Data Privacy Policy
Data protection is of particularly high importance to ambye Private Media & Mediation Platform GmbH (hereinafter: Provider). The use of the Provider’s websites is generally possible without providing any personal data. However, if a data subject wishes to use special services of our offering via our app, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, always takes place in accordance with the General Data Protection Regulation and in compliance with the country-specific data protection provisions applicable to the Provider. Through this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights through this privacy policy.
As the party responsible for processing, the Provider has implemented numerous technical and organizational measures to ensure the most comprehensive protection possible of the personal data processed via this website or app. Nevertheless, internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us through alternative means, such as by telephone.
- Definitions
The provider’s privacy policy is based on the terms used by the European legislators and regulators in the enactment of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable both for the public and for our customers and business partners. To ensure this, we would like to first explain the terms used.
In this privacy policy, we use, among others, the following terms:
1.1. Personal Data
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific factors that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
1.2. Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
1.3. Processing
Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
1.4. Restriction of Processing
Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.
1.5. Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
1.6. Pseudonymization
Pseudonymization means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
1.7. Controller or Responsible for Processing
The controller or responsible for processing is the natural or legal person, authority, institution, or other body that alone or jointly with others determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller may be designated or criteria for such designation may be provided by Union or Member State law.
1.8. Processor
A processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller.
1.9. Recipient
A recipient is a natural or legal person, authority, institution, or other body to whom personal data is disclosed, whether a third party or not. Authorities that may receive personal data in the context of a specific investigation under Union or Member State law are not considered recipients.
1.10. Third Party
A third party is a natural or legal person, authority, institution, or other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process personal data.
1.11. Consent
Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
- Name and Address of the Controller Responsible for Processing
The controller in accordance with the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union, and other provisions with data protection character is:
ambye Private Media & Mediation Platform GmbH
Lorenz-Oettl-Straße 3
86899 Landsberg am Lech
Germany
Email: info@ambye.com
Website: www.ambye.com
- Cookies
The provider’s websites use cookies. Cookies are text files that are stored on a computer system via an internet browser. Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This allows the visited websites and servers to distinguish the individual browser of the person concerned from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified through the unique cookie ID.
By using cookies, the provider can offer users of this website more user-friendly services that would not be possible without setting cookies.
Through a cookie, the information and offers on our website can be optimized for the user. As mentioned, cookies allow us to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, a user of a website that uses cookies does not have to re-enter their login details every time they visit the website because this is handled by the website and the cookie stored on the user’s computer system. Another example is a shopping cart cookie in an online shop. The online shop remembers the items a customer has placed in the virtual shopping cart via a cookie.
The person concerned can prevent the setting of cookies by our website at any time through a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the person concerned deactivates the setting of cookies in the internet browser used, it may not be possible to use all functions of our website fully.
- Collection of General Data and Information
Each time the website of the provider is accessed by a data subject or an automated system, a number of general data and information are collected. These general data and information are stored in the server’s log files. The following may be recorded: (1) the types and versions of browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the subpages accessed on our website via an accessing system, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serve to prevent danger in the event of attacks on our information technology systems.
The provider does not draw conclusions about the person concerned from the use of this general data and information. Instead, this information is required to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. These anonymously collected data and information are therefore evaluated by the provider, on the one hand, statistically, and on the other hand, with the aim of increasing data protection and data security within our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from all personal data provided by a data subject.
- Registration on our Website and the App
The data subject has the option to register on the website of the controller by providing personal data. Which personal data are transmitted to the controller is determined by the respective input form used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the transfer to one or more processors, for example, a parcel delivery service, who also use the personal data exclusively for internal purposes attributable to the controller.
By registering on the controller’s website, the IP address assigned to the data subject by their Internet Service Provider (ISP), as well as the date and time of registration, are also stored. The storage of this data is necessary to prevent misuse of our services and, if necessary, to enable the investigation of criminal offenses. In this respect, storing this data is required to protect the controller. These data are generally not shared with third parties unless there is a legal obligation to do so or the transfer serves law enforcement purposes.
The registration of the data subject with voluntary provision of personal data allows the controller to offer content or services that, by their nature, can only be offered to registered users. Registered users are free to change the personal data provided during registration at any time or to have it completely deleted from the controller’s database.
The controller provides each data subject, upon request, with information about which personal data concerning them are stored. Furthermore, the controller corrects or deletes personal data at the request or upon the instruction of the data subject, provided there are no statutory retention obligations. The controller’s entire staff is available to the data subject as contact persons in this context.
- Subscription to Our Newsletter
The provider’s website gives users the opportunity to subscribe to our company’s newsletter. Which personal data are transmitted to the controller when ordering the newsletter is determined by the input form used for this purpose.
The provider regularly informs its customers and business partners via a newsletter about the company’s offers. The newsletter can generally only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter. For legal reasons, a confirmation email is sent to the email address first provided by a data subject for the newsletter via the double opt-in procedure. This confirmation email serves to verify whether the owner of the email address has authorized the receipt of the newsletter as a data subject.
When registering for the newsletter, we also store the IP address assigned by the ISP of the computer system used by the data subject at the time of registration, as well as the date and time of registration. Collecting this data is necessary to trace any potential misuse of the data subject’s email address at a later time and thus serves to legally protect the controller.
The personal data collected during newsletter registration are used exclusively for sending our newsletter. Furthermore, newsletter subscribers may be informed by email if this is necessary for the operation of the newsletter service or for related registration, for example, in the event of changes to the newsletter offering or technical adjustments. There is no transfer of personal data collected within the newsletter service to third parties. The subscription to our newsletter can be canceled by the data subject at any time. Consent to the storage of personal data provided for newsletter delivery can be revoked at any time. For this purpose, each newsletter contains an appropriate link for revocation. Additionally, it is possible to unsubscribe from the newsletter directly on the controller’s website at any time or to notify the controller in another manner.
- Newsletter Tracking
The provider’s newsletters contain so-called tracking pixels. A tracking pixel is a tiny graphic embedded in emails sent in HTML format to enable log file recording and analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, the provider can determine whether and when an email was opened by the recipient and which links within the email were clicked by the recipient.
Personal data collected via the tracking pixels contained in the newsletters are stored and analyzed by the entity responsible for processing in order to optimize newsletter delivery and better tailor the content of future newsletters to the interests of the recipient. This personal data is not shared with third parties. Recipients have the right at any time to revoke the separate consent they provided via the double opt-in procedure. After a revocation, this personal data is deleted by the entity responsible for processing. Unsubscribing from the newsletter is automatically interpreted by the provider as a revocation.
- Contact Options via the Website
The provider’s website contains information required by law that allows quick electronic contact with our company and direct communication with us, which also includes a general electronic mail address (email address). If a recipient contacts the entity responsible for processing via email or a contact form, the personal data submitted by the recipient are automatically stored. Personal data voluntarily provided by a recipient to the entity responsible for processing are stored for the purpose of handling or contacting the recipient. These personal data are not shared with third parties.
- Data Protection in Applications and the Recruitment Process
The entity responsible for processing collects and processes personal data from applicants for the purpose of managing the application process. Processing may also be carried out electronically, particularly when an applicant submits application documents electronically, for example by email or via a web form on the website, to the entity responsible for processing. If the entity responsible for processing enters into an employment contract with an applicant, the submitted data are stored for the purpose of managing the employment relationship in compliance with legal regulations. If no employment contract is concluded, the application documents are automatically deleted two months after the notification of the rejection decision, unless other legitimate interests of the entity responsible for processing oppose deletion. Such legitimate interests may include, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
- Routine Deletion and Blocking of Personal Data
The entity responsible for processing processes and stores personal data of the affected person only for the period necessary to achieve the storage purpose or as required by European directives and regulations or other laws or regulations applicable to the entity responsible for processing.
If the storage purpose ceases to exist or a storage period prescribed by European directives or another competent legislator expires, the personal data are routinely blocked or deleted in accordance with legal regulations.
- Rights of the Data Subject
11.1. Right to Confirmation
Every data subject has the right granted by European directives and regulations to request from the controller confirmation as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right to confirmation, they may contact an employee of the controller at any time.
11.2. Right of Access
Every data subject whose personal data is being processed has the right granted by European directives and regulations to obtain free of charge from the controller at any time information about the personal data stored concerning them and a copy of this information. Furthermore, European directives and regulations grant the data subject the right to information on the following:
– the purposes of processing
– the categories of personal data being processed
– the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations
– where possible, the intended period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
– the existence of a right to rectification or erasure of personal data concerning them, or to restriction of processing by the controller, or a right to object to such processing
– the existence of a right to lodge a complaint with a supervisory authority
– if the personal data were not collected from the data subject: all available information about the source of the data
– the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR, and—at least in these cases—meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject
Furthermore, the data subject has the right to know whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to information about the appropriate safeguards related to the transfer.
If a data subject wishes to exercise this right of access, they may contact an employee of the controller at any time.
11.3. Right to Rectification
Every data subject whose personal data is being processed has the right granted by European directives and regulations to request the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data—also by means of a supplementary statement—considering the purposes of processing.
If a data subject wishes to exercise this right to rectification, they may contact an employee of the controller at any time.
11.4. Right to Erasure (Right to be Forgotten)
Every data subject whose personal data is being processed has the right granted by European directives and regulations to request the controller to delete personal data concerning them without undue delay, provided one of the following grounds applies and the processing is not necessary:
– The personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
– The data subject withdraws consent on which the processing is based pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and there is no other legal basis for processing.
– The data subject objects to processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for processing, or the data subject objects pursuant to Art. 21(2) GDPR.
– The personal data have been unlawfully processed.
– The erasure of personal data is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.
– The personal data have been collected in relation to information society services offered pursuant to Art. 8(1) GDPR.
If one of the above grounds applies and a data subject wishes to initiate the deletion of personal data stored by the provider, they may contact an employee of the controller at any time. The provider’s employee will ensure that the deletion request is promptly honored.
If the personal data have been made public by the provider and our company, as controller, is obliged under Art. 17(1) GDPR to delete the personal data, the provider will take reasonable measures, considering available technology and implementation costs, including technical measures, to inform other controllers processing the published personal data that the data subject has requested them to delete all links to, copies, or replications of those personal data, insofar as processing is not necessary. The provider’s employee will determine the necessary steps on a case-by-case basis.
11.5. Right to Restriction of Processing
Any person affected by the processing of personal data has the right granted by the European directive and regulatory authority to request the restriction of processing from the data controller if one of the following conditions is met:
- The accuracy of the personal data is disputed by the data subject, for a period that allows the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject opposes the deletion of the personal data, and instead requests the restriction of the use of the personal data.
- The controller no longer needs the personal data for the purposes of processing, but the data subject requires it for the establishment, exercise, or defense of legal claims.
- The data subject has objected to the processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by the provider, they can contact an employee of the data controller at any time. The provider’s employee will initiate the restriction of processing.
11.6. Right to Data Portability
Any person affected by the processing of personal data has the right granted by the European directive and regulatory authority to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit these data to another controller without hindrance from the controller to whom the personal data were provided, provided the processing is based on consent according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract according to Article 6(1)(b) GDPR, and the processing is carried out using automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, the data subject has the right, when exercising their right to data portability pursuant to Article 20(1) GDPR, to have the personal data transmitted directly from one controller to another, as far as technically feasible and provided that this does not adversely affect the rights and freedoms of others.
To exercise the right to data portability, the data subject can contact an employee of the provider at any time.
11.7. Right to Object
Any person affected by the processing of personal data has the right granted by the European directive and regulatory authority to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
The provider will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.
If the provider processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the provider will no longer process the personal data for these purposes.
Moreover, the data subject has the right, for reasons arising from their particular situation, to object to the processing of personal data concerning them carried out by the provider for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, the data subject can contact any employee of the provider directly or another employee. Additionally, in connection with the use of information society services, regardless of Directive 2002/58/EC, the data subject may exercise their right to object using automated procedures with technical specifications.
11.8. Automated Individual Decision-Making, Including Profiling
Any person affected by the processing of personal data has the right granted by the European directive and regulatory authority not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is permitted by Union or Member State law to which the controller is subject and such law contains appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, or (3) is based on the explicit consent of the data subject.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is based on the explicit consent of the data subject, the provider takes appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain human intervention by the controller, to express their point of view, and to contest the decision.
If the data subject wishes to assert rights related to automated decisions, they can contact an employee of the data controller at any time.
11.9. Right to Withdraw a Data Protection Consent
Any person affected by the processing of personal data has the right granted by the European directive and regulatory authority to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise their right to withdraw consent, they can contact an employee of the data controller at any time.
- Special Data Protection Provisions
12.1. Data Protection Provisions for the Use of Contact Form 7
The party responsible for processing has integrated components of Contact Form 7 as a WordPress plugin on this website. WordPress.org websites (collectively referred to in this document as “WordPress.org”) refer to websites hosted on WordPress.org, WordPress.net, WordCamp.org, BuddyPress.org, bbPress.org, and other related domains and subdomains. Contact Form 7 is a plugin that allows you to create, customize, and integrate any type of contact form on your WordPress website.
The operating company is Rock Lobster, LLC., 810-0041 1-1-29 Daimyo, Chuo-ku, Fukuoka City, Fukuoka Prefecture, Japan.
Contact Form 7 stores user input data submitted through the contact forms on the website, along with metadata about the entries, including the timestamp, originating IP address, and user agent (browser). Third-party services may also collect information about website visitors. The information is sent via email, accessible only to a selected group of individuals. The information is also stored in the database on the hosting server for backup and future reference purposes.
Contact Form 7 does not set a specific time limit for storing information, as it may be needed for future reference. If users wish to have their information removed from the database, direct contact with Contact Form 7 is required. Contact Form 7 will delete user data at any time if there are concerns regarding the privacy of users.
Contact Form 7 only uses WordPress plugins and themes hosted by WordPress.org. The policies of WordPress.org explicitly prohibit tracking users without their explicit, informed consent.
The applicable privacy policy can be accessed at https://contactform7.com/privacy-policy/.
12.2. Data Protection Provisions for the Use of Elementor
The party responsible for processing has integrated components of the Elementor service on this website. With the Elementor Website Builder, WordPress users can create and edit websites using drag-and-drop technology with an integrated responsive mode.
The operating company for Elementor services is Elementor Ltd., 2600 Flatbush Ave, Brooklyn, New York, 11234, United States.
Elementor collects information in three different ways: when users use the website, when users use the services, and when users use the software. Elementor collects, among other things, payment information (for subscription purposes) and stores a token for recurring billing if users have purchased a subscription, which cannot be used to re-identify their credit card. Elementor also collects aggregated data from third parties, such as social media sites and other services they use, as well as from joint ventures that Elementor may establish. Elementor also collects information that users provide via email or other communications. Elementor collects information about how users interact with their website, such as the pages users visited, links clicked, websites that referred users to Elementor, device type, screen resolution, operating system, and browser.
When users use Elementor services, Elementor may automatically collect information from users’ devices, including, without limitation, information and statistics about their online/offline status, IP address, Internet service provider, browser type, hosting environment, web server, regional and language settings, as well as software and hardware attributes. Elementor’s systems can automatically record and store technical information about the method and manner of service usage.
Elementor collects the email of the website administrator using the software, as well as some of the following information, depending on the specific use by users: the IP address of the server, the license key, and the following information: server software & version, MySQL version, PHP settings & version, WordPress version, WordPress debug mode, WordPress memory limit, WordPress max upload size, WordPress settings (permalink structure, multisite, language, theme, plugins), site URL, number of custom templates stored in the library, number of posts using Elementor, and number of widgets used.
Elementor uses personal data to provide users with services and software. Elementor may conduct research on user demographics, interests, and behavior based on personal data and other information collected by Elementor.
Elementor servers may be hosted in various countries and jurisdictions, which may be outside the country from which users access the services and may be outside their country of residence. Elementor may transfer personal data across multiple countries.
Some uses and disclosures may involve transferring users’ personal data to different countries worldwide, which may have a different level of data protection than the user’s country and may be outside the European Economic Area. Elementor may share information when necessary to provide or maintain services. Elementor may also disclose information in accordance with a valid written legal request from a lawful authority.
To collect the above-described data, Elementor may use temporary cookies that remain on the browser for a limited period.
Users have the right to know what personal data is collected about them and the right to ensure that this data is accurate and relevant for the purposes for which Elementor collected it. Users may also request the deletion of data. Additionally, users can revoke their consent regarding data collection at any time.
Further information and Elementor’s applicable privacy policy can be accessed at elementor.com/about/privacy/.
12.3. Privacy Policy on the Use and Deployment of Facebook
The controller responsible for data processing has integrated components of the company Facebook on this website. Facebook is a social network.
A social network is an online social meeting place, an online community that generally allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for exchanging opinions and experiences or enable the online community to provide personal or company-related information. Facebook allows users of the social network, among other things, to create private profiles, upload photos, and connect through friend requests.
The operating company of Facebook is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The entity responsible for processing personal data, if a data subject resides outside the USA or Canada, is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Whenever a user visits any individual page of this website operated by the data controller and on which a Facebook component (Facebook plug-in) is integrated, the internet browser on the data subject’s IT system is automatically triggered by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook learns which specific subpage of our website the data subject visits.
If the data subject is simultaneously logged into Facebook, Facebook recognizes with each visit to our website by the data subject—and during the entire duration of that visit—which specific subpage of our website the data subject is visiting. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the “Like” button, or posts a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook receives information via the Facebook component whenever the data subject visits our website if the data subject is logged into Facebook at the time of accessing our website; this happens regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not wish such transmission of information to Facebook, they can prevent it by logging out of their Facebook account before accessing our website.
The data policy published by Facebook, available at de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains the privacy settings Facebook offers to protect the data subject’s privacy. Additionally, various applications are available that allow users to block data transmission to Facebook. Such applications can be used by the data subject to prevent data transmission to Facebook.
12.4. Privacy Policy on the Use and Deployment of Facebook Pixel
The controller responsible for data processing has integrated components of the company Facebook Pixel on this website. The Facebook Pixel is a snippet of JavaScript code that loads a collection of functions with which Facebook can track your user actions if you have arrived at the website via Facebook ads.
The operating company of Facebook Pixel is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The entity responsible for processing personal data, if a data subject resides outside the USA or Canada, is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Whenever a user visits any individual page of this website operated by the data controller and on which a Facebook component (Facebook plug-in) is integrated, the internet browser on the data subject’s IT system is automatically triggered by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook learns which specific subpage of our website the data subject visits.
If the data subject is simultaneously logged into Facebook, Facebook recognizes with each visit to our website by the data subject—and during the entire duration of that visit—which specific subpage of our website the data subject is visiting. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the “Like” button, or posts a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook receives information via the Facebook component whenever the data subject visits our website if the data subject is logged into Facebook at the time of accessing our website; this happens regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not wish such transmission of information to Facebook, they can prevent it by logging out of their Facebook account before accessing our website.
With the help of Facebook Pixel, advertising measures can be better tailored to the wishes and interests of users. Thus, Facebook users (if they have allowed personalized advertising) see relevant ads. Furthermore, Facebook uses the collected data for analysis purposes and its own advertising campaigns.
The data policy published by Facebook, available at de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains the privacy settings Facebook offers to protect the data subject’s privacy. Additionally, various applications are available that allow users to block data transmission to Facebook. Such applications can be used by the data subject to prevent data transmission to Facebook.
Further information regarding the privacy policy of Facebook Pixel can be found at de-de.facebook.com/business/gdpr.
12.5. Privacy Policy on the Use and Deployment of Google Maps
The party responsible for processing has integrated Google Maps on this website. Google Maps is a mapping service from Google that enables the visual representation of geographic information and provides interactive map functions. The purpose of Google Maps is to provide interactive maps that help users find locations, plan routes, and explore geographic information.
Google Maps is operated by Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For users within the EU, the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When using Google Maps, the following data is collected and processed:
Google Maps processes this data to display maps, show locations, and offer personalized recommendations or functions such as route planning. The data may also be used to improve the services or for Google’s marketing purposes.
Personal data may be stored in the USA and other countries. Google may share this data with third parties if necessary to provide the services or to comply with legal requirements.
Google implements extensive technical and organizational measures to ensure the security of the data, including encryption during transmission and at rest as well as access restrictions.
Further information and Google’s full privacy policy can be found at https://policies.google.com/privacy?hl=de.
12.6. Privacy Policy on the Use and Deployment of Google reCAPTCHA
The party responsible for processing has integrated components of Google reCAPTCHA on this website. This attempts to distinguish whether a particular action on the internet is performed by a human or by a computer program or bot. The user participates in the reCAPTCHA text recognition project free of charge through this CAPTCHA.
The operating company is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This function is primarily used to determine whether an input is made by a natural person or abusively through machine and automated processing. The service includes sending the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google and is based on Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in determining individual responsibility on the internet and preventing abuse and spam. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various features. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of the visitor’s stay on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.
When using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC in the United States of America.
Further information on Google reCAPTCHA as well as Google’s privacy policy can be viewed at: www.google.com/intl/de/policies/privacy/.
12.7. Privacy Policy on the Use and Deployment of LinkedIn
The entity responsible for processing has integrated components of the LinkedIn Corporation on this website. LinkedIn is an internet-based social network that allows users to connect with existing business contacts as well as establish new business relationships. Over 400 million registered users use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.
The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection matters outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.
Each time our website, which includes a LinkedIn component (LinkedIn plug-in), is accessed, this component causes the browser used by the data subject to download a corresponding representation of the LinkedIn component. Further information about LinkedIn plug-ins can be found at developer.linkedin.com/plugins. Within this technical process, LinkedIn becomes aware of which specific subpage of our website is visited by the data subject.
If the data subject is simultaneously logged into LinkedIn, LinkedIn recognizes, with every visit to our website by the data subject and for the entire duration of the respective stay on our website, which specific subpage of our website the data subject visits. This information is collected by the LinkedIn component and associated by LinkedIn with the respective LinkedIn account of the data subject. If the data subject clicks a LinkedIn button integrated into our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.
LinkedIn receives information via the LinkedIn component that the data subject has visited our website whenever the data subject is logged into LinkedIn at the time of accessing our website; this occurs regardless of whether the data subject clicks the LinkedIn component or not. If the data subject does not want such transmission of information to LinkedIn, they can prevent it by logging out of their LinkedIn account before accessing our website.
LinkedIn offers the option at www.linkedin.com/psettings/guest-controls to unsubscribe from email messages, SMS messages, and targeted advertisements, as well as to manage ad settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. Such cookies can be declined at www.linkedin.com/legal/cookie-policy. LinkedIn’s applicable privacy policy is available at www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at www.linkedin.com/legal/cookie-policy.
12.8. Privacy Policy on the Use and Deployment of Mailchimp
The entity responsible for processing has integrated components of Mailchimp on this website. Mailchimp is an American marketing automation platform and an email marketing service.
The operating company is The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Mailchimp enables, among other things, sending and managing email campaigns across channels, running advertisements, and creating websites and landing pages. Other related services are also offered, such as real-time data analytics and insights that help track and personalize marketing activities. The personal information collected by Mailchimp depends on the context of your interactions with Mailchimp, your Mailchimp account settings, the products and features you use, your location, and applicable law. In particular, Mailchimp uses the collected information to send system alerts and communicate with users based on our legitimate interests in managing the service and providing certain features.
Mailchimp collects information that users provide themselves, such as contact information, payment information, and login data. Mailchimp also automatically collects, for example, users’ usage data. The collected information serves Mailchimp primarily to improve the service and to be able to interact with users. Users also have the option to have the collected data deleted.
Further information regarding Mailchimp’s privacy policy can be found at mailchimp.com/legal/privacy/.
12.9. Privacy Policy Regarding the Use of TikTok
The controller responsible for processing has integrated components of the company TikTok on this website. TikTok is a social network.
A social network is an online social meeting place, an online community that generally allows users to communicate with each other and interact in the virtual space. A social network can serve as a platform for exchanging opinions and experiences or allow the online community to provide personal or business-related information. TikTok allows users of the platform to create and share short videos.
For users permanently residing in the Federal Republic of Germany and Austria, TikTok is offered by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, DO2 T380, Ireland.
Each time one of the individual pages of this website, operated by the controller responsible for processing and on which a TikTok component (TikTok plug-in) is integrated, is accessed, the web browser on the data processing system of the affected person is automatically prompted by the respective TikTok component to download a representation of the corresponding TikTok component from TikTok. As part of this technical process, TikTok becomes aware of which specific subpage of our website is visited by the affected person.
If the affected person is simultaneously logged into TikTok, TikTok recognizes, with each visit to our website by the affected person and for the entire duration of that visit, which specific subpage of our website the affected person is visiting. This information is collected by the TikTok component and assigned by TikTok to the respective TikTok account of the affected person. If the affected person clicks one of the TikTok buttons integrated into our website, such as the “Like” button, or leaves a comment, TikTok assigns this information to the personal TikTok user account of the affected person and stores this personal data.
TikTok receives information via the TikTok component whenever the affected person visits our website if the affected person is logged into TikTok at the time of accessing our website; this occurs regardless of whether the affected person clicks on the TikTok component or not. If the affected person does not want such information to be transmitted to TikTok, they can prevent this by logging out of their TikTok account before visiting our website.
The data policy published by TikTok, which can be accessed at www.tiktok.com/legal/page/eea/privacy-policy/de-DE, provides information about the collection, processing, and use of personal data by TikTok. It also explains which settings TikTok offers to protect the privacy of the affected person. In addition, various applications are available that make it possible to suppress the transmission of data to TikTok. Such applications can be used by the affected person to prevent the transmission of data to TikTok.
12.10. Privacy Policy Regarding the Use of Web Hosting via IONOS
The controller responsible for processing has integrated components of web hosting via IONOS on this website. Web hosting refers to the provision of web space as well as the accommodation (hosting) of websites on the web server of an Internet Service Provider (ISP).
The operating company is 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
In web hosting, inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects, and visitors of this online service are processed based on our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR. Web hosting by 1&1 may partially use external service providers for data processing. These service providers have been carefully selected and commissioned, are bound by the instructions of IONOS, and are regularly monitored.
If service providers or partners are based in a country outside the European Economic Area (EEA), IONOS provides information about the consequences of this circumstance in the description of the respective function.
Further information can be found in the privacy policy of 1&1 IONOS SE at hosting.1und1.de/terms-gtc/terms-privacy/.
12.11. Privacy Policy on the Use and Deployment of Wordfence
The controller responsible for processing has integrated components of Wordfence on this website. The website uses the plugin to protect against viruses and malware and to defend against attacks by cybercriminals.
The operating company is Defiant Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA.
Use is based on our legitimate interests within the meaning of Art. 6(1)(f) GDPR. To determine whether the visitor is a human or a robot, the plugin uses cookies. For the purpose of protection against brute-force and DDoS attacks or comment spam, IP addresses are stored on Wordfence servers. IP addresses deemed safe are placed on a whitelist. Wordfence Security secures our website, thereby protecting visitors to the website from viruses and malware. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The Live Traffic View option of the plugin is turned off, as it is not strictly necessary.
Further information on the collection and use of data by Wordfence Security can be found in Defiant’s privacy policy: https://www.wordfence.com/privacy-policy/.
12.12. Privacy Policy on the Use and Deployment of YouTube
The controller responsible for processing has integrated components of YouTube on this website. YouTube is an online video portal that allows video publishers to upload video clips for free and enables other users to view, rate, and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete movies and TV shows, as well as music videos, trailers, or user-generated videos, are accessible via the portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Whenever a page of this website operated by the controller is accessed, on which a YouTube component (YouTube video) is integrated, the visitor’s internet browser is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be accessed at www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google learn which specific subpage of our website is visited by the data subject.
If the data subject is simultaneously logged into YouTube, YouTube identifies, when a subpage containing a YouTube video is accessed, which specific subpage of our website the data subject visits. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google receive information via the YouTube component whenever the data subject visits our website while logged into YouTube, regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish to transmit this information to YouTube and Google, they can prevent transmission by logging out of their YouTube account before accessing our website.
The privacy policies published by YouTube, accessible at www.google.de/intl/de/policies/privacy/, provide information on the collection, processing, and use of personal data by YouTube and Google.
12.13. Legal Basis for Processing
Art. 6(1)(a) GDPR serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, such as in the case of inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for fulfilling tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data, or other vital information needed to be shared with a doctor, hospital, or other third party. In that case, the processing would be based on
12.13. Legal Basis for Processing
Art. 6(1)(a) GDPR serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, such as in the case of inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for fulfilling tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data, or other vital information needed to be shared with a doctor, hospital, or other third party. In that case, the processing would be based on Art. 6(1)(d) GDPR. Finally, processing operations may be based on Art. 6(1)(f) GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not outweigh it. Such processing operations are particularly permitted because they were specifically mentioned by the European legislator, who considered that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, second sentence, GDPR).
12.14. Legitimate Interests Pursued by the Controller or a Third Party
If the processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and shareholders.
12.15. Duration for Which Personal Data Will Be Stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the period expires, the corresponding data will be routinely deleted, provided it is no longer required for contract fulfillment or contract initiation.
12.16. Legal or Contractual Requirements for Providing Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Non-Provision
We inform you that the provision of personal data is partly legally required (e.g., tax regulations) or may arise from contractual agreements (e.g., information about the contracting party). In some cases, it may be necessary for the conclusion of a contract that a data subject provides us with personal data, which must then be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would result in the contract not being concluded. Before providing personal data, the data subject must contact one of our employees. Our employee will explain on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for contract conclusion, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
12.17. Existence of Automated Decision-Making
As a responsible company, we refrain from automated decision-making or profiling.

