in this case, the retention period depends on the type of prize and is, for example, up to three years for items or services in order to be able to process warranty cases, for example. Furthermore, the data of the participants can be stored longer, for example in the form of reporting on the competition in online and offline media.

• If data was also collected for other purposes as part of the competition, its processing and storage period are based on the data protection notices for this use (e.g. in the case of registration for the newsletter as part of a competition).

• Types of data processed: Inventory data (e.g. names, addresses); Content data (e.g. entries in online forms); Meta/communication data (e.g. device information, IP addresses).

• Affected persons: Sweepstakes and competition participants.

• Purposes of processing: conducting sweepstakes and competitions.

• Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).

• Web analysis, monitoring and optimization

• The web analysis (also referred to as "reach measurement") serves to evaluate the flow of visitors to our online offer and can include behavior, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can, for example, identify at what time our online offer or its functions or content are used most frequently or invite people to use them again. We can also understand which areas need optimization.

• In addition to web analysis, we can also use test procedures, for example to test and optimize different versions of our online offering or its components.

• Unless otherwise stated below, profiles, ie data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used and information on usage times. If users have given their consent to us or the providers of the services we use to collect their location data, location data can also be processed.

• The IP addresses of the users are also saved. However, we use an IP masking process (ie pseudonymization by shortening the IP address) to protect users. In general, no clear user data (e.g. e-mail addresses or names) are stored in the context of web analysis, A/B testing and optimization, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective process.

• Types of data processed: usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Content data (e.g. entries in online forms).

• Affected persons: users (e.g. website visitors, users of online services).

• Purposes of processing: remarketing; Target group formation (determination of target groups relevant for marketing purposes or other output of content); Range measurement (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (creating user profiles); Provision of our online offer and user-friendliness; A/B testing; Feedback (e.g. collecting feedback via online form); Heatmaps (mouse movements by users, which are combined to form an overall picture); Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); click tracking; Marketing; Tracking (e.g. interest/behavioural profiling, use of cookies); Conversion measurement (measurement of the effectiveness of marketing measures); target group building.

• Security measures: IP masking (pseudonymization of the IP address).

• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

• Further information on processing processes, procedures and services:

• 1&1 IONOS WebAnalytics: range measurement and web analysis; Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy; Further information: The data is collected either by a pixel or by a log file, without the use of cookies; the IP address of the visitor is transmitted when a page is called up, anonymized immediately after transmission and further processed without personal reference; the data is processed on the basis of an order processing contract.

• Adobe Analytics: Adobe Analytics; Service Provider: Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.adobe.com/de/analytics/adobe-analytics.html; Data protection declaration: https://www.adobe.com/de/privacy.html.

• Amazon Personalize: Amazon Personalize is a machine learning service that makes it easier for developers to create customized recommendations for customers using their applications; Service Provider: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://aws.amazon.com/de/personalize/; Privacy Policy: https://aws.amazon.com/privacy/; Order processing contract: https://aws.amazon.com/de/compliance/gdpr-center/; Standard contractual clauses (ensuring the level of data protection when processing in third countries): inclusion in the order processing contract.

• Burst Statistics: Service Provider: Hosted locally on our server, no data sharing with third parties; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://de.wordpress.org/plugins/burst-statistics/.

• econda Analytics: web analysis/ range measurement; Service provider: econda GmbH, Zimmerstr. 6, 76137 Karlsruhe, Germany; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.econda.de; Data protection declaration: https://www.econda.de/datenschutzanleitung/; Possibility of objection (opt-out): https://www.econda.de/widerruf-zur-datenspeicherung.

• etracker: web analysis/ range measurement; Service provider: etracker GmbH, Erste Brunnenstraße 1 20459 Hamburg, Germany; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.etracker.com; Data protection declaration: https://www.etracker.com/datenschutz/; Order processing contract: https://www.etracker.com/av-vertrag/.

• Google Optimize: Use of Google Analytics data for the purpose of improving areas of our online offering and better targeting our marketing measures to potential user interests; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://optimize.google.com; Privacy Policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms; More information: https://privacy.google.com/businesses/adsservices (types of processing and the data processed).

• Firebase: Google Firebase is a platform for developers of applications ("apps" for short) for mobile devices and websites. Google Firebase offers a variety of functions for testing apps, monitoring their functionality and optimizing them (based on on the following overview page: https://firebase.google.com/products). “Cloud Computing”). Google Firebase also offers interfaces that allow users of the app to interact with other services, e.g. authentication using services such as Facebook, Twitter or an e-mail password combination. ; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://firebase.google.com; Privacy Policy: https://policies.google.com/privacy.

• Google Analytics: web analysis, range measurement and measurement of user flows; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms; Objection option (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated; More information: https://privacy.google.com/businesses/adsservices (types of processing and the data processed).

• Google Universal Analytics: Range measurement and web analysis - We use Universal Analytics, a version of Google Analytics, to carry out a user analysis based on a pseudonymous user identification number. This identification number  does not contain any clear data, such as names or e-mail addresses. It is used to allocate analysis information to a user, e.g. to recognize which content users have called up during use or whether they call up our online offer again. Here,  pseudonymous user profiles are created with information from the use of various devices; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Terms and Conditions: https://business.safety.google/adsprocessorterms/; Privacy Policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms; Objection option (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated; More information: https://privacy.google.com/businesses/adsservices (types of processing and the data processed).

• Google Analytics 4: We use Google Analytics to perform user analysis based on a pseudonymous user identification number. This identification number does not contain any unique data, such as names or e-mail addresses. It is used to assign analysis information to an end device in order to recognize which content the user has called up within one or more usage processes, which search terms they have used, called them up again or interacted with our online offer. The time of use and its duration are also stored, as well as the sources of the users who refer to our online offer and technical aspects of their end devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies can be used. Analytics provides higher-level geographic location data by collecting the following metadata from IP lookup: "City" (and the city's derived latitude and longitude), "Continent", "Country", "Region" , "subcontinent" (and their ID-based equivalents). To ensure the protection of user data in the EU, Google receives and processes all user data via domains and servers within the EU. The IP address of the users is not logged and by default the last two digits are truncated. The IP address is shortened on EU servers for EU users. Also, all sensitive data collected from EU users is deleted before being collected through EU domains and servers; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms/; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms; Objection option (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated; More information: https://privacy.google.com/businesses/adsservices (types of processing and the data processed).

• Google Signals (Google Analytics feature): Google Signals are session data from websites and apps that Google associates with users who have logged into their Google Accounts and activated ad personalization. This mapping of data to these logged-in users is used to enable cross-device reporting, cross-device remarketing and cross-device conversion measurement. These include: Cross-platform reports - combining data across devices and activities from different sessions using your User ID or Google Signals data, allowing an understanding of user behavior at every step of the conversion process, from initial contact to conversion and beyond; Remarketing with Google Analytics - creating remarketing audiences from Google Analytics data and sharing those audiences with linked advertising accounts; Demographics and interests - Google Analytics collects additional information about demographics and interests from users who are logged into their Google accounts and have activated ad personalization; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://support.google.com/analytics/answer/7532985?hl=de; Privacy Policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms; More information: https://privacy.google.com/businesses/adsservices (types of processing and the data processed).

• No collection of detailed location and device data (Google Analytics function): No detailed location and device data are collected (further information: https://support.google.com/analytics/answer/12017362).

• Google Analytics without cookies: Range measurement and web analysis - We use Google Analytics without cookies. This means that no files serving to create a profile are stored on the end devices of the users. The information required for measurement and analysis is only stored and processed on the Google server. Pseudonymous user profiles are created here; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms; Objection option (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated; More information: https://privacy.google.com/businesses/adsservices (types of processing and the data processed).

• Google Analytics in consent mode: In consent mode, personal user data is processed by Google for measurement and advertising purposes, depending on the user's consent. Consent is obtained from users as part of our online services. If the users do not give their consent at all, the data will only be processed on an aggregated level (ie not assigned and summarized to individual users). If the consent only includes the statistical measurement, no personal data of the user will be processed for the advertisement placement or the measurement of the advertising success (so-called "conversion"); Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://support.google.com/analytics/answer/9976101?hl=en.

• Target group formation with Google Analytics: We use Google Analytics to display the ads placed within the advertising services of Google and its partners only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products , which are determined based on the websites visited) that we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interests of users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Legal basis: https://business.safety.google/adsprocessorterms/; Privacy Policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms/; Further information: Types of processing and the data processed: https://privacy.google.com/businesses/adsservices; Data processing terms for Google advertising products and standard contractual clauses for third-country transfers of data: https://business.safety.google/adsprocessorterms.

• Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offer (please refer to further information in this data protection declaration). With the Tag Manager itself (which implements the tags), e.g. For example, no user profiles have been created or cookies have been saved. Google only learns the IP address of the user, which is necessary to run Google Tag Manager; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms; More information: https://privacy.google.com/businesses/adsservices (types of processing and the data processed).

• Hotjar Observe: Software for the analysis and optimization of online offers based on pseudonymous measurements and analyzes of user behavior, including in particular A/B tests (measurement of the popularity and user-friendliness of different content and functions), measurement of click paths and interaction with content and functions of the online offer (so-called heat maps and recordings); Service Provider: Hotjar Ltd., 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta ; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.hotjar.com; Privacy Policy: https://www.hotjar.com/legal/policies/privacy; Deletion of data: the cookies used by Hotjar have different "lifetimes"; some stay up to 365 days, some only valid during the current visit; Cookie Policy: https://www.hotjar.com/legal/policies/cookie-information; Possibility of objection (opt-out): https://www.hotjar.com/legal/compliance/opt-out.

• Jetpack (WordPress Stats): Jetpack provides analysis - functions for WordPress software; Service Provider: Aut O'Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://automattic.com; Privacy Policy: https://automattic.com/privacy.

• Matomo (without cookies): Matomo is a data protection-friendly web analysis software that is used without cookies and in which returning users are recognized with the help of a so-called "digital fingerprint", which is stored anonymously and changed every 24 hours; With the "digital fingerprint", user movements within our online offer are recorded with the help of pseudonymised IP addresses in combination with user-side browser settings in such a way that conclusions about the identity of individual users are not possible. The user data collected as part of the use of Matomo is only processed by us and not shared with third parties; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://matomo.org/.

• Matomo: Matomo is software that is used for web analysis and range measurement purposes. When using Matomo, cookies are generated and stored on the user's end device. The user data collected as part of the use of Matomo is only processed by us and not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Deletion of data: The cookies are stored for a maximum of 13 months.

• Mouseflow: The purpose of data processing is to analyze websites and their visitors (heat maps and click tracking). Cookies can be used for this and user profiles can be created. This creates a log of mouse movements and clicks with the intention of randomly playing back individual website visits and deriving potential improvements for the website from this. The data collected with Mouseflow will not be used to personally identify the user without the user's separate consent and will not be combined with personal data about the bearer of the pseudonym; Service Provider: Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://mouseflow.com/de; Privacy Policy: https://mouseflow.com/de/privacy/; Possibility of objection (opt-out): https://mouseflow.de/opt-out/.

• Optimizely: web analysis, testing, optimization; Service Provider: Optimizely Inc, 631 Howard Street, Suite 100, San Francisco, CA 94105, USA; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.optimizely.com; Data protection declaration: https://www.optimizely.com/de/privacy.

• Visual Website Optimizer: Visual Website Optimizer - testing and optimization; Service Provider: Wingify Software Private Limited, 404, Gopal Heights, Netaji Subhash Place, Pitam Pura, Delhi 110034, India; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://vwo.com; Privacy Policy: https://vwo.com/privacy-policy/.

• VG Wort / scalable central measurement method: VG Wort / scalable central measurement method - We use "session cookies" from VG Wort, Munich, to measure access to texts in order to record the probability of copying. Session cookies are small pieces of information that a provider stores in the memory of the visitor's computer. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. Session cookies cannot store any other data. These measurements are carried out by Kantar Germany GmbH according to the Scalable Central Measurement Method (SZM). They help to determine the copy probability of individual texts to compensate authors and publishers for legal claims. We do not collect any personally identifiable information through cookies. With the scalable central measurement method, anonymous measurement values are collected. The access number measurement alternatively uses a session cookie or a signature, which is created from various automatically transmitted information from your browser, to recognize computer systems. IP addresses are only processed in an anonymous form. The process was developed with data protection in mind. The only aim of the procedure is to determine the copy probability of individual texts. At no time individual users are identified. Your identity is always protected. You will not receive any advertising through the system; Service provider: collecting society WORT (VG WORT), Untere Weidenstraße 5, 81543 Munich, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.vgwort.de; Data protection declaration: https://www.vgwort.de/hilfsseiten/datenschutz.html.

• Yandex-Metrica: analysis, click tracking and website optimization; Service Provider: Yandex Oy, Moreenikatu 6, 04600 Mantsala, Finland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://yandex.com; Privacy Policy: https://yandex.com/legal/privacy/; Standard contractual clauses (ensuring the level of data protection when processing in third countries): Agreed between Yandex Oy and YANDEX LLC, 16 Lva Tolstogo st., Moscow, 11 902 1, Russia, which is responsible for processing the data.

• Visitor Analytics: website statistics, user behavior analysis, A/B testing, visitor feedback and surveys; Service provider: Visitor Analytics GmbH, Stefan-George-Ring 19, 81929 Munich, Germany; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.visitor-analytics.io/de/; Data protection declaration: https://www.visitor-analytics.io/de/support/ legal-data-protection-certificates/; Order processing contract: https://www.visitor-analytics.io/de/support/ legal-data-protection-certificates/standard-integration/data-processing-contract-cookie-information/.

• Online marketing

• We process personal data for online marketing purposes, which may include the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of their effectiveness.

• For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar processes are used, by means of which the information about the user relevant to the presentation of the aforementioned content is stored. This information can include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this can also be processed.

• The IP addresses of the users are also saved. However, we use available IP masking procedures (ie pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) are stored as part of the online marketing process, but pseudonyms. This means that we and the providers of the online marketing process do not know the actual identity of the users, only the information stored in their profiles.

• The information in the profiles is usually stored in the cookies or by means of similar processes. These cookies can later generally also be read on other websites that use the same online marketing process and analyzed for the purpose of displaying content, as well as supplemented with further data and stored on the server of the online marketing process provider.

• As an exception, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing process we use and the network connects the user's profile with the aforementioned information. We kindly ask you to note that users can make additional agreements with the providers, e.g. by giving their consent during registration.

• In principle, we only receive access to summarized information about the success of our advertisements. However, we can use so-called conversion measurements to check which of our online marketing processes have led to a so-called conversion, ie, to a contract with us, for example. The conversion measurement is only used to analyze the success of our marketing measures.

• Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

• Types of data processed: content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Event data (Facebook) ("Event data" is data that can be transmitted by us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to people or their actions; Data includes, for example, information about visits to websites, interactions with content, functions, installation of apps, purchases of products, etc. The event data is processed in order to form target groups for content and advertising information (custom audiences); event data do not contain the actual content (such as comments written), no login information and no contact information (i.e. no names, e-mail addresses and telephone numbers).Event data will be deleted by Facebook after a maximum of two years formed target groups with the deletion of our Facebook account).

• Affected persons: users (e.g. website visitors, users of online services).

• Purposes of processing: range measurement (e.g. access statistics, recognition of returning visitors); Tracking (e.g. interest/behavioural profiling, use of cookies); Conversion measurement (measurement of the effectiveness of marketing measures); target group formation; Marketing; Profiles with user-related information (creating user profiles); Target group formation (determination of target groups relevant for marketing purposes or other output of content); Provision of our online offer and user-friendliness.

• Security measures: IP masking (pseudonymization of the IP address).

• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

• Possibility of objection (opt-out): We refer to the data protection notices of the respective providers and the possibilities of objection specified for the providers (so-called "opt-out"). If no explicit opt-out option has been specified, you can turn off cookies in your browser settings. However, this can limit the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-Territory: https://optout.aboutads.info.

• Further information on processing processes, procedures and services:

• Facebook pixel and target group formation (custom audiences): With the help of the Facebook pixel (or comparable functions, for the transmission of event data or contact information via interfaces in apps), it is possible for Facebook to use the visitors of our online offer as a target group for the To determine the display of advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel so that the Facebook ads we have placed are only available to users on Facebook and within the services of the partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called "Custom Audiences") We also want to use the Facebook pixel to ensure that our Facebook ads are relevant to users' potential interests and are not annoying.The Facebook pixel also allows us to understand the effectiveness of Facebook ads for statistical and market research purposes by seeing who whether users were redirected to our website after clicking on a Facebook ad (so-called "K conversion measurement"); Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Further information: User event data, ie information on behavior and interests, is used for the purposes of targeted advertising and target group building on the basis of the agreement on joint responsibility ("Supplement for persons responsible", https://www.facebook.com/ legal/controller_addendum). Joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, an EU based company. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses).