Privacy Policy

    Introduction and overview

    The contractual language is German. German law shall apply exclusively. The German version of the translation and privacy policy shall prevail. The English version is for information purposes only.

    Preamble

    With the following privacy policy we would like to inform you which types of your personal data (hereinafter also abbreviated as “data”) we process for which purposes and in which scope. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online services”).

    The terms used are not gender-specific.

    Last Update: 8. September 2022

    Legal text by Dr. Schwenke - please click for further information.

    Table of contents

    Controller

    Kollektiv MFG GmbH
    Papierstr. 14  
    13409 Berlin
    Germany

    Authorised Representatives:

    Jennifer Meier & Susann Fischer

    E-mail address:

    info@kollektiv-mfg.com

    Legal Notice:

    https://kollektiv-mfg.com/impressum/

    Overview of processing operations

    The following table summarises the types of data processed, the purposes for which they are processed and the concerned data subjects.

    Categories of Processed Data

    • Inventory data.
    • Payment Data.
    • Contact data.
    • Content data.
    • Contract data.
    • Usage data.
    • Meta/communication data.
    • Event Data (Facebook).

    Special Categories of Data

    • Health Data.
    • Data related to sexual preferences, sex life, and/or sexual orientation.
    • Rreligious or philosophical beliefs.
    • Data revealing racial or ethnic origin.

    Categories of Data Subjects

    • Customers.
    • Employees.
    • Prospective customers.
    • Communication partner.
    • Users.
    • Business and contractual partners.
    • Participants.

    Purposes of Processing

    • Provision of contractual services and customer support.
    • Contact requests and communication.
    • Security measures.
    • Direct marketing.
    • Web Analytics.
    • Targeting.
    • Office and organisational procedures.
    • Conversion tracking.
    • Affiliate Tracking.
    • Managing and responding to inquiries.
    • Feedback.
    • Marketing.
    • Profiles with user-related information.
    • Custom Audiences.
    • Provision of our online services and usability.
    • Information technology infrastructure.

    Legal Bases for the Processing

    In the following, you will find an overview of the legal basis of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may apply. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

    • Consent (Article 6 (1) (a) GDPR) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
    • Performance of a contract and prior requests (Article 6 (1) (b) GDPR) – Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
    • Compliance with a legal obligation (Article 6 (1) (c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
    • Legitimate Interests (Article 6 (1) (f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

    In addition to the data protection regulations of the General Data Protection Regulation, national regulations apply to data protection in Germany. This includes in particular the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, execution or termination of employment relationships as well as the consent of employees. Furthermore, data protection laws of the individual federal states may apply.

    Security Precautions

    We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

    The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing and separation of the data. In addition, we have established procedures to ensure that data subjects’ rights are respected, that data is erased, and that we are prepared to respond to data threats rapidly. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and service providers, in accordance with the principle of privacy by design and privacy by default.

    TLS encryption (https): To protect your data transmitted via our online services, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

    Transmission of Personal Data

    In the context of our processing of personal data, it may happen that the data is transferred to other places, companies or persons or that it is disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are embedded in a website. In such a case, the legal requirements will be respected and in particular corresponding contracts or agreements, which serve the protection of your data, will be concluded with the recipients of your data.

    Data Transmission within the Group of Companies: We may transfer personal data to other companies within our group of companies or otherwise grant them access to this data. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfill our contractual obligations or if the consent of the data subjects or otherwise a legal permission is present.

    Data Transfer within the Organization: We may transfer or otherwise provide access to personal information to other locations within our organization. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfill our contractual obligations or if the consent of those concerned or otherwise a legal permission is present.

    Data Processing in Third Countries

    If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third party services or disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.

    Subject to express consent or transfer required by contract or law, we process or have processed the data only in third countries with a recognised level of data protection, on the basis of special guarantees, such as a contractual obligation through so-called standard protection clauses of the EU Commission or if certifications or binding internal data protection regulations justify the processing (Article 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

    Erasure of data

    The data processed by us will be erased in accordance with the statutory provisions as soon as their processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or they are not required for the purpose). If the data is not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be restricted and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or for which storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. In the context of our information on data processing, we may provide users with further information on the deletion and retention of data that is specific to the respective processing operation.

    Use of Cookies

    Cookies are small text files or other data records that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the contents accessed or the functions used. Cookies can also be used for various purposes, e.g. for purposes of functionality, security and convenience of online offers as well as the creation of analyses of visitor flows.

    Information on consent: We use cookies in accordance with the statutory provisions. Therefore, we obtain prior consent from users, except when it is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is strictly necessary in order to provide an information society service explicitly requested by the subscriber or user. The revocable consent will be clearly communicated to the user and will contain the information on the respective cookie use.

    Information on legal bases under data protection law: The legal basis under data protection law on which we process users’ personal data with the use of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in a business operation of our online services and improvement of its usability) or, if this is done in the context of the fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. For which purposes the cookies are processed by us, we do clarify in the course of this privacy policy or in the context of our consent and processing procedures.

    Retention period: With regard to the retention period, a distinction is drawn between the following types of cookies:

     

    • Temporary cookies (also known as “session cookies”): Temporary cookies are deleted at the latest after a user has left an online service and closed his or her end device (i.e. browser or mobile application). 
    • Permanent cookies: Permanent cookies remain stored even after the terminal device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

    General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also file an objection to processing in accordance with the legal requirements in Article 21 GDPR. Users can also declare their objection by means of the settings of their browser, e.g. by deactivating the use of cookies (whereby this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes, can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

    Further information on processing methods, procedures and services used:

    • Processing Cookie Data on the Basis of Consent: We use a cookie management solution in which users’ consent to the use of cookies, or the procedures and providers mentioned in the cookie management solution, can be obtained, managed and revoked by the users. The declaration of consent is stored so that it does not have to be retrieved again and the consent can be proven in accordance with the legal obligation. Storage can take place server-sided and/or in a cookie (so-called opt-out cookie or with the aid of comparable technologies) in order to be able to assign the consent to a user or and/or his/her device. Subject to individual details of the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. In this case, a pseudonymous user identifier is formed and stored with the date/time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and used end device.
    • Complianz: Cookie-Consent Manager; Service provider: Hosted locally on our server, no data transfer to third parties; Website: https://complianz.io/; Privacy Policy: https://complianz.io/legal/; Further Information: An individual user ID, language as well as types of consent and the time of their submission are stored on the server and in the cookie on the user’s device.

    Business services

    We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”) within the context of contractual and comparable legal relationships as well as associated actions and communication with the contractual partners or pre-contractually, e.g. to answer inquiries.

    We process this data in order to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purpose of administrative tasks associated with these obligations and company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and economical business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this privacy policy.

    Which data are necessary for the aforementioned purposes, we inform the contracting partners before or in the context of the data collection, e.g. in online forms by special marking (e.g. colors), and/or symbols (e.g. asterisks or the like), or personally.

    We delete the data after expiry of statutory warranty and comparable obligations, i.e. in principle after expiry of 4 years, unless the data is stored in a customer account or must be kept for legal reasons of archiving. The statutory retention period for documents relevant under tax law as well as for commercial books, inventories, opening balance sheets, annual financial statements, the instructions required to understand these documents and other organizational documents and accounting records is ten years and for received commercial and business letters and reproductions of sent commercial and business letters six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent, or the accounting document was created, furthermore the record was made or the other documents were created.

    If we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms shall apply in the relationship between the users and the providers.

    • Processed data types: Inventory data (e.g. names, addresses); Payment Data (e.g. bank details, invoices, payment history); Contact data (e.g. e-mail, telephone numbers); Contract data (e.g. contract object, duration, customer category).
    • Special categories of personal data: Health Data (Article 9 (1) GDPR); Data related to sexual preferences, sex life, and/or sexual orientation (Article 9 (1) GDPR); Rreligious or philosophical beliefs (Article 9 (1) GDPR); Data revealing racial or ethnic origin (Article 9 (1) GDPR).
    • Data subjects: Prospective customers; Business and contractual partners; Customers.
    • Purposes of Processing: Provision of contractual services and customer support; Contact requests and communication; Office and organisational procedures; Managing and responding to inquiries.
    • Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Compliance with a legal obligation (Article 6 (1) (c) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

    Further information on processing methods, procedures and services used:

    • Agency Services: We process the data of our customers within the scope of our contractual services, which may include e.g. conceptual and strategic consulting, campaign planning, software and design development / consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis / consulting services and training services; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
    • Coaching: We process the data of our clients and interested parties and other clients or contractual partners (uniformly referred to as “clients”) in order to provide them with our services. The data processed, the type, scope and purpose of their processing and the necessity of their processing are determined by the underlying contractual and client relationship.

      Within the scope of our services, we may also process special categories of data, here in particular information on the health of clients, possibly with reference to their sexual life or sexual orientation and data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs. To this end, we obtain the express consent of clients where necessary and process the special categories of data otherwise for the purposes of health care, if the data is public or wit an other legal persmission.

      Insofar as it is necessary for the fulfilment of our contractual obligations, the protection of vital interests or by law, or with theclients’s consent, we disclose or transfer the clients’s data to third parties or agents, such as public authorities, accounting offices and in the field of IT, office or comparable services, in compliance with professional regulations; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

    • Consulting: We process the data of our clients, clients as well as interested parties and other clients or contractual partners (uniformly referred to as “clients”) in order to provide them with our consulting services. The data processed, the type, scope and purpose of the processing and the necessity of its processing are determined by the underlying contractual and client relationship.

      Insofar as it is necessary for the fulfilment of our contract, for the protection of vital interests or by law, or with the consent of the client, we disclose or transfer the client’s data to third parties or agents, such as authorities, courts, subcontractors or in the field of IT, office or comparable services, taking into account the professional requirements; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

    • Online Courses and Online Training: We process the data of the participants of our online courses and online trainings (uniformly referred to as “participants”) in order to be able to provide our course and training services to them. The data processed in this context, the type, scope, purpose and necessity of its processing are determined by the underlying contractual relationship. The data basically include details of the courses taken and services provided and, insofar as part of our range of services, personal specifications and results of the participants. The forms of processing also include the performance assessment and evaluation of our services and those of the course and training instructors; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
    • Project and Development Services: We process the data of our customers and clients (hereinafter uniformly referred to as “customers”) in order to enable them to select, acquire or commission the selected services or works as well as associated activities and to pay for and make available such services or works or to perform such services or works.

      The required information is indicated as such within the framework of the conclusion of the agreement, order or equivalent contract and includes the information required for the provision of services and invoicing as well as contact information in order to be able to hold any consultations. Insofar as we gain access to the information of end customers, employees or other persons, we process it in accordance with the legal and contractual requirements; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

    • Software and Platform Services: We process the data of our users, registered and any test users (hereinafter uniformly referred to as “users”) in order to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our offer and to develop it further. The required details are identified as such within the context of the conclusion of the agreement, order or comparable contract and include the details required for the provision of services and invoicing as well as contact information in order to be able to hold any further consultations; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
    • Consulting: Insofar as it is necessary for our contractual performance or required by law, or if the consent of the customer has been obtained, we disclose or transfer the customer’s data to third parties or agents, such as authorities, courts or in the field of IT, office or comparable services, in compliance with the contractual and legal requirements; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

    Providers and services used in the course of business

    As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers (in short, “services”) in compliance with legal requirements. Their use is based on our interests in the proper, legal and economic management of our business operations and internal organization.

    • Processed data types: Inventory data (e.g. names, addresses); Payment Data (e.g. bank details, invoices, payment history); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Contract data (e.g. contract object, duration, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Customers; Prospective customers; Users (e.g. website visitors, users of online services); Business and contractual partners.
    • Purposes of Processing: Provision of contractual services and customer support; Office and organisational procedures; Conversion tracking (Measurement of the effectiveness of marketing activities); Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Profiles with user-related information (Creating user profiles); Provision of our online services and usability.
    • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Consent (Article 6 (1) (a) GDPR).

    Further information on processing methods, procedures and services used:

    Payment Procedure

    Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other service providers for this purpose in addition to banks and credit institutions (collectively referred to as “payment service providers”).

    The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e. we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers.

    The terms and conditions and data protection information of the respective payment service providers apply to the payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information and other data subject rights.

    • Processed data types: Inventory data (e.g. names, addresses); Payment Data (e.g. bank details, invoices, payment history); Contract data (e.g. contract object, duration, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Customers; Prospective customers.
    • Purposes of Processing: Provision of contractual services and customer support.
    • Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

    Further information on processing methods, procedures and services used:

    • PayPal: Payment-Service-Provider (technical integration of online-payment-methods) (e.g. PayPal, PayPal Plus, Braintree, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Website: https://www.paypal.com; Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

    Provision of online services and web hosting

    We process user data in order to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user’s browser or terminal device.

    • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Content data (e.g. text input, photographs, videos).
    • Data subjects: Users (e.g. website visitors, users of online services).
    • Purposes of Processing: Provision of our online services and usability; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).); Security measures.
    • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

    Further information on processing methods, procedures and services used:

    • Provision of online offer on rented hosting space: For the provision of our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a “web hoster”); Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
    • Collection of Access Data and Log Files: The access to our online services is logged in the form of so-called “server log files”. Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a general rule, IP addresses and the requesting provider.
      The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Retention period: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.
    • E-mail Sending and Hosting: The web hosting services we use also include sending, receiving and storing e-mails. For these purposes, the addresses of the recipients and senders, as well as other information relating to the sending of e-mails (e.g. the providers involved) and the contents of the respective e-mails are processed. The above data may also be processed for SPAM detection purposes. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted during transport, but not on the servers from which they are sent and received (unless a so-called end-to-end encryption method is used). We can therefore accept no responsibility for the transmission path of e-mails between the sender and reception on our server; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
    • Hetzner: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.hetzner.com; Privacy Policy: https://www.hetzner.com/de/rechtliches/datenschutz; Data Processing Agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.
    • STRATO: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: STRATO AG, Pascalstraße 10,10587 Berlin, Germany; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.strato.de; Privacy Policy: https://www.strato.de/datenschutz; Data Processing Agreement: Provided by the service provider.
    • WordPress.com: Hosting and software for the creation, provision and operation of websites, blogs and other online services; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://wordpress.com; Privacy Policy: https://automattic.com/privacy/; Data Processing Agreement: https://wordpress.com/support/data-processing-agreements/.

    Registration, Login and User Account

    Users can create a user account. Within the scope of registration, the required mandatory information is communicated to the users and processed for the purposes of providing the user account on the basis of contractual fulfilment of obligations. The processed data includes in particular the login information (name, password and an e-mail address).

    Within the scope of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

    Users may be informed by e-mail of information relevant to their user account, such as technical changes.

    • Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Users (e.g. website visitors, users of online services).
    • Purposes of Processing: Provision of contractual services and customer support; Security measures; Managing and responding to inquiries; Provision of our online services and usability.
    • Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

    Further information on processing methods, procedures and services used:

    • Deletion of data after termination: If users have terminated their user account, their data relating to the user account will be deleted, subject to any legal permission, obligation or consent of the users; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
    • No obligation to retain data: It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

    Blogs and publication media

    We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Readers’ data will only be processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium within the scope of this privacy policy.

    • Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Users (e.g. website visitors, users of online services).
    • Purposes of Processing: Provision of contractual services and customer support; Feedback (e.g. collecting feedback via online form); Provision of our online services and usability.
    • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

    Contact and Inquiry Management

    When contacting us (e.g. via contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

    The response to the contact inquiries as well as the management of contact and inquiry data in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries and maintaining user or business relationships.

    • Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
    • Purposes of Processing: Contact requests and communication; Managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online services and usability; Provision of contractual services and customer support; Office and organisational procedures.
    • Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

    Further information on processing methods, procedures and services used:

    • Contact form: When users contact us via our contact form, e-mail or other communication channels, we process the data provided to us in this context to process the communicated request. For this purpose, we process personal data in the context of pre-contractual and contractual business relationships to the extent necessary for their fulfillment and otherwise on the basis of our legitimate interests as well as the interests of the communication partners in responding to the concerns and our legal archiving requirements; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
    • HubSpot: Customer management and process and sales support with personalized customer care with multi-channel communication, i.e. management of customer inquiries from different channels, and analysis and feedback functions; Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/privacy-policy; Data Processing Agreement: https://legal.hubspot.com/dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.hubspot.com/dpa.
    • ClickUp: Project management – organization and administration of teams, groups, workflows, projects and processes; Service provider: Mango Technologies, Inc., 580 Howard St, Suite 101, San Francisco, California 94105, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://clickup.com/; Privacy Policy: https://clickup.com/privacy; Data Processing Agreement: https://clickup.com/dpa.

    Video Conferences, Online Meetings, Webinars and Screen-Sharing

    We use platforms and applications of other providers (hereinafter referred to as “Conference Platforms”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as “Conference”). When using the Conference Platforms and their services, we comply with the legal requirements.

    Data processed by Conference Platforms: In the course of participation in a Conference, the Data of the participants listed below are processed. The scope of the processing depends, on the one hand, on which data is requested in the context of a specific Conference (e.g., provision of access data or clear names) and which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, participants’ Data may also be processed by the Conference Platforms for security purposes or service optimization. The processed Date includes personal information (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the internet access, information on the participants’ end devices, their operating system, the browser and its technical and linguistic settings, information on the content-related communication processes, i.e. entries in chats and audio and video data, as well as the use of other available functions (e.g. surveys). The content of communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users with the Conference Platforms, then further data may be processed in accordance with the agreement with the respective Conference Provider.

    Logging and recording: If text entries, participation results (e.g. from surveys) as well as video or audio recordings are recorded, this will be transparently communicated to the participants in advance and they will be asked – if necessary – for their consent.

    Data protection measures of the participants: Please refer to the data privacy information of the Conference Platforms for details on the processing of your data and select the optimum security and data privacy settings for you within the framework of the settings of the conference platforms. Furthermore, please ensure data and privacy protection in the background of your recording for the duration of a Conference (e.g., by notifying roommates, locking doors, and using the background masking function, if technically possible). Links to the conference rooms as well as access data, should not be passed on to unauthorized third parties.

    Notes on legal bases: Insofar as, in addition to the Conference Platforms, we also process users’ data and ask users for their consent to use contents from the Conferences or certain functions (e.g. consent to a recording of Conferences), the legal basis of the processing is this consent. Furthermore, our processing may be necessary for the fulfillment of our contractual obligations (e.g. in participant lists, in the case of reprocessing of Conference results, etc.). Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

    • Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Communication partner (Recipients of e-mails, letters, etc.); Users (e.g. website visitors, users of online services).
    • Purposes of Processing: Provision of contractual services and customer support; Contact requests and communication; Office and organisational procedures.
    • Legal Basis: Consent (Article 6 (1) (a) GDPR); Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

    Further information on processing methods, procedures and services used:

    Cloud Services

    We use Internet-accessible software services (so-called “cloud services”, also referred to as “Software as a Service”) provided on the servers of its providers for the following purposes: document storage and administration, calendar management, e-mail delivery, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of websites, forms or other content and information, as well as chats and participation in audio and video conferences.

    Within this framework, personal data may be processed and stored on the provider’s servers insofar as this data is part of communication processes with us or is otherwise processed by us in accordance with this privacy policy. This data may include in particular master data and contact data of data subjects, data on processes, contracts, other proceedings and their contents. Cloud service providers also process usage data and metadata that they use for security and service optimization purposes.

    If we use cloud services to provide documents and content to other users or publicly accessible websites, forms, etc., providers may store cookies on users’ devices for web analysis or to remember user settings (e.g. in the case of media control).

    • Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Customers; Employees (e.g. Employees, job applicants); Prospective customers; Communication partner (Recipients of e-mails, letters, etc.); Users (e.g. website visitors, users of online services).
    • Purposes of Processing: Office and organisational procedures; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).).
    • Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

    Further information on processing methods, procedures and services used:

    Newsletter and Electronic Communications

    We send newsletters, e-mails and other electronic communications (hereinafter referred to as “newsletters”) only with the consent of the recipient or a legal permission. Insofar as the contents of the newsletter are specifically described within the framework of registration, they are decisive for the consent of the user. Otherwise, our newsletters contain information about our services and us.

    In order to subscribe to our newsletters, it is generally sufficient to enter your e-mail address. We may, however, ask you to provide a name for the purpose of contacting you personally in the newsletter or to provide further information if this is required for the purposes of the newsletter.

    Double opt-in procedure: The registration to our newsletter takes place in general in a so-called Double-Opt-In procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with external e-mail addresses.

    The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation times as well as the IP address. Likewise the changes of your data stored with the dispatch service provider are logged.

    Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the case of an obligation to permanently observe an objection, we reserve the right to store the e-mail address solely for this purpose in a blocklist.

    The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

    • Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Meta/communication data (e.g. device information, IP addresses); Usage data (e.g. websites visited, interest in content, access times).
    • Data subjects: Communication partner (Recipients of e-mails, letters, etc.); Users (e.g. website visitors, users of online services).
    • Purposes of Processing: Direct marketing (e.g. by e-mail or postal); Provision of contractual services and customer support; Web Analytics (e.g. access statistics, recognition of returning visitors); Conversion tracking (Measurement of the effectiveness of marketing activities); Profiles with user-related information (Creating user profiles).
    • Legal Basis: Consent (Article 6 (1) (a) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
    • Opt-Out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the contact options listed above, preferably e-mail.

    Further information on processing methods, procedures and services used:

    • Measurement of opening rates and click rates: The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file, which is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from its server. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected.

       

      This information is used for the technical improvement of our newsletter on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval points (which can be determined with the help of the IP address) or access times. This analysis also includes determining whether newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until the profiles are deleted. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

      The measurement of opening rates and click rates as well as the storage of the measurement results in the profiles of the users and their further processing are based on the consent of the users.

      A separate objection to the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled or objected to. In this case, the stored profile information will be deleted; Legal Basis: Consent (Article 6 (1) (a) GDPR).

    • Google Analytics: Measuring the success of email campaigns and building user profiles with a storage period of up to two years; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://business.safety.google/adsprocessorterms; Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://adssettings.google.com/authenticated; Further Information: https://privacy.google.com/businesses/adsservices (Types of processing and data processed).
    • Prerequisite for the use of free services: Consent to the sending of mailings can be made dependent on the use of free services (e.g. access to certain content or participation in certain campaigns) as a prerequisite. If the users would like to take advantage of the free service without registering for the newsletter, we offer them to contact us.
    • Order process reminder emails: When users cancel an order process, we can send them a notice of the cancellation and remind them to continue. This function can be useful, for example, if the purchase process could not be continued due to a browser crash, oversight or forgetting. The dispatch is based on consent, which users can object to at any time; Legal Basis: Consent (Article 6 (1) (a) GDPR).
    • HubSpot: Email marketing platform; Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.hubspot.com; Privacy Policy: https://legal.hubspot.com/privacy-policy; Data Processing Agreement: https://legal.hubspot.com/dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.hubspot.com/dpa; Further Information: https://legal.hubspot.com/dpa.
    • Mailchimp: Email distribution and email marketing platform; Service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://mailchimp.com; Privacy Policy: https://mailchimp.com/legal/; Data Processing Agreement: https://mailchimp.com/legal/data-processing-addendum/; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): Inclusion in the Data Processing Agreement; Further Information: Special safety measures: https://mailchimp.com/help/Mailchimp-european-data-transfers/.

    Surveys and Questionnaires

    We conduct surveys and interviews to gather information for the survey purpose communicated in each case. The surveys and questionnaires (“surveys”) carried out by us are evaluated anonymously. Personal data is only processed insofar as this is necessary for the provision and technical execution of the survey (e.g. processing the IP address to display the survey in the user’s browser or to enable a resumption of the survey with the aid of a cookie).

    • Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Communication partner (Recipients of e-mails, letters, etc.); Participants.
    • Purposes of Processing: Feedback (e.g. collecting feedback via online form).
    • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

    Further information on processing methods, procedures and services used:

    Web Analysis, Monitoring and Optimization

    Web analysis is used to evaluate the visitor traffic on our website and may include the behaviour, interests or demographic information of users, such as age or gender, as pseudonymous values. With the help of web analysis we can e.g. recognize, at which time our online services or their functions or contents are most frequently used or requested for repeatedly, as well as which areas require optimization.

    In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online services or their components.

    Unless otherwise stated below, profiles, i.e. data aggregated for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have agreed to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

    Unless otherwise stated below, profiles, that is data summarized for a usage process or user, may be created for these purposes and stored in a browser or terminal device (so-called “cookies”) or similar processes may be used for the same purpose. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data or profiles to us or to the providers of the services we use, these may also be processed, depending on the provider.

    The IP addresses of the users are also stored. However, we use any existing IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect the user. In general, within the framework of web analysis, A/B testing and optimisation, no user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.

    • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Users (e.g. website visitors, users of online services).
    • Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (Creating user profiles).
    • Security measures: IP Masking (Pseudonymization of the IP address).

    Online Marketing

    We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as “Content”) based on the potential interests of users and the measurement of their effectiveness.

    For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedure in which the relevant user information for the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, communication partners and technical information such as the browser used, computer system used and information on usage times and used functions. If users have consented to the collection of their sideline data, these can also be processed.

    The IP addresses of the users are also stored. However, we use provided IP masking procedures (i.e. pseudonymisation by shortening the IP address) to ensure the protection of the user’s by using a pseudonym. In general, within the framework of the online marketing process, no clear user data (such as e-mail addresses or names) is secured, but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

    The information in the profiles is usually stored in the cookies or similar memorizing procedures. These cookies can later, generally also on other websites that use the same online marketing technology, be read and analyzed for purposes of content display, as well as supplemented with other data and stored on the server of the online marketing technology provider.

    Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing technology we use and the network links the profiles of the users in the aforementioned data. Please note that users may enter into additional agreements with the social network providers or other service providers, e.g. by consenting as part of a registration process.

    As a matter of principle, we only gain access to summarised information about the performance of our advertisements. However, within the framework of so-called conversion measurement, we can check which of our online marketing processes have led to a so-called conversion, i.e. to the conclusion of a contract with us. The conversion measurement is used alone for the performance analysis of our marketing activities.

    Unless otherwise stated, we kindly ask you to consider that cookies used will be stored for a period of two years.

    • Processed data types: Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Event Data (Facebook) (“Event Data” is data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as written comments), login information, and Contact Information (such as names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, the Custom Audiences created from them with the deletion of our Facebook account).
    • Data subjects: Users (e.g. website visitors, users of online services).
    • Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Conversion tracking (Measurement of the effectiveness of marketing activities); Affiliate Tracking; Marketing; Profiles with user-related information (Creating user profiles); Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content); Provision of our online services and usability.
    • Security measures: IP Masking (Pseudonymization of the IP address).
    • Legal Basis: Consent (Article 6 (1) (a) GDPR).
    • Opt-Out: We refer to the privacy policies of the respective service providers and the possibilities for objection (so-called “opt-out”). If no explicit opt-out option has been specified, it is possible to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered collectively for each area:

      a) Europe: https://www.youronlinechoices.eu.
      b) Canada: https://www.youradchoices.ca/choices.
      c) USA: https://www.aboutads.info/choices.
      d) Cross-regional: https://optout.aboutads.info.

    Further information on processing methods, procedures and services used:

    • Facebook Pixel and Custom Audiences (Custom Audiences): With the help of the Facebook pixel (or equivalent functions, to transfer Event-Data or Contact Information via interfaces or other software in apps), Facebook is on the one hand able to determine the visitors of our online services as a target group for the presentation of ads (so-called “Facebook ads”). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users and within the services of partners cooperating with Facebook (so-called “audience network” https://www.facebook.com/audiencenetwork/ ) who have shown an interest in our online services or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). With the help of Facebook pixels, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not appear annoying. The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by showing whether users were referred to our website after clicking on a Facebook ad (known as “conversion tracking”); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing; Further Information: User event data, i.e. behavioral and interest data, is processed for the purposes of targeted advertising and audience building on the basis of the joint controllership agreement (“Controller Addendum”, https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company located in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
    • Google Ads and Conversion Tracking: We use the Google “Ads” online marketing method to place ads on the Google advertising network (e.g., in search results, videos, websites, etc.) so that they are displayed to users who have an alleged interest in the ads. We also measure the conversion of the ads (so called “Konversion”). However, we only know the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we ourselves do not receive any information that can be used to identify users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Further Information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices; Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms.

    Profiles in Social Networks (Social Media)

    We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

    We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g. by making it more difficult to enforce users’ rights.

    In addition, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the associated interests of users. The user profiles can then be used, for example, to place advertisements within and outside the networks which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behaviour and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective networks or will become members later on).

    For a detailed description of the respective processing operations and the opt-out options, please refer to the respective data protection declarations and information provided by the providers of the respective networks.

    Also in the case of requests for information and the exercise of rights of data subjects, we point out that these can be most effectively pursued with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.

    • Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Users (e.g. website visitors, users of online services).
    • Purposes of Processing: Contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing.
    • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

    Further information on processing methods, procedures and services used:

    • Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
    • Facebook-Seiten: Profiles within the social network Facebook – We are jointly responsible (so called “joint controller”) with Meta Platforms Ireland Limited for the collection (but not the further processing) of data of visitors to our Facebook page. This data includes information about the types of content users view or interact with, or the actions they take (see “Things that you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), and information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie information; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How we use this information?” Facebook also collects and uses information to provide analytics services, known as “page insights,” to site operators to help them understand how people interact with their pages and with content associated with them. We have concluded a special agreement with Facebook (“Information about Page-Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular the security measures that Facebook must observe and in which Facebook has agreed to fulfill the rights of the persons concerned (i.e. users can send information access or deletion requests directly to Facebook). The rights of users (in particular to access to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Further Information: Joint Controllership Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. The joint controllership is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company located in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
    • LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement: https://legal.linkedin.com/dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.linkedin.com/dpa; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

    Plugins and embedded functions and content

    Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may, for example, be graphics, videos or city maps (hereinafter uniformly referred to as “Content”).

    The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.

    • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Users (e.g. website visitors, users of online services).
    • Purposes of Processing: Provision of our online services and usability.
    • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

    Further information on processing methods, procedures and services used:

    • Font Awesome (Provision on own server): Display of fonts and symbols; Service provider: The Font Awesome icons are hosted on our server, no data is transmitted to the provider of Font Awesome; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
    • Google Fonts (from Google Server): Obtaining fonts (and symbols) for the purpose of a technically secure, maintenance-free and efficient use of fonts and symbols with regard to timeliness and loading times, their uniform presentation and consideration of possible restrictions under licensing law. The provider of the fonts is informed of the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted which are necessary for the provision of the fonts depending on the devices used and the technical environment; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy.
    • Google Fonts (Provision on own server): Obtaining fonts (“Google Fonts”) for the purpose of a user-friendly appearance of our online services; Service provider: The Google Fonts are hosted on our server, no data is transmitted to Google; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

    Management, Organization and Utilities

    We use services, platforms and software from other providers (hereinafter referred to as ” third-party providers”) for the purposes of organizing, administering, planning and providing our services. When selecting third-party providers and their services, we comply with the legal requirements.

    Within this context, personal data may be processed and stored on the servers of third-party providers. This may include various data that we process in accordance with this privacy policy. This data may include in particular master data and contact data of users, data on processes, contracts, other processes and their contents.

    If users are referred to the third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party provider processing may process usage data and metadata that can be processed by them for security purposes, service optimisation or marketing purposes. We therefore ask you to read the data protection notices of the respective third party providers.

    • Processed data types: Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Contact data (e.g. e-mail, telephone numbers).
    • Data subjects: Communication partner (Recipients of e-mails, letters, etc.); Users (e.g. website visitors, users of online services).
    • Purposes of Processing: Provision of contractual services and customer support; Office and organisational procedures.
    • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

    Further information on processing methods, procedures and services used:

    Changes and Updates to the Privacy Policy

    We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

    If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that addresses may change over time and to verify the information before contacting us.

    Rights of Data Subjects

    As data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

    • Right to Object: You have the right, on grounds arising from your particular situation, to object at any time to the processing of your personal data which is based on letter (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.
    • Right of withdrawal for consents: You have the right to revoke consents at any time.
    • Right of access: You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with the provisions of the law.
    • Right to rectification: You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of the incorrect data concerning you.
    • Right to Erasure and Right to Restriction of Processing: In accordance with the statutory provisions, you have the right to demand that the relevant data be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.
    • Right to data portability: You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.
    • Complaint to the supervisory authority: In accordance with the law and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you habitually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

    Terminology and Definitions

    This section provides an overview of the terms used in this privacy policy. Many of the terms are drawn from the law and defined mainly in Article 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended above all for the purpose of comprehension. The terms are sorted alphabetically.

    • Affiliate Tracking: Custom Audiences refers to the process of determining target groups for advertising purposes, e.g. the display of advertisements. For example, a user’s interest in certain products or topics on the Internet may be used to conclude that the user is interested in advertisements for similar products or the online store in which the user viewed the products. “Lookalike Audiences” is the term used to describe content that is viewed as suitable by users whose profiles or interests presumably correspond to the users for whom the profiles were created. For the purposes of creating custom audiences and lookalike audiences, cookies and web beacons are typically used.
    • Controller: “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
    • Conversion tracking: Conversion tracking is a method used to evaluate the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the devices of the users within the websites on which the marketing measures take place and then called up again on the target website (e.g. we can thus trace whether the advertisements placed by us on other websites were successful).
    • Custom Audiences: Target group formation (or “custom audiences”) is the term used when target groups are determined for advertising purposes, e.g. display of advertisements. For example, a user’s interest in certain products or topics on the Internet may be used to infer that that user is interested in advertisements for similar products or the online store in which they viewed the products. Lookalike Audiences” (or similar target groups) is the term used to describe content that is viewed as suitable by users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies are generally used for the purposes of creating custom audiences and lookalike audiences. Target groups can be created by processing visitors of an online service or can be uploaded to the provider of an online marketing technology by means of uploading (which is usually done pseudonymised).
    • Personal Data: “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    • Processing: The term “processing” covers a wide range and practically every handling of data, be it collection, evaluation, storage, transmission or erasure.
    • Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, includes any kind of automated processing of personal data that consists of using these personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behaviour and interests, such as interaction with websites and their content, etc.) (e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.
    • Targeting: “Tracking” is the term used when the behaviour of users can be traced across several websites. As a rule, behavior and interest information with regard to the websites used is stored in cookies or on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to display advertisements to users presumably corresponding to their interests.
    • Web Analytics: Web Analytics serves the evaluation of visitor traffic of online services and can determine their behavior or interests in certain information, such as content of websites. With the help of web analytics, website owners, for example, can recognize at what time visitors visit their website and what content they are interested in. This allows them, for example, to optimize the content of the website to better meet the needs of their visitors. For purposes of web analytics, pseudonymous cookies and web beacons are frequently used in order to recognise returning visitors and thus obtain more precise analyses of the use of an online service.

     

    Privacy policy – Product Calvah

    Calvah, a product of Kollektiv MFG GmbH 

    The responsible party within the meaning of the EU General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is: 

    Kollektiv MFG GmbH  

    Represented by the management: Jennifer Meier and Susann Fischer 

    Papierstrasse 1, 13409 Berlin, Germany 

    E-mail address: support@calvah.com 

    Commercial register: HRB 238358 B

    Registergericht: Charlottenburg Local Court 

    VAT-IdNr: DE351406839 

    The contractual language is German. German law shall apply exclusively. The German version of the translation and privacy policy shall prevail. The English version is for information purposes only.

    General information 

    When you use Calvah, a product of Kollektiv MFG GmbH (hereinafter referred to as Kollektiv MFG, we, our) or interact with Kollektiv MFG GmbH’s product Calvah, we process personal data about you in order to provide you with access to Calvah and to offer you an improved experience and support. This includes collecting, recording, using, transferring, storing, sharing and deleting your data. 

    This Privacy Policy describes how Kollektiv MFG GmbH processes your data for the use of Calvah and explains the choices you have regarding your data. Please note that this Privacy Policy does not apply to the processing of your data by third parties when you use the integrated services of third parties available through our services. Please visit these third parties’ websites for more information about their privacy practices (e.g., data transfer for email communications and data transfer for support requests). 

    We collect and use the personal information described below to provide Calvah to you in a reliable and secure manner. In addition, we collect and use personal data for our legitimate business needs. We process your personal data in compliance with the relevant provisions of the EU Data Protection Regulation (DSGVO), the German Federal Data Protection Act (BDSG) and all other applicable laws. 

    The collection and use of personal data is generally only carried out with your consent. An exception applies if consent is not possible for actual reasons and the processing of the data is permitted by legal regulations. 

    We collect personal data (individual details about personal or factual circumstances of a specific or identifiable natural person) only to the extent provided by you. 

    Where we use third party services to provide our services, we take appropriate legal precautions and technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal requirements. 

    This may involve transferring personal data to servers located outside the EU or to trusted third parties located outside the EU. You should be aware that many countries do not offer the same legal protection for personal information as you enjoy in the EU. While your personal information is located in another country, it may be accessed by courts, law enforcement and national security authorities of that country in accordance with its laws. Subject to your explicit consent or contractually or legally required transfers, we will only process or allow the processing of data outside the EU in third countries with a recognised level of data protection, contractual obligations through so-called standard data protection clauses of the EU Commission in the presence of certifications or binding internal data protection regulations (Art. 44 to Art. 49 DSGVO).  

    As new technologies and the constant further development of this website may result in changes to this data protection declaration, we recommend that you read through the data protection declaration again at regular intervals. Definitions of the terms used (e.g. “personal data” or “processing”) can be found in Art. 4 DSGVO. 

    1. To whom our data protection declaration applies. 

    Once companies or individual users are subject to our SaaS License Agreement or Enterprise Framework Agreement for the use of Calvah, Kollektiv MFG acts as a service provider (processor) to process personal data on behalf of or at the instruction of the client. The Privacy Policy also applies to Unlicensed Users (individuals invited by Licensed Users to use Calvah, agree to the Privacy Policy and use Calvah). Our customers and users usually belong to a company or organization, they are the data controllers. They make decisions about the data they provide to Kollektiv MFG when using Calvah. In all other cases, Kollektiv MFG is responsible for the data. 

    Calvah can be used by companies as well as by individual users. If you use Calvah through your company, public entity or with your business email address, the Calvah administrator of your company or public entity is responsible for the accounts associated with that company or entity and may: restrict, suspend or terminate your access to or authorisation to use the Services, access data about you, access or store data held by us (including the content of your meetings, meeting statistics and log data about your use of Calvah) and restrict your authority to process, restrict, amend or delete data relating to your use of our products and services. 

    2.What sources and data do we receive and process?

    Kollektiv MFG processes data that we receive directly from you, that is collected automatically when you use Calvah or visit one of our websites, as well as data collected by Kollektiv via third parties (e.g. support requests via a third-party platform).

    Data that Kollektiv MFG receives directly from you 

    Account information: Data that Kollektiv MFG needs to create a Calvah account for you, facilitate payment transactions and manage your ability to sign in and out of Calvah. This includes:  

    • Identifiers (such as first and last name and email address).  
    • Your password for Calvah (hashed)  
    • User ID – data related to a third party identity authentication provider  
    • Billing data (such as name, address and phone number) 
    • Financial data (such as credit card information collected by our payment processors on our behalf)  
    • Contract information and number of licenses selected 

    Your content: This is data that you provide to us through your use of Calvah. This includes data you provide as part of the meeting planning process (e.g. objectives, descriptions, links to further information, data you provide in written feedback during a meeting). Any other data you provide in the course of using Calvah that identifies or can reasonably be associated with you. Profile-related data (such as email, profile picture, name, gender pronouns, occupation or employment details such as your job title or role in your company) and other data that you provide to describe yourself and that is only collected when you provide it. As a meeting organizer, you also have the option to create profiles for meeting participants inside and outside your organization. If you do so, we will store these contact details and user ID on our server. 

    Use without an account: If you use Calvah without registering, you are a so-called “anonymous user”. In addition to the data required for server operation, only your feedback and the Meeting Organizer’s name and pronoun will be saved. When saving the contribution, this string is then loosely saved with the contribution. There is no assignment to an identity. By sending your feedback, you agree to the storage. Since we cannot later trace who wrote the contribution, you have no right to delete it, since there is no proof of authorship. 

    Usage information: We collect information about how you use Calvah. This includes actions you take in your account (e.g. creating and editing meetings, using the meeting timer, viewing statistics). We use this information to provide, improve and market our services and to protect Calvah users.  

    Cookies: We use so-called session cookies on our pages. Session cookies are technically necessary cookies that ensure the basic functionality of the website. Cookies are data packets that your browser stores in your end device at our instigation. Session cookies are temporary and are valid until the user logs out or until the lifetime of the cookie is reached. Other cookies are not used. 

    After leaving our website, the cookies remain stored on your terminal device and enable us to recognise your internet browser on your next visit.  

    You can set your internet browser so that you are informed when cookies are set and decide individually whether to accept them or generally exclude the acceptance of cookies for certain cases. Cookies that have already been stored can be deleted at any time. This can be done automatically. If you do not accept cookies, the functionality of our website may be limited. 

    Device information: We collect data from and about the devices you use to access Calvah. This includes IP addresses, the type of browser and device you use and the identifiers associated with your devices. Depending on your device settings, your devices may also transmit location data to the Services. For example, we use device information to identify misuse and to detect and correct errors. 

    Data from communications with Kollektiv MFG: Other data you may provide to us when you interact with Kollektiv MFG in other ways. This includes, for example, data from emails you forward to mail addresses of @kollektiv-mfg.com or @calvah.com. You may voluntarily provide us with data when you interact with us, such as when you interact directly with Kollektiv MFG staff, such as our sales, support or research groups. Kollektiv MFG may process: Your enquiry, questions and feedback that you submit to us via forms or email. Data you provide in connection with sweepstakes, contests or research studies run by Kollektiv MFG if you choose to participate, data to verify your identity, your audio and video data if you participate in a sales call or user research study and do not opt out of having the calls recorded. 

    3. Use of your data 

    Kollektiv MFG processes your data to perform our contracts with you (Art. 6 para. 1 sentence 1, lit. b DSGVO). The purposes of the data processing depend in detail on the basis of the contract. Kollektiv MFG uses your data to provide Calvah and related services, to communicate with you, to process transactions when you change your Calvah plan, to maintain security and prevent fraud, and to comply with legal requirements. 

    Data access: Within our organization, your personal data will only be disclosed to those individuals and bodies who need it to fulfill our contractual and legal obligations. In addition, the following bodies may receive your data (if necessary): the tax advisor for advice on tax matters and the auditor for the preparation of the annual financial statements. 

    Contractual warranties: providing services to you and operating our business; maintaining, providing and improving our products and services; improving our understanding of user interests and needs so that we can tailor Calvah for you; and analyzing and evaluating how you interact with our websites and Calvah. 

    Contacting us for support, communications etc: We use information about your use of Calvah to:  

    • Account information (e.g. your email address and name).  
    • Data related to integrated third-party services to contact you about Calvah (by phone, text message, email or chat)  
    • To share notices and updates, product changes and other necessary communications such as security and fraud alerts, and to provide webinars or public presentations and demonstrations of Calvah and to gather your opinions through surveys, research studies and questionnaires.  
    • Providing support, obtaining feedback, responding to your requests for information.  
    • Helping you identify and resolve issues with your account and answering your questions. 

    Enabling reporting and analysis of Calvah’s performance: we may aggregate and/or anonymise data relating to your use of Calvah (for example, how many meetings you have created or the average meeting duration) so that such data can no longer be associated with you or your device. We may use such aggregated and anonymised data for any purpose, including, but not limited to, research and marketing purposes, and may also share such data with third parties, including advertisers, sponsors, event organizers and/or others.  

    Law and order and public interest: In individual cases, we process your data to protect legitimate interests of us or of third parties (e.g. public authorities). This applies in particular to the investigation of criminal offenses (legal basis Art. 6 para. 1 sentence 1 lit. f DSGVO in conjunction with § 26 para. 1 sentence 2 BDSG) or the exchange of data within the group for administrative purposes or to protect Kollektiv MFG from fraud or abuse. 

    4. How we protect our users’ data 

    The protection of your data: Is secured by SSL encryption (https), storage of encrypted passwords, regular updating of the website. 

    Retention of your data: Through your registered account, we retain stored information from you as follows:  

    • for as long as your account exists or we need it to provide the Services to you
    • After your account has been deleted, all personal data – if applicable – will first be stored in accordance with tax and commercial law retention periods and then deleted after expiry of the period, unless you have consented to further processing and use. On the other hand, we initiate the deletion of this information after 30 days. 

    Please note:  

    1. It may take some time to delete this information from our servers and from our backup; and  
    1. We may retain this information as necessary to comply with our legal obligations, resolve disputes or enforce our contracts. 
    1. Where we store and process our users’ data 

    Kollektiv MFG engages third party sub-processors to assist in the provision of services to our clients:in. A sub-processor is a third party processor engaged by Kollektiv MFG to receive data from Kollektiv MFG and process personal data on behalf of our clients. 

    Third Party Processor List  

    Sub-processors of Kollektiv MFG 

     

    Name  Type of sub-processing  Country  
    Hetzner Online GmbH  Cloud Service Provider DE 
    Stripe  Payment Service Provider USA 

     

    Payment function. We have integrated the online payment service provider Stripe to process the payment for the fulfillment of the contract. Stripe offers the option of processing payments via credit cards.   

    If you select payment via Stripe, the payment data you enter (name, purchase amount, e-mail, bank details) will be transmitted to Stripe. By selecting this payment option, you consent to the transmission of your personal data required for payment processing.  

    The transmission of your data to Stripe is based on Art. 6 para. 1, sentence.1 lit. a DSGVO and Art. 6 para. 1, sentence.1 lit. b DS-GVO. You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations. This also applies to personal data that must be processed, used or transmitted for the purpose of processing payments.  

    The transfer of the data is for the purpose of payment processing and fraud prevention.  

    We will also transfer other personal data to Stripe if there is a legitimate interest for the transfer. The personal data exchanged between us and Stripe may be transferred by Stripe to credit reference agencies. The purpose of this transfer is to check your identity and creditworthiness. Stripe may share your personal data with affiliates and service providers or subcontractors to the extent necessary to fulfill its contractual obligations or to process data on its behalf.  

    The transfer of personal data to third countries is based on the standard contractual clauses approved by the EU Commission.  

    You can access Stripe’s privacy policy, which you accept by using credit card payment via Stripe, at the following link: https://stripe.com/de/privacy.  

    Hosting of the Calvah website is hosted on servers of Hetzner Online GmbH in Germany. For further information, please refer to the website of Hetzner Online GmbH (https://www.hetzner.com/de/legal/privacy-policy?country=de). 

    We have concluded a data processing contract with Hetzner Online GmbH, which protects our customers and obliges Hetzner not to pass on the collected data to third parties. 

    Information on data transfer to the USA and other third countries 

    Among others, we use the service provider stripe, which is based in the USA. Your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. 

    We require your express consent to transfer data to the USA (legal basis Art. 49 para. 1 sentence 1 lit. a DSGVO).  

    Changes  

    In the context of a possible restructuring, a merger, a takeover or a sale of our assets, your data may be transferred. In this case, we will inform you of this, for example by email to the address linked to your account, and explain all your options.  

    We reserve the right to change this privacy policy from time to time. The current version is available on our website. If any change materially restricts your rights, we will notify you.

    What rights do I have? 

    You have the following rights in relation to us in respect of personal data relating to you: 

    • Right to information 
    • Right of revocation 
    • Right to rectification or deletion 
    • Right to restriction of processing 
    • Right to object to processing 
    • Right to data portability 

    If you are dissatisfied with how we handle your data, you can lodge a complaint with the relevant data protection supervisory authority.  

      Introduction and overview

      The contractual language is German. German law shall apply exclusively. The German version of the translation and privacy policy shall prevail. The English version is for information purposes only.

      We have created this privacy statement (version 12.07.2021-311289911) in order to provide you with the best possible service in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws to explain which personal data (data for short) we as the controller – and the processors (e.g. providers) commissioned by us – process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
      In short, we inform you comprehensively about data we process about you.

      Privacy statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or two pieces of information that you did not yet know.
      If you still have questions, we would like to ask you to contact the responsible party named below or in the imprint, to follow the links provided and to look at further information on third-party sites. Our contact details can of course also be found in the legal disclosure.

      Area of application

      This data protection declaration applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (order processors). By personal data, we mean information within the meaning of Art. 4 No. 1 DSGVO, such as a person’s name, e-mail address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:

      • all online presences (websites, online stores) that we operate
      • social media presences and email communications
      • mobile apps for smartphones and other devices

      In short, the data protection declaration applies to all areas in which personal data is processed in the company via the aforementioned channels in a structured manner. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

      Legal basis

      In the following privacy statement, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
      As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, which you can of course read online on EUR-Lex, the access to EU law, at
      https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679 .

      We only process your data if at least one of the following conditions applies:

      1. Consent (Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
      2. Contract (Article 6(1) lit. b) DSGVO): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
      3. Legal obligation (Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
      4. Legitimate interests (Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.

      Other conditions, such as the performance of recordings in the public interest and the exercise of official authority, as well as the protection of vital interests, do not generally arise for us. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.

      In addition to the EU Regulation, national laws also apply:

      In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
      In Germany, the Federal Data Protection Act, or BDSG for short, applies.

      If other regional or national laws apply, we will inform you about them in the following sections.

      Contact details of the responsible person

      If you have any questions regarding data protection, please find below the contact details of the responsible person or body:
      Kollektiv MFG GmbH
      Papierstrasse 14
      13409 Berlin
      Authorized to represent: Susann Fischer & Jennifer Salgueiro
      E-mail: info@kollektiv-mfg.com
      Phone: +49 176 14670876
      Legal disclosure: https://www.calvah.com/legal-disclosure

      If you have any questions regarding data protection, you will find the contact details of the responsible person or office below:
      Kollektiv MFG – Fischer und Meier GbR
      Susann Fischer & Jennifer Salgueiro
      Richard-Wagner-Strasse 54
      10585 Berlin
      E-mail: info@kollektiv-mfg.com
      Phone: +49 176 14670876
      Legal disclosure: https://www.calvah.com/legal-disclosure

      Rights under the General Data Protection Regulation

      According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent processing of data:

      • According to Article 15 of the GDPR, you have the right to know whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:
        • for what purpose we are processing;
        • the categories, i.e. the types of data that are processed;
        • who receives this data and if the data is transferred to third countries, how security can be guaranteed;
        • how long the data will be stored;
        • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
        • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
        • The origin of the data if we have not collected it from you;
        • Whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
      • You have a right to rectification of data according to Article 16 GDPR, which means that we must correct data if you find errors.
      • You have the right to erasure (“right to be forgotten”) according to Article 17 GDPR, which specifically means that you may request the deletion of your data.
      • According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
      • According to Article 19 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
      • You have a right to object according to Article 21 of the GDPR, which entails a change in processing after enforcement.
        • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
        • If data is used to conduct direct advertising, you may object to this type of data processing at any time. We may then no longer use your data for direct marketing.
        • If data is used to carry out profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
      • According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).

      If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/ you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) .

      In short: You have rights – do not hesitate to contact the responsible body listed above with us!

      Storage period

      The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion at our company. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are required by law to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

      Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.

      We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

      Data transfer to third countries

      We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or contractually necessary and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason that we have data processed in third countries. Processing personal data in third countries such as the U.S., where many software vendors provide services and have their server locations, may mean that personal data is processed and stored in unexpected ways.

      We explicitly point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously, where applicable. Furthermore, US government authorities may be able to access individual data. In addition, it may happen that collected data is linked with data from other services of the same provider, if you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.

      We will inform you in more detail about data transfer to third countries, if applicable, at the appropriate places in this privacy policy.

      Security of data processing

      To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible, within the scope of our possibilities, for third parties to infer personal information from our data.

      Article 25 of the GDPR refers to “data protection by technical design and by data protection-friendly default settings” and thus means that both software (e.g., forms) and hardware (e.g., access to the server room) should always be designed with security in mind and that appropriate measures should be taken. In the following, we will go into more detail on specific measures, if necessary.

      TLS encryption with https

      TLS, encryption and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transfer data over the Internet in a tap-proof manner.
      This means that the complete transmission of all data from your browser to our web server is secured – no one can “listen in”.

      In this way, we have introduced an additional layer of security and fulfill data protection by design of technology Article 25(1) DSGVO . By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.

      You can recognize the use of this protection of data transmission by the small lock symbol at the top left of the browser, to the left of the Internet address (e.g., beispielseite.de) and the use of the scheme https (instead of http) as part of our Internet address.
      If you want to know more about encryption, we recommend the Google search for “Hypertext Transfer Protocol Secure wiki” to get good links to further information.

      Communication

      Communication Summary
      👥 Data subjects: All those who communicate with us by telephone, e-mail or online form
      📓 Data processed: e.g. telephone number, name, e-mail address, form data entered. You can find more details on this in the respective contact type used.
      🤝 Purpose: Handling of communication with customers, business partners, etc.
      📅 Storage period: Duration of the business case and legal requirements.
      ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. b DSGVO (contract), Art. 6 para. 1 lit. f DSGVO (legitimate interests)

      When you contact us and communicate by phone, e-mail or online form, personal data may be processed.

      The data is processed for the handling and processing of your question and the related business transaction. The data is stored for the same period of time or as long as required by law.

      Affected persons

      All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.

      Telephone

      When you call us, the call data is stored pseudonymously on the respective terminal device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to your inquiry. The data is deleted as soon as the business case has been closed and legal requirements permit.

      E-mail

      If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,…) and data is stored on the e-mail server. The data will be deleted as soon as the business case has been closed and legal requirements allow it.

      Online Forms

      If you communicate with us using online forms, data is stored on our web server and may be forwarded to an e-mail address of ours. The data will be deleted as soon as the business case has been terminated and legal requirements permit.

      Legal basis

      The processing of data is based on the following legal bases:

      • Art. 6 para. 1 lit. a DSGVO (consent): you give us your consent to store your data and to further use it for purposes related to the business case;
      • Art. 6 (1) lit. b DSGVO (contract): there is a need for the performance of a contract with you or a processor such as the telephone provider or we need to process the data for pre-contractual activities, such as the preparation of an offer;
      • Art. 6 para. 1 lit. f DSGVO (Legitimate Interests): we want to operate customer inquiries and business communication in a professional framework. For this purpose, certain technical facilities such as e-mail programs, exchange servers and mobile operators are necessary in order to be able to operate the communication efficiently.

      Webhosting

      Webhosting Summary
      👥 Data subjects: visitors to the website
      🤝 Purpose: professional hosting of the website and safeguarding of its operation
      📓 Processed data: IP address, time of website visit, browser used and other data. More details can be found below or with the respective web hosting provider used.
      📅 Storage period: depending on the respective provider, but usually 2 weeks.
      ⚖️ Legal basis: Art. 6 para. 1 lit.f DSGVO (Legitimate Interests).

      What is webhosting?

      Nowadays, when you visit websites, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, by the way, we mean the entirety of all web pages on a domain, i.e. everything from the home page (homepage) to the very last subpage (like this one). By domain, we mean, for example, example.de or sampleexample.com.

      If you want to view a website on a screen, you use a program called a web browser to do it. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.

      This web browser needs to connect to another computer where the website’s code is stored: the web server. Running a web server is a complicated and costly task, which is why this is usually done by professional providers, the providers. These offer web hosting and thus ensure reliable and error-free storage of website data.

      When the browser on your computer (desktop, laptop, smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server also needs to store data for a while to ensure proper operation.

      Why do we process personal data?

      The purposes of data processing are:

      1. Professional hosting of the website and securing its operation
      2. To maintain operational and IT security
      3. Anonymous evaluation of access behavior to improve our offer and, if necessary, for law enforcement or prosecution of claims.

      What data is processed?

      Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

      How long is data stored?

      As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful conduct.

      In short, your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your data without your consent!

      Legal base

      The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 (1) lit. f DSGVO (protection of legitimate interests), because the use of professional hosting with a provider is necessary to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.

      Cookies

      Cookies Summary
      👥 Data subjects: visitors to the website.
      🤝 Purpose: depending on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.
      📓 Data processed: Depending on the cookie used in each case. More details can be found below or from the manufacturer of the software that sets the cookie.
      📅 Storage duration: Depending on the respective cookie, can vary from hours to years.
      ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit.f DSGVO (Legitimate Interests).

      What are cookies?

      Our website uses HTTP cookies to store user-specific data.
      Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

      Whenever you browse the Internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

      One thing can’t be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, effectively the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

      Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the “user-related” information back to our site. Thanks to cookies, our site knows who you are and offers you the setting you are used to. In some browsers each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

      The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. In this case, the web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.

      There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests”. Cookies also cannot access information on your PC.

      For example, cookie data may look like this:

      Name: _ga
      Wert: GA1.2.1326744211.152311289911-9
      Purpose: differentiation of website visitors
      Expiration date: after 2 years

      A browser should be able to support these minimum sizes:

      • At least 4096 bytes per cookie
      • At least 50 cookies per domain
      • At least 3000 cookies in total

      What types of cookies are there?

      The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

      We can distinguish 4 types of cookies:

      Essential cookies.
      These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing on other pages, and only later goes to the checkout. These cookies do not delete the shopping cart even if the user closes his browser window.

      Purpose cookies
      These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.

      Target-oriented cookies
      These cookies provide a better user experience. For example, entered locations, font sizes or form data are stored.

      Advertising cookies
      These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very convenient, but also very annoying.

      Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.

      If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265 , the Request for Comments from the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

      Purpose of processing via cookies

      The purpose ultimately depends on the cookie in question. You can find more details below or from the manufacturer of the software that sets the cookie.

      What data is processed?

      Cookies are little helpers for a lot of different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

      Storage duration of cookies

      The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

      You can also influence the storage period yourself. You can manually delete all cookies at any time via your browser (see also “Right to object” below). Furthermore, cookies that are based on consent will be deleted at the latest after revocation of your consent, whereby the legality of the storage remains unaffected until then.

      Right of objection – how can I delete cookies?

      You decide how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

      If you want to determine which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

      Chrome: Clear, enable, and manage cookies in Chrome

      Safari: Manage cookies and website data in Safari on Mac

      Firefox: Clear cookies and site data in Firefox

      Internet Explorer: Delete and manage cookies

      Microsoft Edge: View and delete browser history in Microsoft Edge

      If you do not want to have cookies in principle, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search for the instructions in Google using the search term “delete cookies Chrome” or “disable cookies Chrome” in the case of a Chrome browser.

      Legal basis

      Since 2009, there are the so-called “Cookie Guidelines”. This states that saving cookies requires your consent (Article 6 (1) a DSGVO). Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in Section 96 (3) of the Telecommunications Act (TKG). In Germany, the Cookie Directives were not implemented as national law. Instead, the implementation of this directive took place largely in § 15 para.3 of the Telemedia Act (TMG).

      For absolutely necessary cookies, even if there is no consent. there are legitimate interests (Article 6 para. 1 lit. f DSGVO), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and for this purpose certain cookies are often absolutely necessary.

      Insofar as cookies that are not absolutely necessary are used, this is only done in the case of your consent. The legal basis in this respect is Art. 6 para. 1 lit. a DSGVO.

      In the following sections, you will be informed in more detail about the use of cookies, insofar as deployed software uses cookies.

      Facebook Pixel privacy policy

      We use the Facebook pixel from Facebook on our website. For this purpose, we have implemented a code on our website. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions that allow Facebook to track your user actions if you came to our website via Facebook ads. For example, when you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies allow Facebook to match your user data (customer data such as IP address, user ID) with your Facebook account data. Then Facebook deletes this data again. The collected data is anonymous and not visible to us and can only be used in the context of ad placements. If you yourself are a Facebook user and are logged in, the visit to our website is automatically assigned to your Facebook user account.

      We want to show our services or products only to those people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. Thus, Facebook users (if they have allowed personalized advertising) get to see suitable advertising. Furthermore, Facebook uses the collected data for analysis purposes and its own advertisements.

      In the following, we show you those cookies that were set by embedding Facebook Pixel on a test page. Please note that these are only sample cookies. Different cookies are set depending on the interaction on our website.

      Name: _fbp
      Wert: fb.1.1568287647279.257405483-6311289911-7
      Purpose: This cookie is used by Facebook to display promotional products.
      Expiration date: after 3 months

      Name: fr
      Value: 0aPf312HOS5Pboo2r..Bdeiuf…1.0.Bdeiuf.
      Purpose: This cookie is used to make Facebook Pixel work properly.
      Expiration date: after 3 months

      Name: comment_author_50ae8267e2bdf1253ec1a5769f48e062311289911-3
      Value: Name of the author
      Purpose: This cookie stores the text and name of a user who leaves a comment, for example.
      Expiration date: after 12 months

      Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062
      Value: https%3A%2F%2Fwww.testseite…%2F (author’s URL)
      Purpose: This cookie stores the URL of the website that the user enters in a text field on our website.
      Expiration date: after 12 months

      Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062
      Value: Author’s email address
      Purpose: This cookie stores the user’s email address if he/she has provided it on the website.
      Expiration date: after 12 months

      Note: The above cookies refer to an individual user behavior. Especially when using cookies, Facebook changes can never be excluded.

      Provided that you are logged in to Facebook, you can change your settings for advertisements yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . If you are not a Facebook user, you can generally manage your usage-based online advertising at  http://www.youronlinechoices.com/de/praferenzmanagement/ . You can also change the settings for your ads on your own. There you have the option to deactivate or activate providers.

      We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by Facebook Pixel. This may result in data not being processed and stored anonymously where applicable. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from other Facebook services where you have a user account.

      If you want to learn more about Facebook’s privacy policy, we recommend that you read the company’s own data policies at https://www.facebook.com/policy.php .

      Facebook Automatic Advanced Matching Privacy Policy

      We have also enabled Automatic Advanced Matching as part of the Facebook Pixel feature. This feature of the pixel allows us to send hashed emails, name, gender, city, state, zip code and date of birth or phone number as additional information to Facebook if you have provided us with this data. This activation allows us to tailor advertising campaigns on Facebook even more precisely to people who are interested in our services or products.

      Google Analytics Privacy Policy

      Google Analytics Privacy Policy Summary
      👥 Data subjects: Visitors to the website.
      🤝 Purpose: Evaluation of visitor information to optimize the web offer.
      📓 Data processed: Access statistics, which include data such as locations of accesses, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found below in this privacy policy.
      📅 Storage duration: depending on the properties used.
      ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).

      What is Google Analytics?

      We use the analysis tracking tool Google Analytics (GA) of the American company Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, when you click on a link, this action is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and service to your preferences. In the following, we will go into more detail about the tracking tool and, in particular, inform you about what data is stored and how you can prevent this.

      Google Analytics is a tracking tool used to analyze traffic to our website. In order for Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions you take on our website. Once you leave our website, this data is sent to Google Analytics servers and stored there.

      Google processes the data and we receive reports about your user behavior. These reports may include, but are not limited to:

      • Audience reports: Audience reports help us get to know our users better and know more precisely who is interested in our service.
      • Ad reports: Ad reports help us analyze and improve our online advertising.
      • Acquisition reports: Acquisition reports give us helpful information on how to attract more people to our service.
      • Behavior reports: This is where we learn how you interact with our website. We can track the path you take on our site and which links you click.
      • Conversion reports: Conversion is when you take a desired action based on a marketing message. For example, you go from being a mere website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing efforts are working for you. This is how we aim to increase our conversion rate.
      • Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are reading this text.

      Why do we use Google Analytics on our website?

      Our goal with this website is clear: we want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.

      The statistically evaluated data shows us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it can be found more easily by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. Thus, we know very well what we need to improve on our website in order to provide you with the best possible service. The data also helps us to carry out our advertising and marketing measures in a more individual and cost-effective way. After all, it only makes sense to show our products and services to people who are interested in them.

      What data is stored by Google Analytics?

      Google Analytics uses a tracking code to create a random, unique ID that is associated with your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a “returning” user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles.

      In order to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is standard. Alternatively, you can also create the Universal Analytics property. Depending on the property used, data is stored for different lengths of time.

      Labels such as cookies and app instance IDs are used to measure your interactions on our website. Interactions are all types of actions you take on our website. If you also use other Google systems (such as a Google account), data generated through Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if required by law.

      The following cookies are used by Google Analytics:

      Name: _ga
      Wert: 2.1326744211.152311289911-5
      Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it is used to distinguish website visitors.
      Expiration date: after 2 years

      Name: _gid
      Wert: 2.1687193234.152311289911-1
      Purpose: The cookie is also used to distinguish the website visitors.
      Expiration date: after 24 hours

      Name: _gat_gtag_UA_<property-id>
      Value: 1
      Intended use: used to lower the request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_ <property-id>.
      Expiration date: after 1 minute

      Name: AMP_TOKEN
      Value: not specified
      Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP client ID service. Other possible values indicate a logout, a request, or an error.
      Expiration date: after 30 seconds up to one year.

      Name: __utma
      Wert: 1564498958.1564498958.1564498958.1
      Purpose: This cookie is used to track your behavior on the website and measure performance. The cookie is updated every time information is sent to Google Analytics.
      Expiration date: after 2 years

      Name: __utmt
      Value: 1
      Purpose: The cookie is used like _gat_gtag_UA_<property-id> to throttle the request rate.
      Expiration date: after 10 minutes

      Name: __utmb
      Value: 3.10.1564498958
      Purpose: This cookie is used to determine new sessions. It is updated every time new data or info is sent to Google Analytics.
      Expiration date: after 30 minutes

      Name: __utmc
      Value: 167421564
      Purpose: This cookie is used to set new sessions for returning visitors. This is a session cookie and is only stored until you close the browser again.
      Expiration date: After you close the browser.

      Name: __utmz
      Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
      Purpose: The cookie is used to identify the source of traffic to our website. That is, the cookie stores from where you came to our website. This may have been another page or an advertisement.
      Expiration date: after 6 months

      Name: __utmv
      Value: not specified
      Purpose: The cookie is used to store custom user data. It is updated whenever information is sent to Google Analytics.
      Expiration date: after 2 years

      Note: This list cannot claim to be complete, as Google also changes the choice of their cookies again and again.

      Here we show you an overview of the most important data collected by Google Analytics:

      Heatmaps: Google creates so-called heatmaps. Heatmaps allow you to see exactly those areas that you click on. This gives us information about where you are “on the move” on our site.

      Session duration: Google defines session duration as the time you spend on our site without leaving. If you have been inactive for 20 minutes, the session ends automatically.

      Bounce rate: A bounce is when you view only one page on our site and then leave our site.

      Account creation: when you create an account or make an order on our website, Google Analytics collects this data.

      IP address: The IP address is only shown in a shortened form so that no clear assignment is possible.

      Location: The IP address can be used to determine the country and your approximate location. This process is also referred to as IP location determination.

      Technical information: Technical information includes, but is not limited to, your browser type, internet service provider, or screen resolution.

      Source of origin: Google Analytics or we are of course also interested in which website or which advertisement you came to our site from.

      Other data include contact details, any ratings, playing media (for example, if you play a video via our site), sharing content via social media or adding to your favorites. The enumeration does not claim to be complete and only serves as a general orientation of the data storage by Google Analytics.

      How long and where is the data stored?

      Google has your servers spread all over the world. Most servers are located in America and consequently your data is mostly stored on American servers. Here you can read exactly where Google’s data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de

      Your data is distributed on different physical data carriers. This has the advantage that the data can be retrieved more quickly and is better protected against manipulation. In every Google data center, there are corresponding emergency programs for your data. If, for example, the hardware at Google fails or natural disasters paralyze servers, the risk of a service interruption at Google still remains low.

      The retention period of the data depends on the properties used. When using the newer Google Analytics 4 properties, the retention period of your user data is fixed at 14 months. For other so-called event data, we have the option to choose a retention period of 2 months or 14 months.

      For Universal Analytics properties, Google Analytics defaults to a retention period of 26 months for your user data. Then your user data is deleted. However, we have the option to choose the retention period of user data ourselves. We have five variants available for this purpose:

      • Deletion after 14 months
      • Deletion after 26 months
      • Deletion after 38 months
      • Deletion after 50 months
      • No automatic deletion

      In addition, there is also the option that data will only be deleted if you no longer visit our website within the period we have selected. In this case, the retention period is reset each time you visit our website again within the specified period.

      Once the specified period has expired, the data is deleted once a month. This retention period applies to your data associated with cookies, user recognition and advertising IDs (e.g. DoubleClick domain cookies). Reporting results are based on aggregated data and are stored separately from user data. Aggregated data is a merging of individual data into a larger unit.

      How can I delete my data or prevent data storage?

      According to the European Union data protection law, you have the right to obtain information about your data, update it, delete it or restrict it. Using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js), you can prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de . Please note that this add-on only disables the collection of data by Google Analytics.

      If you generally want to disable, delete or manage cookies (independently of Google Analytics), there are separate instructions for each browser:

      Chrome: Clear, enable, and manage cookies in Chrome

      Safari: Manage cookies and website data in Safari on Mac

      Firefox: Clear cookies and site data in Firefox

      Internet Explorer: Delete and manage cookies

      Microsoft Edge: View and delete browser history in Microsoft Edge

      Legal basis

      The use of Google Analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by web analytics tools.

      In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus to improve our offer technically and economically. With the help of Google Analytics, we detect website errors, can identify attacks and improve the economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google Analytics if you have given your consent.

      We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by Google. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from other Google services where you have a user account.

      We hope that we have been able to provide you with the most important information about Google Analytics data processing. If you want to learn more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de .

      Google Analytics IP anonymization

      We have implemented Google Analytics IP address anonymization on this website. This feature was developed by Google to enable this website to comply with applicable data protection regulations and recommendations of local data protection authorities if they prohibit the storage of the full IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place.

      More information on IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=de .

      Google Analytics reports on demographic characteristics and interests.

      We have enabled promotional reporting features in Google Analytics. The demographic characteristics and interests reports contain information on age, gender and interests. This allows us – without being able to assign this data to individual persons – to get a better picture of our users. You can learn more about advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad .

      You can stop the use of the activities and information of your Google account under “Advertising settings” on https://adssettings.google.com/authenticated via checkbox.

      If you click on the following deactivation link, you can prevent Google from collecting further visits to this website. Note: Deleting cookies, using the incognito/private mode of your browser, or using a different browser will result in data being collected again.

      Google Analytics data processing addendum

      We have entered into a direct customer agreement with Google for the use of Google Analytics by accepting the “Data Processing Addendum” in Google Analytics.

      You can find out more about the data processing addendum for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad

      Google Analytics Google Signals Privacy Policy

      We have enabled Google signals in Google Analytics. This updates existing Google Analytics features (ad reports, remarketing, cross-device reports, and interest and demographic reports) to get aggregated and anonymized data from you, provided you have allowed personalized ads in your Google account.

      What makes this special is that it is cross-device tracking. That means your data can be analyzed across devices. By enabling Google signals, data is collected and linked to the Google account. Google can thus recognize, for example, if you view a product on our website via a smartphone and only buy the product later via a laptop. Thanks to the activation of Google signals, we can launch cross-device remarketing campaigns that would otherwise not be possible in this form. Remarketing means that we can also show you our offer on other websites.

      In Google Analytics, Google signals also collect other visitor data such as location, search history, YouTube history and data about your actions on our website. This gives us better advertising reports from Google and more useful information about your interests and demographics. This includes your age, what language you speak, where you live, or what gender you are. Furthermore, social criteria such as your profession, your marital status or your income are also added. All these characteristics help Google Analytics to define groups of people or target groups.

      The reports also help us to better assess your behavior, your wishes and interests. This allows us to optimize and adapt our services and products for you. By default, this data expires after 26 months. Please note that this data collection only occurs if you have allowed personalized advertising in your Google account. This is always aggregated and anonymous data and never individual person data. In your Google account, you can manage this data or delete it.

      Online Marketing

      Online Marketing privacy policy summary
      👥 Data subjects: Visitors to the website
      🤝 Purpose: Evaluation of visitor information to optimize the web offer.
      📓 Data processed: Access statistics containing data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. More details on this can be found with the respective online marketing tool used.
      📅 Storage duration: depending on the online marketing tools used.
      ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit.f DSGVO (Legitimate Interests).

      What is online marketing?

      Online marketing refers to all measures that are carried out online to achieve marketing goals such as increasing brand awareness or closing a deal. Furthermore, our online marketing measures aim to draw people’s attention to our website. In order to be able to show our offering to many interested people, we therefore engage in online marketing. This usually involves online advertising, content marketing or search engine optimization. To enable us to use online marketing efficiently and in a targeted manner, personal data is also stored and processed. On the one hand, the data helps us to show our content only to those people who are really interested in it, and on the other hand, we can measure the advertising success of our online marketing measures.

      Why do we use online marketing tools?

      We want to show our website to every person who is interested in our offer. We are aware that this is not possible without consciously set measures. That’s why we do online marketing. There are various tools that make it easier for us to work on our online marketing measures and, in addition, always provide suggestions for improvement via data. This allows us to target our campaigns more precisely to our target group. So the purpose of these online marketing tools we use is ultimately to optimize our offering.

      What data is processed?

      In order for our online marketing to work and the success of the measures can be measured, user profiles are created and data is stored, for example, in cookies (these are small text files). With the help of this data, we can not only place advertisements in the classic sense, but also directly on our website, display our content in the way you prefer. For this purpose, there are various third-party tools that offer these functions and accordingly also collect and store data from you. In the named cookies are stored, for example, which web pages you have visited on our website, how long you have viewed these pages, which links or buttons you click or from which website you have come to us. In addition, technical information may also be stored. For example, your IP address, which browser you use, from which device you visit our website or the time when you accessed our website and when you left it again. If you have consented that we may also determine your location, we may also store and process this.

      Your IP address is stored in pseudonymized form (i.e. shortened). Unique data that directly identifies you as a person, such as your name, address or e-mail address, is also only stored in pseudonymized form as part of the advertising and online marketing processes. We can therefore not identify you as a person, but we have only the pseudonymized stored information in the user profiles.

      Under certain circumstances, the cookies can also be deployed on other websites that work with the same advertising tools, analyzed and used for advertising purposes. The data may then also be stored on the servers of the advertising tools providers.

      In exceptional cases, unique data (name, e-mail address, etc.) may also be stored in the user profiles. This storage occurs, for example, if you are a member of a social media channel that we use for our online marketing measures and the network links previously received data with the user profile.

      With all the advertising tools we use that store data from you on their servers, we only ever receive aggregated information and never data that makes you identifiable as an individual. The data only shows how well set advertising measures worked. For example, we see which measures have persuaded you or other users to come to our website and purchase a service or product there. Based on the analyses, we can improve our advertising offer in the future and adapt it even more precisely to the needs and wishes of interested persons.

      Duration of data processing

      We will inform you about the duration of data processing below, provided we have further information on this. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. Data that is stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, others may be stored in your browser for several years. In the respective privacy statements of the individual providers, you will usually receive detailed information about the individual cookies used by the provider.

      Right of withdrawal

      You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser. The lawfulness of the processing until the revocation remains unaffected.

      Since online marketing tools may generally use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy statements of the respective tools.

      Legal basis

      If you have consented that third-party providers may be used, the legal basis of the corresponding data processing is this consent. According to Art. 6 (1) lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur when collected by online marketing tools.

      On our part, there is also a legitimate interest in measuring online marketing measures in anonymized form in order to optimize our offer and our measures with the help of the data obtained. The corresponding legal basis for this is Art. 6 Para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the tools if you have given your consent.

      Information on specific online marketing tools – if available – can be found in the following sections.

      Facebook Custom Audiences privacy policy

      We use Facebook Custom Audiences on our website, a server-side event tracking tool. The service provider is the American company Facebook Inc. For the European region, the company Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

      We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by Facebook Custom Audiences. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from other Facebook services where you have a user account.

      You can find out more about the data processed through the use of Facebook Custom Audiences in the Privacy Policy at https://www.facebook.com/about/privacy

      Cookiebot Privacy Policy

      Cookiebot Privacy Policy Summary
      👥 Data subject: website visitors
      🤝 Purpose: To obtain consent for certain cookies and thus the use of certain tools.
      📓 Data processed:  Data used to manage the cookie settings set, such as IP address, time of consent, type of consent, individual consents. More details can be found at the respective tool used.
      📅 Storage period: the data is deleted after one year.
      ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit.f DSGVO (legitimate interests).

      What is Cookiebot?

      We use functions of the provider Cookiebot on our website. The company behind Cookiebot is Cybot A/S, Havnegade 39, 1058 Copenhagen, DK. Cookiebot offers us, among other things, the possibility to provide you with a comprehensive cookie notice (also called cookie banner or cookie notice). By using this feature, data from you may be sent to Cookiebot or Cybot, stored and processed. In this privacy policy, we inform you why we use Cookiebot, what data is transferred and how you can prevent this data transfer.

      Cookiebot is a software product of the company Cybot. The software automatically creates a DSGVO-compliant cookie notice for our website visitors. In addition, the technology behind Cookiebot scans, controls and evaluates all cookies and tracking measures on our website.

      Why do we use Cookiebot on our website?

      We take data protection very seriously. We want to show you exactly what is going on on our website and which of your data is stored. Cookiebot helps us get a good overview of all our cookies (first-party and third-party cookies). This allows us to inform you about the use of cookies on our website accurately and transparently. You always get an up-to-date and privacy-compliant cookie notice and decide for yourself which cookies you allow and which not.

      What data is stored by Cookiebot?

      If you allow cookies, the following data will be transmitted to Cybot, stored and processed.

      • IP address (in anonymized form, the last 3 digits are set to 0)
      • date and time of your consent
      • our website URL
      • technical browser data
      • encrypted, anonymous key
      • the cookies you have allowed (as proof of consent)

      The following cookies are set by Cookiebot if you have consented to the use of cookies:

      Name: CookieConsent
      Wert: {stamp:’P7to4eNgIHvJvDerjKneBsmJQd9311289911-2
      Purpose: This cookie stores your consent status,. This allows our website to read and follow the current status on future visits.
      Expiration date: after one year

      Name: CookieConsentBulkTicket
      Value: kDSPWpA%2fjhljZKClPqsncfR8SveTnNWhys5NojaxdFYBPjZ2PaDnUw%3d%3311289911-6
      Purpose: This cookie is set if you allow all cookies and thus have “collective consent” enabled. The cookie then stores its own random and unique ID.
      Expiration date: after one year

      Note: Please keep in mind that this is an exemplary list and we cannot claim completeness. In the cookie declaration at https://www.cookiebot.com/de/cookie-declaration/ you can see which other cookies may be used.

      According to Cybot’s privacy policy, the company does not resell personal data. However, Cybot does share data with trusted third parties or subcontractors that help the company achieve its business goals. Data is also shared when legally required.

      How long and where is the data stored?

      All collected data is transferred, stored and forwarded exclusively within the European Union. The data is stored in an Azure data center (cloud provider is Microsoft). Please visit  https://azure.microsoft.com/de-de/global-infrastructure/regions/ to learn more about all “Azure regions”. All user data will be deleted by Cookiebot after 12 months from registration (cookie consent) or immediately after cancellation of the Cookiebot service.

      How can I delete my data or prevent data storage?

      You have the right to access and also delete your personal data at any time. You can prevent data collection and storage, for example, by rejecting the use of cookies via the cookie notice. Your browser offers another possibility to prevent the data processing or to manage it according to your wishes. Depending on the browser, cookie management works slightly differently. Here you can find the instructions for the currently most popular browsers:

      Chrome: Clear, enable, and manage cookies in Chrome

      Safari: Manage cookies and website data in Safari on Mac

      Firefox: Clear cookies and site data in Firefox

      Internet Explorer: Delete and manage cookies

      Microsoft Edge: View and delete browser history in Microsoft Edge

      Legal basis

      If you consent to cookies, personal data about you will be processed and stored via these cookies. If we are allowed to use cookies through your consent (Article 6 (1) lit. a DSGVO), this consent is also the legal basis for the use of cookies or the processing of your data. In order to be able to manage the consent to cookies and to enable you to give your consent, the Cookiebot is used. The use of this software enables us to operate the website in an efficient manner in compliance with the law, which constitutes a legitimate interest (Article 6(1)(f) DSGVO).

      If you would like to learn more about the privacy policy of “Cookiebot” or the company behind it, Cybot, we recommend that you read through the privacy policy at https://www.cookiebot.com/de/privacy-policy/ .

      Google Fonts Local Privacy Policy

      On our website we use Google Fonts of the company Google Inc. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible. We have embedded the Google fonts locally, i.e. on our web server – not on Google’s servers. This means that there is no connection to Google servers and thus no data transfer or storage.

      What are Google Fonts?

      Google Fonts used to be called Google Web Fonts. This is an interactive directory of over 800 fonts that Google provides for free. With Google Fonts, you could use fonts without uploading them to your own server. However, in order to prevent any information transfer to Google servers in this regard, we have downloaded the fonts to our server. This way we act privacy compliant and do not send any data to Google Fonts.

      Google Ads (Google AdWords) Conversion Tracking Privacy Policy Summary
      👥 Data subjects: Visitors to the website
      🤝 Purpose: economic success and the optimization of our service performance.
      📓 Processed data: Access statistics, which include data such as locations of accesses, device data, access duration and time, navigation behavior, click behavior and IP addresses. Personal data such as name or e-mail address may also be processed.
      📅 Storage period: Conversion cookies usually expire after 30 days and do not transmit any personal data
      ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit.f DSGVO (Legitimate Interests).

      What is Google Ads conversion tracking?

      We use Google Ads (formerly Google AdWords) as an online marketing measure to promote our products and services. In this way, we want to draw more people’s attention to the high quality of our offerings on the Internet. As part of our advertising measures through Google Ads, we use the conversion tracking of the company Google Inc. on our website. In Europe, however, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With the help of this free tracking tool, we can better adapt our advertising offer to your interests and needs. In the following article, we will go into more detail about why we use conversion tracking, what data is stored in the process and how you can prevent this data storage.

      Google Ads (formerly Google AdWords) is the in-house online advertising system of Google Inc. We are convinced of the quality of our offer and want as many people as possible to get to know our website. In the online sector, Google Ads offers the best platform for this. Of course, we also want to get an accurate overview of the cost-benefit factor of our advertising campaigns. That’s why we use the conversion tracking tool from Google Ads.

      But what is a conversion actually? A conversion occurs when you go from being a purely interested website visitor to an acting visitor. This happens whenever you click on our ad and subsequently perform another action, such as visiting our website. With Google’s conversion tracking tool, we record what happens after a user clicks on our Google Ads ad. For example, we can see whether products are purchased, services are used or whether users have signed up for our newsletter.

      Why do we use Google Ads conversion tracking on our website?

      We use Google Ads to draw attention to our offer on other websites as well. The goal is to make sure that our advertising campaigns really reach only those people who are interested in our offers. With the conversion tracking tool we can see which keywords, ads, ad groups and campaigns lead to the desired customer actions. We see how many customers interact with our ads on a device and then make a conversion. Through this data, we can calculate our cost-benefit factor, measure the success of individual advertising measures and consequently optimize our online marketing measures. We can also use the data obtained to make our website more interesting for you and adapt our advertising offer even more individually to your needs.

      What data is stored with Google Ads conversion tracking?

      We have included a conversion tracking tag or code snippet on our website to better analyze certain user actions. If you now click on one of our Google Ads ads, the cookie “Conversion” is stored on your computer (mostly in the browser) or mobile device by a Google domain. Cookies are small text files that store information on your computer.

      Here is the data of the most important cookies for Google’s conversion tracking:

      Name: Conversion
      Value: EhMI_aySuoyv4gIVled3Ch0llweVGAEgt-mr6aXd7dYlSAGQ311289911-3
      Purpose: This cookie stores every conversion you make on our site after coming to us through a Google Ad.
      Expiration date: after 3 months

      Name: _gac
      Value: 1.1558695989.EAIaIQobChMIiOmEgYO04gIVj5AYCh2CBAPrEAAYASAAEgIYQfD_BwE
      Purpose: This is a classic Google Analytics cookie and is used to record various actions on our website.
      Expiration date: after 3 months

      Note: The _gac cookie only appears in connection with Google Analytics. The above enumeration does not claim to be exhaustive, as Google repeatedly uses other cookies for analytical evaluation.

      As soon as you complete an action on our website, Google recognizes the cookie and saves your action as a so-called conversion. As long as you surf our website and the cookie has not yet expired, we and Google recognize that you have found us via our Google Ads ad. The cookie is read and sent back to Google Ads with the conversion data. It is also possible that other cookies are used to measure conversions. The conversion tracking of Google Ads can be further refined and improved with the help of Google Analytics. For ads that Google displays in various locations on the web, cookies named “__gads” or “_gac” may be set under our domain. Since September 2017, various campaign information from analytics.js is stored with the _gac cookie. The cookie stores this data as soon as you visit one of our pages for which the automatic tagging of Google Ads has been set up. Unlike cookies set for Google domains, Google can only read these conversion cookies when you are on our website. We do not collect or receive any personal data. We receive a report from Google with statistical evaluations. For example, we learn the total number of users who clicked on our ad and we see which advertising measures were well received.

      How long and where is the data stored?

      At this point, we would like to point out that we have no influence on how Google uses the collected data. According to Google, the data is encrypted and stored on secure servers. In most cases, conversion cookies expire after 30 days and do not transmit any personal data. The cookies named “Conversion” and “_gac” (which is used in conjunction with Google Analytics) have an expiration date of 3 months.

      How can I delete my data or prevent data storage?

      You have the option not to participate in Google Ads conversion tracking. If you deactivate the Google conversion tracking cookie via your browser, you block conversion tracking. In this case, you will not be included in the statistics of the tracking tool. You can change the cookie settings in your browser at any time. For each browser, this works slightly differently. Here you can find the instructions on how to manage cookies in your browser:

      Chrome: Clear, enable, and manage cookies in Chrome

      Safari: Manage cookies and website data in Safari on Mac

      Firefox: Clear cookies and site data in Firefox

      Internet Explorer: Delete and manage cookies

      Microsoft Edge: View and delete browser history in Microsoft Edge

      If you do not want to have cookies in principle, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. Downloading and installing this browser plug-in at https://support.google.com/ads/answer/7395996 will also disable all “advertising cookies”. Keep in mind that by disabling these cookies you do not prevent the ads, only the personalized ads.

      Legal basis

      If you have consented to the use of Google Ads Conversion Tracking, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by Google Ads Conversion Tracking.

      On our part, there is also a legitimate interest in using Google Ads Conversion Tracking to optimize our online service and our marketing measures. The corresponding legal basis for this is Art. 6 (1) lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google Ads Conversion Tracking if you have given your consent.

      We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. The data processing is essentially carried out by Google Ads. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from possible other Google services where you have a user account.

      If you would like to learn more about Google’s privacy policy, we recommend that you read Google’s general privacy policy: https://policies.google.com/privacy?hl=de .

      Google Fonts Privacy Policy

      Google Fonts Privacy Policy Summary
      👥 Data subjects: Visitors to the website
      🤝 Purpose: Optimization of our service performance
      📓 Processed data: Data such as IP address and CSS and font requests.
      More details can be found below in this privacy policy.
      📅 Storage period: Font files are stored by Google for one year.
      ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).

      What are Google Fonts?

      On our website we use Google Fonts. These are the “Google Fonts” of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

      For the use of Google Fonts you do not have to log in or provide a password. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account information, while using Google Fonts, will be transmitted to Google. Google records the usage of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will take a detailed look at exactly what the data storage looks like.

      Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to your users for free.

      Many of these fonts are released under the SIL Open Font License, while others are released under the Apache license. Both are free software licenses.

      Why do we use Google Fonts on our website?

      With Google Fonts, we can use fonts on our own website, and not have to upload them to our own server. Google Fonts is an important component to keep the quality of our website high. All Google Fonts are automatically optimized for the web and this saves data volume and is a big advantage especially for mobile use. When you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes visually distort texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So, we use the Google Fonts to make all our online service as beautiful and consistent as possible.

      What data is stored by Google?

      When you visit our website, the fonts are reloaded via a Google server. Through this external call, data is transmitted to the Google servers. In this way, Google also recognizes that you or your IP address is visiting our website. The Google Fonts API is designed to reduce the use, storage, and collection of end-user data to what is necessary for proper font delivery. API, by the way, stands for “Application Programming Interface” and is used, among other things, as a data transmitter in software.

      Google Fonts stores CSS and font requests securely at Google and is thus protected. Through the collected usage figures, Google can determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites are using Google fonts. This data is published to the Google Fonts BigQuery database. Entrepreneurs and developers use Google’s BigQuery web service to be able to examine and move large amounts of data.

      However, it is still important to remember that each Google Font request also automatically transmits information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google’s servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.

      How long and where is the data stored?

      Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to easily and quickly change the design or font of a website, for example.

      The font files are stored by Google for one year. Google thus pursues the goal of fundamentally improving the loading time of web pages. If millions of web pages refer to the same fonts, they are cached after the first visit and immediately reappear on all other web pages visited later. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.

      How can I delete my data or prevent data storage?

      The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. In order to delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=311289911 . Data storage you prevent in this case only if you do not visit our site.

      Unlike other web fonts, Google allows us unlimited access to all fonts. So we can have unlimited access to a sea of fonts and get the most out of our website. You can find out more about Google Fonts and other issues at https://developers.google.com/fonts/faq?tid=311289911 . Google does address privacy-related issues there, but it doesn’t really include detailed information about data storage. It is relatively difficult to get really precise information from Google about stored data.

      Legal basis

      If you have consented to Google Fonts being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by Google Fonts.

      From our side, there is also a legitimate interest in using Google Font to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google Font if you have given your consent.

      We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by Google Fonts. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from possible other Google services where you have a user account.

      You can also find out what data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/ .

      Facebook privacy policy

      Facebook Privacy Policy Summary
      👥 Data subjects: Visitors to the website
      🤝 Purpose: Optimization of our service performance
      📓 Processed data: Data such as customer data, user behavior data, information about your device and your IP address.
      More details can be found below in the privacy policy.
      📅 Storage period: until the data is no longer useful for Facebook’s purposes
      ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests)

      What are Facebook tools?

      We use selected tools from Facebook on our website. Facebook is a social media network of the company Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. With the help of these tools we can offer you and people who are interested in our products and services the best possible offer. Below we provide an overview of the various Facebook tools, what data is sent to Facebook and how you can delete this data.

      Among many other products, Facebook also offers the so-called “Facebook Business Tools”. This is the official name of Facebook. However, since the term is hardly known, we have decided to simply call them Facebook Tools. Among them are:

      • Facebook pixel
      • social plug-ins (such as the “Like” or “Share” button)
      • Facebook login
      • account kit
      • APIs (programming interface)
      • SDKs (collection of programming tools)
      • Platform integrations
      • Plugins
      • Codes
      • Specifications
      • Documentations
      • Technologies and services

      Through these tools, Facebook extends services and has the ability to obtain information about user activity outside of Facebook.

      Why do we use Facebook tools on our website?

      We only want to show our services and products to people who are really interested in them. With the help of advertisements (Facebook ads), we can reach precisely these people. However, in order to show users suitable ads, Facebook needs information about people’s wishes and needs. Thus, information about user behavior (and contact data) on our website is made available to the company. As a result, Facebook collects better user data and can show interested people the appropriate advertising about our products or services. The tools thus enable tailored advertising campaigns on Facebook.

      Data about your behavior on our website is called “event data” by Facebook. This is also used for measurement and analysis services. Facebook can thus create “campaign reports” on our behalf about the impact of our advertising campaigns. Furthermore, analytics give us better insight into how you use our services, website or products. As a result, we use some of these tools to optimize your user experience on our website. For example, social plug-ins allow you to share content on our site directly on Facebook.

      What data is stored by Facebook tools?

      By using individual Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number and IP address may be sent.

      Facebook uses this information to match the data with the data it itself has from you (if you are a Facebook member). Before customer data is sent to Facebook, a process called “hashing” takes place. This means that a data record of any size is transformed into a character string. This also serves to encrypt data.

      In addition to contact data, “event data” is also transmitted. Event data” refers to the information that we receive about you on our website. For example, which subpages you visit or which products you buy from us. Facebook does not share the information it receives with third parties (such as advertisers) unless the company has explicit permission or is legally required to do so. “Event data” may also be associated with contact information. This allows Facebook to offer better personalized advertising. After the matching process already mentioned, Facebook deletes the contact data again.

      In order to be able to deliver ads in an optimized way, Facebook only uses event data if it has been combined with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development, and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools you use and whether you are a Facebook member, different numbers of cookies are created in your browser. We go into more detail about individual Facebook cookies in the descriptions of each Facebook tool. General information about the use of Facebook cookies can also be found at https://www.facebook.com/policies/cookies .

      How long and where is the data stored?

      Basically, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers all over the world where its data is stored. However, customer data is deleted within 48 hours after it has been compared with its own user data.

      How can I delete my data or prevent data storage?

      In accordance with the Basic Data Protection Regulation, you have the right to information, correction, transferability and deletion of your data.

      A complete deletion of the data only occurs if you delete your Facebook account completely. And this is how deleting your Facebook account works:

      1) On the right side of Facebook, click Settings.

      2) Then click on “Your Facebook information” in the left column.

      3) Now click “Deactivation and deletion”.

      4) Now select “Delete account” and then click “Continue and delete account”.

      5) Now enter your password, click “Continue” and then click “Delete account”.

      The storage of data that Facebook receives via our site is done, among other things, via cookies (e.g. for social plugins). In your browser, you can disable, delete or manage individual or all cookies. Depending on which browser you use, this works in different ways. The following instructions show how to manage cookies in your browser:

      Chrome: Clear, enable, and manage cookies in Chrome

      Safari: Manage cookies and website data in Safari on Mac

      Firefox: Clear cookies and site data in Firefox

      Internet Explorer: Delete and manage cookies

      Microsoft Edge: View and delete browser history in Microsoft Edge

      If you do not want to have cookies in principle, you can set up your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether you allow it or not.

      Legal basis

      If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements insofar as you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.

      We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by Facebook. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from other Facebook services where you have a user account.

      We hope we have provided you with the most important information about the use and data processing by Facebook tools. If you want to learn more about how Facebook uses your data, we recommend that you read the data policy on https://www.facebook.com/about/privacy/update .

      LinkedIn Privacy Policy

      LinkedIn Privacy Policy Summary
      👥 Data subject: Visitors to the website
      🤝 Purpose: Optimization of our service performance
      📓 Data Processed: Data such as user behavior data, information about your device and your IP address. More details can be found below in the privacy policy.
      📅 Storage period: the data is generally deleted within 30 days.
      ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).

      What is LinkedIn?

      We use social plug-ins of the social media network LinkedIn, of the company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA on our website. The social plug-ins may be feeds, sharing content or linking to our LinkedIn page. The social plug-ins are clearly marked with the familiar LinkedIn logo and allow, for example, interesting content to be shared directly via our website. For the European Economic Area and Switzerland, LinkedIn Ireland Unlimited Company Wilton Place in Dublin is responsible for data processing.

      By embedding such plug-ins, data can be sent to LinkedIn, stored and processed there. In this privacy policy, we want to inform you about what data is involved, how the network uses this data and how you can manage or prevent data storage.

      LinkedIn is the largest social network for business contacts. Unlike Facebook, for example, the company focuses exclusively on building business contacts. Companies can present services and products on the platform and establish business relationships. Many people also use LinkedIn to look for jobs or to find suitable employees for their own company. In Germany alone, the network has over 11 million members. In Austria, there are around 1.3 million.

      Why do we use LinkedIn on our website?

      We know how busy you are. You can’t follow all the social media channels individually. Even if it would be worth it, as in our case. Because time and again we post interesting news or reports that are worth spreading. That’s why we’ve made it possible on our website to share interesting content directly on LinkedIn or to link directly to our LinkedIn page. We consider built-in social plug-ins as an extended service on our website. The data that LinkedIn collects also helps us to show possible advertising measures only to people who are interested in our offer.

      What data is stored by LinkedIn?

      Only through the mere integration of the social plug-ins LinkedIn does not store any personal data. LinkedIn calls this data generated by plug-ins passive impressions. However, when you click on a social plug-in, for example to share our content, the platform stores personal data as so-called “active impressions”. And this is regardless of whether you have a LinkedIn account or not. If you are logged in, the collected data is assigned to your account.

      Your browser establishes a direct connection to LinkedIn’s servers when you interact with our plug-ins. In this way, the company logs various usage data. In addition to your IP address, this can be login data, device information or info about your internet or mobile provider, for example. If you access LinkedIn services via your smartphone, your location (after you have allowed this) can also be determined. LinkedIn may also share this data in “hashed” form with third-party advertisers. Hashing means turning a record into a string of characters. This can be used to encrypt the data in such a way that individuals can no longer be identified.

      Most data about your user behavior is stored in cookies. These are small text files that are usually set in your browser. Furthermore, LinkedIn can also use web beacons, pixel tags, display tags and other device identifiers.

      Various tests also show which cookies are set when a user interacts with a social plug-in. The data found cannot claim to be exhaustive and is provided as an example only. The following cookies were set without being logged in to LinkedIn:

      Name: bcookie
      Wert: =2&34aab2aa-2ae1-4d2a-8baf-c2e2d7235c16311289911-
      Purpose: The cookie is a so-called “browser ID cookie” and consequently stores your identification number (ID).
      Expiration date: After 2 years

      Name: lang
      Value: v=2&lang=en-en
      Purpose: This cookie stores your default or preferred language.
      Expiration date: After end of session

      Name: lidc
      Wert: 1818367:t=1571904767:s=AQF6KNnJ0G311289911…
      Purpose: This cookie is used for routing. Routing records the ways you came to LinkedIn and how you navigate through the website there.
      Expiration date: after 24 hours

      Name: rtc
      Value: kt0lrv3NF3x3t6xvDgGrZGDKkX
      Purpose: No further information could be obtained about this cookie.
      Expiration date: after 2 minutes

      Name: JSESSIONID
      Wert: ajax:3112899112900777718326218137
      Purpose: This is a session cookie that LinkedIn uses to maintain anonymous user sessions through the server.
      Expiration date: after the end of the session

      Name: bscookie
      Value: “v=1&201910230812…
      Purpose: This cookie is a security cookie. LinkedIn describes it as a secure browser ID cookie.
      Expiration date: after 2 years

      Name: fid
      Value: AQHj7Ii23ZBcqAAAA…
      Purpose: No further information could be found about this cookie.
      Expiration date: after 7 days

      Note: LinkedIn also works with third-party providers. That is why we also detected the two Google Analytics cookies _ga and _gat during our test.

      How long and where is the data stored?

      Generally, LinkedIn will retain your personal data for as long as it deems necessary to provide its services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn retains some data in aggregate and anonymized form even after you delete your account. Once you delete your account, other people will not be able to see your data within one day. LinkedIn generally deletes data within 30 days. However, LinkedIn retains data if it is necessary due to legal obligation. Data that can no longer be assigned to individuals remain stored even after the account is closed. The data is stored on various servers in America and presumably also in Europe.

      How can I delete my data or prevent data storage?

      You have the right to access and also delete your personal data at any time. In your LinkedIn account you can manage, change and delete your data. In addition, you can also request a copy of your personal data from LinkedIn.

      To access account data in your LinkedIn profile:

      In LinkedIn, click on your profile icon and select the “Settings and Privacy” section. Now click on “Privacy” and then in the “How LinkedIn uses your data” section click on “Change”. In just a short time, you will be able to download selected data about your web activity and account history.

      You also have the option in your browser to prevent LinkedIn from processing your data. As mentioned above, LinkedIn stores most data via cookies that are set in your browser. You can manage, deactivate or delete these cookies. Depending on which browser you have, the management works slightly differently. You can find the instructions for the most common browsers here:

      Chrome: Clear, enable, and manage cookies in Chrome

      Safari: Manage cookies and website data in Safari on Mac

      Firefox: Clear cookies and site data in Firefox

      Internet Explorer: Delete and manage cookies

      Microsoft Edge: View and delete browser history in Microsoft Edge

      You can also basically set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

      Legal basis

      If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements insofar as you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.

      We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. The data processing is essentially carried out by LinkedIn. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from possible other LinkedIn services where you have a user account.

      We have tried to provide you with the most important information about data processing by LinkedIn. At https://www.linkedin.com/legal/privacy-policy learn even more about the data processing of the social media network LinkedIn.

      All texts are protected by copyright.

      Source: Created with the Privacy Policy Generator  from AdSimple

       

       

      Privacy policy – Product Calvah

      Calvah, a product of Kollektiv MFG GmbH 

      The responsible party within the meaning of the EU General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is: 

      Kollektiv MFG GmbH  

      Represented by the management: Jennifer Meier and Susann Fischer 

      Papierstrasse 1, 13409 Berlin, Germany 

      E-mail address: support@calvah.com 

      Commercial register: HRB 238358 B

      Registergericht: Charlottenburg Local Court 

      VAT-IdNr: DE351406839 

      The contractual language is German. German law shall apply exclusively. The German version of the translation and privacy policy shall prevail. The English version is for information purposes only.

      General information 

      When you use Calvah, a product of Kollektiv MFG GmbH (hereinafter referred to as Kollektiv MFG, we, our) or interact with Kollektiv MFG GmbH’s product Calvah, we process personal data about you in order to provide you with access to Calvah and to offer you an improved experience and support. This includes collecting, recording, using, transferring, storing, sharing and deleting your data. 

      This Privacy Policy describes how Kollektiv MFG GmbH processes your data for the use of Calvah and explains the choices you have regarding your data. Please note that this Privacy Policy does not apply to the processing of your data by third parties when you use the integrated services of third parties available through our services. Please visit these third parties’ websites for more information about their privacy practices (e.g., data transfer for email communications and data transfer for support requests). 

      We collect and use the personal information described below to provide Calvah to you in a reliable and secure manner. In addition, we collect and use personal data for our legitimate business needs. We process your personal data in compliance with the relevant provisions of the EU Data Protection Regulation (DSGVO), the German Federal Data Protection Act (BDSG) and all other applicable laws. 

      The collection and use of personal data is generally only carried out with your consent. An exception applies if consent is not possible for actual reasons and the processing of the data is permitted by legal regulations. 

      We collect personal data (individual details about personal or factual circumstances of a specific or identifiable natural person) only to the extent provided by you. 

      Where we use third party services to provide our services, we take appropriate legal precautions and technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal requirements. 

      This may involve transferring personal data to servers located outside the EU or to trusted third parties located outside the EU. You should be aware that many countries do not offer the same legal protection for personal information as you enjoy in the EU. While your personal information is located in another country, it may be accessed by courts, law enforcement and national security authorities of that country in accordance with its laws. Subject to your explicit consent or contractually or legally required transfers, we will only process or allow the processing of data outside the EU in third countries with a recognised level of data protection, contractual obligations through so-called standard data protection clauses of the EU Commission in the presence of certifications or binding internal data protection regulations (Art. 44 to Art. 49 DSGVO).  

      As new technologies and the constant further development of this website may result in changes to this data protection declaration, we recommend that you read through the data protection declaration again at regular intervals. Definitions of the terms used (e.g. “personal data” or “processing”) can be found in Art. 4 DSGVO. 

      1. To whom our data protection declaration applies. 

      Once companies or individual users are subject to our SaaS License Agreement or Enterprise Framework Agreement for the use of Calvah, Kollektiv MFG acts as a service provider (processor) to process personal data on behalf of or at the instruction of the client. The Privacy Policy also applies to Unlicensed Users (individuals invited by Licensed Users to use Calvah, agree to the Privacy Policy and use Calvah). Our customers and users usually belong to a company or organization, they are the data controllers. They make decisions about the data they provide to Kollektiv MFG when using Calvah. In all other cases, Kollektiv MFG is responsible for the data. 

      Calvah can be used by companies as well as by individual users. If you use Calvah through your company, public entity or with your business email address, the Calvah administrator of your company or public entity is responsible for the accounts associated with that company or entity and may: restrict, suspend or terminate your access to or authorisation to use the Services, access data about you, access or store data held by us (including the content of your meetings, meeting statistics and log data about your use of Calvah) and restrict your authority to process, restrict, amend or delete data relating to your use of our products and services. 

      2.What sources and data do we receive and process? 

      Kollektiv MFG processes data that we receive directly from you, that is collected automatically when you use Calvah or visit one of our websites, as well as data collected by Kollektiv via third parties (e.g. support requests via a third-party platform).

       

      Data that Kollektiv MFG receives directly from you  

      Account information: Data that Kollektiv MFG needs to create a Calvah account for you, facilitate payment transactions and manage your ability to sign in and out of Calvah. This includes:  

      • Identifiers (such as first and last name and email address).  
      • Your password for Calvah (hashed)  
      • User ID – data related to a third party identity authentication provider  
      • Billing data (such as name, address and phone number) 
      • Financial data (such as credit card information collected by our payment processors on our behalf)  
      • Contract information and number of licenses selected 

      Your content: This is data that you provide to us through your use of Calvah. This includes data you provide as part of the meeting planning process (e.g. objectives, descriptions, links to further information, data you provide in written feedback during a meeting). Any other data you provide in the course of using Calvah that identifies or can reasonably be associated with you. Profile-related data (such as email, profile picture, name, gender pronouns, occupation or employment details such as your job title or role in your company) and other data that you provide to describe yourself and that is only collected when you provide it. As a meeting organizer, you also have the option to create profiles for meeting participants inside and outside your organization. If you do so, we will store these contact details and user ID on our server. 

      Use without an account: If you use Calvah without registering, you are a so-called “anonymous user”. In addition to the data required for server operation, only your feedback and the Meeting Organizer’s name and pronoun will be saved. When saving the contribution, this string is then loosely saved with the contribution. There is no assignment to an identity. By sending your feedback, you agree to the storage. Since we cannot later trace who wrote the contribution, you have no right to delete it, since there is no proof of authorship. 

      Usage information: We collect information about how you use Calvah. This includes actions you take in your account (e.g. creating and editing meetings, using the meeting timer, viewing statistics). We use this information to provide, improve and market our services and to protect Calvah users.  

      Cookies: We use so-called session cookies on our pages. Session cookies are technically necessary cookies that ensure the basic functionality of the website. Cookies are data packets that your browser stores in your end device at our instigation. Session cookies are temporary and are valid until the user logs out or until the lifetime of the cookie is reached. Other cookies are not used. 

      After leaving our website, the cookies remain stored on your terminal device and enable us to recognise your internet browser on your next visit.  

      You can set your internet browser so that you are informed when cookies are set and decide individually whether to accept them or generally exclude the acceptance of cookies for certain cases. Cookies that have already been stored can be deleted at any time. This can be done automatically. If you do not accept cookies, the functionality of our website may be limited. 

      Device information: We collect data from and about the devices you use to access Calvah. This includes IP addresses, the type of browser and device you use and the identifiers associated with your devices. Depending on your device settings, your devices may also transmit location data to the Services. For example, we use device information to identify misuse and to detect and correct errors. 

      Data from communications with Kollektiv MFG: Other data you may provide to us when you interact with Kollektiv MFG in other ways. This includes, for example, data from emails you forward to mail addresses of @kollektiv-mfg.com or @calvah.com. You may voluntarily provide us with data when you interact with us, such as when you interact directly with Kollektiv MFG staff, such as our sales, support or research groups. Kollektiv MFG may process: Your enquiry, questions and feedback that you submit to us via forms or email. Data you provide in connection with sweepstakes, contests or research studies run by Kollektiv MFG if you choose to participate, data to verify your identity, your audio and video data if you participate in a sales call or user research study and do not opt out of having the calls recorded. 

      3. Use of your data  

      Kollektiv MFG processes your data to perform our contracts with you (Art. 6 para. 1 sentence 1, lit. b DSGVO). The purposes of the data processing depend in detail on the basis of the contract. Kollektiv MFG uses your data to provide Calvah and related services, to communicate with you, to process transactions when you change your Calvah plan, to maintain security and prevent fraud, and to comply with legal requirements. 

      Data access: Within our organization, your personal data will only be disclosed to those individuals and bodies who need it to fulfill our contractual and legal obligations. In addition, the following bodies may receive your data (if necessary): the tax advisor for advice on tax matters and the auditor for the preparation of the annual financial statements. 

      Contractual warranties: providing services to you and operating our business; maintaining, providing and improving our products and services; improving our understanding of user interests and needs so that we can tailor Calvah for you; and analyzing and evaluating how you interact with our websites and Calvah.  

      Contacting us for support, communications etc: We use information about your use of Calvah to:  

      • Account information (e.g. your email address and name).  
      • Data related to integrated third-party services to contact you about Calvah (by phone, text message, email or chat)  
      • To share notices and updates, product changes and other necessary communications such as security and fraud alerts, and to provide webinars or public presentations and demonstrations of Calvah and to gather your opinions through surveys, research studies and questionnaires.  
      • Providing support, obtaining feedback, responding to your requests for information.  
      • Helping you identify and resolve issues with your account and answering your questions. 

      Enabling reporting and analysis of Calvah’s performance: we may aggregate and/or anonymise data relating to your use of Calvah (for example, how many meetings you have created or the average meeting duration) so that such data can no longer be associated with you or your device. We may use such aggregated and anonymised data for any purpose, including, but not limited to, research and marketing purposes, and may also share such data with third parties, including advertisers, sponsors, event organizers and/or others.  

      Law and order and public interest: In individual cases, we process your data to protect legitimate interests of us or of third parties (e.g. public authorities). This applies in particular to the investigation of criminal offenses (legal basis Art. 6 para. 1 sentence 1 lit. f DSGVO in conjunction with § 26 para. 1 sentence 2 BDSG) or the exchange of data within the group for administrative purposes or to protect Kollektiv MFG from fraud or abuse. 

      4. How we protect our users’ data 

      The protection of your data: Is secured by SSL encryption (https), storage of encrypted passwords, regular updating of the website. 

      Retention of your data: Through your registered account, we retain stored information from you as follows:  

      • for as long as your account exists or we need it to provide the Services to you
      • After your account has been deleted, all personal data – if applicable – will first be stored in accordance with tax and commercial law retention periods and then deleted after expiry of the period, unless you have consented to further processing and use. On the other hand, we initiate the deletion of this information after 30 days. 

      Please note:  

      1. It may take some time to delete this information from our servers and from our backup; and  
      1. We may retain this information as necessary to comply with our legal obligations, resolve disputes or enforce our contracts. 
      1. Where we store and process our users’ data 

      Kollektiv MFG engages third party sub-processors to assist in the provision of services to our clients:in. A sub-processor is a third party processor engaged by Kollektiv MFG to receive data from Kollektiv MFG and process personal data on behalf of our clients. 

      Third Party Processor List  

      Sub-processors of Kollektiv MFG 

       

      Name 

      Type of sub-processing 

      Country  

      Hetzner Online GmbH 

      Cloud Service Provider

      DE 

      Stripe 

      Payment Service Provider

      USA 

       

      Payment function. We have integrated the online payment service provider Stripe to process the payment for the fulfillment of the contract. Stripe offers the option of processing payments via credit cards.   

      If you select payment via Stripe, the payment data you enter (name, purchase amount, e-mail, bank details) will be transmitted to Stripe. By selecting this payment option, you consent to the transmission of your personal data required for payment processing.  

      The transmission of your data to Stripe is based on Art. 6 para. 1, sentence.1 lit. a DSGVO and Art. 6 para. 1, sentence.1 lit. b DS-GVO. You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations. This also applies to personal data that must be processed, used or transmitted for the purpose of processing payments.  

      The transfer of the data is for the purpose of payment processing and fraud prevention.  

      We will also transfer other personal data to Stripe if there is a legitimate interest for the transfer. The personal data exchanged between us and Stripe may be transferred by Stripe to credit reference agencies. The purpose of this transfer is to check your identity and creditworthiness. Stripe may share your personal data with affiliates and service providers or subcontractors to the extent necessary to fulfill its contractual obligations or to process data on its behalf.  

      The transfer of personal data to third countries is based on the standard contractual clauses approved by the EU Commission.  

      You can access Stripe’s privacy policy, which you accept by using credit card payment via Stripe, at the following link: https://stripe.com/de/privacy.  

      Hosting of the Calvah website is hosted on servers of Hetzner Online GmbH in Germany. For further information, please refer to the website of Hetzner Online GmbH (https://www.hetzner.com/de/legal/privacy-policy?country=de).  

      We have concluded a data processing contract with Hetzner Online GmbH, which protects our customers and obliges Hetzner not to pass on the collected data to third parties. 

      Information on data transfer to the USA and other third countries 

      Among others, we use the service provider stripe, which is based in the USA. Your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. 

      We require your express consent to transfer data to the USA (legal basis Art. 49 para. 1 sentence 1 lit. a DSGVO).  

      Changes  

      In the context of a possible restructuring, a merger, a takeover or a sale of our assets, your data may be transferred. In this case, we will inform you of this, for example by email to the address linked to your account, and explain all your options.  

      We reserve the right to change this privacy policy from time to time. The current version is available on our website. If any change materially restricts your rights, we will notify you.

      What rights do I have? 

      You have the following rights in relation to us in respect of personal data relating to you: 

      • Right to information 
      • Right of revocation 
      • Right to rectification or deletion 
      • Right to restriction of processing 
      • Right to object to processing 
      • Right to data portability 

      If you are dissatisfied with how we handle your data, you can lodge a complaint with the relevant data protection supervisory authority.