We have drafted this Privacy Policy (version 18.04.2024-312768223) to explain, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as “data”) we, as the data controller – and the processors commissioned by us (e.g. providers) – process, will process in the future, and what lawful options you have. All terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.
Privacy policies usually sound very technical and use legal jargon. This privacy policy, on the other hand, aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We hereby inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis for doing so. This is certainly not possible if one provides explanations that are as concise, unclear, and legally technical as possible, as is often the standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information here that you did not know before.
If you still have questions, please contact the responsible body listed below or in the imprint, follow the links provided, and view further information on third-party sites. You will also find our contact details in the imprint.
This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (data processors). By personal data, we mean information as defined in Article 4 No. 1 of the GDPR, such as a person’s name, email address, and postal address. The processing of personal data enables us to offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:
In short: This privacy policy applies to all areas where personal data is processed in a structured manner within the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation, which enable us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.
We process your data only if at least one of the following conditions is met:
Other conditions, such as the performance of tasks carried out in the public interest and the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. If such a legal basis should nevertheless be relevant, it will be indicated in the respective section.
In addition to the EU regulation, national laws also apply:
If additional regional or national laws apply, we will inform you about them in the following sections.
If you have any questions about data protection or the processing of personal data, you can find the contact details of the responsible person or office below:
WorkDone.Works S.L.
Avenida El Puente, 29, Local 16
38700 Santa Cruz de la Palma
Canary Islands, Spain
NIF: B75778423
Email: support@workdone.works
Legal Notice: https://workdone.works/impressum/
As a general principle, we only store personal data for as long as it is absolutely necessary to provide our services and products. This means we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally required to retain certain data even after the original purpose has expired, for example, for accounting purposes.
If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as quickly as possible, provided there is no legal obligation to retain it.
We will inform you about the specific duration of each data processing activity further below, provided we have additional information on this.
In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights to which you are entitled to ensure fair and transparent data processing:
In short: you have rights – don’t hesitate to contact the responsible party listed above!
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD), which can be found at
www.aepd.es, in Austria the data protection authority, whose website can be found at www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, please contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
We only transfer or process data to countries outside the scope of the GDPR (third countries) if you consent to this processing or if there is other legal permission to do so. This applies in particular if the processing is required by law or necessary for the performance of a contractual relationship, and in any case only to the extent that this is generally permitted. In most cases, your consent is the most important reason for us to have data processed in third countries. The processing of personal data in third countries such as the US, where many software manufacturers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.
We expressly point out that, in the opinion of the European Court of Justice, an adequate level of protection for data transfers to the US currently only exists if a US company that processes personal data of EU citizens in the US is an active participant in the EU-US Data Privacy Framework. For more information, please visit: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. In addition, collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.
We will provide you with more detailed information about data transfers to third countries in the relevant sections of this privacy policy, if applicable.
We have implemented both technical and organizational measures to protect personal data. Where possible, we encrypt or pseudonymize personal data. In doing so, we make it as difficult as possible for third parties to derive personal information from our data.
Article 25 GDPR refers to “data protection through technology design and data protection-friendly default settings,” meaning that security must always be considered and appropriate measures taken for both software (e.g., forms) and hardware (e.g., access to the server room). In the following, we will discuss specific measures where necessary.
TLS, encryption, and https sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the Internet.
This means that the entire transmission of all data from your browser to our web server is secure—no one can “eavesdrop.”
TLS, encryption, and https sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the Internet.
This means we have introduced an additional layer of security and comply with data protection through technology design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small lock symbol 
in the upper left corner of the browser, to the left of the Internet address (e.g., examplepage.com) and the use of the https scheme (instead of http) as part of our Internet address.
If you would like to know more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find useful links to further information.
When you contact us and communicate by telephone, email, or online form, personal data may be processed.
The data will be processed for the purpose of handling and processing your enquiry and the associated business transaction. The data will be stored for as long as necessary or as required by law.
All those who contact us via the communication channels provided by us are affected by the aforementioned processes.
When you call us, the call data is stored in pseudonymized form on the respective end device and by the telecommunications provider used. In addition, data such as your name and telephone number may be sent by email and stored for the purpose of responding to your inquiry. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.
When you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.
When you communicate with us using the online form, data is stored on our web server (see Odoo section) and forwarded to one of our email addresses. The data is deleted as soon as the business transaction has been completed and legal requirements permit.
The processing of data is based on the following legal grounds:
We have enabled the advertising reporting features in Google Analytics. The reports on demographic characteristics and interests contain information on age, gender, and interests. This allows us to gain a better understanding of our users without being able to assign this data to individual persons. You can find out more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.
You can opt out of the use of your Google Account activity and information by checking the box under “Advertising settings” at https://adssettings.google.com/authenticated.
When you visit our website for the first time, a cookie banner from our consent tool Borlabs appears. There you can individually specify which types of cookies and third-party services you agree to or wish to reject. Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used so that you can better understand the following privacy policy.
Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, which is essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.
There are both first-party and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware.” Cookies also cannot access information on your PC.
For example, cookie data can look like this:
Name: _ga
Value: GA1.2.1326744211.152312768223-9
Purpose: Distinguishing between website visitors
Expiry date: after 2 years
A browser should be able to support these minimum sizes:
The specific cookies we use depend on the services used and are explained in the following sections of this privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.
There are four types of cookies:
Essential cookies
These cookies are necessary to ensure basic website functionality. For example, these cookies are needed when a user adds a product to their shopping cart, then browses other pages, and only later proceeds to checkout. These cookies ensure that the shopping cart is not deleted, even if the user closes their browser window.
Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies also measure the loading time and behavior of the website in different browsers.
Targeted cookies
These cookies improve the user experience. For example, they store entered locations, font sizes, or form data.
Advertising cookies
These cookies are also called targeting cookies. They are used to deliver personalized advertising to the user. This can be very useful, but also very annoying.
Typically, when you first visit a website, you’ll be asked which of these cookie types you’d like to allow. And, of course, this decision will also be saved in a cookie.
If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Internet Engineering Task Force (IETF) Request for Comments called “HTTP State Management Mechanism”.
The purpose ultimately depends on the cookie in question. You can find more details below or contact the manufacturer of the software that sets the cookie.
Cookies are small helpers for a variety of tasks. Unfortunately, it’s not possible to generalize what data is stored in cookies, but we will inform you about the data processed and stored in the following privacy policy.
The storage period depends on the respective cookie and is further specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.
You also have control over the storage period. You can manually delete all cookies via your browser at any time (see also “Right of Objection” below). Furthermore, cookies based on consent will be deleted at the latest after you revoke your consent, although the legality of their storage remains unaffected until then.
You decide how and whether you want to use cookies. Regardless of the service or website from which the cookies originate, you always have the option to delete, deactivate, or only partially accept cookies. For example, you can block third-party cookies but allow all other cookies.
If you want to check which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can do so in your browser settings.
If you don’t want cookies at all, you can set your browser to always notify you when a cookie is about to be set. This allows you to decide for each individual cookie whether or not to accept it. The process varies depending on your browser. The best way to find instructions is to search for “delete cookies in Chrome” or “disable cookies in Chrome” in the case of a Chrome browser.
Since 2009, the so-called “Cookie Guidelines” have been in place. They state that storing cookies requires your consent (Article 6(1)(a) GDPR). However, the implementation of these guidelines varies across EU countries:
For strictly necessary cookies, even if no consent is given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We aim to provide website visitors with a pleasant user experience, and for this purpose, certain cookies are often strictly necessary. Cookies that are not strictly necessary are used only with your consent. The legal basis for this is Article 6(1)(a) GDPR in conjunction with the respective national regulations: LSSI-CE (Spain), TMG (Germany), or TKG (Austria). In the following sections you will be informed in more detail about the use of cookies, if the software used uses cookies.
You can apply for a position at our company via email, online form, or through a recruiting tool. All data we receive and process from you as part of an application counts as application data. In doing so, you always disclose personal information such as your name, date of birth, address, and telephone number.
We process your data so that we can conduct a proper selection process for the advertised position. We are also happy to keep your application documents in our application archive. Often, for a variety of reasons, a collaboration for the advertised position doesn’t work out, but we are impressed by you and your application and can very well imagine working together in the future. If you give us your consent, we will archive your documents so that we can easily contact you about future opportunities within our company.
We guarantee that we will handle your data with the utmost care and always process it within the legal framework. Within our company, your data will only be shared with people who are directly involved with your application. In short: Your data is safe with us!
For example, if you apply to us by email, we will of course also receive personal data, as mentioned above. Even your email address is considered personal data. However, during the application process, we only process data that is relevant to our decision as to whether or not we want to welcome you to our team.
Exactly which data is processed depends primarily on the job posting. However, this usually includes name, date of birth, contact details, and proof of qualifications. If you submit your application via an online form, the data will be transmitted to us in encrypted form. If you send us your application by email, this encryption will not take place. We therefore cannot accept any responsibility for the method of transmission. However, once the data is on our servers, we are responsible for its lawful handling.
During an application process, in addition to the data listed above, information about your health or ethnic origin may be requested so that we and you can exercise your rights related to employment law, social security, and social protection, while simultaneously fulfilling your corresponding obligations. This data constitutes special category data.
Here is a list of possible data that we receive and process from you:
If we accept you as a team member in our company, your data will be processed for the purposes of the employment relationship and retained by us at least until the employment relationship ends. All application documents will then be added to your employee file.
If we do not offer you the job, if you reject our offer or withdraw your application, we can retain your data for up to 6 months after completion of the application process based on our legitimate interest (Art. 6 (1) (f) GDPR). After that, both your electronic data and all data from physical application documents will be completely deleted or destroyed. We retain your data, for example, so that we can answer any further queries or so that we can provide evidence of your application in the event of a legal dispute. If a legal dispute arises and we may still need the data after the 6 months have expired, we will only delete the data when there is no longer any reason to retain it. If there are statutory retention periods to be fulfilled, we must generally store the data for longer than 6 months.
Furthermore, we can retain your data for longer periods if you have given specific consent. We do this, for example, if we can envision working with you in the future. In this case, it is helpful to have your data archived so that we can easily reach you. In this case, the data will be added to our applicant pool. Of course, you can revoke your consent to retain your data for a longer period at any time. If you do not revoke your consent and do not provide new consent, your data will be deleted after two years at the latest.
The legal basis for the processing of your data is Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (contract or pre-contractual measures), Art. 6 (1) (f) GDPR (legitimate interests) and Art. 9 (2) (a) GDPR (processing of special categories).
If we include you in our application tool, this is done on the basis of your consent (Art. 6 (1) (a) GDPR). Please note that your consent to our application pool is voluntary, has no influence on the application process, and you have the option to revoke your consent at any time. The legality of the processing up to the time of revocation remains unaffected.
In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 (2) (c) GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, care or treatment in the healthcare or social sector, or for the administration of healthcare or social systems and services, personal data is processed in accordance with Art. 9 (2) (h) GDPR. If you voluntarily provide special category data, processing is carried out on the basis of Art. 9 (2) (a) GDPR.
In order to be able to offer our services and contractually agreed services, we also process data from our customers and business partners. This data always includes personal data. Customer data refers to all information processed on the basis of a contractual or pre-contractual collaboration in order to provide the services offered. Customer data is therefore all information we collect and process about our customers.
There are many reasons why we collect and process customer data. The most important is that we simply need various pieces of data to provide our services. Sometimes your email address is enough, but if you purchase a product or service, we also need data such as your name, address, bank details, or contract details. We also subsequently use the data for marketing and sales optimization so that we can improve our service to our customers overall. Another important aspect is our customer service, which is always very important to us. We want you to be able to contact us at any time with questions about our offers, and for that we need at least your email address.
Exactly which data is stored can only be specified here based on categories. This always depends on the services you purchase from us. In some cases, you only provide us with your email address so that we can, for example, contact you or answer your questions. In other cases, you purchase a product or service from us, and for this, we require significantly more information, such as your contact details, payment details, and contract details.
Here is a list of possible data that we receive and process from you:
As soon as we no longer need the customer data to fulfill our contractual obligations and our purposes, and the data is also no longer required for potential warranty and liability obligations, we delete the relevant customer data. This is the case, for example, when a business contract ends. After that, the limitation period is generally three years, although longer periods are possible in individual cases. Of course, we also adhere to statutory retention periods. Your customer data will definitely not be passed on to third parties unless you have explicitly given your consent.
Use of Odoo as a software solution (CRM, ERP, accounting, web hosting)
We use the software solution Odoo, hosted on the platform [odoo.sh] of the provider:
Odoo S.A.
Chaussée de Namur, 40
1367 Grand-Rosière, Belgien
https://www.odoo.com
Personal data is processed under a contract for data processing pursuant to Art. 28 GDPR. Odoo provides software solutions hosted via odoo.sh, which are used for contact management, communication, accounting, project management, and web content, among other things.
Data processing takes place on servers within the EU. Data is only transferred to third countries if necessary for support purposes and under the terms of the standard contractual clauses pursuant to Art. 46 GDPR.
Further information on data processing by Odoo can be found at:
https://www.odoo.com/privacy
The legal basis for the processing of your data is Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (contract or pre-contractual measures), Art. 6 (1) (f) GDPR (legitimate interests) and, in special cases (e.g. for medical services), Art. 9 (2) (a) GDPR (processing of special categories).
In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 (2) (c) GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, care or treatment in the healthcare or social sector, or for the administration of healthcare or social systems and services, personal data is processed in accordance with Art. 9 (2) (h) GDPR. If you voluntarily provide special category data, processing is carried out on the basis of Art. 9 (2) (a) GDPR.
When you visit websites these days, certain information—including personal data—is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By “website,” we mean the entirety of all web pages on a domain, i.e., everything from the home page to the very last subpage (like this one). By “domain,” we mean, for example, example.de or sampleexample.com.
If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply refer to them as “browsers” or “web browsers.”
To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complex and time-consuming task, which is why it’s usually handled by professional providers. They offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay tuned, it gets even better!
When the browser connects to your computer (desktop, laptop, tablet, or smartphone) and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a period of time to ensure proper operation.
The purposes of data processing are:
Even while you are currently visiting our website, our web server, which is the computer on which this website is stored, usually automatically saves data such as
As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not share this data, but cannot rule out the possibility that it may be viewed by authorities in the event of illegal activity.
In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not share your data without your consent!
The legality of the processing of personal data within the framework of web hosting arises from Art. 6 (1) (f) GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company securely and user-friendly on the Internet and to be able to pursue attacks and claims arising from this if necessary.
As a rule, there is a contract for order processing between us and the hosting provider in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.
We use a website builder system for our website. Builder systems are special forms of content management systems (CMS). With a builder system, website operators can create a website very easily and without any programming knowledge. Many web hosts also offer builder systems. Using a builder system may also collect, store, and process your personal data. This privacy policy provides you with general information about data processing by builder systems. Further information can be found in the provider’s privacy policy.
The biggest advantage of a modular system is its ease of use. We want to offer you a clear, simple, and well-organized website that we can easily operate and maintain ourselves—without external support. A modular system now offers many helpful features that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and offer you an informative and enjoyable experience on our website.
Which data is stored depends, of course, on the website builder system used. Each provider processes and collects different types of website visitor data. However, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are generally collected. Tracking data (e.g., browser activity, clickstream activity, session heatmaps, etc.) may also be processed. Personal data may also be collected and stored. This usually includes contact information such as email address, telephone number (if you have provided it), IP address, and geographic location data. You can find out exactly which data is stored in the provider’s privacy policy.
We will inform you about the duration of data processing below in connection with the website modular system used, if we have further information about it. You can find detailed information about this in the provider’s privacy policy. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products. The provider may store your data according to its own specifications, over which we have no control.
You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the person responsible for the website building block system you use at any time. You can find contact information either in our privacy policy or on the website of the respective provider.
You can delete, deactivate, or manage cookies that providers use for their functions in your browser. Depending on the browser you use, this works differently. Please note, however, that if you do this, not all functions may work as usual.
We have a legitimate interest in using a website builder system to optimize our online service and present it in an efficient and user-friendly manner. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use the builder system if you have given your consent.
If the processing of data is not absolutely necessary for the operation of the website, the data will only be processed with your consent. This particularly applies to tracking activities. The legal basis in this regard is Art. 6 (1) (a) GDPR.
This privacy policy provides you with the most important general information regarding data processing. If you would like more detailed information, you can find further information – if available – in the following section or in the provider’s privacy policy.
We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
The company was founded in 2003 and, in a relatively short time, developed into one of the most well-known content management systems (CMS) worldwide. A CMS is software that helps us design our website and present content beautifully and in an organized manner. The content can be text, audio, and video.
By using WordPress, personal data may also be collected, stored, and processed. Typically, this primarily involves technical data such as operating system, browser, screen resolution, or hosting provider. However, personal data such as IP address, geographical data, or contact details may also be processed.
We have many strengths, but real programming is simply not one of our core competencies.
Nevertheless, we want to have a powerful and attractive website that we can manage and maintain ourselves. With a website builder or content management system like WordPress, this is exactly what’s possible. With WordPress, we don’t have to be programming acumen to offer you a beautiful website. Thanks to WordPress, we can operate our website quickly and easily, even without any prior technical knowledge. If technical problems arise or we have special requests for our website, our specialists are always at your disposal, who are at home in HTML, PHP, CSS, and other areas.
Thanks to WordPress’s ease of use and comprehensive features, we can design our website according to our wishes and offer you a good user-friendliness.
Non-personal data includes technical usage information such as browser activity, clickstream activity, session heatmaps and data about your computer, operating system, browser, screen resolution, language and keyboard settings, Internet service provider and the date of the page visit.
Personal data is also collected. This primarily includes contact information (email address or telephone number, if you provide it), IP address, or your geographical location.
WordPress can also use cookies to collect data. These often record data about your behavior on our website. For example, it can record which subpages you particularly enjoy viewing, how long you stay on individual pages, when you leave a page (bounce rate), or even which preferences you have selected (e.g., language selection). Based on this data, WordPress can also better tailor its own marketing measures to your interests and user behavior. The next time you visit our website, it will be displayed as you previously configured it.
WordPress may also use technologies such as pixel tags (web beacons) to, for example, clearly identify you as a user and possibly offer interest-based advertising.
How long the data is stored depends on various factors. It primarily depends on the type of data stored and the specific settings of the website. Generally, WordPress deletes data when it is no longer needed for its own purposes. There are, of course, exceptions, particularly when legal obligations stipulate longer retention of the data. Web server logs, which contain your IP address and technical data, are deleted by WordPress or Automattic after 30 days. Automattic uses the data during this time to analyze traffic on its own websites (for example, all WordPress pages) and to resolve any potential problems. Deleted content on WordPress websites is also stored in the recycle bin for 30 days to allow for restoration; after this time, it may remain in backups and caches until they are deleted. The data is stored on Automattic’s American servers.
You have the right and opportunity to access your personal data at any time and to object to the use and processing of it. You can also file a complaint with a government supervisory authority at any time.
You also have the option to individually manage, delete, or disable cookies in your browser. Please be aware, however, that disabling or deleting cookies may negatively impact the functionality of our WordPress site. Managing cookies works slightly differently depending on the browser you use. You’ll find links to the relevant instructions for the most popular browsers under the “Cookies” section.
If you have consented to the use of WordPress, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by WordPress.
We also have a legitimate interest in using WordPress to optimize our online service and present it attractively for you. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use WordPress if you have given your consent.
WordPress and Automattic also process your data in the USA, among other places. Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. Further information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Automattic also uses so-called standard contractual clauses (Article 46, Paragraphs 2 and 3 GDPR). Standard contractual clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Automattic undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
More details about the privacy policy and which data is processed and how by WordPress can be found at https://automattic.com/privacy/.
We use software on our website to evaluate the behavior of website visitors, known as web analytics or web analysis for short. This data is collected and stored, managed and processed by the respective analytics tool provider (also known as a tracking tool). This data is used to create analyses of user behavior on our website and make them available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content are most popular with our visitors. To do this, we show you two different offers for a limited period of time. After the test (a so-called A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as for other analytics procedures, user profiles can be created and the data stored in cookies.
We have a clear goal in mind with our website: to provide the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting offering on the market, while also ensuring that you feel completely at home on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our website accordingly for you and us. For example, we can determine the average age of our visitors, where they come from, when our website is most frequently visited, or which content or products are particularly popular. All of this information helps us optimize the website and thus adapt it to your needs, interests, and wishes.
Exactly which data is stored depends, of course, on the analysis tools used. However, information typically stored includes, for example, the content you view on our website, the buttons or links you click, the time you access a page, the browser you use, the device (PC, tablet, smartphone, etc.) you use to visit the website, and the computer system you use. If you have consented to the collection of location data, this may also be processed by the web analysis tool provider.
Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is generally stored pseudonymously (i.e., in an unrecognizable and abbreviated form). For the purposes of testing, web analysis, and web optimization, no direct data such as your name, age, address, or email address is stored. All of this data, if collected, is stored pseudonymously. This means that you cannot be identified as an individual.
The following example shows schematically how Google Analytics works as an example of client-based web tracking with JavaScript code.
How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website again; other cookies can store data for several years.
We will inform you below about the duration of data processing, as soon as we have further information. Generally, we only process personal data for as long as it is absolutely necessary to provide our services and products. If required by law, such as in the case of accounting, this retention period may be exceeded.
You also have the right and option to revoke your consent to the use of cookies or third-party services at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser.
The use of web analytics requires your consent, which we have obtained with our cookie popup. This consent is, according to Art. 6 (1) (a) GDPR (consent) the legal basis for the processing of personal data, as may occur when collected by web analytics tools.
In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of web analytics, we can detect website errors, identify attacks, and improve efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (Legitimate Interests) . However, we only use the tools if you have given your consent.
Since web analytics tools use cookies, we also recommend reading our general privacy policy on cookies. To learn exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.
Information on specific web analytics tools, if available, can be found in the following sections.
We use the analysis tracking tool Google Analytics, version Google Analytics 4 (GA4) from the American company Google Inc., on our website. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services in Europe. Google Analytics collects data about your actions on our website. Through a combination of various technologies such as cookies, device IDs, and login information, you as a user can be identified across different devices. This also allows your actions to be analyzed across platforms.
For example, if you click on a link, this event is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us better tailor our website and service to your needs. Below, we’ll go into more detail about the tracking tool and, above all, inform you about which data is processed and how you can prevent this.
Google Analytics is a tracking tool used to analyze our website’s traffic. These measurements and analyses are based on a pseudonymous user identification number. This number does not contain any personal data such as name or address, but is used to assign events to a device. GA4 uses an event-based model that records detailed information on user interactions such as page views, clicks, scrolling, and conversion events. GA4 also incorporates various machine learning functions to better understand user behavior and certain trends. GA4 uses machine learning functions to model. This means that, based on the collected data, even missing data can be extrapolated to optimize the analysis and also to provide forecasts.
For Google Analytics to work, a tracking code is embedded in our website code. When you visit our website, this code records various events that you perform on our website. With GA4’s event-based data model, we as website operators can define and track specific events to obtain analytics of user interactions. This allows us to track not only general information such as clicks or page views, but also specific events that are important to our business. Such special events can include, for example, submitting a contact form or purchasing a product.
As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.
Google processes the data, and we receive reports about your user behavior. These reports may include, among others, the following:
In addition to the analysis reports mentioned above, Google Analytics 4 also offers the following features:
Our goal with this website is clear: to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.
The statistically analyzed data provides us with a clear picture of our website’s strengths and weaknesses. On the one hand, we can optimize our site so that it’s easier for interested people to find on Google. On the other hand, the data helps us better understand you as a visitor. This allows us to know exactly what we need to improve on our website to provide you with the best possible service. The data also helps us implement our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.
Google Analytics uses a tracking code to create a random, unique ID linked to your browser cookie. This allows Google Analytics to recognize you as a new user and assign you a user ID. The next time you visit our site, you will be recognized as a “returning” user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles.
To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. The Google Analytics 4 property is the default for every newly created property. Data is stored for different lengths of time depending on the property used.
Using identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your interactions are measured across platforms, provided you have consented. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google Account), data generated through Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize this. Exceptions may apply if required by law.
According to Google, no IP addresses are logged or stored in Google Analytics 4. However, Google uses the IP address data to derive location data and deletes it immediately afterward. All IP addresses collected from users in the EU are therefore deleted before the data is stored in a data center or on a server.
Because Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies than previous versions (such as Google Universal Analytics). However, there are some specific cookies used by GA4. These include:
Name: _ga
Wert: 2.1326744211.152312768223-5
Purpose: By default, analytics.js uses the cookie _ga to store the user ID. It is primarily used to distinguish website visitors.
Expiry date: after 2 years
Name: _gid
Value: 2.1687193234.152312768223-1
Purpose: The cookie is also used to distinguish between website visitors
Expiry date: after 24 hours
Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.
Expiry date: after 1 minute
Note: This list cannot claim to be exhaustive, as Google continually changes its cookie choices. GA4 also aims to improve data protection. Therefore, the tool offers several options for controlling data collection. For example, we can specify the storage period ourselves and also control data collection.
Here we show you an overview of the most important types of data collected with Google Analytics:
Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly the areas you click on. This gives us information about where you are on our site.
Session duration: Google defines the time you spend on our site without leaving the site as session duration. If you have been inactive for 20 minutes, the session ends automatically.
Bounce rate: A bounce occurs when you only view one page on our website and then leave our website again.
Account creation: When you create an account or place an order on our website, Google Analytics collects this data.
Location: IP addresses are not logged or stored in Google Analytics. However, location data is derived shortly before the IP address is deleted.
Technical information: Technical information includes, among other things, your browser type, your Internet service provider, or your screen resolution.
Source: Google Analytics and we are of course also interested in which website or advertisement you came to our site from.
Other data includes contact information, any ratings, media playback (e.g., when you play a video on our site), sharing content via social media, or adding content to your favorites. This list is not exhaustive and serves only as a general guide to data storage by Google Analytics.
Google has distributed its servers all over the world. You can find out exactly where Google’s data centers are located here: https://www.google.com/about/datacenters/locations/?hl=de
Your data is distributed across different physical storage devices. This has the advantage of being faster to access and better protected against tampering. Every Google data center has appropriate emergency backup programs for your data. If, for example, Google’s hardware fails or natural disasters cripple servers, the risk of service interruption at Google remains low.
The retention period for data depends on the properties used. The retention period is always determined individually for each property. Google Analytics offers us four options for controlling the retention period:
Additionally, you can choose to have data deleted only if you no longer visit our website within the period we select. In this case, the retention period will be reset each time you visit our website again within the specified period.
Once the specified period has expired, the data is deleted once a month. This retention period applies to your data linked to cookies, user recognition, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is the merging of individual pieces of data into a larger unit.
Under European Union data protection law, you have the right to access, update, delete, or restrict your data. You can prevent Google Analytics 4 from using your data by using the browser add-on for deactivating Google Analytics JavaScript (analytics.js, gtag.js). You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables data collection by Google Analytics.
If you generally want to deactivate, delete or manage cookies, you will find the relevant links to the instructions for the most popular browsers in the “Cookies” section.
The use of Google Analytics requires your consent, which we have obtained with our cookie popup. This consent is, according to Art. 6 (1) (a) GDPR (consent) the legal basis for the processing of personal data, as may occur when collected by web analytics tools.
In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of Google Analytics, we can detect errors on the website, identify attacks, and improve efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (Legitimate Interests) . However, we only use Google Analytics if you have given your consent.
Google processes your data, among other places, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. Further information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Google uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard contractual clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
We hope we have been able to provide you with the most important information about data processing by Google Analytics. If you would like to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.
If you would like to learn more about data processing, please refer to the Google Privacy Policy at https://policies.google.com/privacy?hl=de.
We have implemented Google Analytics’ IP address anonymization on this website. This feature was developed by Google to enable this website to comply with applicable data protection regulations and recommendations from local data protection authorities when these prohibit the storage of the full IP address. IP anonymization or masking occurs as soon as the IP addresses arrive in the Google Analytics data collection network and before the data is stored or processed.
More information about IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=de.
We use Consent Management Platform (CMP) software on our website, which makes it easier for us and you to handle scripts and cookies correctly and securely. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides you with the cookie consent required by data protection law, and helps us and you keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. You, as the website visitor, then decide for yourself whether and which scripts and cookies you allow or deny.
Our goal is to offer you the greatest possible transparency in data protection. Furthermore, we are legally obligated to do so. We want to inform you as fully as possible about all tools and all cookies that can store and process your data. It is also your right to decide which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information. You can then accept or reject cookies using the consent system.
Using our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. Your consent will be saved so that we don’t have to ask you each time you visit our website, and we can also verify your consent if legally required. This consent is saved either in an opt-in cookie or on a server. The storage period for your cookie consent varies depending on the provider of the cookie management tool. This data (such as pseudonymous user ID, time of consent, details on cookie categories or tools, browser, device information) is usually stored for up to two years.
We will inform you below about the duration of data processing, if we have further information. Generally, we only process personal data for as long as it is absolutely necessary to provide our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, while others can remain stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should expect a storage period of several years. The respective privacy policies of the individual providers usually provide precise information about the duration of data processing.
You also have the right and option to revoke your consent to the use of cookies at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser.
Information on specific cookie management tools, if available, can be found in the following sections.
If you consent to cookies, your personal data will be processed and stored via these cookies. If we are permitted to use cookies based on your consent (Article 6 (1) (a) GDPR), this consent also serves as the legal basis for the use of cookies and the processing of your data. Cookie consent management platform software is used to manage consent to cookies and enable you to give your consent. The use of this software enables us to operate the website efficiently and in compliance with the law, which represents a legitimate interest (Article 6 (1) (f) GDPR).
We use BorlabsCookie on our website, which, among other things, is a tool for storing your cookie consent. The service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany.
You can learn more about the data processed through the use of BorlabsCookie in the Privacy Policy at https://de.borlabs.io/datenschutz/.
With so-called security and anti-spam software, you and we can protect ourselves from various spam or phishing emails and possible other cyberattacks. Spam refers to advertising emails from a mass mailing that you did not request. Such emails are also called junk mail and can also incur costs. Phishing emails, on the other hand, are messages that aim to build trust through fake messages or websites in order to obtain personal data. Anti-spam software generally protects against unwanted spam messages or malicious emails that could, for example, introduce viruses into our systems. We also use general firewall and security systems that protect our computers from unwanted network attacks.
We place particular emphasis on security on our website. After all, it’s not just about our security, but above all about yours. Unfortunately, cyber threats have become part of everyday life in the world of IT and the internet. Hackers often attempt to steal personal data from an IT system using cyberattacks. Therefore, a good defense system is absolutely essential. A security system monitors all incoming and outgoing connections to our network or computer. To achieve even greater security against cyberattacks, we use additional external security services in addition to the standardized security systems on our computers. This helps prevent unauthorized data traffic and protects us against cybercrime.
Exactly which data is collected and stored depends, of course, on the respective service. However, we always strive to use only programs that collect data very sparingly and only store data that is necessary to fulfill the offered service. In principle, the service can store data such as name, address, IP address, email address and technical data such as browser type and version. Any performance and log data may also be collected in order to detect possible incoming threats in a timely manner. This data is processed as part of the services and in compliance with applicable laws. For US providers, this also includes the GDPR (via the standard contractual clauses). In some cases, these security services also work with third parties who can store and/or process data under your instruction and in accordance with the data protection guidelines and other security measures. Data is usually stored via cookies.
We will inform you below about the duration of data processing, provided we have further information. For example, security programs store data until you or we revoke your consent. Generally, personal data is only stored for as long as absolutely necessary to provide the services. Unfortunately, in many cases, we do not have precise information from the providers about the storage period.
You also have the right and option to revoke your consent to the use of cookies or third-party security software at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser.
Since such security services may also use cookies, we recommend you read our general privacy policy on cookies. To learn exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.
We use security services primarily on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) in a good security system against various cyberattacks.
Certain processing operations, in particular the use of cookies and the use of security features, require your consent. If you have consented to the processing and storage of your data by integrated security services, this consent serves as the legal basis for data processing (Art. 6 (1) (a) GDPR). Most of the services we use place cookies in your browser to store data. We therefore recommend that you carefully read our privacy policy regarding cookies and review the privacy policy or cookie policy of the respective service provider.
Information on specific tools – where available – can be found in the following sections.
Our primary goal is to make our website as secure and safe as possible for you and us. To ensure this, we use Google reCAPTCHA from Google Inc. In Europe, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA, we can determine whether you are really a flesh-and-blood human and not a robot or other spam software. By spam we mean any unsolicited information sent to us electronically. With classic CAPTCHAS, you usually had to solve text or image puzzles for verification. With reCAPTCHA from Google, we usually don’t have to bother you with such puzzles. In most cases, it is sufficient if you simply tick a box to confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don’t even have to tick a box. You can find out exactly how this works and, above all, which data is used for this purpose in the course of this privacy policy.
reCAPTCHA is a free CAPTCHA service from Google that protects websites from spam software and abuse by non-human visitors. This service is most commonly used when filling out forms on the internet. A CAPTCHA service is a type of automated Turing test designed to ensure that an action on the internet is performed by a human and not a bot. In the classic Turing test (named after computer scientist Alan Turing), a human distinguishes between a bot and a human. With CAPTCHA, a computer or software program also takes over this task. Classic CAPTCHAs work with small tasks that are easy for humans to solve but considerable difficulty for machines. With reCAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk-based techniques to distinguish humans from bots. Here, you only have to check the “I am not a robot” text box; with Invisible reCAPTCHA, even this is no longer necessary. With reCAPTCHA, a JavaScript element is embedded in the source code, and the tool then runs in the background, analyzing your user behavior. The software calculates a so-called CAPTCHA score from these user actions. Google uses this score to calculate the probability that you are human before you enter the CAPTCHA. reCAPTCHA, or CAPTCHAs in general, are used whenever bots could manipulate or misuse certain actions (such as registrations, surveys, etc.).
We only want to welcome real people to our site. Bots and spam software of all kinds can safely stay at home. That’s why we do everything we can to protect ourselves and offer you the best possible user experience. For this reason, we use Google reCAPTCHA from Google. This way, we can be fairly certain that we remain a “bot-free” website. By using reCAPTCHA, data is transmitted to Google to determine whether you are actually a human. reCAPTCHA therefore serves to ensure the security of our website and, subsequently, your security as well. For example, without reCAPTCHA, a bot could register as many email addresses as possible during registration in order to then “spam” forums or blogs with unwanted advertising content. With reCAPTCHA, we can prevent such bot attacks.
reCAPTCHA collects personal data from users to determine whether the actions on our website are actually performed by humans. This means that the IP address and other data required by Google for the reCAPTCHA service may be sent to Google. Within EU member states or other contracting states to the Agreement on the European Economic Area, IP addresses are almost always shortened before being transferred to a server in the USA. The IP address is not combined with other Google data unless you are logged into your Google Account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already placed on your browser. Then, reCAPTCHA sets an additional cookie in your browser and captures a snapshot of your browser window.
The following list of collected browser and user data is not intended to be exhaustive. Rather, it provides examples of data that, to our knowledge, Google processes.
It’s undisputed that Google uses and analyzes this data even before you click the “I am not a robot” checkbox. With the Invisible reCAPTCHA version, you don’t even need to check the box, and the entire recognition process runs in the background. Google doesn’t provide details about exactly how much and what kind of data Google stores.
The following cookies are used by reCAPTCHA: This refers to the Google reCAPTCHA demo version at https://www.google.com/recaptcha/api2/demo. All of these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:
Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-312768223-8
Purpose: This cookie is set by DoubleClick (also owned by Google) to register and report a user’s actions on the website when interacting with ads. This allows advertising effectiveness to be measured and appropriate optimization measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year
Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant ads to users. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.
Expiry date: after one month
Name: ANID
Value: U7j1v3dZa3127682230xgZFmiqWppRWKOr
Purpose: We haven’t been able to find much information about this cookie. In Google’s privacy policy, the cookie is mentioned in connection with “advertising cookies” such as “DSID,” “FLC,” “AID,” and “TAID.” ANID is stored under the domain google.com.
Expiry date: after 9 months
Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: This cookie stores the user’s consent status for using various Google services. CONSENT also serves security purposes to verify users, prevent credential fraud, and protect user data from unauthorized attacks.
Expiry date: after 19 years
Name: NID
Value: 0WmuWqy312768223zILzqV_nmt3sDXwPeM5Q
Purpose: NID is used by Google to tailor ads to your Google search. With the help of this cookie, Google “remembers” your most frequently entered search queries or your previous interactions with ads. This way, you always receive tailored ads. The cookie contains a unique ID to collect the user’s personal preferences for advertising purposes.
Expiry date: after 6 months
Name: DV
Value: gEAABBCjJMXcI0dSAAAANbqc312768223-4
Purpose: This cookie is set as soon as you check the “I am not a robot” box. This cookie is used by Google Analytics for personalized advertising. DV collects information in an anonymized form and is also used to differentiate between users.
Expiry date: after 10 minutes
Note: This list cannot claim to be complete, as experience has shown that Google continually changes the choice of its cookies.
By integrating reCAPTCHA, your data is transferred to the Google server. Google does not clarify where exactly this data is stored, even after repeated inquiries. Without confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website, or language settings are stored on Google’s European or American servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google Account while using the reCAPTCHA plug-in, the data will be merged. In this case, Google’s different data protection regulations apply.
If you do not want any data about you and your behavior to be transmitted to Google, you must completely log out of Google and delete all Google cookies before visiting our website or using the reCAPTCHA software. Generally, the data is automatically transmitted to Google as soon as you visit our site. To delete this data, you must contact Google Support at https://support.google.com/?hl=de&tid=312768223.
Therefore, by using our website, you agree that Google LLC and its agents automatically collect, process and use data.
Please note that when using this tool, your data may also be stored and processed outside the EU. Most third countries (including the USA) are considered unsafe under current European data protection law. Therefore, data may not simply be transferred, stored, and processed in unsafe third countries unless appropriate safeguards (such as EU standard contractual clauses) are in place between us and the non-European service provider.
If you have consented to the use of Google reCAPTCHA, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) (a) GDPR (consent) the legal basis for the processing of personal data, as may occur when collected by Google reCAPTCHA.
We also have a legitimate interest in using Google reCAPTCHA to optimize our online service and make it more secure. The legal basis for this is Art. 6 (1) (f) GDPR (Legitimate Interests) . However, we only use Google reCAPTCHA if you have given your consent.
Google processes your data, among other places, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. Further information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Google uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard contractual clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
You can learn more about reCAPTCHA on Google’s web developer page at https://developers.google.com/recaptcha/. While Google provides more detailed information on the technical development of reCAPTCHA there, detailed information on data storage and privacy-related topics is also lacking. A good overview of Google’s general use of data can be found in its privacy policy at https://policies.google.com/privacy.
We use UpdraftPlus, a backup and security system, for our website. The service provider is the British company Updraft WP Software Ltd., 11 Barringer Way, St. Neots, PE19 1LW, Cambridgeshire, United Kingdom.
With the UK’s exit from the European Union, the GDPR no longer applies to data transfers there. However, the European Commission has decided, based on Article 45 GDPR, that the UK offers an adequate level of protection compared to the GDPR. Data transfers there are therefore permissible. You can view the decision here (download): https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D1772
You can learn more about the data processed through the use of UpdraftPlus in the Privacy Policy at https://updraftplus.com/data-protection-and-privacy-centre/.
We use various tools on our website to support our web design. Web design is not, as is often assumed, just about making our website look pretty, but also about functionality and performance. But of course, the right look and feel for a website is also one of the major goals of professional web design. Web design is a sub-area of media design and deals with the visual, structural, and functional design of a website. The goal is to use web design to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all the impressions and experiences that website visitors have on a website. A sub-section of user experience is usability. This refers to the user-friendliness of a website. We place particular emphasis on ensuring that content, subpages, and products are clearly structured and that you can find what you’re looking for quickly and easily. To offer you the best possible experience on our website, we also use so-called third-party web design tools. In this privacy policy, the category “web design” includes all services that enhance the design of our website. These could include, for example, fonts, various plugins, or other integrated web design features.
How you absorb information on a website depends heavily on its structure, functionality, and visual perception. Therefore, good and professional web design has become increasingly important to us. We are constantly working on improving our website and see this as an extended service for you as a website visitor. Furthermore, a beautiful and functional website also has financial advantages for us. After all, you will only visit us and take advantage of our services if you feel completely comfortable.
When you visit our website, web design elements may be integrated into our pages that can also process data. The exact nature of this data depends largely on the tools used. Below you can see exactly which tools we use for our website. For more detailed information about data processing, we recommend reading the privacy policy of the tools used. This usually tells you which data is processed, whether cookies are used, and how long the data is stored. Fonts such as Google Fonts, for example, also automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google servers.
How long data is processed varies greatly from person to person and depends on the web design elements used. If cookies are used, for example, the retention period can be as little as one minute or as long as several years. Please inform yourself about this. We recommend that you read our general section on cookies as well as the privacy policies of the tools used. There you will usually find out which cookies are used and what information is stored in them. Google Font files, for example, are stored for one year. This is intended to improve the loading time of a website. As a general rule, data is only stored for as long as necessary to provide the service. If required by law, data can be stored for longer.
You also have the right and option to revoke your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. You can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser. However, some web design elements (usually fonts) contain data that cannot be deleted so easily. This is the case when data is automatically collected when a page is accessed and transmitted to a third-party provider (such as Google). In this case, please contact the support of the respective provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.
If you have consented to the use of web design tools, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web design tools. We also have a legitimate interest in improving the web design on our website. After all, only then can we provide you with an attractive and professional website. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use web design tools if you have given your consent. We would like to emphasize this again here.
Information on specific web design tools – where available – can be found in the following sections.
We use Google Fonts from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for the European region. We have embedded the Google Fonts locally, i.e., on our web server – not on Google’s servers. This means there is no connection to Google servers and therefore no data transfer or storage.
Google Fonts was formerly known as Google Web Fonts. This is an interactive directory of over 800 fonts provided free of charge by Google. With Google Fonts, you can use fonts without uploading them to your own server. However, to prevent any data transfer to Google servers, we have downloaded the fonts to our server. This way, we comply with data protection regulations and do not send any data to Google Fonts.
Congratulations! If you’re reading these lines, you’ve truly “struggled” through our entire privacy policy, or at least scrolled this far. As you can see from the length of our privacy policy, we take the protection of your personal data anything but lightly.
It’s important to us to inform you about the processing of personal data to the best of our knowledge and belief. We don’t just want to tell you which data is processed, but also explain the reasons behind the use of various software programs. Privacy policies usually sound very technical and legalistic. However, since most of you aren’t web developers or lawyers, we wanted to take a different approach and explain the matter in simple and clear language. Of course, this isn’t always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible party. We wish you a pleasant stay and hope to welcome you back to our website soon.
All texts are protected by copyright.
Source: Created with the Data Protection Generator Europe by AdSimple
You need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from Turnstile. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More Information
