Responsible

Below is a summary of the primary legal bases of the GDPR that govern our processing of personal data. Please be aware that, depending on your or our place of residence or business, national data protection regulations might apply. If specific legal bases apply in individual cases, they will be communicated in our privacy policy.

• Consent (Art. 6 Para. 1 S. 1 lit. a GDPR): An individual has given their permission for their data to be processed for certain purposes.
• Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f GDPR): Data processing is necessary to protect the legitimate interests of the data controller or a third party, unless the rights of the affected individual take precedence.

Data Protection Regulations in Germany:

In addition to the GDPR, there are national data protection laws in Germany. This includes, in particular, the BDSG (Federal Data Protection Act), which sets out specific rules e.g. regarding the right to information, deletion, or the processing of special categories of data. State-specific data protection laws might also be relevant in various federal states.

Notes Regarding GDPR and Swiss DPA:

The following data protection notices relate both to the Swiss Data Protection Act (DPA) and the GDPR. Therefore, we utilize GDPR terminology here, even though terms might differ in Switzerland. However, when the Swiss DPA is applied, the definitions as per the Swiss DPA remain decisive.

Overview of Data Processing

The following overview summarizes the types of data processed and the reasons for their processing, and refers to the individuals concerned.

Types of Data Processed

• Contact details.
• Content data.
• Usage data.
• Meta, communication, and process data.

Categories of Affected Persons

• Communication partners.
• Users.

Purposes of Processing

• Contact inquiries and communication.
• Security measures.
• Management and response to inquiries.
• Feedback.
• Provision of our online services and user-friendliness.
• IT infrastructure.

Security Measures

In accordance with legal requirements and considering the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the risks to the rights and freedoms of natural persons of varying likelihood and severity, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures particularly include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input, transfer, availability, and separation of the data. Furthermore, we have set up procedures that guarantee the exercise of data subject rights, data deletion, and reactions to data threats. Moreover, we consider the protection of personal data during the development or selection of hardware, software, and processes, in line with the principle of data protection, by design and default.

TLS encryption (https): To protect your data transmitted through our online services, we use TLS encryption. Encrypted connections are indicated by the prefix https:// in the address bar of your browser.

Rights of the Data Subjects

Rights of the data subjects under GDPR: As a data subject, the GDPR grants you various rights, particularly deriving from Art. 15 to 21 GDPR:

• Right to Object: You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions. If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing for such marketing; this also pertains to profiling, as far as it is associated with such direct marketing.
• Right to Withdraw Consent: You have the right to withdraw your consent at any time.
• Right of Access: You have the right to request confirmation as to whether the data in question is being processed and to information about this data, as well as further information and a copy of the data in line with legal requirements.
• Right to Rectification: You have the right, in line with the provisions of the law, to request the completion or correction of data concerning you.
• Right to Erasure and Restriction of Processing: In accordance with legal provisions, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data.
• Right to Data Portability: You have the right to receive data concerning you which you have provided to us, in a structured, commonly used, and machine-readable format, and to request its transmission to another controller.
• Right to Lodge a Complaint: Irrespective of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data relating to you infringes the GDPR.

Use of Cookies

Cookies are small text files or other storage markers that save information on end devices and retrieve information from these devices. For instance, they store the login status in a user account, a shopping cart's content in an e-shop, the accessed content, or functions of an online offering. Cookies can also be used for various purposes, like ensuring the functionality, security, and comfort of online offers, as well as analyzing visitor traffic.

Notes on Consent: We use cookies in accordance with legal regulations. Thus, we ask users for prior consent unless it's not required by law. Consent is especially not necessary when the storage and retrieval of information, including cookies, are essential for providing the explicitly requested online service to the users. Typically, the essential cookies serve functions related to the display and operability of the online offer, load distribution, security, saving user preferences and choices, or similar purposes related to providing the main and additional functionalities of the online service requested by the users. The revocable consent is clearly communicated to users, containing information on the respective cookie usage.

Notes on the Data Protection Legal Basis: The legal basis on which we process users' personal data with the help of cookies depends on whether we ask users for consent. If the users give their consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies is based on our legitimate interests (e.g., the economical operation of our online offering and its usability improvement) or when the use of cookies is essential for fulfilling our contractual obligations.

Storage Duration:

• Temporary Cookies (also: Session or Session Cookies): These are deleted as soon as a user leaves an online offering and closes their device (e.g., browser or mobile application).
• Permanent Cookies: These remain stored even after closing the device. For example, the login status can be saved or preferred content can be displayed directly when the user revisits a website. The data collected with the help of cookies can also be used for reach measurement. Unless we provide users with explicit information about the type and duration of cookie storage (e.g., when obtaining consent), users should assume that cookies are permanent with a storage duration of up to two years.

General Notes on Revocation and Objection (so-called "Opt-Out"): Users can revoke their given consents at any time and object to the processing according to legal requirements. Users can also restrict the use of cookies in their browser settings (which might also limit our online offer's functionality). Objections to the use of cookies for online marketing purposes can be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR). Consent (Art. 6 Para. 1 S. 1 lit. a GDPR).

Additional Information on Processing Procedures and Services:

• Processing of Cookie Data Based on Consent: We use a cookie consent management procedure, wherein the users' consent for the use of cookies, or the mentioned processing and providers in the cookie consent management process, is obtained and managed. The declaration of consent is stored to avoid repeated queries and to be able to prove the consent according to the legal obligation. The storage can be server-side and/or in a cookie (so-called opt-in cookie) to assign the consent to a user or their device. Unless we provide specific details about cookie management service providers, the following applies: The consent's storage duration can be up to two years. During this period, a pseudonymous user identifier is created and stored with the consent's timestamp, scope details (e.g., categories of cookies and/or service providers), and the used browser, system, and device.

Provision of the Online Offer and Web Hosting

We process the data of our users in order to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or device.

• Types of data processed: Usage data (e.g., websites visited, interest in content, access times). Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Further notes on processing processes, procedures, and services:

• Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files". Server log files may include the address and name of the accessed websites and files, date and time of access, transmitted data volumes, notification of successful retrieval, browser type including version, the user's operating system, referrer URL (previously visited page), and usually IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid overloading the servers (especially in the case of malicious attacks, so-called DDoS attacks) and to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be stored for evidence purposes is exempted from deletion until the respective incident is finally clarified.
• Hetzner: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR); Website: https://www.hetzner.com; Privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz. Contract processing agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, phone, or via social media) and within existing user and business relationships, the details of the inquiring persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.

• Types of data processed: Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Usage data (e.g., websites visited, interest in content, access times). Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected persons: Communication partners.
• Purposes of processing: Contact inquiries and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form). Provision of our online offer and user-friendliness.
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Definition of terms

In this section, you will find an overview of the terminology used in this privacy policy. Insofar as the terminology is defined by law, the legal definitions apply. The following explanations are primarily intended for understanding.

• Personal data: "Personal data" are all pieces of information that relate to an identified or identifiable natural person (hereinafter "data subject"); A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more special features.
• Responsible person: The "responsible person" is the natural or legal person, authority, institution, or other body that alone or together with others decides on the purposes and means of processing personal data.
• Processing: "Processing" is any operation or series of operations carried out with or without the aid of automated processes relating to personal data. The term covers a broad range and includes almost any handling of data, whether it is collection, evaluation, storage, transmission, or deletion.

‍