Thank you for your interest in our website. The protection of your personal data is very important to us. We would therefore like to take this opportunity to inform you about data protection within our company. We naturally comply with the legal provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Digital Services Act (DDG), and other data protection regulations.

You can trust us with your personal data! It is encrypted and transmitted to us using state-of-the-art security systems. Our websites are protected by technical and organizational measures against damage, destruction, or unauthorized access.

NAME AND CONTACT DETAILS OF THE CONTROLLER

This privacy information applies to data processing by:

Responsible: predict.io GmbH, Mainparkring 4, 97246 Eibelstadt, Germany

Email: datenschutz[at]krick.com
Phone: +49 9303 982-0
Fax: +49 9303 982-111

DATA PROTECTION OFFICER

We have appointed a data protection officer.

Resilience Operations Center GmbH
Neumeyerstraße 48, 90411 Nuremberg

Email: dsb[at]resilienceoperations.center
Telephone: +49 911 4775 28-0

RIGHTS OF THE DATA SUBJECT

You can obtain information about the data we have stored about you free of charge at any time and without giving reasons.

You have the right:

• Pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information on its details.
• to request the immediate correction of any incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR;
• to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you contest the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
• pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller;
• According to Art. 7 (3) GDPR, you have the right to revoke your consent at any time. This means that we may no longer continue the data processing based on this consent in the future and
• Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company.

RIGHT OF WITHDRAWAL

You can block, correct, or delete the data we have collected about you at any time, provided your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR and you object to the pseudonymized collection and storage of data for the purposes of optimizing our website. This objection is made in accordance with Art. 21 GDPR. You can also revoke your consent to data collection and use at any time without giving reasons. To do so, please contact us using the contact address provided in the imprint. We are always happy to answer any further questions you may have about our privacy policy and the processing of your personal data.

Please note that data protection regulations and practices, such as those of Google, are subject to change. It is therefore advisable and necessary to keep yourself informed about changes in legal regulations and the practices of companies, such as Google.

DATA SECURITY

We use the widely used SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. You can recognize this by the key or lock symbol in your browser.

Furthermore, we use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. We continuously improve our security measures in line with technological developments.

SUBJECT OF DATA PROTECTION

The subject of data protection is personal data. According to Article 4 (1) of the GDPR, this is individual information about the personal or factual circumstances of a specific or identifiable natural person. This includes, for example, information such as name, postal address, email address, or telephone number, but may also include usage data such as your IP address.

FURTHER DEFINITIONS FOR BETTER UNDERSTANDING

It is important to us that you easily understand our privacy policy, which is why we would like to briefly explain important terms here:

AFFECTED PERSON

This is your responsibility as the owner of your own data. Within the scope of your data subject rights, you have the right to participate in the decision-making process for your data and can also revoke your consent to the processing.

RESPONSIBLE PERSON

We are, as we are responsible for the proper processing of your data.

PROCESSING

This is the process or series of processes related to personal data, from data collection through its use to deletion or destruction. We can perform these processes ourselves or involve service providers directly commissioned by us.

PSEUDONYMISATION

With pseudonymization, data is processed in such a way that it can no longer be attributed to a specific data subject without the use of additional information. In principle, however, pseudonymization can always be lifted if the relevant data is combined.

ANONYMISATION

The personal data is deleted or altered in such a way that, under normal circumstances, it is no longer possible to identify the individual. When we compile analyses or statistics, we try to work with anonymized data wherever possible.

SCOPE OF DATA COLLECTION AND STORAGE

ACCESSING OUR WEBSITE

Data subjects can generally use our website without having to provide any personal data. However, the processing of personal data may be necessary if the data subject wishes to receive certain services, such as our newsletter or other product information.

When you visit our website, we collect the following data, which is technically necessary for us. We need this data to display our website to you and thus ensure stability and security:

• IP address of the requesting computer,
• Date and time of the request
• Name and URL of the retrieved file,
• Website from which the request comes (referrer URL),
• browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

We process the above data for the following purposes:

• Ensuring comfortable use of our website,
• Ensuring a smooth connection to the website,
• Evaluation of system security and stability as well as
• for further administrative purposes within the scope of contract performance or to fulfil legal or regulatory requirements

The processing is based on Art. 6 I lit. a GDPR if you have given us your consent to the processing of personal data concerning you for one or more specific purposes.

The processing is based on Art. 6 (1) (b) GDPR if the processing is necessary to fulfill a contract to which the data subject is a party. This also applies to pre-contractual measures taken at the request of the data subject.

The processing is based on Art. 6 I lit. c GDPR if the processing is necessary to fulfill a legal obligation to which we are subject.

Processing is based on Art. 6(1)(d) GDPR if processing is necessary to protect the vital interests of the data subject or another natural person. This may be a rare case if a data subject is seriously injured and their personal data is therefore disclosed, for example, to a doctor.

The processing is based on Art. 6 I lit. f GDPR if the processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail.

COLLECTION AND STORAGE OF USAGE DATA

To optimize our website, we collect and store data such as the date and time of the page visit, the page from which you accessed our site, and similar information for 30 days, unless you object to this data collection and storage.

This is done anonymously, without personally identifying the site user. User profiles may be created using a pseudonym. In this case, too, no connection is made between the natural person behind the pseudonym and the collected usage data, and no conclusions can be drawn about you as a natural person. We also use cookies to collect and store usage data.

These are small text files that are stored on your computer and are used to store statistical information such as your operating system, Internet browser, IP address, the previously accessed website (referrer URL), and the time of day. We collect this data exclusively for statistical purposes in order to further optimize our website and make our online offerings even more attractive.

The data is collected and stored exclusively in anonymized or pseudonymized form and does not allow any conclusions to be drawn about you as a natural person.

REGISTRATION ON OUR WEBSITE

You have the option of registering on our website and providing your personal data. We process the data you provide exclusively for internal purposes. This may also mean that we may legitimately transfer the personal data to one of our processors, who in turn will use it for their own internal purposes.

When you register with us, the following data will be stored:

• IP address
• Time and date of registration

We process the above data for the following purposes:

• Offering services available to registered users
• Protection against misuse of our services

The data subject may exercise his or her rights at any time.

HUBSPOT CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc., 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).

Hubspot CRM enables us, among other things, to manage existing and potential customers and customer contacts. With Hubspot CRM, we are able to record, sort, and analyze customer interactions via email, social media, or telephone across various channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g., newsletter mailings). Hubspot CRM also enables us to record and analyze the user behavior of our contacts on our website.

Hubspot CRM is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the most efficient customer management and communication possible. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

For details, please see Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy .

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield .

The company is certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified according to the DPF is committed to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000TN8pAAG&status=Active .

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service 6 / 9. This is a contract required by data protection law, which guarantees that the personal data of our website visitors will only be processed according to our instructions and in compliance with the GDPR.

NEWSLETTER

We offer you the opportunity to register for our newsletter on our website. For security reasons, you will receive a one-time confirmation message to the email address you provided, stating that we will inform you about our company’s products and services by email. This double opt-in process ensures that you actually want to receive our newsletter and that you are the owner of the email address. Only after you have given your consent will your data be processed accordingly, based on Art. 6 (1) (a) GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of any data processing operations already carried out remains unaffected by the revocation. If your consent is revoked, we will stop the corresponding data processing.

The data collected for the newsletter will not be passed on to third parties.

CONTACT FORM

If you have an inquiry for our company, you have the option of contacting us using the contact form provided on our website. You must provide a valid email address so that we know who sent the inquiry and can respond to it. All other information is voluntary.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 (1) (a) GDPR on the basis of your voluntarily given consent.

PROVISION OF SERVICES AND DELIVERY OF GOODS

In order to actually provide our services, we may need your personal data. This applies both to sending informational materials or ordered goods and to answering individual inquiries. We collect this data to respond to your inquiry. This data will only be used for the intended purpose.

If you commission us to provide a service or send goods, we will generally only collect and store your personal data to the extent necessary to provide the service or execute the contract and for legal reasons. This may require us to share your personal data with companies we use to provide the service or process the contract. These include, for example, transport companies or other service providers. We oblige these service providers to comply with data protection requirements within the framework of the legal conditions.

After the contract has been fully processed, your data will be blocked and deleted after the expiry of the tax and commercial law regulations, unless you have expressly consented to further use of the data.

INTEGRATION OF THIRD-PARTY CONTENT AND SERVICES

MATOMO

This website uses the open source web analysis service Matomo.

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

IP anonymization

We use IP anonymization for the analysis with Matomo. This means that your IP address is shortened before the analysis so that it can no longer be clearly assigned to you.

Cookie-free analysis

We have configured Matomo so that it does not store any cookies in your browser.

Hosting

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

DATA COLLECTION THROUGH USE OF GOOGLE ANALYTICS AND USE OF COOKIES

GOOGLE ANALYTICS

This website uses features of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables website operators to analyze the behavior of website visitors. This provides the website operator with various usage data, such as page views, length of stay, operating systems used, and user origin. This data is summarized in a user ID and assigned to the respective device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements, clicks, and more. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and employs machine learning technologies for data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about your use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. This consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/ .

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plug-in

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de .

For more information about how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .

Google Signals

We use Google Signals. When you visit our website, Google Analytics records, among other things, your location, search history, YouTube history, and demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signal. If you have a Google Account, Google Signal’s visitor data is linked to your Google Account and used for personalized advertising messages. The data is also used to compile anonymized statistics on our users’ behavior.

Demographic characteristics in Google Analytics

This website uses the “demographic characteristics” feature of Google Analytics to display suitable advertisements within the Google advertising network to website visitors. This enables reports to be created that contain information about the age, gender, and interests of site visitors. The data originates from Google’s interest-driven advertisements and external visitor data sources. This data cannot be assigned to a specific individual. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described in the “Objection to data collection” section.

Order processing

We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

GOOGLE USES THE DOUBLECLICK DART COOKIE

Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy.

No direct personal data of the user is stored, only the IP address. This information is used to automatically recognize you the next time you visit our website and to make navigation easier for you. Cookies allow us, for example, to tailor a website to your interests or to save your password so you don’t have to re-enter it each time.

Of course, you can also view our websites without cookies. If you do not want us to recognize your computer, you can prevent cookies from being stored on your hard drive by selecting “do not accept cookies” in your browser settings. Please refer to your browser manufacturer’s instructions for details on how to do this. However, please note that not accepting cookies may limit the functionality of our services.

You can prevent the installation of cookies by setting your Internet browser accordingly. To do so, you must disable cookies in your browser. For more information, please refer to your browser’s user manual.

You can find further privacy information from Google here.

GOOGLE ADS

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g. location data and interests) (audience targeting). We as the website operator can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many ads led to corresponding clicks. The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. This consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/ . The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 .

GOOGLE ADS REMARKETING

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to then display interest-based advertising to them in the Google advertising network (remarketing or retargeting). Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device functions. In this way, interest-based, personalized advertising messages that have been tailored to you based on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC). If you have a Google account, you can object to personalized advertising using the following link: https://adssettings.google.com/anonymous?hl=de . This service is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Consent can be revoked at any time. Further information and the data protection provisions can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de . The company is certified according to the “EU-US Data Privacy Framework” (DPF). The 7 / 9 DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 . Target group creation with customer matching To create target groups, we use, among other things, the customer matching of Google Ads Remarketing. Here we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they will be shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

GOOGLE CONVERSION TRACKING

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of Google Conversion Tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked and how often, and which products were viewed or purchased most frequently. This information is used to compile conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information with which we can personally identify the user. Google itself uses cookies or similar recognition technologies for identification. The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. This consent can be revoked at any time. More information about Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de . The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF is committed to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 .

USE OF GOOGLE WEB FONTS

This site uses so-called web fonts provided by Google for the consistent display of fonts. These are integrated into this site in accordance with German data protection regulations, so no data is forwarded to Google for the display of the web fonts. If your browser does not support web fonts, a standard font from your computer will be used. Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq/ and in Google’s privacy policy at https://www.google.de/intl/de/policies/privacy/

GOOGLE TAG MANAGER

We use Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, stores cookies, or perform independent analyses. It is used solely to manage and display the tools integrated through it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

Google Tag Manager is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

GOOGLE OPTIMIZE

Our website uses the web analysis and optimization service “Google Optimize,” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google Optimize”). Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services in Europe. Google Optimize analyzes the use of various website versions so that we can adapt user-friendliness to suit website user behavior and test design variants of our websites to see how they perform with regard to specific goals. This allows us to test new website designs, layouts, and content with a portion of our visitors. Google Optimize is a tool integrated into Google Analytics and uses cookies (see also the section on “Google Analytics”).
The IP address received in this way is anonymized immediately after processing. In exceptional cases, the full IP address is transmitted to a Google server in the USA and encrypted there. The transmitted IP address will not be merged with other Google data. You can prevent cookies from being saved by selecting the appropriate settings in your browser. However, please note that if you do this, you may not be able to use all of the features of our website to their full extent. You can also prevent Google from collecting the data generated by cookies and relating to your use of the website, as well as from processing this data, by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de .

For more information about data collection and processing by Google, please see Google’s privacy policy, which you can access at http://www.google.com/policies/privacy .

If you use Google Optimize, the following cookies will be set in addition to the Google Analytics cookies:

Cookie	*	Scope	Purpose	Storage period
_gaexp		Your domain (1st party)	Set for testing purposes to check whether the browser allows cookies. Contains no identifying information.	90 days
_opt_utmc		Your domain (1st party)	This cookie stores information about which marketing campaign a user last came to the website through.	24 hours
_opt_awcid		Your domain (1st party)	Contains a randomly generated user ID. Using this ID, Google can recognize the user across different websites and domains and display personalized advertising.	24 hours
_opt_awmid		Your domain (1st party)	This cookie is set when a user clicks on a Google ad and reaches the website. It contains information about whose customer account the clicked ad was served from.	24 hours
_opt_awgid		Your domain (1st party)	This cookie is set when a user clicks on a Google ad and reaches the website. It contains information about which advertising campaign the clicked ad belongs to.	24 hours
_opt_awkid		Your domain (1st party)	This cookie is set when a user clicks on a Google ad and reaches the website. It contains information about the selection criteria used to display the ad, such as the keyword that was booked with Google.	24 hours

ROUTINE DELETION AND BLOCKING OF PERSONAL DATA

We store your personal data only for the time frame required for the purpose of processing or as required by other legal regulations. We base the storage period on the statutory retention periods. Your data will then be routinely blocked or deleted when the storage purpose no longer applies or the statutory retention period has expired.

The protection of legitimate interests can, for example, justify the temporary storage of the IP addresses of website visitors, provided this is necessary, for example, to ensure the security of the website against attacks.

EXISTENCE OF AUTOMATED DECISION-MAKING

We do not use automated decision-making.

PURPOSE-BOUND DATA USE

We adhere to the principle of data usage for specific purposes and collect, process, and store your personal data only for the purposes for which you have provided it to us. Your personal data will not be shared with third parties without your express consent, unless this is necessary to provide the service or execute the contract. Data will also only be shared with authorized government institutions and authorities within the scope of statutory disclosure obligations or if we are required to provide information by a court order.

We also take internal data protection very seriously. Our employees and the service providers we engage are obligated to maintain confidentiality and comply with data protection regulations.

SOCIAL MEDIA PLUG-INS

Based on Art. 6 (1) (f) GDPR, we use social plug-ins from the following social networks on our website to raise awareness of our company. The underlying advertising purpose is considered a legitimate interest within the meaning of the GDPR. Responsibility for ensuring compliance with data protection regulations rests with the respective providers. We integrate these plug-ins using the so-called two-click method to best protect visitors to our website.

FACEBOOK

We have integrated components for Facebook on our website, including the Facebook plug-in and the Facebook Conversion API.

The operating company of Facebook is Meta Platform Limited, 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller responsible for processing personal data is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

Facebook plug-in

When you visit a page of our website that contains a so-called Facebook plug-in (component), the component causes your internet browser to download a corresponding representation of the component. This allows Facebook to know which specific subpages you have visited.

Here you can find an overview of all Facebook plug-ins: https://developers.facebook.com/docs/plugins/?locale=de_DE

Facebook assumes primary responsibility for processing Insights data on the fan page: https://www.facebook.com/legal/terms/page_controller_addendum

Facebook alone decides on the purposes and means of data processing.
Further information can be found here: https://www.facebook.com/about/privacy/update/printable

We are responsible for data processing beyond Insights data.

Facebook Conversion API

Facebook Conversion API enables us to capture the website visitor’s interactions with our website and pass them on to Facebook in order to improve advertising performance on Facebook.

For this purpose, the time of access, the website accessed, your IP address and user agent, as well as other specific data (e.g., purchased products, shopping cart value, and currency) are recorded. A complete overview of the data that can be collected can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters .

If you are logged in to Facebook at the same time, Facebook can track which of our subpages you have visited, as this information is collected by the component and assigned to your account. For example, if you click an integrated Facebook button (e.g., “Like”), this information is assigned to your user account and stored in your personal data.

Since 2020, Facebook has offered applications in their settings that prevent data from being transmitted to Facebook.

You can find further data protection information from Facebook at: https://de-de.facebook.com/privacy .

The use of the services is based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. This consent can be revoked at any time.

To the extent that personal data is collected on our website with the help of the tools described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook after forwarding is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum . According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a way that complies with data protection law. Facebook is responsible for the data security of Facebook products. You can assert the rights of those affected (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward these to Facebook.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381 .

You can find further information on protecting your privacy in Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/ .

INSTAGRAM

We have integrated components from Instagram on our website.

The operating company of Instagram is Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

When you access a page of our website that contains a so-called Instagram plug-in (component), the component causes your internet browser to download a corresponding representation of the component. This allows Instagram to know which specific subpages you have visited.

Even if you are not logged in to Instagram or do not have an account, Instagram can track which of our subpages you have visited because this information is collected by the component.

This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, the service can directly associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example, by clicking the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there.

The information will also be published on your Instagram account and displayed to your contacts there.

If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website.

You can find further data protection information from Instagram at: https://help.instagram.com/155833707900388 .

ANALYSIS BY Dealfront

Our website uses pixel tracking technology from Dealfront Group GmbH (www.dealfront.de .de) to analyze visitor behavior. Data may be collected, processed, and stored to create user profiles under a pseudonym. Where possible and appropriate, these user profiles are completely anonymized. Cookies may be used for this purpose. Cookies are small text files stored in the visitor’s browser that are used to recognize the browser. The data collected, which may also include personal data, is transmitted to Dealfront or collected directly by Dealfront. Dealfront may use information left behind by visits to the websites to create anonymized user profiles. The data obtained in this way will not be used to personally identify the visitor to this website without the express consent of the data subject, and it will not be merged with personal data about the bearer of the pseudonym. If IP addresses are recorded, they are immediately anonymized by deleting the last block of numbers.

CURRENTNESS AND CHANGES TO THIS PRIVACY POLICY

This privacy policy is currently valid and dated April 2025. The ongoing development of our website and our offerings, as well as legal and regulatory requirements, require regular review and, if necessary, amendment of our privacy policy. The current version of our privacy policy can be accessed at any time on our website.