Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of processing, and the data subjects.

Types of Data Processed

• Inventory data
• Employee data
• Payment data
• Contact data
• Content data
• Contract data
• Usage data
• Metadata, communication data, and procedural data
• Log data

Categories of Data Subjects

• Service recipients and clients
• Employees
• Prospective clients
• Communication partners
• Users
• Business and contractual partners
• Third parties
• Whistleblowers

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations
• Communication
• Security measures
• Office and organizational procedures
• Organizational and administrative procedures
• Feedback
• Provision of our online services and user-friendliness
• Information technology infrastructure
• Public relations and information purposes
• Whistleblower protection
• Public relations
• Business processes and operational procedures

Relevant Legal Bases

Relevant legal bases under the GDPR:

Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.

Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany:

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains, in particular, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated individual decision-making, including profiling. Furthermore, state data protection laws of the individual federal states may also apply.

Security Measures

In accordance with legal requirements, and taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the erasure of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, and ensuring the availability and separation of the data. Securing online connections with TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we rely on TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thus protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal regulations as soon as the underlying consent is withdrawn or no further legal basis for processing exists. This applies to cases in which the original processing purpose no longer applies or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal proceedings or the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy policy contains additional information on the storage and deletion of data that applies specifically to certain processing activities.

If there are multiple retention periods or deletion deadlines for a given date, the longest period always applies. Data that is no longer needed for the originally intended purpose, but is retained due to legal requirements or other reasons, is processed by us exclusively for the reasons that justify its retention.

Data Retention and Deletion:

The following general retention periods apply under German law:

10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the work instructions and other organizational documents necessary for their understanding (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).

8 years – Accounting documents, such as invoices and expense receipts (§ 147 para. 1 nos. 4 and 4a in conjunction with para. 3 sentence 1 AO and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).

6 years - Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents relevant for taxation, e.g., timesheets, cost accounting sheets, calculation documents, price tags, but also payroll documents, insofar as they are not already accounting documents, and cash register receipts (Section 147 Paragraph 1 Nos. 2, 3, 5 in conjunction with Paragraph 3 of the German Fiscal Code (AO), Section 257 Paragraph 1 Nos. 2 and 3 in conjunction with Paragraph 4 of the German Commercial Code (HGB)).

3 years - Data required to consider potential warranty and damage claims or similar contractual claims and rights, as well as to process related inquiries, based on past business experience and standard industry practices, will be stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 of the German Civil Code (BGB)).

3 years Commencement of the time limit at the end of the year:

If a time limit does not expressly begin on a specific date and is at least one year long, it automatically starts at the end of the calendar year in which the event triggering the time limit occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the time limit is the effective date of the termination or other end of the legal relationship.

Rights of Data Subjects

Rights of data subjects under the GDPR:

As a data subject under the GDPR, you have various rights, which arise in particular from Articles 15 to 21 of the GDPR:

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdraw consent: You have the right to withdraw any consent you have given at any time.

Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information, as well as a copy of the personal data, in accordance with the legal requirements.

Right to rectification: In accordance with legal requirements, you have the right to request the completion of incomplete personal data concerning you or the rectification of inaccurate personal data concerning you.

Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that personal data concerning you be erased without undue delay, or alternatively, in accordance with legal requirements, to request the restriction of processing of your personal data.

Right to data portability: In accordance with legal requirements, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Rights of Data Subjects

Rights of data subjects under the GDPR:

As a data subject under the GDPR, you have various rights, which arise in particular from Articles 15 to 21 of the GDPR:

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdraw consent: You have the right to withdraw any consent you have given at any time.

Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information, as well as a copy of the personal data, in accordance with the legal requirements.

Right to rectification: In accordance with legal requirements, you have the right to request the completion of incomplete personal data concerning you or the rectification of inaccurate personal data concerning you.

Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that personal data concerning you be erased without undue delay, or alternatively, in accordance with legal requirements, to request the restriction of processing of your personal data.

Right to data portability: In accordance with legal requirements, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Business Services

We process personal data of our contractual and business partners, such as customers, clients, prospective clients, suppliers, and other cooperation partners (collectively referred to as "Contractual Partners"), for the initiation, execution, and processing of contractual relationships and comparable legal relationships. This also includes pre-contractual measures taken upon request, as well as communication related to the respective contractual relationship.

The processing serves, in particular, to fulfill our primary and secondary contractual obligations. These include the provision of the agreed services, any update and information obligations, the handling of warranty claims and other service disruptions, the processing of cancellations, terminations of ongoing contractual relationships, rescission, refunds, and the processing of other contract-related declarations and inquiries. This covers both one-off contracts and ongoing contractual relationships.

We process, in particular, master data such as name, address, and, if applicable, company name; contact details such as email address and telephone number; contract and service data such as the subject matter of the contract, contract duration, order or transaction number; usage and performance data; payment and billing data; as well as communication content and history. Where necessary, we also process data that is disclosed or transmitted to us in the course of fulfilling an order.

Furthermore, we process the data to protect our rights and to fulfill legal obligations. This includes, in particular, commercial and tax law retention obligations, documentation obligations, and, where applicable, obligations to provide evidence and accountability. Processing also takes place based on our legitimate interests in proper business management, internal administration, risk management, and IT security, as well as in protecting our business operations and those of our contractual partners from misuse, data breaches, confidentiality, and other legal interests. This may also include the involvement of external service providers such as IT and telecommunications providers, transport and logistics companies, payment service providers, banks, tax and legal advisors, or other agents, insofar as this is necessary for the performance of the contract or for compliance with legal obligations.

Personal data will only be disclosed to third parties if this is necessary for the performance of the contract, for carrying out pre-contractual measures, for safeguarding legitimate interests, or for compliance with legal obligations. We will provide separate information about any further processing, particularly for marketing purposes, within the framework of this privacy policy.

We will inform our contractual partners which data is required in each individual case during the data collection process, for example, through appropriate labeling in online forms or in personal contact.

Data will be deleted as soon as it is no longer required for the aforementioned purposes and no statutory retention obligations apply. Statutory retention periods, in particular under commercial and tax law, may require longer storage. Data transmitted within the scope of a specific order will be deleted after completion of the order and expiry of any applicable retention periods, unless further legal or contractual obligations to store the data exist.

The legal basis for processing is Article 6(1)(b) GDPR for the performance of pre-contractual measures and for the fulfillment of the respective contractual relationship, as well as Article 6(1)(c) GDPR for compliance with legal obligations. Where processing is based on legitimate interests, it is carried out on the basis of Article 6(1)(f) GDPR. Insofar as processing is based on Article 6(1)(f) GDPR, it is carried out to safeguard our legitimate interests in proper and efficient business organization, the internal administration and documentation of business transactions, the enforcement and defense of legal claims, ensuring IT and data security, preventing misuse and fraud, and the economic management and further development of our business operations. These interests consist, in particular, of ensuring secure and legally compliant business operations and maintaining our entrepreneurial capacity.

Types of data processed: Master data (e.g., full name, home address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or telephone numbers); contract data (e.g., subject matter of the contract, term, customer category).

Data subjects: Service recipients and clients; prospective customers.

Payment Methods

Within the framework of contractual and other legal relationships, due to legal obligations, or otherwise based on our legitimate interests, we offer data subjects efficient and secure payment options and, in addition to banks and credit institutions, utilize other service providers for this purpose (collectively, "payment service providers"). Payment transactions are processed exclusively via encrypted connections, in accordance with the state of the art, so that the entered data is protected from unauthorized access during transmission.

The data processed by the payment service providers includes master data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, amount, and recipient-related information. This information is required to process the transactions. However, the entered data is processed and stored only by the payment service providers. This means that we do not receive any account or credit card-related information, but only confirmation or rejection of the payment. The payment service providers may transmit the data to credit reference agencies. This data transfer is for identity and creditworthiness verification. Please refer to the terms and conditions and privacy policies of the payment service providers for further information.

The terms and conditions and privacy policies of the respective payment service providers, which can be accessed on their respective websites or transaction applications, apply to payment transactions. We also refer you to these for further information and to exercise your rights of withdrawal, access, and other data subject rights.

Types of data processed: Master data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).

Data subjects: Recipients of services and clients; business and contractual partners; prospective clients.

Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations. Business processes and operational procedures.

Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".

Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing operations, procedures, and services:

PayPal: Payment services (technical integration of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR);

Website: https://www.paypal.com/de

Privacy policy: https://www.paypal.com/de/legalhub/paypal/privacy-full

Provision of Online Services and Web Hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Types of data processed: Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved); log data (e.g., log files concerning logins or data retrieval or access times).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing and legitimate interests: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)). Security measures.

Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, processes, and services:

Provision of online services on rented storage space: To provide our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also called a "web host"); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Collection of access data and log files: Access to our online services is logged in the form of so-called "server log files". Server log files may contain the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and, typically, IP addresses and the requesting provider. Server log files can be used for security purposes, such as preventing server overload (especially in the case of malicious attacks, so-called DDoS attacks), and to ensure server capacity and stability. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter referred to as "publication media"). Reader data is processed for the purposes of the publication media only to the extent necessary for its presentation and communication between authors and readers, or for security reasons. For further information, please refer to the section on processing visitor data for our publication media within this privacy policy.

Types of data processed: Master data (e.g., full name, home address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or image-based messages and posts, as well as related information such as authorship details or date of creation); Usage data (e.g., page views and time spent on the page, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing and legitimate interests: Feedback (e.g., collecting feedback via online form). Provision of our online services and user-friendliness.

Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter referred to as "publication media"). Reader data is processed for the purposes of the publication media only to the extent necessary for its presentation and communication between authors and readers, or for security reasons. For further information, please refer to the section on processing visitor data for our publication media within this privacy policy.

Types of data processed: Master data (e.g., full name, home address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or image-based messages and posts, as well as related information such as authorship details or date of creation); Usage data (e.g., page views and time spent on the page, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing and legitimate interests: Feedback (e.g., collecting feedback via online form). Provision of our online services and user-friendliness.

Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Social Media Presence

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about ourselves.

Please note that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce their rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on usage patterns and the resulting user interests. These profiles may then be used to display advertisements within and outside the networks that are presumably tailored to the users' interests. Therefore, cookies are typically stored on users' computers to record their usage patterns and interests. Additionally, user profiles may also store data independently of the devices used by the users (especially if they are members of the respective platforms and are logged in).

For a detailed description of the respective processing methods and the options to object (opt-out), please refer to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be most effectively addressed directly with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. Should you still require assistance, you can contact us.

Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or image messages and posts, as well as information relating to them, such as authorship or time of creation); Usage data (e.g., page views and time spent on the site, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing and legitimate interests: Communication; feedback (e.g., collecting feedback via online form); public relations. Public relations and information purposes.

Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing activities, procedures, and services:

Bluesky: Decentralized social media network – enables the creation, sharing, and commenting on content, as well as following user profiles; Service provider: Bluesky, PBLLC., Seattle, USA, support@bsky.app; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://bsky.social/; Privacy policy: https://bsky.social/about/support/privacy-policy.

Instagram: Social network – enables the sharing of photos and videos, commenting on and liking posts, sending messages, and subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Legal basis for third-country transfers: Data Privacy Framework (DPF).

LinkedIn: Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of visitor data used to generate "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as their actions. Details about the devices used are also collected, such as IP addresses, operating system, browser type, language settings, and cookie data, along with information from user profiles, such as job title, country, industry, hierarchical level, company size, and employment status. Information on LinkedIn's processing of user data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy. We have entered into a specific agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum”, https://legal.linkedin.com/pages-joint-controller-addendum) which, in particular, regulates the security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, submit requests for access or erasure directly to LinkedIn). The rights of users (in particular the right to access, erasure, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint controllership is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular with regard to the transfer of data to its parent company, LinkedIn Corporation, in the USA. Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Opt-out option: https://myadcenter.google.com/personalizationoff.

Management, Organization, and Tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning, and providing our services. We comply with legal requirements when selecting third-party providers and their services.

In this context, personal data may be processed and stored on the servers of the third-party providers. This may involve various types of data, which we process in accordance with this privacy policy. This data may include, in particular, master data and contact information of users, data relating to transactions, contracts, other processes, and their content.

If users are referred to the third-party providers or their software or platforms in the course of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore ask you to review the privacy policies of the respective third-party providers.

Types of data processed: Content data (e.g., textual or image messages and posts, as well as information relating to them, such as authorship or time of creation); Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).

Data subjects: Communication partners. Users (e.g., website visitors, users of online services).

Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations. Office and organizational procedures.

Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Changes and Updates

We encourage you to review our Privacy Policy regularly. We will update the Privacy Policy as soon as changes to our data processing activities make this necessary. We will inform you if any changes require your action (e.g., consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this Privacy Policy, please note that these addresses may change over time. We ask that you verify the information before contacting them.

Created with the free Privacy Policy Generator by Dr. Thomas Schwenke.