Privacy Policy

Privacy Policy – Introduction and Overview

This privacy policy (version dated 03.11.2022-312294393) has been written to inform you, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national laws, about which personal data (referred to as “data”) we – as the data controller – and our commissioned processors (e.g. hosting providers) collect and process now and in the future, and what your rights are. All terms are to be understood in a gender-neutral way.
In short: We want to give you clear and transparent information about the personal data we process.

Privacy policies often sound very technical and use legal jargon. However, this policy aims to present the most important aspects to you in a simple and transparent way. Where helpful, technical terms are explained in plain language, links to further information are provided, and visual aids may be used. We inform you in clear and simple terms that personal data is only processed when a legal basis exists for doing so. This is not achievable with short, vague, or overly technical explanations, as is often seen online.

We hope you find this explanation informative and helpful—and perhaps even learn something new. If you still have questions, please feel free to contact the responsible person or entity listed below or in our legal notice, follow the provided links, or visit external sources for more details. You can find our contact details in the legal notice (Impressum).

Scope of Application

This privacy policy applies to all personal data we process within our business and to any data processed by companies we commission (processors).
“Personal data” refers to information as defined in Art. 4(1) GDPR—e.g., name, email address, postal address of a person. The processing of such data enables us to offer and charge for our services and products, both online and offline.

This privacy policy applies to:

  • All our websites and online shops

  • Our social media profiles and email communications

  • Mobile apps for smartphones and other devices

In short: This policy applies to all structured processing of personal data within our business through the above-mentioned channels. If we enter into legal relationships with you outside these channels, we will inform you separately if necessary.

Legal Bases

In this privacy policy, we provide transparent information about the legal bases under the GDPR that allow us to process personal data.

We refer specifically to Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016. You can find the full text online at EUR-Lex:
https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679

We only process your data if one of the following conditions applies:

  • Consent (Art. 6(1)(a) GDPR): You have given us permission to process your data for a specific purpose, e.g. submitting a contact form.

  • Contract (Art. 6(1)(b) GDPR): The data is necessary to fulfill a contract or pre-contractual obligations with you.

  • Legal obligation (Art. 6(1)(c) GDPR): We are legally required to process certain data, such as storing invoices for accounting.

  • Legitimate interests (Art. 6(1)(f) GDPR): We process certain data to ensure a secure and efficient operation of our website, provided this does not override your fundamental rights.

Other legal bases such as public interest or vital interests typically do not apply to our business. If they do, we will specify this where relevant.

In addition to the EU Regulation, national laws may also apply:

  • In Austria: the Data Protection Act (DSG)

  • In Germany: the Federal Data Protection Act (BDSG)

If additional regional or national regulations are applicable, we will inform you in the relevant sections of this policy.

 

Right to Object – How Can I Delete Cookies?

You have full control over how cookies are used. Regardless of which service or website places them, you always have the option to delete, disable, or allow cookies only in part. For example, you can block third-party cookies but allow all others.

If you want to check which cookies are stored in your browser, or if you want to change or delete cookie settings, you can find instructions here for the most common browsers:

If you generally want to avoid cookies altogether, you can set your browser to notify you whenever a cookie is about to be set. This allows you to decide individually whether to allow each cookie. The exact process depends on your browser. It’s easiest to search Google for “delete cookies Chrome” or “disable cookies Chrome,” depending on your browser.

Legal Basis

Since 2009, the so-called “Cookie Guidelines” have been in effect. They state that storing cookies requires your consent (Art. 6(1)(a) GDPR). However, EU countries have implemented this directive differently. In Austria, this was incorporated into § 96(3) of the Telecommunications Act (TKG). In Germany, the directive was mostly implemented through § 15(3) of the Telemedia Act (TMG).

For technically necessary cookies, even without consent, there are legitimate interests (Art. 6(1)(f) GDPR), which are mostly of economic nature. We aim to offer visitors a pleasant user experience, and some cookies are essential for that.

Non-essential cookies are only used with your explicit consent under Art. 6(1)(a) GDPR.

In the following sections, we provide more detailed information on cookies and which tools and services set them.

Google Analytics – Privacy Policy

What is Google Analytics?

We use the web analytics tool Google Analytics (GA) on our website, provided by Google Inc., a U.S.-based company. For users in the EU, the responsible entity is Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics tracks user behavior on our website. For example, when you click a link, this action is recorded and sent to Google’s servers. The data collected helps us better understand user interactions and optimize our website and services accordingly.

Google Analytics works by embedding a tracking code into the source code of our website. This code records user interactions during a visit and sends the information to Google’s servers once the session ends.

Google processes the data and provides us with various reports, including but not limited to:

  • Audience Reports – helps us understand who our users are.

  • Ad Reports – gives insight into the performance of our online ads.

  • Acquisition Reports – shows how users found our site.

  • Behavior Reports – reveals how users interact with our website.

  • Conversion Reports – shows if users perform desired actions (like purchases or newsletter signups).

  • Real-Time Reports – tells us what is happening on our site at any given moment.

Why do we use Google Analytics?

Our goal is to offer the best possible service via our website. The insights we gain from Google Analytics allow us to improve our website structure, content, and marketing strategy. We can better understand our users’ behavior, measure the performance of our campaigns, and fine-tune our offerings to better meet your needs.

What data does Google Analytics collect?

Google Analytics generates a unique user ID and stores it in a browser cookie. This ID allows Google to distinguish between new and returning users. All user interactions are then linked to this pseudonymous ID.

Depending on whether you’re using Google Analytics 4 (GA4) or Universal Analytics, data storage periods and tracking behaviors may vary.

Common data collected includes:

  • Pages visited and actions taken

  • Device and browser information

  • Approximate location (via IP)

  • Session duration

  • Traffic source

  • Technical details (screen resolution, OS, browser version)

  • User interactions (clicks, form entries, etc.)

Note: No personally identifiable information such as name or email address is stored unless explicitly provided by the user.

Google Analytics Cookies

Cookie NamePurposeExpiration
_gaDistinguishes users2 years
_gidDistinguishes users24 hours
gat_gtag_UA<ID>Throttles request rate1 minute
AMP_TOKENRetrieves user ID from AMP client ID service30 sec – 1 year
__utmaTracks user behavior2 years
__utmtThrottles request rate10 minutes
__utmbDetermines new sessions30 minutes
__utmcUsed with __utmb to determine session statusUntil browser closes
__utmzTracks traffic source6 months
__utmvStores user-defined variables2 years

 

Google Analytics E-Commerce Tracking

We also use the E-Commerce Tracking feature in Google Analytics on our website. This allows us to precisely analyze how you and other customers interact with our shop, especially in terms of purchasing behavior. Based on the collected data, we can tailor and optimize our offerings to better meet your expectations and preferences.

E-commerce tracking provides insights such as:

  • Which products are purchased

  • Time taken to complete a purchase

  • Average order value

  • Shipping costs per order

These data points can be stored and analyzed under a specific user ID, enabling us to evaluate aggregated shopping behavior.

IP Anonymization in Google Analytics

We have enabled IP anonymization on our website using Google Analytics. This feature ensures that IP addresses are shortened before being stored or processed. It helps comply with European data protection laws and the requirements of local authorities.

Further details:
https://support.google.com/analytics/answer/2763052?hl=en

Google Analytics Without Cookies

Although we use Google Analytics, we have configured it to operate without setting cookies in your browser. This means:

  • No personal data is stored in browser cookies.

  • Google still performs web analytics using server-side tracking.

  • Your privacy is further protected, while still allowing for statistical measurement.

Google Remarketing – Privacy Policy

We also use Google Remarketing, a tool that helps us show targeted ads to users who have previously visited our website.

Provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
(Data processing may also occur in the USA.)

Please note:
According to the Court of Justice of the European Union, the USA does not currently offer an adequate level of data protection. Google uses Standard Contractual Clauses (SCCs) to provide a safeguard for international data transfers:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

Data Processing Terms:
https://business.safety.google/adsprocessorterms/

More on Google Remarketing’s privacy policy:
https://policies.google.com/privacy?hl=en

Jetpack – Privacy Policy

Summary

  • 👥 Data subjects: Website visitors

  • 🤝 Purpose: Web analytics and performance optimization

  • 📓 Data processed: IP addresses (anonymized), location data, device/browser info, session details, click behavior

  • 📅 Retention: As long as data is needed for service delivery

  • ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interest)

What is Jetpack?

We use the Jetpack plugin on our WordPress website. Jetpack provides a suite of tools, including web analytics, developed by Automattic Inc. (132 Hawthorne Street, San Francisco, CA 94107, USA). It uses tracking technologies from Quantcast Inc. (201 3rd St, Floor 2, San Francisco, CA 94103-3153, USA).

Jetpack tracks visitor behavior and may collect and process personal data such as:

  • IP address (anonymized)

  • Browser type, screen resolution, operating system

  • Location (approximate)

  • Session duration and user interaction

  • Device IDs and user IDs

  • Login attempts (successful and failed)

  • Twitter usernames (if configured)

  • Account details (email address, user roles, etc.)

Why Do We Use Jetpack?

We want to offer a user-friendly and efficient website. Jetpack helps us analyze user behavior and optimize content, speed, security, and usability.

Jetpack Cookies (Examples)

Cookie NamePurposeExpiration
eucookielawStores cookie consent status180 days
tk_aiStores an anonymous user ID for internal analyticsEnd of session
tk_tcTracks connections between WooCommerce and JetpackEnd of session

 

Instagram Privacy Policy
Instagram Privacy Policy Summary
👥 Data Subjects: Website visitors
🤝 Purpose: To optimize our services
📓 Processed Data: Data such as user behavior, device information, and your IP address.
More details can be found further down in the privacy policy.
📅 Storage Period: Until Instagram no longer needs the data for their purposes
⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Instagram?
We have integrated features of Instagram on our website. Instagram is a social media platform operated by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Since 2012, Instagram has been a subsidiary of Meta Platforms Inc. and is part of the Facebook products. The embedding of Instagram content on our website is called embedding. This allows us to display content such as buttons, photos, or videos from Instagram directly on our website. When you access web pages on our site that include an Instagram feature, data is transmitted to Instagram, where it is stored and processed. Instagram uses the same systems and technologies as Facebook, meaning your data is processed across all Facebook companies.

Below we provide more insight into why Instagram collects data, what data it collects, and how you can largely control data processing. Since Instagram is part of Meta Platforms Inc., we rely on both Instagram’s policies and Meta’s privacy policies.

Instagram is one of the most popular social media networks in the world. It combines the benefits of a blog with audiovisual platforms like YouTube or Vimeo. Users can upload photos and short videos, edit them with filters, and share them on other social networks. Even if you’re not active yourself, you can follow interesting users.

Why do we use Instagram on our website?
Instagram has exploded in popularity over recent years, and we’ve responded to this trend. We want you to feel as comfortable as possible on our website, so we enrich our content with helpful, fun, or interesting content from Instagram. Since Instagram is a Facebook subsidiary, the collected data can also be used for personalized advertising on Facebook. This ensures our ads are shown only to people genuinely interested in our products or services.

Instagram also uses collected data for analytics and measurement purposes. We receive aggregated statistics, giving us more insight into your preferences and interests. Importantly, these reports do not identify you personally.

What data does Instagram store?
When you visit one of our pages that has Instagram features (like embedded photos or plugins), your browser automatically connects to Instagram’s servers. Data is then transmitted, stored, and processed—regardless of whether you have an Instagram account. This includes information about our website, your device, purchases, ads you’ve seen, and how you interact with our offerings. The date and time of your Instagram interaction are also stored. If you’re logged into Instagram, significantly more data will be collected.

Facebook differentiates between customer data and event data. We assume this is also the case for Instagram. Customer data includes name, address, phone number, and IP address, which is only transmitted to Instagram after being “hashed” (converted into a string for encryption). Event data includes user behavior data and may be combined with customer data. Collected contact information is matched with existing Instagram data.

Cookies, mostly stored in your browser, transmit the collected data to Facebook. Depending on which Instagram features are used and whether or not you’re logged in, different amounts of data are stored.

We believe Instagram’s data processing works similarly to Facebook. So if you have an Instagram account or visit www.instagram.com, Instagram will likely set a cookie. This cookie will send information to Instagram once you interact with an Instagram feature. After 90 days (post-matching), these data are either deleted or anonymized. Despite our efforts to investigate Instagram’s data processing, we cannot specify exactly what data is collected and stored.

Here are example cookies set by Instagram:

  • Name: csrftoken
    Purpose: Likely used for security reasons to prevent forged requests.
    Expiry: 1 year

  • Name: mid
    Purpose: Assigns a unique user ID to optimize services on and off Instagram.
    Expiry: session

  • Name: fbsr_[app_id]
    Purpose: Stores login requests for Instagram app users.
    Expiry: session

  • Name: rur
    Value: ATN
    Purpose: Maintains Instagram’s functionality.
    Expiry: session

  • Name: urlgen
    Purpose: Serves Instagram’s marketing purposes.
    Expiry: session

Note: This list is not exhaustive. The actual cookies depend on which Instagram features are embedded and how you use them.

How long and where are the data stored?
Instagram shares collected data across the Facebook companies, with external partners, and with people you interact with globally. Data is stored securely on Facebook’s servers around the world, mostly in the USA.

How can I delete or prevent data storage?
Under the GDPR, you have the right to access, transfer, correct, and delete your data. In your Instagram settings, you can manage your data. If you want to completely delete your data, you must permanently delete your Instagram account.

Here’s how to delete your Instagram account:
Open the app → Go to your profile → Scroll to “Help Center” → Website → “Managing your account” → “Delete your account”

Deleting your account removes your posts (e.g., photos, status updates), but not content others have shared about you.

Instagram mainly stores your data via cookies, which you can manage, disable, or delete in your browser. You can also configure your browser to notify you whenever a cookie is set, giving you the choice to allow or deny it.

Legal basis
If you’ve consented to data processing via embedded social media elements, this consent constitutes the legal basis (Art. 6 para. 1 lit. a GDPR). Additionally, we process data based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing effective communication with our users and partners. However, we only use embedded social media elements if you’ve provided consent.

Instagram/Facebook processes data in the USA. According to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA, which could pose risks regarding legality and data security.

To protect your data when transferred outside the EU, Facebook uses Standard Contractual Clauses approved by the European Commission (Art. 46 para. 2 and 3 GDPR). These clauses require Facebook to uphold EU data protection levels. See the Commission decision and clauses here:
https://germany.representation.ec.europa.eu/index_de

For further details, visit Instagram’s Data Policy:
https://help.instagram.com/519522125107875

Pinterest Privacy Policy
Pinterest Privacy Policy Summary
👥 Data Subjects: Website visitors
🤝 Purpose: To optimize our services
📓 Processed Data: User behavior, device information, IP address, and search terms
📅 Storage Duration: Until Pinterest no longer needs the data for their purposes
⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Pinterest?
We use buttons and widgets from the social media network Pinterest, operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA. For the European Economic Area, Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data privacy concerns.

Pinterest is a social network that focuses on graphic content such as photos and visual inspirations. The name derives from “pin” and “interest.” Users can exchange ideas on various hobbies and interests and view image collections either publicly or within defined groups.

Why do we use Pinterest?
Pinterest has been around for several years and remains one of the most visited and appreciated platforms. Especially in our industry, Pinterest is ideal due to its focus on aesthetic and interesting imagery. Therefore, we use Pinterest to present our content beyond our website. The collected data may also be used for advertising purposes so that our ads reach people interested in our products or services.

What data is processed by Pinterest?
Pinterest may store so-called log data, which can include information about your browser, IP address, the address of our website and your activity on it (e.g., clicking the Pin button), search histories, date and time of interactions, and cookie/device data. When you interact with a Pinterest feature, cookies may be stored in your browser.

These log data often include:

  • Browser settings (like preferred language)

  • Clickstream data (Pinterest’s term for behavioral tracking on a site)

If you have a Pinterest account and are logged in, data collected via our site can be associated with your Pinterest profile and used for personalized advertising.

If you interact with embedded Pinterest features, you’re typically redirected to the Pinterest platform. Below are example cookies that may be stored in your browser:

  • Name: _auth
    Value: 0
    Purpose: Authentication cookie storing values like username
    Expiry: 1 year

  • Name: _pinterest_referrer
    Purpose: Stores that you came to Pinterest from our website (referrer URL)
    Expiry: Session

  • Name: _pinterest_sess
    Value: …9HRHZvVE0rQlUxdG89
    Purpose: Session cookie storing user IDs, authentication tokens, and timestamps
    Expiry: 1 year

  • Name: _routing_id
    Value: “8d850ddd-4fb8-499c-961c-77efae9d4065…”
    Purpose: Used to identify routing targets
    Expiry: 1 day

  • Name: cm_sub
    Value: denied
    Purpose: Stores a user ID and timestamp
    Expiry: 1 year

  • Name: csrftoken
    Value: 9e49145c82a93d34fd933b0fd844616…
    Purpose: Likely a CSRF protection cookie
    Expiry: 1 year

  • Name: sessionFunnelEventLogged
    Value: 1
    Purpose: No exact information found
    Expiry: 1 day

How long and where are data stored?
Pinterest generally retains data for as long as it’s necessary to fulfill business purposes. Once no longer needed, data are deleted or anonymized in compliance with legal requirements. Data may also be stored on U.S. servers.

Right to Object
You have the right to revoke your consent to the use of cookies or third-party services such as Pinterest at any time. This can be done via our cookie management tool or via browser settings, where you can manage, disable, or delete cookies.

Since embedded Pinterest features may set cookies, we recommend also reviewing our general Cookie Policy. For more detailed information on Pinterest’s data processing, consult their privacy policy.

Legal Basis
If you have consented to the processing and storage of your data via embedded social media tools, this consent serves as the legal basis (Art. 6 para. 1 lit. a GDPR). Data may also be processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing efficient communication. We only use such tools if you’ve granted permission.

Pinterest also processes data in the USA. According to the European Court of Justice, the level of data protection in the USA is currently not deemed adequate. This may pose certain legal and security risks to your data.

To ensure your data is protected, Pinterest relies on Standard Contractual Clauses (SCCs) per Art. 46 para. 2 and 3 GDPR. These are EU-approved templates ensuring that even outside of the EU, Pinterest adheres to European data protection levels. You can view the SCC decision here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

More information about Pinterest’s use of SCCs can be found here:
https://policy.pinterest.com/en/privacy-policy#section-residents-of-the-eea

For further insights into Pinterest’s privacy practices, visit their official policy:
https://policy.pinterest.com/en/privacy-policy

Snapchat Privacy Policy

We also use the instant messaging service Snapchat. The provider is the U.S.-based company Snap Inc., 2772 Donald Douglas Loop N, Santa Monica (HQ), CA, USA.

Snap processes personal data about you, including in the USA. Please note that, in the view of the Court of Justice of the European Union, there is currently no adequate level of protection for data transfers to the USA. This may entail legal and security risks for data processing.

For transfers to recipients in third countries (outside the European Union, Iceland, Liechtenstein, Norway—particularly the U.S.), Snap uses so-called Standard Contractual Clauses (Art. 46(2) and (3) GDPR) as the legal basis. These are model clauses provided by the EU Commission, ensuring that your data continues to meet European data protection standards even when transferred and stored outside the EU. Under these SCCs, Snap commits to maintaining European-level data protection when processing your data, even if it is stored or managed in the USA. The clauses are based on an implementing decision of the European Commission, which you can find here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information on Snap’s Standard Contractual Clauses here: https://snap.com/en-US/terms/standard-contractual-clauses

You can find more on the data processed via Snapchat in Snap’s privacy policy: https://snap.com/de-DE/privacy/privacy-policy

TikTok Privacy Policy

We also use TikTok, a social media and video platform. The global provider is Beijing ByteDance Technology Ltd. For the European Economic Area, the responsible entity is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin D02 T380, Ireland.

TikTok processes personal data about you, including in the USA. As above, the CJEU currently regards the USA as lacking an adequate level of data protection, which may entail risks to the lawfulness and security of data transfers.

For transfers to third-country recipients (especially U.S.-based), TikTok relies on Standard Contractual Clauses (Art. 46(2) & (3) GDPR) to ensure European-level protection when processing your data abroad. These clauses stem from an EU Commission implementing decision (see link above).

More on TikTok’s Standard Contractual Clauses and data processing via TikTok Pixel is available here:
https://www.tiktok.com/legal/privacy-policy-eea?lang=de
and at https://ads.tiktok.com/i18n/official/policy/controller-to-controller

Blogs & Publishing Media – Introduction & Privacy Summary

Summary:

  • 👥 Data Subjects: Visitors to the website

  • 🤝 Purpose: Presentation and optimization of our services, communication between users, security measures, and content management

  • 📓 Processed Data: Contact information, IP address, published content—details vary by tool

  • 📅 Retention Period: Depends on the tools used

  • ⚖️ Legal Bases: Consent (Art. 6(1)(a) GDPR), Legitimate Interests (Art. 6(1)(f)), Contract Performance (Art. 6(1)(b))

What are blogs and publishing media?

We use blogs and other means of content publication on our website to facilitate communication between us and our users. This may involve storing and processing your data, which is necessary for operating the content, facilitating communication, and ensuring security. This section provides a general overview; the specific processing depends on the tools and features used. Please refer to the respective providers’ privacy policies for details.

Why do we use blogs and publishing tools?

We value engaging content and open communication with our users. Publishing media enables commenting, interaction, and user-generated content. It supports dialogue and community building.

What data is processed?

Depending on the features used (e.g. comment sections), typically data such as IP addresses, usernames, and content are stored—mainly for security, spam prevention, and removal of unlawful content. Cookies may also be used. For specifics, refer to each provider’s privacy policy.

Retention period

Unless we state otherwise, data is stored until you withdraw your consent. Personal data is retained only as long as necessary for service provision.

Right to object

You can withdraw your consent to cookie use or third-party tools at any time via our cookie-management tool or other opt-out options. You may also manage, disable, or delete cookies in your browser. See our general Cookie Policy for more information and the individual providers’ privacy policies.

Legal Basis

We use communication and publication tools primarily based on our legitimate interests (Art. 6(1)(f) GDPR) in efficient and good communication. Where usage serves to establish or execute contractual relationships, we rely on Art. 6(1)(b) GDPR. If cookies or user-input functions are involved, your consent (Art. 6(1)(a)) is required. We comply with cookie rules and provider policies accordingly.

Blog Posts & Comment Features Privacy Policy

We use blog postings and comment features for user interaction. IP addresses may be stored for security, spam filtering, and abuse prevention. Cookies may assist with form functionality and session resumption. Stored data remains until you object or withdraw consent.

WordPress Emojis Privacy Policy

We use emojis and smilies hosted by WordPress. These graphical elements are fetched from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. The provider may store your IP address when sending the files.

As with other U.S. services, the same issues of adequacy apply. Automattic uses Standard Contractual Clauses (Art. 46 GDPR) to maintain European-level protection. Terms are available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Automattic’s data processing agreements: https://wordpress.com/support/data-processing-agreements/
Privacy policy: https://automattic.com/privacy/

 

Online Marketing Introduction
Online Marketing Privacy Policy Summary

👥 Data Subjects: Website visitors
🤝 Purpose: Analysis of visitor information to optimize the web offering.
📓 Processed Data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. More details can be found in the respective online marketing tools used.
📅 Storage Duration: Depends on the online marketing tools used
⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Online Marketing?
Online marketing includes all measures carried out online to achieve marketing goals, such as increasing brand awareness or completing a business transaction. Our online marketing efforts are also aimed at drawing people’s attention to our website. To present our offering to as many interested people as possible, we engage in online marketing. This often includes online advertising, content marketing, or search engine optimization.
To use online marketing effectively and in a targeted way, personal data may also be stored and processed. This data helps us show content only to people who are actually interested in it, and it allows us to measure the success of our marketing efforts.

Why do we use online marketing tools?
We want to show our website to anyone interested in what we offer. We know that this is not possible without consciously implemented measures. That’s why we use online marketing. There are various tools that support us in our marketing efforts and continuously provide data-based suggestions for improvement. This allows us to better tailor our campaigns to our target audience.
The ultimate purpose of these tools is to optimize our offering.

Which data is processed?
In order for our online marketing to work and its success to be measurable, user profiles are created and data may be stored in cookies (small text files). These data allow us to not only run traditional advertising but also customize the way content appears on our website according to your preferences.
Various third-party tools offer these functions and collect and store data accordingly. The cookies may store, for example, which pages on our site you visited, how long you viewed them, which links or buttons you clicked, or from which website you arrived at ours.
In addition, technical data may also be stored, such as your IP address, browser type, the device used to access our site, or timestamps of your visit.
If you have consented to location tracking, your location data may also be stored and processed.

Your IP address is stored in a pseudonymized (shortened) form. Personally identifiable data such as name, address, or email are also stored in pseudonymized form when used for advertising or online marketing. This means we cannot directly identify you as an individual—only pseudonymized data is stored in the user profiles.

The cookies used may also be applied on other websites that use the same advertising tools and may be analyzed and used for advertising purposes there as well. Data may also be stored on the servers of the advertising tool providers.

In exceptional cases, personally identifiable data (such as name or email address) may be stored in the user profiles—this may occur if you are a member of a social media platform we use for our marketing efforts and the platform links previously collected data with your user profile.

For all advertising tools we use that store your data on their servers, we only ever receive aggregated information, never personal data that would identify you individually. These aggregated reports show how effective certain advertising measures were. For example, we can see what actions led users to visit our website and make a purchase. This analysis helps us improve our advertising in the future and tailor it even better to the needs and preferences of potential customers.

Duration of data processing
You’ll find specific information on data processing duration further below, where available. Generally, we only process personal data for as long as is necessary to provide our services and products.
Data stored in cookies may be retained for varying durations. Some cookies are deleted as soon as you leave the site, while others may remain stored in your browser for years. You can find detailed information about the individual cookies in the privacy policies of the respective providers.

Right to object
You have the right to withdraw your consent to the use of cookies or third-party tools at any time. This can be done via our cookie management tool or via other opt-out options. For example, you can disable or delete cookies in your browser settings.
The lawfulness of data processing prior to your withdrawal remains unaffected.

Since online marketing tools generally use cookies, we also recommend reviewing our general cookie policy. To find out exactly which of your data is stored and processed, please read the privacy policies of the respective tools used.

Legal Basis
If you have given your consent to the use of third-party services, the legal basis for the corresponding data processing is your consent according to Art. 6(1)(a) GDPR. This consent allows for the processing of personal data in connection with online marketing tools.

We also have a legitimate interest in measuring the effectiveness of our marketing efforts in an anonymized way to improve our offering and campaigns based on the data obtained. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use these tools if you have given your consent.

You can find detailed information about the specific online marketing tools used in the following sections (if available).

Facebook Custom Audiences Privacy Policy

We use Facebook Custom Audiences on our website, a server-side event tracking tool. The service provider is the American company Meta Platforms Inc. For the European region, the responsible entity is Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Facebook also processes your data in the USA, among other locations. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may entail various risks concerning the lawfulness and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway – especially the USA) or for data transfer to such countries, Facebook uses so-called Standard Contractual Clauses (SCCs) pursuant to Art. 46 (2) and (3) GDPR. SCCs are template agreements provided by the European Commission and are intended to ensure that your data continues to comply with European data protection standards, even if it is stored and processed in third countries (such as the USA).
By agreeing to these clauses, Facebook commits to maintaining the European level of data protection when processing your relevant data, even if stored or managed in the USA. These clauses are based on an implementing decision of the EU Commission, which you can view here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

You can find Facebook’s data processing terms, which align with the Standard Contractual Clauses, here:
https://www.facebook.com/legal/terms/dataprocessing

More information about the data processed by Facebook Custom Audiences is available in Facebook’s Privacy Policy:
https://www.facebook.com/about/privacy

Microsoft Advertising Privacy Policy

Microsoft Advertising Privacy Policy Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Economic success and the optimization of our service performance
📓 Processed Data: Access statistics such as location of access, device data, duration and time of access, navigation and click behavior, and IP addresses. Personal data like names or email addresses may also be processed.
📅 Storage Duration: Microsoft stores data as long as necessary to fulfill its intended purpose
⚖️ Legal Basis: Art. 6 (1)(a) GDPR (Consent), Art. 6 (1)(f) GDPR (Legitimate Interests)

What is Microsoft Advertising?

We use the Microsoft Advertising program from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, as part of our online marketing efforts. Microsoft Advertising helps us bring awareness to the quality of our products and/or services. To do this, a conversion tracking tool from Microsoft is integrated into our website, which also stores your data.
This privacy policy explains how this service works, which data is collected, processed, and managed, and how you can prevent this data storage.

You may know Microsoft Advertising by its former name, “Bing Ads.” It is a pay-per-click advertising platform from Microsoft, allowing advertisers to run ads via Bing and Yahoo! search engines and only pay when users click on the ad.

Why do we use Microsoft Advertising?

We believe in the quality of our offering and want to present it to a broad audience. Microsoft Advertising allows us to reach people who are genuinely interested in our products or services—not only via Google but also via Bing, Yahoo!, and the Microsoft Audience Network (including LinkedIn).
Conversion tracking enables us to understand which ads brought you to our website, what subpages you viewed, and what actions you performed. This data helps us better tailor our website, advertising, and offerings to your needs.

Which data does Microsoft Advertising store?

We have integrated a Microsoft Advertising conversion tracking tag (UET tag) into our website. If you arrive at our site via a Microsoft ad, this tool lets us learn more about how you interact with our site. For instance, we can see which keyword or ad led you to us, what you click on, how many people visit via Microsoft Ads, and how long they stay.

These insights are based on user behavior and do not contain personal information. We only receive behavioral data and analysis—not identifiable personal data. Microsoft may use this data to optimize its advertising services. If you have a Microsoft account, this data may be linked to your account. Your IP address may also be recorded and stored.

After clicking a Microsoft ad and visiting our website, the following cookie may be stored in your browser:

  • Name: MUIDB
    Value: 08A53CA3313F6255044C307E353F61CD
    Purpose: Set by the embedded UET tag to synchronize users across Microsoft websites.
    Expiration: After one year

Other cookies that may be set include:

  • Name: ABDEF
    Value: V=0&ABDV=0&MRNB=1594294373452&MRB=0312294393-7
    Purpose: No detailed information found.
    Expiration: After one year

  • Name: SRCHD
    Value: AF=NOFORM
    Purpose: Supports tracking and website functionality.
    Expiration: After one year

  • Name: SRCHHPGUSR
    Value: WTS=63729889193&HV=1594294374&CW=1920&CH=937&DPR=1&UTC=120&DM=0
    Purpose: Tracks user behavior and interaction with the Bing map interface.
    Expiration: After one year

  • Name: SRCHUID
    Value: V=2&GUID=157B20CCF36A43F3A4AE9790346EB7A7&dmnchg=1
    Purpose: Tracks user behavior and Bing map API interactions.
    Expiration: After one year

  • Name: _EDGE_S
    Value: mkt=de-at&SID=2EE7002D956A61511D280F2F9474607312294393-2
    Purpose: Collects and stores user behavior across websites to improve ad targeting.
    Expiration: End of browser session

  • Name: _SS
    Value: SID=2EE7002D956A61511D280F2F94746077312294393-9
    Purpose: Identifies which ad brought you to the website.
    Expiration: After one year

 

How long and where are the data stored?

We have no influence over how Microsoft continues to use the user data it collects. Microsoft operates its own servers globally, with most located in the United States. Therefore, your data may be stored, managed, and processed on American servers. Microsoft stores data (especially personal data) for as long as necessary to provide its own services and products or for legal purposes. Microsoft also states that the actual retention period varies significantly depending on the product involved.

For search queries made via Bing, Microsoft deletes stored search data after six months by removing your IP address. Cookie IDs, such as those created by the MUID cookie, are anonymized after 18 months.

How can I delete my data or prevent data storage?

You can opt out of Microsoft Ads conversion tracking at any time. If you do not want to receive interest-based ads from Microsoft Advertising, you can disable this feature at
https://account.microsoft.com/privacy/ad-settings/signedout
Additionally, you can manage, disable, or delete all cookies via your browser settings. Each browser handles this differently. Under the “Cookies” section of our general privacy policy, you will find links to instructions for the most common browsers.

Legal Basis

If you have given consent to the use of Microsoft Advertising, the legal basis for the corresponding data processing is that consent. According to Art. 6(1)(a) GDPR, this consent forms the legal basis for the processing of personal data as may occur when using Microsoft Advertising.

Additionally, we have a legitimate interest in using Microsoft Advertising to improve our online services and marketing efforts. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use Microsoft Advertising if you have given consent.

Microsoft may process your data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may pose various risks to the legality and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway – particularly in the USA) or for the transfer of data to such countries, Microsoft uses Standard Contractual Clauses pursuant to Art. 46(2) and (3) GDPR.
These Standard Contractual Clauses (SCCs) are templates provided by the European Commission to ensure your data continues to meet European data protection standards even when transferred to and stored in third countries.
Through these clauses, Microsoft commits to maintaining the European level of data protection when processing your relevant data—even if stored and managed in the USA.
You can view the decision and the Standard Contractual Clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

For more information on Microsoft’s use of SCCs, see:
https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

We hope this overview of Microsoft Ads conversion tracking data processing has been helpful. Please note that Microsoft’s privacy policies may change over time. For the most current information, we recommend reviewing Microsoft’s privacy statement:
https://privacy.microsoft.com/en-us/privacystatement

Cookie Consent Management Platform – Introduction

Cookie Consent Management Platform Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Obtaining and managing consent for the use of certain cookies and related tools
📓 Processed Data: Data for managing cookie settings such as IP address, time of consent, type of consent, and individual preferences. More details can be found in the respective tool’s privacy policy.
📅 Storage Duration: Depends on the tool used – typically ranges from several months to several years
⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is a Cookie Consent Management Platform?

We use a Consent Management Platform (CMP) on our website to help both us and you handle the use of scripts and cookies correctly and securely.
The software automatically generates a cookie banner, scans and monitors all scripts and cookies, provides the legally required consent mechanism, and helps maintain transparency about the cookies in use.

Most CMP tools identify and categorize all cookies used. As a website visitor, you can then decide for yourself whether and which scripts or cookies you allow or disallow.

 

Why do we use a cookie management tool?

Our goal is to provide you with the greatest possible transparency in matters of data protection. In addition, we are legally obliged to do so. We want to inform you as comprehensively as possible about all tools and cookies that may store and process data about you. It is also your right to decide for yourself which cookies you want to accept or reject.

To give you this right, we first need to know exactly which cookies are present on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we are fully informed and can provide you with GDPR-compliant information. Through the consent system, you can then accept or decline cookies.

What data is processed?

As part of our cookie management tool, you can manage each individual cookie and have full control over the storage and processing of your data. Your consent declaration is saved so that we do not have to ask you again on every visit, and so that we can prove your consent when required by law. This information is stored either in an opt-in cookie or on a server.

Depending on the provider of the cookie management tool, the retention period of your cookie consent may vary. Typically, this data (such as a pseudonymous user ID, timestamp of consent, details of selected cookie categories or tools, browser, and device information) is stored for up to two years.

Duration of data processing

You can find more detailed information on the duration of data processing further below, if available. In general, we only process personal data as long as necessary to provide our services and products. Data stored in cookies may be kept for different lengths of time. Some cookies are deleted immediately after you leave the site, while others may remain stored in your browser for several years. The exact storage period depends on the specific tool used; usually, you can expect a duration of several years. The respective privacy policies of the individual providers generally offer more detailed information on data retention.

Right to object

You have the right and the ability to withdraw your consent to the use of cookies at any time. This can be done via our cookie management tool or through other opt-out functions. For example, you can prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser.

Information about specific cookie management tools can be found—if available—in the following sections.

Legal basis

If you consent to the use of cookies, personal data may be processed and stored via these cookies. If we are permitted to use cookies based on your consent (Article 6(1)(a) GDPR), then this consent also serves as the legal basis for the processing of your data.

To manage cookie consent and to make it technically possible for you to give consent, we use cookie consent management software. The use of this software enables us to operate the website efficiently and in compliance with the law, which constitutes a legitimate interest under Article 6(1)(f) GDPR.

Real Cookie Banner

To manage the use of cookies and similar technologies (such as tracking pixels, web beacons, etc.) and the associated consents, we use the consent tool “Real Cookie Banner.” You can find details about how “Real Cookie Banner” works at:
https://devowl.io/de/rcb/datenverarbeitung/ (German only)

The legal bases for the processing of personal data in this context are Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Our legitimate interest lies in managing the use of cookies and similar technologies and the associated consents.

The provision of personal data is neither legally nor contractually required, nor necessary to enter into a contract. You are not obligated to provide personal data. However, if you do not provide this data, we will be unable to manage your cookie consents.

 

Security & Anti-Spam

Security & Anti-Spam Privacy Policy Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Cybersecurity
📓 Processed Data: Data such as your IP address, name, or technical information like browser version.
More details can be found below and in the respective privacy policies.
📅 Storage Duration: In most cases, data is stored only as long as required to provide the service.
⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is security & anti-spam software?

Security and anti-spam software helps protect both you and us from spam, phishing emails, and other cyberattacks. Spam refers to unsolicited mass-distributed advertising emails, also known as digital junk, which can also lead to costs. Phishing emails are messages designed to mimic trustworthy sources in order to gain access to personal information.
Anti-spam software generally protects against unwanted or malicious emails, such as those containing viruses. We also use general firewall and security systems to protect our computers from unauthorized network access.

Why do we use security & anti-spam software?

We place great importance on security, not only for our own protection but especially for yours. Unfortunately, cyber threats are now a common part of internet life. Hackers often attempt to access personal data via cyberattacks.
A solid security system is therefore essential. These systems monitor all incoming and outgoing connections to our network or computers.
In addition to built-in systems, we use external security services to provide even better protection against cybercrime by preventing unauthorized data transfers.

What data is processed by security & anti-spam software?

The exact data collected depends on the specific service used. However, we always aim to use programs that collect only the minimum data necessary.
Generally, services may store data such as your name, address, IP address, email address, and technical details like browser type or version.
Performance and log data may also be collected to identify potential threats early. These data are processed in accordance with applicable laws, including GDPR—even by U.S.-based providers through the use of Standard Contractual Clauses (SCCs).
Some of these services may collaborate with third parties under strict data protection agreements and additional security measures. Data is often stored using cookies.

Duration of data processing

If available, we provide more specific information further below. In general, data is stored only as long as necessary to provide the service or until you or we revoke the storage. Unfortunately, many providers do not provide precise retention periods.

Right to object

You have the right to withdraw your consent to the use of cookies and third-party security software at any time. This can be done via our cookie management tool or other opt-out options.
You can also manage, disable, or delete cookies in your browser settings.

As many of these services use cookies, we recommend reviewing our general cookie policy. To know exactly which data is processed, refer to the privacy policies of the respective tools.

Legal basis

We primarily use security services based on our legitimate interest in maintaining a secure website (Art. 6(1)(f) GDPR).
Certain processing activities, particularly those involving cookies or security features, require your consent. If you consent to the processing of data by security services, this consent becomes the legal basis for data processing under Art. 6(1)(a) GDPR.
Most services set cookies in your browser to store data. Please read our general cookie privacy policy and the privacy notices or cookie policies of the individual providers.

You will find more information on specific tools in the sections below (if available).

Akismet Privacy Policy

We use Akismet, an anti-spam solution for WordPress. The service provider is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Akismet may process your data in the USA. We note that the European Court of Justice currently considers there to be no adequate level of protection for data transfers to the USA. This may pose risks to the legality and security of data processing.

For data transfers to third countries (outside the EU, Iceland, Liechtenstein, and Norway—particularly to the USA), Akismet and WordPress rely on Standard Contractual Clauses (Art. 46(2) and (3) GDPR). These are templates provided by the European Commission to ensure that your data remains protected according to EU standards, even when transferred to countries such as the USA.
By agreeing to these clauses, WordPress commits to maintaining EU data protection levels even when storing, processing, or managing your data in the USA.
The relevant decision and standard contractual clauses can be found at:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

Akismet’s data processing agreements referencing SCCs can be found here:
https://wordpress.com/support/data-processing-agreements/

More information about the data processed by Akismet/WordPress is available at:
https://automattic.com/privacy/

Wordfence Privacy Policy

We use Wordfence, a WordPress security plugin. The service provider is Defiant, Inc., 1700 Westlake Ave N Ste 200, Seattle, WA 98109, USA.

Wordfence may process your data in the USA. We note that the European Court of Justice currently considers there to be no adequate level of protection for data transfers to the USA. This may involve risks to the legality and security of data processing.

For transfers to third countries (outside the EU, Iceland, Liechtenstein, and Norway), Wordfence also relies on Standard Contractual Clauses (Art. 46(2) and (3) GDPR). These templates ensure that your data remains protected according to EU standards even when stored in countries such as the USA.
Wordfence has committed to upholding EU data protection standards when processing your relevant data in the USA.

You can view the SCC decision and clauses at:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

Wordfence’s Data Protection Regulation page (referencing SCCs) is available here:
https://www.wordfence.com/help/general-data-protection-regulation/

More about the data processed by Wordfence can be found in their privacy policy:
https://www.wordfence.com/privacy-policy/

Payment Providers

Payment Providers Privacy Policy Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Enabling and optimizing the payment process on our website
📓 Processed Data: Data such as name, address, banking details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data.
More details can be found in the privacy policies of the specific payment provider tools used.
📅 Storage Duration: Depends on the respective payment provider
⚖️ Legal Bases: Art. 6(1)(b) GDPR (Performance of a contract)

What is a payment provider?

We use online payment systems on our website to enable a secure and smooth payment process for both you and us. In doing so, personal data may be sent to, stored by, and processed by the selected payment provider. Payment providers are online systems that allow you to complete transactions via online banking. The transaction is processed by the payment provider you selected. We then receive a notification indicating whether the payment was successful.
This method can be used by anyone with an active online banking account that includes a PIN and TAN. Most banks now support or accept such payment methods.

Why do we use payment providers on our website?

Our goal is to offer the best possible service via our website and online shop, ensuring that you feel comfortable and can make use of our offers. We know your time is valuable, and that payment processes must be fast and seamless. Therefore, we offer various payment providers so that you can pay using your preferred method.

What data is processed?

The specific data processed depends on the respective payment provider. However, the following data is generally collected: name, address, banking details (account number, credit card number, passwords, TANs), as well as IP address and contract data. This data is necessary to enable the transaction. Additionally, user and contract data such as your visit times, the content you are interested in, or which subpages you click may also be stored. Most payment providers also store information about your device and browser.

This data is typically stored and processed on the servers of the payment providers. As the website operator, we do not receive this data—only information about whether the payment was successful.
For identity and creditworthiness checks, the payment provider may transmit data to the appropriate authority. All transactions are subject to the terms and privacy policies of the respective payment provider. Please always refer to the provider’s terms and privacy policy.

You also have the right to request deletion or correction of your data. Please contact the respective payment provider to exercise your rights (withdrawal, access, and rectification).

Duration of data processing

We provide more detailed information further below, if available. In general, we only process personal data for as long as necessary to provide our services and products. Where legally required (e.g. for bookkeeping purposes), this period may be extended. For example, we store booking records (invoices, contracts, bank statements, etc.) related to a contract for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB).

Right to object

You always have the right to access, correct, and delete your personal data. For questions, please contact the responsible parties at the payment provider. You can find contact details in our privacy policy or directly on the provider’s website.

You may delete, disable, or manage cookies used by payment providers in your browser settings. Please note that this may affect the functionality of the payment process.

Legal basis

To fulfill contractual or legal obligations (Art. 6(1)(b) GDPR), we offer payment options via traditional banks and credit institutions as well as third-party payment providers. The individual privacy policies of providers (such as Amazon Payments, Apple Pay, or Discover) will provide detailed insights into data processing and storage. If you have any questions regarding data privacy, you can contact the respective provider at any time.

More information about specific payment providers can be found in the following sections (if available).

Klarna Checkout Privacy Policy

Klarna Checkout Privacy Policy Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Optimization of the payment process on our website
📓 Processed Data: Data such as name, address, banking details (account number, credit card number, passwords, TANs), IP address, and contract data
📅 Storage Duration: Data is stored as long as Klarna requires it for processing
⚖️ Legal Bases: Art. 6(1)(c) GDPR (Legal obligation), Art. 6(1)(f) GDPR (Legitimate interest)

What is Klarna Checkout?

We use Klarna Checkout on our website, an online payment system provided by Klarna Bank AB, headquartered at Sveavägen 46, 111 34 Stockholm, Sweden. When you choose this service, personal data is transmitted to, stored by, and processed by Klarna.

Klarna Checkout is a system for processing online payments. Users select a payment method, and Klarna manages the entire transaction. Once a user has completed a payment via Klarna Checkout and entered the required information, future checkouts can be processed faster. Klarna can recognize returning customers by matching email address and ZIP code.

Why do we use Klarna Checkout?

Our goal is to provide you with the best possible service, including a fast, secure, and seamless payment process. Klarna Checkout helps us achieve that through a user-friendly and optimized checkout experience.

What data does Klarna Checkout process?

When using Klarna Checkout, personal data is transmitted to Klarna. Technical information such as browser type, operating system, referring website, date and time, language settings, time zone, and IP address is collected—even if no order is completed.

When placing an order, you are required to enter your personal information into designated form fields. Klarna uses this data for payment processing and, for creditworthiness and identity verification, may process and store the following types of data:

  • Contact information: name, date of birth, national ID number, title, billing and shipping address, email address, phone number, nationality, salary.

  • Payment information: credit card or bank account details.

  • Product information: order tracking number, type of item, and product price.

Optionally, Klarna may process sensitive personal data (e.g., political, religious, philosophical beliefs or health information) only if you explicitly choose to provide it.

Klarna may also collect additional data through third parties (such as us or public databases), including credit reports, income levels, and order details. Klarna may share your personal data with service providers such as software vendors, storage providers, or us as the merchant.

If form fields are prefilled, cookies are usually involved. You can disable these cookies at any time. Klarna does not set cookies directly during the checkout process. If you select “Klarna Sofort” and click “Order,” you are redirected to the Sofort website. After successful payment, you return to our thank-you page, where the following cookie is set by sofort.com:

  • Name: SOFUEB
    Value: e8cipp378mdscn9e17kajlfhv7312294393-4
    Purpose: Stores your session ID.
    Expiration: End of browser session

How long and where is data stored?

Klarna generally aims to store your data within the EU/EEA. However, data may also be transferred outside the EU/EEA. In such cases, Klarna ensures GDPR compliance, relying on adequacy decisions by the European Commission. Data is only stored as long as necessary for processing.

How can I delete or prevent data storage?

You may withdraw your consent to Klarna’s data processing at any time. You also have the right to access, correct, or delete your personal data. To exercise these rights, contact Klarna’s data protection team at
datenschutz@klarna.de
or via Klarna’s privacy portal:
My Privacy Request

You can also delete or manage any cookies used by Klarna in your browser settings.

Legal basis

To fulfill our contractual obligations (Art. 6(1)(b) GDPR), we offer Klarna Checkout as an additional payment method alongside traditional banking services.

We hope this gives you a clear overview of how Klarna processes your data. For further details, refer to Klarna’s full privacy policy:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy

 

Mollie Privacy Policy

We use Mollie, a service for online payment transactions, on our website. The service provider is the Dutch company Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, Netherlands.

For more information about how Mollie processes your data, please refer to Mollie’s privacy policy:
https://www.mollie.com/en/privacy

PayPal Privacy Policy

We use PayPal, an online payment service, on our website. The provider is the American company PayPal Inc. For users in the European Economic Area, the responsible entity is PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg).

PayPal may process your data in the United States, among other locations. We point out that, according to the Court of Justice of the European Union, there is currently no adequate level of protection for data transfers to the U.S. This may entail various risks to the legality and security of data processing.

As a basis for data transfers to third countries (outside the EU, Iceland, Liechtenstein, Norway—particularly the USA), PayPal uses Standard Contractual Clauses (SCCs) in accordance with Art. 46(2) and (3) GDPR. These are templates issued by the European Commission to ensure that your data continues to comply with EU data protection standards even when stored or processed in countries such as the U.S.

Through these clauses, PayPal commits to maintaining EU data protection standards when processing your personal data, even if stored or handled in the U.S.
You can find the EU Commission’s decision and the clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

More information about the Standard Contractual Clauses and how PayPal processes your data can be found in their privacy policy:
https://www.paypal.com/webapps/mpp/ua/privacy-full

Visa Privacy Policy

We use Visa, a global payment provider, on our website. The service provider is Visa Inc., a U.S. company. For users in the European Economic Area, the responsible entity is Visa Europe Services Inc., 1 Sheldon Square, London W2 6TT, United Kingdom.

Visa may also process your data in the U.S. We point out that the Court of Justice of the European Union considers the level of protection for data transfers to the U.S. to be currently inadequate. This could pose certain risks to the legality and security of the data processing.

For data transfers to countries outside the EU (including the USA), Visa also relies on Standard Contractual Clauses (SCCs) in accordance with Art. 46(2) and (3) GDPR. These clauses are designed to ensure that your data remains protected according to EU standards even when processed in third countries.
Visa commits to upholding EU data protection standards for personal data processed in the USA.

You can find more details on Visa’s SCCs here:
https://www.visa.co.uk/legal/privacy-policy.html

More information on how Visa handles your data is available at:
https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

Survey and Polling Systems

Survey Systems Privacy Policy Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Analysis of survey data on the website
📓 Processed Data: Contact data, device data, duration and time of access, IP addresses
📅 Storage Duration: Depends on the tool used
⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are survey and polling systems?

We occasionally conduct surveys and polls via our website. These surveys are generally evaluated anonymously. Survey systems are tools integrated into our website that present you with questions (e.g., about our products or services) which you can choose to answer.
Although responses are evaluated anonymously, personal data may be processed with your consent.

Why do we use survey and polling systems?

Our goal is to provide the best products and services possible. Feedback via surveys helps us understand your expectations and tailor our offerings accordingly.
Additionally, survey data helps us refine our marketing strategies to target audiences who are genuinely interested in our products or services.

What data is processed?

Personal data is only processed if technically necessary or if you give explicit consent. In such cases, your IP address may be stored (e.g., to render the survey in your browser). Cookies may be used so that you can resume the survey later.

If you provide consent, the following types of data may be processed:

  • IP address

  • Contact information (e.g., email address, phone number)

  • Any data entered into an online form

  • Information about your website activity (e.g., pages visited, time spent)

  • Technical information about your device

How long is data stored?

The storage duration depends on the specific tool used. In general, personal data is only processed for as long as necessary to provide the service.
Data stored in cookies may be deleted immediately after leaving the website or may persist for several years. The respective tool’s privacy policy usually provides exact storage durations.

Right to object

You may withdraw your consent to data processing at any time—either via our cookie management tool or through opt-out features provided by the tool.
You can also manage, disable, or delete cookies in your browser settings.

Since cookies are often used in survey systems, we also recommend reviewing our general cookie policy. For more details, refer to the individual privacy policies of the tools used.

Legal basis

Surveys are only carried out with your prior consent, obtained via our cookie banner. This consent constitutes the legal basis for processing your personal data (Art. 6(1)(a) GDPR).

We also have a legitimate interest in conducting relevant surveys, in accordance with Art. 6(1)(f) GDPR. However, we only use survey tools when you have provided consent.

Further information about specific survey tools can be found in the following sections (if available).

 

 

Google Forms Privacy Policy

We use Google Forms on our website, a service for cloud-based form creation. The provider is the American company Google Inc. For users in the European Economic Area, the responsible entity is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

Google may process your data in the United States. Please note that, according to the European Court of Justice, there is currently no adequate level of data protection for transfers to the USA. This may pose risks to the legality and security of data processing.

As a legal basis for data transfers to third countries (outside the EU, Iceland, Liechtenstein, Norway—especially the USA), Google uses Standard Contractual Clauses (SCCs) under Art. 46(2) and (3) GDPR. These are templates provided by the European Commission to ensure that your data remains protected even when transferred to and stored in third countries like the USA.

By agreeing to these clauses, Google commits to maintaining the European level of data protection when processing your relevant data. You can find the decision and SCCs here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

Google’s Ads Data Processing Terms, which apply to Google Forms as well, can be found at:
https://business.safety.google/adsprocessorterms/

For more information on how Google processes your data, visit:
https://policies.google.com/privacy

Data Processing Agreement (DPA) for Google Forms

In accordance with Article 28 of the GDPR, we have concluded a Data Processing Agreement (DPA) with Google. This agreement is legally required, as Google processes personal data on our behalf. It states that Google may only process data received from us according to our instructions and must comply with GDPR requirements.

The agreement can be found here:
https://workspace.google.com/terms/dpa_terms.html

Review Platforms – Introduction

Review Platforms Summary
👥 Data Subjects: Website visitors or users of a review platform
🤝 Purpose: Gathering feedback on our products and/or services
📓 Processed Data: e.g., IP address, email address, name
📅 Storage Duration: Depends on the review platform
⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are review platforms?

On various review platforms, you can leave feedback about our products or services. We participate in several of these platforms to gather user feedback and improve our offerings. When you leave a review, the respective platform’s privacy policy and terms apply. Some platforms require account registration. Review widgets may also be embedded on our site and can transmit data to the provider.

Typically, users are invited via email or on-site to submit a review after a purchase. You may be redirected to a review page to submit your feedback. Some systems also integrate with social media platforms to increase visibility.

Why do we use review platforms?

Reviews provide us with fast and direct feedback, allowing us to optimize our offerings more efficiently. They also help inform potential customers about the quality of our products and services.

What data is processed?

With your consent, we share data about you and the services you received with the review platform, solely for verification purposes. The specific data shared depends on the platform but often includes IP address, name, email address, and purchase details like order numbers. This enables platforms to send review requests and ensure authenticity. To display your review on our website, we may inform the provider that you visited our site. The provider is solely responsible for the processed personal data.

How long and where is the data stored?

Details about data storage can be found in the privacy policies of the respective platforms. In general, personal data is stored only as long as necessary. Reviews that contain personal data are usually anonymized by the platform and visible only to company administrators. Data is stored on the providers’ servers and typically deleted after the service is completed.

Right to object

You may withdraw your consent at any time via our cookie management tool or opt-out functions. You can also block cookies in your browser settings.

Since cookies are often used, we recommend reviewing our general cookie policy and the privacy notices of the specific platforms.

Legal basis

If you have given consent, this serves as the legal basis under Art. 6(1)(a) GDPR. Additionally, we have a legitimate interest in using review platforms to improve our services (Art. 6(1)(f) GDPR). We only use such platforms if you have given your consent.

Google Customer Reviews Privacy Policy

We use Google Customer Reviews on our website. The provider is Google Inc. For users in the EU, it is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

Google may process your data in the USA. Please note that, according to the CJEU, there is currently no adequate level of data protection for transfers to the U.S., which may entail risks.

As a legal basis, Google relies on Standard Contractual Clauses under Art. 46(2) and (3) GDPR. These are designed to ensure GDPR compliance even when data is processed in the U.S.
You can find the SCC decision here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The data processing terms for Google Ads and related services can be found here:
https://business.safety.google/intl/en/adsprocessorterms/

More information:
https://policies.google.com/privacy

Trusted Shops Privacy Policy

We also use Trusted Shops for reviews. The provider is Trusted Shops GmbH, Subbelrather Straße 15c, 50823 Cologne, Germany.

You can find more about how Trusted Shops processes your data in their privacy policy:
https://www.trustedshops.com/tsdocument/CONSUMER_MEMBERSHIP_TERMS_en.pdf

Web Design Tools

Web Design Tools Privacy Policy Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Improving user experience
📓 Processed Data: IP address, browser version, screen resolution, language preferences, and possibly other technical data depending on the tool
📅 Storage Duration: Varies by provider
⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is web design?

We use various web design tools on our website—not just to make it visually appealing, but also functional and user-friendly. Web design refers to both the aesthetic and functional layout of a site and is part of the broader field of media design. It includes aspects such as structure, navigation, fonts, responsiveness, and speed. Collectively, these aim to improve the User Experience (UX) and Usability.

Why do we use web design tools?

Your experience on our website is strongly influenced by design, structure, and layout. A professional and appealing design helps us improve our offerings and retain users. A well-structured website also has commercial benefits, as you are more likely to engage with our services if the site is user-friendly and aesthetically pleasing.

What data is processed?

Web design tools may collect and process data when integrated into our site. The exact type of data depends on the specific tool used. For example, Google Fonts transmits IP address, browser version, screen resolution, and language preferences to Google’s servers.

For more information, refer to the specific provider’s privacy policy.

Duration of data processing

Storage periods vary greatly. Cookies may last for a few minutes or several years. Google Fonts, for instance, are cached for one year to improve load times.
Data is retained only as long as necessary for the service, unless longer storage is required by law.

Right to object

You may revoke your consent at any time via our cookie tool or by disabling cookies in your browser settings. Note that some data may be automatically transmitted when a page is loaded, especially with embedded content like fonts.

For Google-related services, contact support here:
https://support.google.com/?hl=en

Legal basis

If you have consented to the use of web design tools, this constitutes the legal basis for data processing under Art. 6(1)(a) GDPR. We also have a legitimate interest in offering a well-designed and user-friendly website (Art. 6(1)(f) GDPR). We only use such tools if you have given your consent.

Adobe Fonts Privacy Policy

We use Adobe Fonts on our website, a web font hosting service. The provider is the American company Adobe Inc. For the European region, the responsible entity is Adobe Systems Software Ireland Companies, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland.

Adobe may process your data in the United States, among other locations. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the US. This may involve various risks to the legality and security of data processing.

As the legal basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway — in particular the USA) or for data transfers to such countries, Adobe uses so-called Standard Contractual Clauses (SCCs) pursuant to Art. 46(2) and (3) GDPR. These are model clauses provided by the European Commission that are intended to ensure that your data complies with European data protection standards even when transferred and stored in third countries. Through these clauses, Adobe commits to upholding the level of data protection required by the EU, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the applicable SCCs at:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

For more information on the data processed by Adobe and the Standard Contractual Clauses, visit:
https://www.adobe.com/de/privacy/eudatatransfers.html

Font Awesome Privacy Policy

Summary:

  • Data Subjects: Website visitors

  • Purpose: Optimization of our services

  • Data Processed: e.g., IP address and which icon files are loaded

  • Storage Duration: Identifiable data is stored for a few weeks

  • Legal Basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

We use Font Awesome by Fonticons Inc. (307 S. Main St., Suite 202, Bentonville, AR 72712, USA). When you visit our site, icons are loaded via the Font Awesome Content Delivery Network (CDN). This allows text, fonts, and icons to display correctly on all devices.

Font Awesome helps structure our website visually and improves user experience. Icons can often replace entire words, save space, and increase mobile usability. Because they are embedded as HTML code rather than images, they are easy to style and help improve page load speeds.

What data is processed?

When visiting our website, your browser connects to Fonticons’ servers. Your IP address is recognized, and data such as icon file usage, browser version, screen resolution, and timestamp may be collected for:

  • CDN optimization

  • Detecting and fixing technical errors

  • Preventing misuse or attacks

  • Usage-based billing for Pro customers

  • Popularity analytics

  • Technical profiling

No cookies are currently set by Font Awesome, to our knowledge.

Data Storage

Font Awesome stores identifiable CDN usage data for only a few weeks. Aggregated statistics (non-personal) may be retained longer.

How to prevent data storage

If your browser blocks web fonts, no data is transmitted. Otherwise, visiting our website will result in data transfer to Font Awesome. For more information, visit:

Legal Basis

The use of Font Awesome is based on your consent (Art. 6(1)(a) GDPR). Additionally, we have a legitimate interest (Art. 6(1)(f) GDPR) in optimizing our web service.

We note that data may be processed in the US, where there is currently no adequate level of data protection per the European Court of Justice. US authorities may access data, and it may be linked with other Font Awesome services if you have an account.

Getty Images Privacy Policy

We use the image platform Getty Images on our website. The provider is the American company Getty Images Inc., 605 5th Avenue South Suite 400, Seattle, WA 98104, USA.

We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the US. This could involve risks regarding the legality and security of data processing. US authorities may access such data, and it may also be linked to other Getty Images services, especially if you have an account with them.

For more information about the data Getty Images processes, visit their Privacy Policy:
https://www.gettyimages.at/company/privacy-policy

Google Fonts Privacy Policy

Summary:

  • Data Subjects: Website visitors

  • Purpose: Optimization of our services

  • Data Processed: IP address, CSS requests, font files

  • Storage Duration: Font files stored by Google for one year

  • Legal Basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

We use Google Fonts by Google Inc. The responsible entity for Europe is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

Google Fonts allows us to use web-optimized fonts without hosting them locally. This improves page loading times and ensures a consistent and visually appealing experience across devices and browsers.

When visiting our website, your browser requests font files from Google’s servers. Google processes data like IP address, browser version, screen resolution, and language settings. Google claims not to set cookies for this service and separates Google Fonts API from other Google services.

Google stores CSS requests for one day and font files for one year to optimize performance. Fonts are served from a CDN, allowing fast and consistent access.

For more on Google Fonts:

Legal Basis

If you consent to the use of Google Fonts, the legal basis is Art. 6(1)(a) GDPR. We also have a legitimate interest (Art. 6(1)(f) GDPR) in optimizing our web experience.

Google may process your data in the US. Data transfers to third countries are governed by Standard Contractual Clauses (Art. 46(2) and (3) GDPR), which Google applies to ensure compliance with EU data protection standards.

You can find more on these SCCs and processing terms at:

Google Fonts Local Privacy Policy

We use Google Fonts on our website, provided by Google Inc. For the European region, the responsible entity is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We have integrated the Google Fonts locally, i.e., on our own web server – not on Google’s servers. This means there is no connection to Google servers and therefore no data is transmitted or stored by Google.

What are Google Fonts?

Google Fonts, formerly known as Google Web Fonts, is an interactive directory of more than 800 fonts that Google provides free of charge. With Google Fonts, you could use fonts without uploading them to your own server. However, to prevent any transmission of information to Google servers, we have downloaded the fonts to our own server. In this way, we act in compliance with data protection regulations and do not transmit any data to Google Fonts.

WP Dark Mode Privacy Policy

We use the WordPress plugin WP Dark Mode on our website. The service provider is the Asian company WPPOOL, headquartered in Dhaka (Bangladesh). We have not yet been able to obtain more detailed information about the company’s address.

Through this service, data may be transferred to Bangladesh. Please note that Bangladesh is a third country not subject to the scope of the GDPR. This may result in restrictions in data protection and data security.

For more information about the data processed through the use of WP Dark Mode, please refer to the privacy policy at: https://wppool.dev/privacy-policy/

Other Third-Party Services – Introduction

Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Improving user experience
📓 Processed Data: Depends on the services used; typically includes IP addresses and/or technical data. More details can be found in the relevant sections of this privacy policy.
📅 Storage Duration: Depends on the tools used
⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is included under “Other Services”?

This category includes services that do not fall into the above-mentioned categories. These are typically various plugins and embedded elements that enhance our website. They are usually obtained from third-party providers and integrated into our site. For example, these may include web search services like Algolia Place, Giphy, Programmable Search Engine, or weather data services such as OpenWeather.

Why do we use other third-party providers?

We aim to offer you the best possible web experience in our industry. A website is no longer just a digital business card, but a place to help you find what you’re looking for. To make our site more interesting and helpful, we use various third-party services.

What data is processed?

Whenever elements are embedded into our website, your IP address is transmitted to and processed by the relevant provider – this is necessary for the content to be displayed properly in your browser. Providers may also use pixel tags or web beacons (small graphics that log data and analyze it). These can be used to enhance marketing strategies. Additional information like your clicks or page visits may also be stored in cookies along with technical data like your browser type or operating system. Some providers may link this data with other internal or third-party services. Because each provider handles data differently, we recommend reading their individual privacy policies carefully. We strive to use only privacy-conscious services.

Duration of Data Processing

Where available, we provide information on how long the data is processed. In general, we only process personal data for as long as necessary to deliver our services and products.

Legal Basis

If we ask for your consent to use a service and you agree, this constitutes the legal basis for processing your data (Art. 6 para. 1 lit. a GDPR). In addition to consent, we have a legitimate interest in analyzing user behavior to improve our offering technically and economically. The corresponding legal basis is Art. 6 para. 1 lit. f GDPR. However, we only use these tools if you have given your consent.

For information about specific tools, please see the relevant sections below, if available.