Data protection

Privacy Policy

1. Introduction

With the following information, we would like to provide you, as a “data subject,” with an overview of how we process your personal data and your rights under data protection laws. In general, you can use our website without providing any personal data. However, if you wish to use specific services offered by our company via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “DewertOkin GmbH.” Through this Privacy Policy, we would like to inform you about the scope and purpose of the personal data we collect, use, and process.

As the data controller, we have implemented numerous technical and organizational measures to ensure the most comprehensive possible protection of the personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, you are free to provide us with personal data through alternative means, such as by phone or mail.

You, too, can take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. Therefore, we would like to provide you with some tips on how to handle your data securely:

Protect your account (login, user, or customer account) and your IT system (computer, laptop, tablet, or mobile device) with strong passwords.
Only you should have access to the passwords.
Make sure you only use your passwords for a single account (login, user, or customer account).
Do not use the same password for different websites, applications, or online services.
Especially when using publicly accessible IT systems or those shared with others: You must log out after every session on a website, application, or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name, or the names of relatives, but rather a combination of uppercase and lowercase letters, numbers, and special characters.

2. Data Controller

The controller within the meaning of the GDPR is:

DewertOkin GmbH

Weststr. 1, 32278 Kirchlengern, Germany

Phone: 05223-979-0

Fax: 05223-75182

Email: info@dewertokin.de

Representative of the data controller: Dirk Flören

3. Data Protection Officer

You can contact the Data Protection Officer as follows:

Thomas Otten

Phone: 05221 87292-08

Fax: 05221 87292-49

Email: datenschutz-dewertokin@audatis.de

You may contact our Data Protection Officer directly at any time with questions or suggestions regarding data protection.

4. Definitions

This Privacy Policy is based on the terminology used by European legislators and regulators when enacting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy policy, we use the following terms, among others:

1. Personal Data

Personal data is any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

3. Processing

Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure, or destruction.

4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.

5. Profiling

Profiling is any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

6. Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

7. Processor

A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

8. Recipient

A recipient is a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, regardless of whether or not they are a third party. However, public authorities that may receive personal data in the course of a specific investigative mandate under Union law or the law of the Member States are not considered recipients.

9. Third Party

A third party is a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

10. Consent

Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal Basis for Processing

Art. 6(1)(a) of the GDPR (in conjunction with § 25(1) of the TDDDG (formerly TTDSG)) serves as the legal basis for our company’s processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party—as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration—the processing is based on Art. 6(1)(b) of the GDPR. The same applies to processing operations necessary for the implementation of pre-contractual measures, such as in cases of inquiries regarding our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6(1)(c) of the GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance information, or other vital information had to be disclosed to a doctor, a hospital, or other third parties. In such cases, the processing would be based on Article 6(1)(d) of the GDPR.

Finally, processing operations may be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, provided that the processing is necessary to safeguard a legitimate interest of our company or a third party, unless the interests, fundamental rights, and freedoms of the data subject override such interests. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this regard, the legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47, Sentence 2 of the GDPR).

Our services are generally intended for adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents, do not collect such data, and do not disclose it to third parties.

6. Transfer of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only disclose your personal data to third parties if:

1. You have given us your explicit consent to do so pursuant to Art. 6(1)(a) of the GDPR,

2. the transfer is permissible under Article 6(1)(f) of the GDPR to safeguard our legitimate interests, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,

3. there is a legal obligation to disclose the data pursuant to Article 6(1)(c) of the GDPR, and

4. this is legally permissible and necessary under Article 6(1)(b) of the GDPR for the performance of contractual relationships with you.

To protect your data and, where necessary, enable data transfers to third countries (outside the EU/EEA), we have entered into data processing agreements based on the European Commission’s Standard Contractual Clauses. If the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) of the GDPR may serve as the legal basis for the transfer to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only disclose your personal data to third parties if:

1. You have given us your explicit consent pursuant to Article 6(1)(a) of the GDPR,

2. the disclosure is permitted under Article 6(1)(f) of the GDPR to safeguard our legitimate interests, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,

3. there is a legal obligation to disclose the data pursuant to Article 6(1)(c) of the GDPR, and

4. this is legally permissible and necessary under Article 6(1)(b) of the GDPR for the performance of contractual relationships with you.

As part of the processing operations described in this Privacy Policy, personal data may be transferred to the United States. Companies in the United States only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and the EU Commission’s adequacy decision pursuant to Article 45 of the GDPR thus applies. We have explicitly stated this in the privacy policy for the relevant service providers. To protect your data in all other cases, we have entered into data processing agreements based on the European Commission’s Standard Contractual Clauses. If the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) of the GDPR may serve as the legal basis for the transfer to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.

7. Technology

7.1 SSL/TLS Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests, that you send to us as the operator. You can recognize an encrypted connection by the fact that "https://" appears in the browser’s address bar instead of "http://," and by the lock icon in your browser bar.

We use this technology to protect the data you transmit.

7.2 Data Collection When Visiting the Website

When you use our website for informational purposes only—that is, if you do not register, do not otherwise transmit information to us, or do not consent to processing that requires consent—we collect only the data that is technically necessary to provide the service. This typically consists of data that your browser transmits to our server (in so-called server log files). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server’s log files. The following may be collected:

1. browser types and versions used,

2. the operating system used by the accessing system,

3. the website from which an accessing system reaches our website (so-called referrer),

4. the subpages accessed on our website via an accessing system,

5. the date and time of access to the website,

6. a truncated Internet Protocol address (anonymized IP address), and

7. the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your identity. Rather, this information is needed to

1. deliver the content of our website correctly,

2. optimize the content of our website and the advertising on it,

3. ensure the continued functionality of our IT systems and the technology of our website, and

4. to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack.

We therefore evaluate this collected data and information both statistically and with the aim of enhancing data protection and data security within our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from any personal data provided by a data subject.

The legal basis for data processing is Art. 6(1)(f) of the GDPR. Our legitimate interest arises from the purposes of data collection listed above.

7.3 Encrypted Payment Transactions

If, following the conclusion of a paid contract, there is an obligation to provide us with your payment details (e.g., your account number when granting a direct debit authorization), this data is required for payment processing.

Payment transactions via standard payment methods (Visa/MasterCard or direct debit) are conducted exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock icon in your browser bar.

We use this technology to protect the data you submit.

7.4 Hosting by Mittwald

We host our website with Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter referred to as Mittwald).

When you visit our website, your personal data (e.g., IP addresses in log files) is processed on Mittwald’s servers.

The use of Mittwald is based on Art. 6(1)(f) of the GDPR. We have a legitimate interest in ensuring the most reliable possible presentation, provision, and security of our website.

We have entered into a Data Processing Agreement (DPA) with Mittwald in accordance with Article 28 of the GDPR. This is a contract required by data protection law that ensures that Mittwald processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

For more information on Mittwald’s privacy policy, please visit: www.mittwald.de/datenschutz

8. Cookies

8.1 General Information on Cookies

Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie stores information that is derived from the context of the specific device used. However, this does not mean that we thereby gain direct knowledge of your identity.

We use cookies to make your experience on our site more enjoyable. For example, we use so-called session cookies to recognize that you have already visited certain pages on our website. These are automatically deleted when you leave our site.

In addition, to optimize user-friendliness, we also use temporary cookies that are stored on your device for a specific, predetermined period of time. If you visit our site again to use our services, the system automatically recognizes that you have previously visited us and recalls the entries and settings you made, so you do not have to re-enter them.

We also use cookies to collect statistical data on the use of our website and to evaluate our offerings for the purpose of optimization. These cookies allow us to automatically recognize that you have previously visited our website when you return. The cookies set in this manner are automatically deleted after a defined period of time. The respective storage duration of the cookies can be found in the settings of the consent tool used.

8.2 Legal basis for the use of cookies

The data processed by the cookies, which is necessary for the proper functioning of the website, is therefore required to safeguard our legitimate interests and those of third parties pursuant to Art. 6(1)(f) of the GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Article 6(1)(a) of the GDPR.

8.3 Usercentrics (Consent Management Tool)

We use the consent management tool "Usercentrics" provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service enables us to obtain and manage website users’ consent to data processing.

Usercentrics collects data generated by end users who use our website. When an end user gives consent, Usercentrics automatically logs the following data:

Browser information.
Date and time of access.
Device information.
The URL of the page visited.
Geographic location.
Page path of the website.
The end user’s consent status, which serves as proof of consent.

The consent status is also stored in the end user’s browser, allowing the website to automatically read and honor the end user’s consent for all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the standard statute of limitations pursuant to § 195 BGB. The data is then immediately deleted or, upon request, provided to the data subject in the form of a data export.

The functionality of the website cannot be guaranteed without the processing described above. The user has no right to object as long as there is a legal obligation to obtain the user’s consent for certain data processing operations (Art. 7(1), 6(1) sentence 1 lit. c) of the GDPR).

Usercentrics is the recipient of your personal data and acts as a processor on our behalf.

Detailed information on the use of Usercentrics can be found at: usercentrics.com/privacy-policy/.

9. Content of Our Website

9.1 Data processing when opening a customer account and for contract fulfillment

In accordance with Art. 6(1)(b) of the GDPR, personal data is collected and processed when you provide it to us for the performance of a contract or when opening a customer account. The data collected is indicated in the respective input forms. You may delete your customer account at any time, including by sending a message to the controller’s address listed above. We store and use the data you provide for the purpose of contract fulfillment. After the contract has been fully executed or your customer account has been deleted, your data will be blocked in accordance with tax and commercial law retention periods and deleted upon the expiration of these periods, unless you have expressly consented to further use of your data or we have reserved the right to further use your data as permitted by law, about which we will inform you accordingly below.

9.2 Data Processing for Order Processing

The personal data we collect is shared with the shipping company responsible for delivery as part of the contract fulfillment process, to the extent necessary for the delivery of the goods. We share your payment details with the designated financial institution as part of the payment processing, to the extent necessary for the payment transaction. If payment service providers are used, we will explicitly inform you of this below. The legal basis for the transfer of data is Article 6(1)(b) of the GDPR.

9.3 Concluding Contracts via Online Store, Retailers, and Product Shipping

We only transfer personal data to third parties if this is necessary for contract fulfillment, such as to companies entrusted with the delivery of goods or the financial institution responsible for payment processing. No further transfer of data takes place, or only if you have expressly consented to the transfer. Your data will not be disclosed to third parties without your express consent, for example for advertising purposes.

The legal basis for data processing is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or for pre-contractual measures.

9.4 Contacting Us / Contact Form

Personal data is collected when you contact us (e.g., via the contact form or email). The specific data collected when using a contact form is indicated on the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your inquiry pursuant to Art. 6(1)(f) of the GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) of the GDPR. Your data will be deleted after your inquiry has been fully processed; this is the case when it can be inferred from the circumstances that the matter in question has been conclusively resolved and there are no legal retention obligations preventing deletion.

9.5 Application Management / Job Board

We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also take place electronically. This is particularly the case when an applicant submits the relevant application documents to us electronically, for example via email or through a web form on the website. If we enter into an employment or service contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with legal regulations. If we do not enter into a contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests on our part preclude such deletion. An example of such a legitimate interest is the burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis for the processing of your data is Art. 6(1)(b), 88 GDPR in conjunction with § 26(1) BDSG.

10. Newsletter Distribution

10.1 Newsletter distribution to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to periodically send you offers via email for similar goods or services from our product range, such as those you have already purchased. For this purpose, we are not required to obtain separate consent from you pursuant to § 7(3) UWG. Data processing in this regard is based solely on our legitimate interest in personalized direct marketing pursuant to Article 6(1)(f) of the GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with future effect by notifying the controller named at the beginning. You will only incur transmission costs in accordance with standard rates. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.

10.2 Advertising Newsletter

On our website, you are given the opportunity to subscribe to our company’s newsletter. The personal data transmitted to us when you subscribe to the newsletter is determined by the input form used for this purpose.

We inform our customers and business partners about our offers at regular intervals via a newsletter. You can generally only receive our company’s newsletter if

1. you have a valid email address and

2. You have registered to receive the newsletter.

For legal reasons, a confirmation email is sent to the email address you initially provided for the newsletter via a double opt-in procedure. This confirmation email serves to verify that you, as the owner of the email address, have authorized the receipt of the newsletter.

When you subscribe to the newsletter, we also store the IP address of the IT system you used at the time of registration, as assigned by your Internet service provider (ISP), as well as the date and time of registration. The collection of this data is necessary to be able to trace any (potential) misuse of your email address at a later date and therefore serves as our legal safeguard.

The personal data collected as part of a newsletter subscription is used exclusively for sending our newsletter. Furthermore, newsletter subscribers may be informed by email if this is necessary for the operation of the newsletter service or a related registration, as might be the case with changes to the newsletter offering or alterations to the technical conditions. The personal data collected as part of the newsletter service will not be disclosed to third parties. You may cancel your subscription to our newsletter at any time. The consent you have given us to store personal data for the purpose of sending the newsletter may be revoked at any time. A link for revoking consent is included in every newsletter. Furthermore, you may unsubscribe from the newsletter at any time directly on our website or notify us in another manner.

The legal basis for data processing for the purpose of sending the newsletter is Art. 6(1)(a) of the GDPR.

10.3 CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, (CRASH Building), Schafjückenweg 2, 26180 Rastede. CleverReach is a service that allows for the organization and analysis of newsletter distribution. The data you provide for the purpose of subscribing to the newsletter (e.g., your email address) is stored on CleverReach’s servers in Germany or Ireland.

Our newsletters sent via CleverReach allow us to analyze the behavior of newsletter recipients. This includes analyzing, among other things, how many recipients opened the newsletter and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it is also possible to analyze whether a predefined action (e.g., the purchase of a product on our website) took place after clicking on a link in the newsletter. For more information on data analysis by CleverReach newsletters, please visit: www.cleverreach.com/de/funktionen/reporting-und-tracking/.

Data processing is based on your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time by unsubscribing from the newsletter. The lawfulness of data processing operations that have already taken place remains unaffected by the revocation.

If you do not wish to have your data analyzed by CleverReach, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website.

You may revoke the consent you have given at any time. You may also prevent processing at any time by unsubscribing from the newsletter. You may also prevent the storage of cookies by adjusting your web browser settings accordingly. You can also prevent the storage and transmission of personal data by disabling JavaScript in your web browser or by installing a JavaScript blocker (e.g., noscript.net or www.ghostery.com). Please note that these measures may result in some features of our website no longer being available.

The data you provide to us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and the servers of CleverReach after you unsubscribe. Data stored by us for other purposes (e.g., email addresses for the member area) remains unaffected by this.

You can view CleverReach’s privacy policy at: www.cleverreach.com/de/datenschutz/.

11. Our Activities on Social Media

To enable us to communicate with you on social media and keep you informed about our services, we maintain our own pages there. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered thereby, in accordance with Article 26 of the GDPR.

We are not the original provider of these pages, but merely use them within the scope of the options offered to us by the respective providers.

Therefore, as a precaution, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Using these services may therefore involve data protection risks for you, as it may be difficult to exercise your rights—such as the right to access, erasure, or objection—and because processing on social networks is often carried out directly by the providers for advertising purposes or to analyze user behavior, without us being able to influence this. If the provider creates user profiles, cookies are often used, or user behavior is linked to the social media profile you have created.

The described processing of personal data is carried out in accordance with Art. 6(1)(f) of the GDPR based on our legitimate interest and the legitimate interest of the respective provider to communicate with you in a modern manner and to inform you about our services. If you are required to provide consent to data processing as a user with the respective providers, the legal basis is Article 6(1)(a) of the GDPR in conjunction with Article 7 of the GDPR.

Since we do not have access to the providers’ data, we would like to point out that it is best to exercise your rights (e.g., to access, rectification, erasure, etc.) directly with the respective provider. We have listed further information regarding the processing of your data on social networks below for each social network provider we use:

11.1 LinkedIn

(Joint) controller for data processing in Europe:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

www.linkedin.com/legal/privacy-policy

11.2 X (Twitter)

(Joint) Data Controller in Europe:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

twitter.com/de/privacy

Information about your data:

twitter.com/settings/your_twitter_data

11.3 XING (New Work SE)

(Joint) Data Controller in Germany:

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

privacy.xing.com/de/datenschutzerklaerung

Information requests for XING members:

www.xing.com/settings/privacy/data/disclosure

11.4 YouTube

(Joint) Data Controller in Europe:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

policies.google.com/privacy

12. Web Analytics

12.1 Google Analytics 4 (GA4) - Additional information on Consent Mode, easy implementation

Under the Digital Markets Act, Google is required to obtain user consent before processing user data for personalized advertising. Google complies with this requirement through "Consent Mode." Users are required to implement this and thereby demonstrate that they have obtained the consent of website visitors.

Google offers two implementation modes: simple and advanced.

We use the simple implementation method of Google Consent Mode. Only if you give your consent to the use of Google Analytics (see above) will a connection to Google be established, a Google code executed, and the processing described above carried out. If you refuse consent, Google will only receive a notification that consent has not been given. The Google code is not executed, and no Google Analytics cookies are set.

13. Advertising

13.1 Google Ads with Enhanced Conversions

We have integrated Google Ads into this website. The operator of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads is an online advertising service that allows advertisers to place ads both in Google’s search results and on the Google Display Network. The purpose of Google Ads is to promote our website by displaying interest-based ads on third-party websites and in Google search results, as well as displaying third-party ads on our website.

If you arrive at our website via a Google ad, Google places a so-called conversion cookie on your IT system. A conversion cookie expires after thirty days and is not used to identify you. Provided the cookie has not yet expired, the conversion cookie is used to track whether certain subpages, such as the shopping cart of an online store system, were accessed on our website. The conversion cookie allows both us and Google to track whether a user who arrived at our website via a Google Ads ad generated revenue—that is, completed or abandoned a purchase.

We use the enhanced conversions feature of Google Ads. For this purpose, we transmit personal data collected by us, such as phone numbers or email addresses, to Google. This data is matched with event data from Google Ads to track more conversions.

Accordingly, each time you visit our website, personal data—including the IP address of the internet connection you are using—is transmitted to Google in the United States of America. Google may, under certain circumstances, share this personal data collected through technical means with third parties.

These processing operations take place exclusively upon the granting of express consent in accordance with Art. 6(1)(a) of the GDPR.

The parent company, Google LLC, is a U.S. company certified under the EU-U.S. Data Privacy Framework. An adequacy decision pursuant to Article 45 of the GDPR is hereby in place, meaning that personal data may be transferred even without further guarantees or additional measures.

You can view the privacy policy and further information from Google Ads at: www.google.de/intl/de/policies/privacy/ or support.google.com/adspolicy/answer/9755941.

14. Partner and Affiliate Programs

14.1 DoubleClick

This website contains components from DoubleClick by Google. DoubleClick is a brand of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), under which specialized online marketing solutions are marketed to advertising agencies and publishers.

DoubleClick by Google transmits data to the DoubleClick server with every impression, as well as with clicks or other activities. Each of these data transmissions triggers a cookie request to your browser. If the browser accepts this request, DoubleClick sets a cookie on your IT system. The purpose of the cookie is to optimize and display advertising. Among other things, the cookie is used to serve and display user-relevant advertisements, as well as to create reports on advertising campaigns or to improve them. Furthermore, the cookie serves to prevent the same advertisement from being displayed multiple times.

DoubleClick uses a cookie ID, which is necessary for the technical process. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to track which advertisements have already been displayed in a browser to prevent duplicate impressions. Furthermore, the cookie ID enables DoubleClick to track conversions.

A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which you have already come into contact.

Each time you visit one of the individual pages of this website operated by us that includes a DoubleClick component, the web browser on your IT system is prompted by the respective DoubleClick component to transmit data to Google for the purposes of online advertising and commission billing. As part of this technical process, Google obtains data that Google also uses to generate commission reports. Among other things, Google can track that you have clicked on certain links on our website.

These processing operations are carried out exclusively upon the provision of explicit consent in accordance with Article 6(1)(a) of the GDPR.

You can view the privacy policy of DoubleClick by Google at: www.google.com/intl/de/policies/.

15. Plugins and Other Services

15.1 Google Maps

We use Google Maps (API) on our website. The operator of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (map) maps to visually present geographic information. By using this service, for example, our location can be displayed to you, making it easier for you to find us.

As soon as you access the subpages on which the Google Maps map is embedded, information about your use of our website (such as your IP address) is transmitted to Google’s servers in the U.S. and stored there, provided you have given your consent within the meaning of Art. 6(1)(a) of the GDPR. In addition, Google Maps loads Google Web Fonts, Google Photos, and Google Stats. The provider of these services is also Google Ireland Limited. When you visit a page that embeds Google Maps, your browser loads the web fonts and photos required to display Google Maps into your browser cache. For this purpose as well, the browser you are using establishes a connection to Google’s servers. As a result, Google becomes aware that our website has been accessed via your IP address. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data is directly associated with your account. If you do not wish for this data to be associated with your Google profile, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and analyzes them. You have the right to object to the creation of these usage profiles, in which case you must contact Google to exercise this right.

If you do not consent to the future transmission of your data to Google in connection with the use of Google Maps, you also have the option of completely disabling the Google Maps web service by turning off JavaScript in your browser. Google Maps and, consequently, the map display on this website will then not be available for use.

These processing operations take place exclusively upon the granting of explicit consent in accordance with Art. 6(1)(a) of the GDPR.

You can view Google’s Terms of Service at www.google.de/intl/de/policies/terms/regional.html; the additional Terms of Service for Google Maps can be found at www.google.com/intl/de_US/help/terms_maps.html.

You can view the Google Maps privacy policy at: ("Google Privacy Policy"): www.google.de/intl/de/policies/privacy/.

15.2 Google Photos

We use the Google Photos service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to store images embedded on our website.

Embedding refers to the integration of specific third-party content (text, video, or image data) provided by another website (Google Photos) and then displayed on our own website (our website). A so-called embed code is used for embedding. If we have integrated an embed code, the external content from Google Photos is displayed immediately by default as soon as one of our web pages is visited.

Through the technical implementation of the embed code, which enables the display of images from Google Photos, your IP address is transmitted to Google Photos. Furthermore, Google Photos records our website, the browser type used, the browser language, the time and duration of the visit. In addition, Google Photos may collect information about which of our subpages you visited and which links were clicked, as well as other interactions you performed while visiting our site. This data may be stored and analyzed by Google Photos.

These processing operations take place exclusively upon the granting of explicit consent in accordance with Art. 6(1)(a) of the GDPR.

This U.S. company is certified under the EU-U.S. Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is hereby in place, meaning that personal data may be transferred even without further guarantees or additional measures.

You can view Google’s privacy policy at: www.google.com/policies/privacy/.

15.3 Google Tag Manager

We use the Google Tag Manager service on this website. The operator of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows “website tags” (i.e., keywords embedded in HTML elements) to be implemented and managed via an interface. By using Google Tag Manager, we can automatically track which button, link, or personalized image you have actively clicked on and can then determine which content on our website is of particular interest to you.

The tool also triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If you have disabled tracking at the domain or cookie level, this setting will apply to all tracking tags implemented via Google Tag Manager.

These processing operations take place exclusively upon the granting of explicit consent in accordance with Art. 6(1)(a) of the GDPR.

The parent company, Google LLC, is a U.S. company certified under the EU-U.S. Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is hereby in place, meaning that personal data may be transferred even without further guarantees or additional measures.

Further information on Google Tag Manager and Google’s privacy policy can be found at: www.google.com/intl/de/policies/privacy/.

15.4 Google Web Fonts

Our website uses so-called web fonts to ensure consistent font display. Google WebFonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These processing operations take place exclusively upon the granting of explicit consent in accordance with Art. 6(1)(a) of the GDPR.

Further information on Google WebFonts and Google’s privacy policy can be found at: developers.google.com/fonts/faq ; www.google.com/policies/privacy/.

15.5 Microsoft Teams

We use the "Microsoft Teams" ("MS Teams") tool to conduct our communications both in written form (chat) and in the form of telephone conferences, online meetings, and video conferences. The operator of the service is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland ("Microsoft").

When using MS-Teams, the following personal data is processed:

Meetings, chats, voicemails, shared files, recordings, and transcripts.
Data shared about you. Examples include your email address, profile picture, and phone number.
A detailed history of the phone calls you make.
Call quality data.
Support/feedback data: Information related to troubleshooting tickets or feedback sent to Microsoft.
Diagnostic and service data: Diagnostic data related to service usage.

To enable video display and audio playback, data from your device’s microphone and video camera will be processed for the duration of the meeting. You can disable or mute the camera or microphone at any time via the “Microsoft Teams” application.

If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR. In the context of an employment relationship, such data processing is carried out on the basis of Section 26 of the BDSG. The legal basis for the use of "MS Teams" within the context of contractual relationships is Article 6(1)(b) of the GDPR. In all other cases, the legal basis for the processing of your personal data is Article 6(1)(f) of the GDPR. Here, our interest lies in the effective conduct of online meetings.

If we record online meetings, we will inform you of this before the meeting begins and, where necessary, ask for your consent to the recording. If you do not wish this, you may leave the online meeting.

As a cloud-based service, “MS Teams” processes the aforementioned data in connection with the provision of the service. To the extent that “MS Teams” processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is the independent data controller for this use and, as such, is responsible for compliance with applicable laws and the obligations of a data controller. To the extent that you access the MS Teams website, Microsoft is responsible for data processing. Accessing the website is required to download the MS Teams software.

Microsoft generally processes the data within the European Union within the so-called EU Data Boundary. To provide and secure the services, as well as to fulfill legal obligations, Microsoft Ireland may transfer personal data to affiliated companies of Microsoft Corporation (Redmond, Washington, USA). Intra-group data transfers are based on standard contractual clauses pursuant to Art. 46(2)(c) of the GDPR, as well as supplementary technical and organizational measures, as set forth in the Microsoft Data Protection Addendum.

Microsoft Corporation is additionally certified under the EU-US Data Privacy Framework (DPF). This means that an adequacy decision pursuant to Article 45 of the GDPR is in place for data transfers to the United States. Transfers of personal data to Microsoft in the United States are therefore permissible even without further guarantees or additional measures.

Detailed information on data protection at Microsoft, in connection with "MS Teams," can be found at: docs.microsoft.com/de-de/microsoftteams/teams-privacy.

15.6 YouTube (Videos)

We have integrated YouTube components into this website. The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube is an online video portal that allows video publishers to upload video clips for free and enables other users to view, rate, and comment on them, also free of charge. YouTube permits the publication of all types of videos, which is why complete films and TV shows, as well as music videos, trailers, or user-generated videos, are available via the portal. Each time you visit a page on this website operated by us that includes a YouTube component (YouTube video), the web browser on your computer is automatically prompted by the respective YouTube component to download a representation of that component from YouTube. Additionally, the services Google WebFonts, Google Video, and Google Photos may be loaded from YouTube. Further information about YouTube can be found at www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google learn which specific subpage of our website you are visiting.

If you are logged into YouTube at the same time, YouTube recognizes which specific subpage of our website you are visiting when you access a subpage containing a YouTube video. This information is collected by YouTube and Google and associated with your YouTube account.

YouTube and Google always receive information via the YouTube component that you have visited our website whenever you are logged into YouTube at the same time you visit our website; this occurs regardless of whether you click on a YouTube video or not. If you do not wish for this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before visiting our website.

These processing operations take place exclusively upon the granting of explicit consent in accordance with Art. 6(1)(a) of the GDPR.

The parent company, Google LLC, is a U.S. company certified under the EU-U.S. Data Privacy Framework. An adequacy decision pursuant to Article 45 of the GDPR is in place, meaning that the transfer of personal data may take place even without further guarantees or additional measures.

You can view YouTube’s privacy policy at www.google.de/intl/de/policies/privacy/.

16. Your Rights as a Data Subject

16.1 Right to Confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

16.2 Right of access (Article 15 of the GDPR)

You have the right to receive from us, at any time and free of charge, information regarding the personal data stored about you, as well as a copy of this data in accordance with legal provisions.

16.3 Right to rectification (Art. 16 GDPR)

You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

16.4 Erasure (Art. 17 GDPR)

You have the right to request that we erase personal data concerning you without undue delay, provided that one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.

16.5 Restriction of Processing Art. 18 GDPR

You have the right to request that we restrict processing if one of the legal requirements is met.

16.6 Data Portability Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller to whom the personal data has been provided, without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another controller, provided this is technically feasible and does not infringe upon the rights and freedoms of others.

16.7 Objection under Article 21 of the GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) (data processing in the public interest) or (f) (data processing based on a balancing of interests) of the GDPR.

This also applies to profiling based on these provisions within the meaning of Article 4(4) of the GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to establish, exercise, or defend legal claims.

In certain cases, we process personal data for direct marketing purposes. You may object at any time to the processing of your personal data for such marketing purposes. This also applies to profiling to the extent that it is related to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.

In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you that we carry out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

16.8 Withdrawal of Consent

You have the right to withdraw your consent to the processing of personal data at any time with future effect.

16.9 Filing a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

17. Routine Storage, Deletion, and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the purpose of storage or to the extent required by the legal provisions to which our company is subject.

If the purpose of storage no longer applies or a prescribed retention period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

18. Duration of storage of personal data

The criterion for the duration of storage of personal data is the respective statutory retention period. Upon expiration of the period, the corresponding data is routinely deleted, provided it is no longer required for the performance or initiation of a contract.

19. Validity and Changes to the Privacy Policy

This Privacy Policy is currently valid and is dated April 2026.

Due to the further development of our website and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. You can access and print the current version of the Privacy Policy at any time on the website under “”.

This Privacy Policy was created with the support of the data protection software: audatis MANAGER.