Table of Contents (German)
- Introduction and Overview
- Scope
- Legal Bases
- Contact Details of the Controller
- Storage Duration
- Rights Under the General Data Protection Regulation (GDPR)
- Data Transfer to Third Countries
- Security of Data Processing
- Communication
- Data Processing Agreement (DPA)
- Cookies
- Web Hosting Introduction
- Website Builder Systems Introduction
- Web Analytics Introduction
- Email Marketing Introduction
- Social Media Introduction
- Security & Anti-Spam
- Payment Providers Introduction
- Single Sign-On Logins Introduction
- Review Platforms Introduction
- Web Design Introduction
- Online Booking Systems Introduction
- Closing Remarks
Introduction and Overview
We have prepared this privacy policy (version 22.05.2025-313000823) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, what personal data (hereinafter referred to as “data”) we, as the controller—along with the processors we engage (e.g., providers)—process, will process in the future, and what legal rights you have. All terms used are gender-neutral.
In short: We inform you comprehensively about the data we process concerning you.
Privacy policies often sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important aspects as simply and transparently as possible. Where transparency is enhanced, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We aim to communicate in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible if the explanations are as brief, unclear, and legalistic as is often the standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and perhaps you will discover information you were not previously aware of.
If you still have questions, we kindly ask you to contact the responsible party listed below or in the imprint, follow the provided links, or seek further information on third-party websites. Our contact details can, of course, also be found in the imprint.
Scope
This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:
- All online presences (websites, online shops) we operate
- Social media presences and email communication
- Mobile apps for smartphones and other devices
In short: The privacy policy applies to all areas in which personal data is processed in a structured manner by the company via the mentioned channels. Should we enter into legal relationships with you outside these channels, we will inform you separately if necessary.
Legal Bases
In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.
We process your data only if at least one of the following conditions applies:
- Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you entered in a contact form.
- Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we require personal information in advance.
- Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes, which usually contain personal data.
- Legitimate Interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.
Other conditions such as the performance of tasks in the public interest or the exercise of official authority, as well as the protection of vital interests, do not typically apply to us. Should such a legal basis become relevant, it will be indicated at the appropriate place.
In addition to the EU regulation, national laws also apply:
- In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Datenschutzgesetz), abbreviated as DSG.
- In Germany, the Federal Data Protection Act (BDSG) applies.
If further regional or national laws apply, we will inform you in the following sections.
Contact Details of the Controller
If you have questions about data protection or the processing of personal data, you will find the contact details of the controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) below:
FASETA Ltd Co.
1209 MOUNTAIN ROAD PL NE STE N
ALBUQUERQUE, NM
87110 USA
Email: info@faseta.net
Phone: +1 505 3589534
Imprint: https://www.faseta.net/imprint/
Storage Duration
As a general rule, we store personal data only for as long as is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased, for example, for accounting purposes.
If you wish your data to be deleted or if you revoke your consent to data processing, the data will be deleted as soon as possible, provided there is no obligation to retain it.
We will inform you below about the specific duration of the respective data processing, provided we have further information.
Rights Under the General Data Protection Regulation (GDPR)
In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights you are entitled to, to ensure fair and transparent data processing:
- Right of Access (Article 15 GDPR): You have the right to obtain confirmation as to whether or not we process data concerning you. If this is the case, you have the right to receive a copy of the data and the following information:
- The purpose of the processing;
- The categories of data being processed;
- Who receives the data, and if the data is transferred to third countries, how security is guaranteed;
- How long the data is stored;
- The existence of the right to rectification, erasure, restriction of processing, or objection;
- That you can lodge a complaint with a supervisory authority (links to these authorities are provided below);
- The origin of the data if we did not collect it from you;
- Whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
- Right to Rectification (Article 16 GDPR): You have the right to have incorrect data corrected.
- Right to Erasure (“Right to Be Forgotten”) (Article 17 GDPR): You have the right to request the deletion of your data.
- Right to Restriction of Processing (Article 18 GDPR): You have the right to request that we only store the data and no longer use it.
- Right to Data Portability (Article 20 GDPR): You have the right to request that we provide your data in a commonly used format upon request.
- Right to Object (Article 21 GDPR): You have the right to object, which may result in a change to the processing.
- If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interests), you can object to the processing. We will then examine as quickly as possible whether we can legally comply with the objection.
- If data is used for direct marketing, you can object to this type of data processing at any time. We may no longer use your data for direct marketing thereafter.
- If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
- Right Not to Be Subject to Automated Decision-Making (Article 22 GDPR): You may have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
- Right to Lodge a Complaint (Article 77 GDPR): You have the right to lodge a complaint with the data protection authority if you believe that the processing of personal data violates the GDPR.
In short: You have rights—do not hesitate to contact the responsible party listed above!
If you believe that the processing of your data violates data protection laws or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authorities are responsible for our company:
Hessen Data Protection Authority
Hessian Commissioner for Data Protection and Freedom of Information
Address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden
Phone: 0611/1408-0
Email: poststelle@datenschutz.hessen.de
Website: https://datenschutz.hessen.de/
State Commissioner for Data Protection of Saxony-Anhalt
Maria Christina Rost
Address: Leiterstraße 9, 39104 Magdeburg, Germany
Mailing address: P.O. Box 1947, 39009 Magdeburg, Germany
Phone: +49 391 81803-0
Fax: +49 391 81803-33
Email: poststelle@lfd.sachsen-anhalt.de
Website: https://datenschutz.sachsen-anhalt.de
Federal Data Protection Authority (Bonn)
Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Address: Husarenstraße 30, 53117 Bonn
Phone: 0228/997799-0
Email: poststelle@bfdi.bund.de
Website: https://www.bfdi.bund.de/
Data Transfer to Third Countries
We transfer or process data to countries outside the scope of the GDPR (third countries) only if you consent to this processing or if another legal permission exists. This applies in particular if the processing is legally required or necessary for the fulfillment of a contractual relationship and is generally permitted in any case. Your consent is, in most cases, the most important reason for us to process data in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.
We explicitly point out that, according to the European Court of Justice, there is currently only an adequate level of protection for data transfers to the USA if the US company processing personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. More information on this can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data being processed and stored in a non-anonymized manner. Furthermore, US government authorities may potentially access individual data. It may also happen that collected data is linked with data from other services of the same provider if you have a corresponding user account. Where possible, we try to use server locations within the EU if they are offered.
We will inform you in more detail about data transfers to third countries at the relevant points in this privacy policy, where applicable.
Security of Data Processing
To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to infer personal information from our data within the scope of our capabilities.
Article 25 of the GDPR refers here to “data protection by design and by default,” meaning that both software (e.g., forms) and hardware (e.g., access to the server room) should always consider security and implement appropriate measures. Below, we will go into more detail on specific measures where necessary.
TLS Encryption with HTTPS
TLS, encryption, and HTTPS sound very technical and indeed they are. We use HTTPS (Hypertext Transfer Protocol Secure, meaning “secure hypertext transfer protocol”) to transmit data securely over the internet.
This means that the entire transmission of all data from your browser to our web server is secured—no one can “eavesdrop.”
We have thus introduced an additional layer of security and comply with data protection through technology design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small lock symbol ![Lock symbol] in the top left of your browser, to the left of the internet address (e.g., beispielseite.de), and the use of the scheme https (instead of http) as part of our internet address.
If you want to learn more about encryption, we recommend a Google search for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.
Communication
Communication Summary
Affected Parties: All those who communicate with us by phone, email, or online form
Data Processed: e.g., phone number, name, email address, form data entered. More details can be found in the respective contact method used.
Purpose: Handling communication with customers, business partners, etc.
Storage Duration: Duration of the business case and legal requirements
Legal Bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interests)
When you contact us and communicate by phone, email, or online form, personal data may be processed.
The data is processed for the purpose of handling and responding to your inquiry and the associated business transaction. The data is stored for as long as the business case requires or as required by law.
Affected Persons
All those who seek contact with us via the provided communication channels are affected by the aforementioned processes.
Phone
When you call us, call data is pseudonymized and stored on the respective device and by the telecommunications provider used. Additionally, data such as name and phone number may subsequently be sent by email and stored for response purposes. The data is deleted as soon as the business case is concluded and legal requirements permit.
Email
When you communicate with us by email, data may be stored on the respective device (computer, laptop, smartphone, etc.), and data is stored on the email server. The data is deleted as soon as the business case is concluded and legal requirements permit.
Online Forms
When you communicate with us via an online form, data is stored on our web server and may be forwarded to an email address of ours. The data is deleted as soon as the business case is concluded and legal requirements permit.
Legal Bases
The processing of the data is based on the following legal bases:
- Art. 6(1)(a) GDPR (consent): You give us your consent to store your data and use it further for purposes related to the business case.
- Art. 6(1)(b) GDPR (contract): It is necessary for the fulfillment of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer.
- Art. 6(1)(f) GDPR (legitimate interests): We want to handle customer inquiries and business communication in a professional framework. For this, certain technical facilities such as email programs, exchange servers, and mobile operators are necessary to conduct communication efficiently.
Data Processing Agreement (DPA)
In this section, we would like to explain what a data processing agreement is and why it is needed. Since the term “data processing agreement” is quite a mouthful, we will often use the acronym DPA in the text. Like most companies, we do not work alone but also use the services of other companies or individuals. By involving various companies or service providers, it may happen that we pass on personal data for processing. These partners then act as processors, with whom we conclude a contract, the so-called data processing agreement (DPA). The most important thing for you to know is that the processing of your personal data is carried out exclusively according to our instructions and must be regulated by the DPA.
Who Are Processors?
As a company and website operator, we are responsible for all data we process about you. In addition to the controllers, there may also be so-called processors. These include any company or person who processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, authority, institution, or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.
For a better understanding of the terminology, here is an overview of the three roles in the GDPR:
Data Subject (you as a customer or interested party) → Controller (we as a company and client) → Processor (service provider such as a web host or cloud provider)
Content of a Data Processing Agreement
As mentioned above, we have concluded a DPA with our partners who act as processors. It primarily stipulates that the processor may process the data to be processed only in accordance with the GDPR. The contract must be concluded in writing, although in this context, electronic contract conclusion is also considered “in writing.” Only on the basis of the contract does the processing of personal data take place. The contract must contain the following:
- Commitment to us as the controller
- Duties and rights of the controller
- Categories of data subjects
- Type of personal data
- Nature and purpose of data processing
- Subject and duration of data processing
- Location of data processing
Furthermore, the contract contains all obligations of the processor. The most important obligations are:
- Ensuring data security measures
- Taking possible technical and organizational measures to protect the rights of the data subject
- Maintaining a record of processing activities
- Cooperating with the data protection supervisory authority upon request
- Conducting a risk analysis regarding the received personal data
- Sub-processors may only be commissioned with the written approval of the controller
To see what a DPA looks like in concrete terms, you can, for example, view a sample contract at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html.
Cookies
Cookies Summary
Affected Parties: Visitors to the website
Purpose: Depending on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.
Data Processed: Depending on the cookie used. More details can be found below or from the manufacturer of the software that sets the cookie.
Storage Duration: Varies depending on the cookie, ranging from hours to years
Legal Bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What Are Cookies?
Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used so that you can better understand the following privacy policy.
Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data about you, such as language or personal page settings. When you revisit our site, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.
The following graphic shows a possible interaction between a web browser such as Chrome and the web server. Here, the web browser requests a website and receives a cookie back from the server, which the browser uses again when another page is requested.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware.” Cookies also cannot access information on your PC.
For example, cookie data might look like this:
Name: _ga
Value: GA1.2.1326744211.152313000823-9
Purpose: Distinguishing website visitors
Expiration Date: After 2 years
A browser should support the following minimum sizes:
- At least 4096 bytes per cookie
- At least 50 cookies per domain
- At least 3000 cookies in total
What Types of Cookies Are There?
The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.
There are 4 types of cookies:
Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed if a user adds a product to the shopping cart, then continues surfing on other pages, and only later proceeds to checkout. These cookies ensure that the shopping cart is not deleted, even if the user closes the browser window.
Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. Additionally, these cookies measure the loading time and behavior of the website with different browsers.
Target-Oriented Cookies
These cookies improve user-friendliness. For example, entered locations, font sizes, or form data are stored.
Advertising Cookies
These cookies are also called targeting cookies. They serve to provide individually tailored advertising to the user. This can be very practical but also very annoying.
Usually, you are asked the first time you visit a website which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.
If you want to learn more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism.”
Purpose of Processing via Cookies
The purpose ultimately depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.
Which Data Are Processed?
Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data within the framework of this privacy policy.
Storage Duration of Cookies
The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.
You also have influence on the storage duration. You can manually delete all cookies in your browser at any time (see also “Right to Object” below). Furthermore, cookies based on consent are deleted at the latest after you revoke your consent, although the legality of the storage until then remains unaffected.
Right to Object—How Can I Delete Cookies?
You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies but allow all others.
If you want to find out which cookies are stored in your browser, change cookie settings, or delete cookies, you can find this in your browser settings:
Chrome: Delete, enable, and manage cookies in Chrome
Safari: Manage cookies and website data with Safari
Firefox: Delete cookies to remove data that websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies
If you generally do not want cookies, you can set up your browser to always inform you when a cookie is to be set. This way, you can decide for each individual cookie whether to allow it or not.
Legal Basis
Since 2009, there have been the so-called “Cookie Directives.” These state that the storage of cookies requires your consent (Article 6(1)(a) GDPR). Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in § 165(3) of the Telecommunications Act (2021). In Germany, the Cookie Directives were not implemented as national law. Instead, the implementation of this directive was largely carried out in § 15(3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.
For strictly necessary cookies, even if no consent is given, legitimate interests (Article 6(1)(f) GDPR) exist, which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience, and for this, certain cookies are often absolutely necessary.
If non-essential cookies are used, this is only done with your consent. The legal basis is therefore Art. 6(1)(a) GDPR.
In the following sections, you will be informed in more detail about the use of cookies, provided the software used employs cookies.
Cookie Consent management service
Usercentrics GmbH is used on websites and apps as a processor for the purpose of consent management.
Processing Company
Usercentrics GmbH
Sendlinger Str. 7, 80331 Munich, Germany
Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company.
Data Purposes
This list represents the purposes of the data collection and processing.
- Compliance with legal obligations
- Consent storage
Technologies Used
This list represents all technologies this service uses to collect data.
- Local storage
- Pixel
Data Collected
This list represents all (personal) data that is collected by or through the use of this service.
- Opt-in and opt-out data
- Referrer URL
- User agent
- User settings
- Consent ID
- Time of consent
- Consent type
- Template version
- Banner language
- IP address
- Geographic location
Legal Basis
In the following the required legal basis for the processing of data is listed.
- Art. 6 para. 1 s. 1 lit. c GDPR
Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
- European Union
Retention Period
The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
- The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately.
Data Recipients
In the following the recipients of the data collected are listed.
- Usercentrics GmbH
Click here to read the privacy policy of the data processor
Stored Information
This service uses different means of storing information on a user’s device as listed below.
ucString
This holds the ControllerID and SettingsID, the language, settings version and services with their consent history.
Type:
web
Domain:
usercentrics.com
ucData
This holds information about the Google Consent Mode.
Type:
web
Web Hosting Introduction
Web Hosting Summary
Affected Parties: Visitors to the website
Purpose: Professional hosting of the website and securing operations
Data Processed: IP address, time of website visit, browser used, and other data. More details can be found below or from the respective web hosting provider.
Storage Duration: Depends on the provider, but typically 2 weeks
Legal Bases: Art. 6(1)(f) GDPR (legitimate interests)
What Is Web Hosting?
When you visit websites today, certain information—including personal data—is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By domain, we mean, for example, beispiel.de or musterbeispiel.com.
If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know the names of some web browsers: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We will simply refer to them as browsers.
To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why this is usually done by professional providers, the so-called hosting providers. These offer web hosting and thus ensure reliable and error-free storage of website data. That’s a lot of technical terms, but please stay with us, it gets better!
When the browser on your computer (desktop, laptop, tablet, or smartphone) connects and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a while to ensure proper operation.
A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.
Why Do We Process Personal Data?
The purposes of data processing are:
- Professional hosting of the website and securing operations
- Maintaining operational and IT security
- Anonymous evaluation of access behavior to improve our offerings and, if necessary, for prosecution or enforcement of claims
Which Data Are Processed?
Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as:
- The complete internet address (URL) of the accessed webpage
- Browser and browser version (e.g., Chrome 87)
- The operating system used (e.g., Windows 10)
- The address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)
- The hostname and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
- Date and time
- In files, the so-called web server log files
How Long Are Data Stored?
As a rule, the above-mentioned data are stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out that this data may be viewed by authorities in the event of unlawful behavior.
In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not pass on your data without consent!
Legal Basis
The lawfulness of the processing of personal data within the scope of web hosting results from Art. 6(1)(f) GDPR (safeguarding legitimate interests), because the use of professional hosting with a provider is necessary to present the company on the internet in a secure and user-friendly manner and to be able to pursue attacks and claims resulting from this if necessary.
Between us and the hosting provider, there is usually a contract for order processing in accordance with Art. 28 ff. GDPR, which ensures compliance with data protection and guarantees data security.
All-Inkl.com Web Hosting Privacy Policy (Legal Summary)
Our website is hosted by ALL-INKL.COM – Neue Medien Münnich, a reputable hosting provider based in Germany. The use of this service entails the processing of certain personal data of website visitors.
Categories of Data Processed
When you access our website, the following data may be processed and stored on All-Inkl.com servers:
- IP address of the accessing device (anonymized),
- Date and time of the request,
- Accessed URL (including referrer),
- Browser type and version,
- Operating system and device information.
This data is essential to ensure the functionality, stability, and security of the website and is used exclusively for these purposes. The processing is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR.
Purpose and Legal Basis
The data processing serves the purpose of providing a secure, stable, and efficient online presence. Our legitimate interest lies in ensuring the continuous accessibility of the website and in protecting against cyberattacks. The legal basis for processing is Art. 6(1)(f) GDPR.
Storage Duration
Visitor data is generally stored for a maximum period of 8 weeks. Longer retention may occur if required to comply with legal obligations or for the assertion, exercise, or defense of legal claims.
Data Transfers and Location of Processing
The data is processed exclusively within the European Union on servers operated by All-Inkl.com. There is no transfer of personal data to third parties or to countries outside the EU.
Your Rights
In accordance with applicable data protection regulations, you have the right to:
- Obtain information about the personal data we process about you,
- Request rectification or erasure of your personal data,
- Restrict the processing of your personal data,
- Object to the processing of your personal data,
- Lodge a complaint with the competent data protection authority.
More Information
Description of Service
This is a web host and domain provider.
Processing Company
ALL-INKL.COM – Neue Medien Münnich
Hauptstraße 68, 02742 Friedersdorf, Germany
Data Purposes
This list represents the purposes of the data collection and processing.
- Web hosting
Technologies Used
This list represents all technologies this service uses to collect data.
- Cookies
Data Collected
This list represents all (personal) data that is collected by or through the use of this service.
- Amount of data transferred
- Date and time of visit
- Browser version
- IP address
- Interface
- Content to request or specify the retrieved file that has been sent to the user
- Time difference between requesting host and web server
- Browser language
- Browser type
- Access status
- Device operating system
- Referrer URL
- Usage data
Legal Basis
In the following the required legal basis for the processing of data is listed.
- Art. 6 para. 1 s. 1 lit. f GDPR
Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
- European Union
Retention Period
The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
- The data will be deleted as soon as they are no longer needed for the processing purposes.
Data Recipients
In the following the recipients of the data collected are listed.
- ALL-INKL.COM – Neue Medien Münnich
Click here to read the privacy policy of the data processor
Storage Information
Below you can see the longest potential duration for storage on a device, as set when using any method of storage.
Non-cookie storage: no
Website Builder Systems Introduction
Website Builder Systems Privacy Policy Summary
- Affected parties: Website visitors
- Purpose: Optimization of our services
- Processed data: Technical usage data such as browser activity, clickstream activity, session heatmaps, contact details, IP address, or geographic location. More details can be found below in this privacy policy and in the providers’ privacy policies.
- Storage duration: Depends on the provider
- Legal basis: Art. 6(1)(f) GDPR (Legitimate Interests), Art. 6(1)(a) GDPR (Consent)
What are Website Builder Systems?
We use a website builder system for our website. Builder systems are a special form of a Content Management System (CMS). With a builder system, website operators can easily create a website without programming knowledge. In many cases, web hosting providers also offer builder systems. Using a builder system may result in the collection, storage, and processing of your personal data. In this privacy policy, we provide general information about data processing by builder systems. For more details, please refer to the providers’ privacy policies.
Why do we use Website Builder Systems for our website?
The biggest advantage of a builder system is its ease of use. We aim to provide you with a clear, simple, and well-structured website that we can easily maintain without external support. A builder system offers many helpful functions that we can use without programming knowledge. This allows us to design our online presence according to our preferences and provide you with an informative and pleasant experience on our website.
What data is stored by a builder system?
The exact data stored depends on the specific website builder system used. Each provider processes and collects different data from website visitors. Typically, technical usage information such as the operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are collected. Additionally, tracking data (e.g., browser activity, clickstream activity, session heatmaps) may be processed. Personal data may also be collected and stored, such as contact details (e.g., email address, phone number, if provided), IP address, and geographic location. For details on what data is stored, please refer to the provider’s privacy policy.
How long and where is the data stored?
We will inform you below about the duration of data processing in connection with the website builder system used, provided we have further information. Detailed information can be found in the provider’s privacy policy. Generally, we only process personal data for as long as necessary to provide our services and products. The provider may store your data according to their own policies, over which we have no influence.
Right to object
You always have the right to access, correct, and delete your personal data. If you have questions, you can also contact the responsible party of the website builder system used. Contact details can be found either in our privacy policy or on the respective provider’s website.
Cookies used by providers for their functions can be deleted, disabled, or managed in your browser. Depending on your browser, this works differently. Please note that some functions may no longer work as expected.
Legal basis
We have a legitimate interest in using a website builder system to optimize our online service and present it efficiently and user-friendly. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the builder system if you have given your consent.
If data processing is not strictly necessary for the operation of the website, data is only processed based on your consent. This particularly applies to tracking activities. The legal basis in this case is Art. 6(1)(a) GDPR.
With this privacy policy, we have provided you with the most important general information about data processing. If you would like more detailed information, you can find further details—if available—in the following section or in the provider’s privacy policy.
WordPress.com Privacy Policy
WordPress.com Privacy Policy Summary
- Affected parties: Website visitors
- Purpose: Optimization of our services
- Processed data: Technical usage data such as browser activity, clickstream activity, session heatmaps, contact details, IP address, or geographic location. More details can be found below in this privacy policy.
- Storage duration: Depends on the type of data stored and specific settings.
- Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)
What is WordPress?
We use the well-known Content Management System WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
WordPress was launched in 2003 and quickly became one of the most popular CMS worldwide. A CMS is software that helps us design our website and present content in an organized manner. Content can include text, audio, and video.
Using WordPress may result in the collection, storage, and processing of your personal data. Typically, technical data such as the operating system, browser, screen resolution, or hosting provider are stored. However, personal data such as IP address, geographic location, or contact details may also be processed.
Why do we use WordPress on our website?
We have many strengths, but programming is not one of our core competencies.
Nevertheless, we want to offer a powerful and visually appealing website that we can manage and maintain ourselves. With a website builder system or CMS like WordPress, this is possible. With WordPress, we don’t need to be programming experts to provide you with a great website. Thanks to WordPress, we can quickly and easily operate our website without technical knowledge. If technical issues arise or we have specific requests for our website, our experts, who are proficient in HTML, PHP, CSS, etc., are always available.
Due to its ease of use and comprehensive functions, WordPress allows us to design our online presence according to our preferences and provide you with a good user experience.
What data is processed by WordPress?
Non-personal data includes technical usage information such as browser activity, clickstream activity, session heatmaps, and data about your computer, operating system, browser, screen resolution, language and keyboard settings, internet provider, and date of visit.
Personal data may also be collected, primarily contact details (email address or phone number, if provided), IP address, or geographic location.
WordPress may also use cookies to collect data. These often store information about your behavior on our website. For example, it may track which subpages you visit most frequently, how long you stay on individual pages, when you leave a page (bounce rate), or preferences you set (e.g., language selection). Based on this data, WordPress can better tailor its marketing efforts to your interests and user behavior. The next time you visit our website, it will be displayed according to your previous settings.
WordPress may also use technologies like pixel tags (web beacons) to identify you as a user and potentially offer interest-based advertising.
How long and where is the data stored?
The duration of data storage depends on various factors, primarily the type of data stored and the specific website settings. Generally, WordPress deletes data when it is no longer needed for its purposes. Exceptions apply if legal obligations require longer retention. Web server logs containing your IP address and technical data are deleted by WordPress or Automattic after 30 days. Automattic uses this data to analyze traffic on its websites (e.g., all WordPress sites) and resolve potential issues. Deleted content on WordPress websites is kept in the trash for 30 days to allow recovery, after which it may remain in backups and caches until deletion. Data is stored on Automattic’s servers in the USA.
How can I delete my data or prevent data storage?
You always have the right to access, object to the use and processing of, and delete your personal data. You can also file a complaint with a supervisory authority at any time.
You can also manage, delete, or disable cookies in your browser. However, please note that some functions may no longer work as expected. Depending on your browser, cookie management works differently. Under the “Cookies” section, you will find links to instructions for the most common browsers.
Legal basis
If you have consented to the use of WordPress, the legal basis for data processing is this consent (Art. 6(1)(a) GDPR). This consent constitutes the legal basis for the processing of personal data as may occur during collection by WordPress.
We also have a legitimate interest in using WordPress to optimize our online service and present it attractively. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use WordPress if you have given your consent.
WordPress or Automattic processes your data, among other places, in the USA. Automattic is an active participant in the EU-US Data Privacy Framework, which governs the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Additionally, Automattic uses so-called Standard Contractual Clauses (Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission to ensure that your data complies with European data protection standards even when transferred to third countries (e.g., the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Automattic commits to adhering to European data protection standards when processing your relevant data, even if stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
For more details about the privacy policy and what data is processed by WordPress, please visit https://automattic.com/privacy/.
Data Processing Agreement (DPA) WordPress.com
In accordance with Article 28 of the GDPR, we have concluded a Data Processing Agreement (DPA) with WordPress.com. You can read about what a DPA is and what it must contain in our general section “Data Processing Agreement (DPA)“.
This contract is legally required because WordPress.com processes personal data on our behalf. It clarifies that WordPress.com may only process data received from us in accordance with our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) at https://wordpress.com/support/data-processing-agreements/.
Web Analytics Introduction
Web Analytics Privacy Policy Summary
- Affected parties: Website visitors
- Purpose: Evaluation of visitor information to optimize the website.
- Processed data: Access statistics, including location of access, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found in the respective web analytics tool used.
- Storage duration: Depends on the web analytics tool used.
- Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)
What is Web Analytics?
We use software on our website to analyze the behavior of website visitors, referred to as web analytics. Data is collected, stored, and processed by the respective analytics tool provider (also called a tracking tool). The data is used to analyze user behavior on our website and provide us, as the website operator, with insights. Most tools also offer various testing options. For example, we can test which offers or content are most appealing to our visitors by showing two different offers for a limited time (A/B testing). After the test, we know which product or content our visitors find more interesting. For such tests, as well as other analytics methods, user profiles may be created, and data may be stored in cookies.
Why do we conduct Web Analytics?
Our website has a clear goal: to provide the best web offering in our industry. To achieve this, we want to offer the most interesting and appealing content while ensuring you feel comfortable on our website. Web analytics tools help us closely examine visitor behavior and improve our website accordingly. For example, we can determine the average age of our visitors, where they come from, when our website is most visited, or which content or products are particularly popular. This information helps us optimize the website to better meet your needs, interests, and wishes.
What data is processed?
The exact data stored depends on the analytics tools used. Typically, data such as which content you view on our website, which buttons or links you click, when you access a page, your browser type, your device (PC, tablet, smartphone, etc.), or your computer system are stored. If you consent to the collection of location data, this may also be processed by the web analytics tool provider.
Your IP address is also stored. According to the GDPR, IP addresses are personal data. However, your IP address is usually stored in a pseudonymized (anonymized and truncated) form. For testing, web analytics, and optimization purposes, direct data such as your name, age, address, or email address are generally not stored. If such data is collected, it is stored pseudonymously, making it impossible to identify you as a person.
The following example schematically illustrates how Google Analytics works as an example of client-based web tracking with JavaScript code.
How long is the data processed?
The duration of data processing depends on the analytics tool used. We will inform you below if we have further details. Generally, we only process personal data for as long as necessary to provide our services and products. If legal requirements, such as accounting obligations, mandate longer retention, this period may be extended.
Right to object
You also have the right to revoke your consent to the use of cookies or third-party tools at any time. This can be done via our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.
Legal basis
The use of web analytics requires your consent, which we obtain via our cookie popup. This consent constitutes the legal basis for the processing of personal data as may occur during collection by web analytics tools (Art. 6(1)(a) GDPR).
In addition to consent, we have a legitimate interest in analyzing visitor behavior to technically and economically improve our offering. Web analytics helps us identify website errors, detect attacks, and improve efficiency. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the tools if you have given your consent.
Since web analytics tools use cookies, we recommend reading our general privacy policy on cookies. To learn what data is stored and processed, please review the privacy policies of the respective tools.
For information on specific web analytics tools, please refer to the following sections—if available.
Google Analytics Privacy Policy
Google Analytics Privacy Policy Summary
- Affected parties: Website visitors
- Purpose: Evaluation of visitor information to optimize the website.
- Processed data: Access statistics, including location of access, device data, access duration and time, navigation behavior, and click behavior. More details can be found below in this privacy policy.
- Storage duration: Individually adjustable; by default, Google Analytics 4 stores data for 14 months.
- Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)
What is Google Analytics?
We use the analytics tracking tool Google Analytics in the version Google Analytics 4 (GA4) on our website. The provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies like cookies, device IDs, and login credentials, you can be identified across different devices, allowing cross-platform analysis of your actions.
For example, if you click a link, this event is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and services to your preferences. Below, we provide more details about the tracking tool, especially regarding what data is processed and how you can prevent it.
Google Analytics is a tracking tool for analyzing traffic on our website. The basis for these measurements and analyses is a pseudonymous user identification number. This number does not contain personal data like your name or address but is used to assign events to a device. GA4 uses an event-based model that records detailed information about user interactions, such as page views, clicks, scrolling, and conversion events. Additionally, GA4 incorporates various machine learning functions to better understand user behavior and trends. GA4 relies on modeling, meaning missing data can be extrapolated based on collected data to optimize analysis and provide forecasts.
For Google Analytics to function, a tracking code is embedded in our website’s code. When you visit our website, this code records various events you perform. With GA4’s event-based data model, we as website operators can define and track specific events to analyze user interactions. This allows us to track not only general actions like clicks or page views but also events important to our business, such as submitting a contact form or purchasing a product.
When you leave our website, this data is sent to Google Analytics servers and stored there.
Google processes the data, and we receive reports about your user behavior. These reports may include:
- Audience reports: Learn more about our users and who is interested in our services.
- Advertising reports: Analyze and improve our online advertising.
- Acquisition reports: Gain insights into how to attract more people to our services.
- Behavior reports: Understand how you interact with our website, including navigation paths and clicked links.
- Conversion reports: Track desired actions resulting from marketing messages, such as becoming a customer or newsletter subscriber.
In addition to the above reports, Google Analytics 4 offers features such as:
- Event-based data model: Tracks specific events on our website, like video playback or product purchases.
- Advanced analysis: Segment user groups, compare target audiences, and analyze navigation paths.
- Predictive modeling: Uses machine learning to forecast trends and fill data gaps.
- Cross-platform analysis: Collects and analyzes data from websites and apps for a comprehensive view of user behavior (if you consent).
Why do we use Google Analytics on our website?
Our goal is clear: to provide you with the best possible service. Google Analytics statistics and data help us achieve this.
The statistically evaluated data gives us a clear picture of our website’s strengths and weaknesses. On one hand, we can optimize our site to make it easier for interested users to find us on Google. On the other hand, the data helps us better understand you as a visitor. This allows us to improve our website to offer you the best possible service. The data also helps us conduct personalized and cost-effective advertising. After all, it only makes sense to show our products and services to people who are interested in them.
What data is stored by Google Analytics?
Google Analytics creates a random, unique ID linked to your browser cookie. This allows Google Analytics to recognize you as a new user and assign a user ID. On your next visit, you are recognized as a “returning” user. All collected data is stored with this user ID, enabling pseudonymous user profiles to be analyzed.
To analyze our website with Google Analytics, a property ID must be included in the tracking code. The data is then stored in the corresponding property. For each new property, the default is a Google Analytics 4 property. Depending on the property used, data is stored for different durations.
Through identifiers like cookies, app instance IDs, user IDs, or custom event parameters, your interactions (if consented) are tracked across platforms. Interactions include all actions you perform on our website. If you use other Google systems (e.g., a Google account), data generated by Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may apply if legally required.
According to Google, Google Analytics 4 does not log or store IP addresses. However, Google uses IP address data to derive location information and deletes it immediately afterward. All IP addresses collected from users in the EU are deleted before being stored in a data center or server.
Since Google Analytics 4 focuses on event-based data, it uses significantly fewer cookies than previous versions (e.g., Google Universal Analytics). However, GA4 does use some specific cookies, including:
- Name: _ga
Value: 2.1326744211.152313000823-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID, distinguishing website visitors.
Expiration: After 2 years - Name: _gid
Value: 2.1687193234.152313000823-1
Purpose: Also distinguishes website visitors.
Expiration: After 24 hours - Name: gat_gtag_UA<property-id>
Value: 1
Purpose: Reduces request rate. If Google Analytics is deployed via Google Tag Manager, this cookie is named dc_gtm<property-id>.
Expiration: After 1 minute
Note: This list is not exhaustive, as Google may change its cookie selection. GA4 aims to improve data privacy, offering controls over data collection, such as setting storage duration.
Below is an overview of key data types collected by Google Analytics:
- Heatmaps: Shows which areas of our website you click.
- Session duration: Time spent on our site without leaving.
- Bounce rate: Leaving the site after viewing only one page.
- Account creation: If you create an account or place an order.
- Location: Derived from IP addresses before deletion.
- Technical information: Browser type, internet provider, screen resolution.
- Referral source: Website or ad that led you to our site.
- Other data may include contact details, ratings, media playback, social media sharing, or favorites.
How long and where is the data stored?
Google has servers worldwide. You can find the locations of Google data centers here: https://www.google.com/about/datacenters/locations/?hl=de.
Data is distributed across multiple physical storage devices for faster access and better protection against manipulation. Each Google data center has emergency programs to minimize service disruptions.
The retention period depends on the properties used. Storage duration is set individually for each property. Google Analytics offers four options:
- 2 months (shortest retention).
- 14 months (default for GA4).
- 26 months (extended retention).
- Manual deletion required.
Additionally, data can be deleted if you do not revisit our site within the chosen period. The retention period resets each time you return within the timeframe.
Once the period expires, data is deleted monthly. This applies to data linked to cookies, user recognition, and advertising IDs (e.g., DoubleClick cookies). Report results are based on aggregated data and stored separately from user data.
How can I delete my data or prevent data storage?
Under EU data protection law, you have the right to access, update, delete, or restrict your data. The Google Analytics JavaScript opt-out browser add-on prevents Google Analytics 4 from using your data. You can download and install the add-on here: https://tools.google.com/dlpage/gaoptout?hl=de.
To manage or delete cookies, see the “Cookies” section for instructions for major browsers.
Legal basis
The use of Google Analytics requires your consent, obtained via our cookie popup. This consent is the legal basis for processing personal data (Art. 6(1)(a) GDPR).
We also have a legitimate interest in analyzing visitor behavior to improve our website technically and economically. Google Analytics helps identify errors, detect attacks, and enhance efficiency (Art. 6(1)(f) GDPR). However, we only use Google Analytics if you consent.
Google processes your data in the USA. Google participates in the EU-US Data Privacy Framework, ensuring compliant data transfers from the EU to the USA. More information: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Google also uses Standard Contractual Clauses (Art. 46(2) and (3) GDPR). These are EU Commission templates ensuring data protection standards when transferring data to third countries (e.g., the USA). The EU-US Data Privacy Framework and SCCs commit Google to European data protection standards. The implementing decision and SCCs can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
Google Ads Data Processing Terms, referencing SCCs, are available at https://business.safety.google/intl/de/adsprocessorterms/.
For more details on Google Analytics data processing, visit:
- https://marketingplatform.google.com/about/analytics/terms/de/
- https://support.google.com/analytics/answer/6004245?hl=de
Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Data Processing Agreement (DPA) Google Analytics
In accordance with Article 28 of the GDPR, we have concluded a Data Processing Agreement (DPA) with Google. You can read about what a DPA is and what it must contain in our general section “Data Processing Agreement (DPA)“.
This contract is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data received from us in accordance with our instructions and must comply with the GDPR. The link to the data processing terms can be found at https://business.safety.google/intl/de/adsprocessorterms/.
Google Analytics Demographic and Interest Reports
We have enabled advertising reports in Google Analytics. These reports contain demographic and interest data (age, gender, interests), helping us better understand our users without identifying individuals. Learn more about advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.
You can opt out of ad personalization in your Google account settings: https://adssettings.google.com/authenticated.
Google Analytics E-Commerce Measurement
We use Google Analytics’ e-commerce measurement to analyze interactions on our website. This focuses on purchasing behavior, allowing us to tailor our services to your expectations. E-commerce measurement tracks orders, purchase time, average order value, shipping costs, and more, all under a unique ID.
Google Optimize Privacy Policy
We use Google Optimize, a website optimization tool, on our website. The provider is Google Inc. For Europe, Google Ireland Limited is responsible.
Google processes data in the USA and participates in the EU-US Data Privacy Framework. More information: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Google’s Standard Contractual Clauses ensure data protection compliance. The implementing decision and SCCs: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
Google Ads Data Processing Terms: https://business.safety.google/intl/de/adsprocessorterms/.
Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Data Processing Agreement (DPA) Google Optimize
In accordance with Article 28 of the GDPR, we have concluded a DPA with Google. Learn more in our “Data Processing Agreement (DPA)” section.
Google processes personal data on our behalf under this agreement. The data processing terms are available at https://business.safety.google/intl/de/adsprocessorterms/.
Email Marketing Introduction
Email Marketing Summary
- Affected parties: Newsletter subscribers
- Purpose: Direct marketing via email, system notifications
- Processed data: Registration data (at least email address). More details in the respective email marketing tool.
- Storage duration: Duration of subscription
- Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)
What is Email Marketing?
To keep you updated, we use email marketing. If you consent to receiving emails or newsletters, your data is processed and stored. Email marketing is part of online marketing, where news or general information about a company is sent via email to interested parties.
To subscribe, you typically provide your email address via an online form. We may also ask for your name and salutation for personalized communication.
Subscriptions usually follow the “double opt-in” process: After signing up, you receive a confirmation email to verify ownership. This prevents unauthorized sign-ups. Each registration is logged, including timestamps and IP addresses, to comply with legal requirements.
Why do we use Email Marketing?
We want to stay in touch and inform you about company news. Email marketing (e.g., newsletters) is a key part of our online marketing. With your consent or where legally permitted, we send newsletters, system emails, or notifications.
To provide efficient and secure newsletters, we may use professional email marketing services. Our goal is to inform you about new offers and achieve business objectives.
What data is processed?
When subscribing, we collect data such as IP address, email address, and possibly name, address, and phone number (if provided). We also log consent to comply with legal requirements.
Storage duration
If you unsubscribe, we may retain your email for up to three years based on legitimate interests (e.g., to prove prior consent). You can request deletion at any time.
Right to object
You can unsubscribe anytime by revoking consent. Most emails include an unsubscribe link. If not, contact us, and we will cancel your subscription.
Legal basis
Newsletters are sent based on consent (Art. 6(1)(a) GDPR). Marketing emails may also be sent based on legitimate interests (Art. 6(1)(f) GDPR) if you are a customer and have not opted out.
For details on specific email marketing tools, see the following sections.
4Dem Privacy Policy
We use 4Dem for email marketing. The provider is Advision Srl UNIPERSONALE, Italy.
Privacy policy: https://www.4dem.it/informativa-privacy-rev-3-30062023/.
CleverReach Privacy Policy
CleverReach Privacy Policy Summary
- Affected parties: Newsletter subscribers
- Purpose: Direct marketing via email, system notifications
- Processed data: Registration data (at least email address).
- Storage duration: Duration of subscription
- Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)
What is CleverReach?
We use CleverReach for email marketing. The provider is CleverReach GmbH & Co. KG, Germany.
CleverReach helps create newsletters and analyze campaigns. It integrates with CRM, CMS, and shop systems.
Why do we use CleverReach?
The tool simplifies newsletter creation without design skills. It enables targeted campaigns and improves our communication.
What data is processed?
During registration, personal data (email, name, birthdate, location) is collected. IP address and timestamps are also stored. Web analytics data (e.g., link clicks) may be processed.
CleverReach prioritizes data security with regular system updates.
Storage duration
Data is stored in German data centers. Upon unsubscription, data is deleted from our and CleverReach’s servers.
Backups are retained for 30 days.
Right to object
Unsubscribe via the link in emails or contact us. You have rights to access, correct, or delete your data.
Legal basis
Newsletters are sent based on consent (Art. 6(1)(a) GDPR). Logging registration ensures legal compliance.
Privacy policy: https://www.cleverreach.com/de-de/datenschutz/.
Data Processing Agreement (DPA) CleverReach
In accordance with Article 28 of the GDPR, we have concluded a DPA with CleverReach. Learn more in our “Data Processing Agreement (DPA)” section.
CleverReach processes personal data on our behalf under this agreement.
Social Media Introduction
Social Media Privacy Policy Summary
- Affected parties: Website visitors
- Purpose: Service optimization, contact with visitors, advertising
- Processed data: Phone numbers, email addresses, contact details, user behavior, device information, IP address. More details in the respective social media tool.
- Storage duration: Depends on the platform
- Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)
What is Social Media?
We are active on various social media platforms. Data may be processed to target interested users. Social media elements (e.g., buttons) may also be embedded on our website.
Social media refers to websites/apps where users create content, share posts, and network.
Why do we use Social Media?
Social media platforms facilitate communication. Our presence helps promote products/services to interested users. Embedded elements allow easy access to our social media content.
Data collected via social media is primarily used for analytics to develop targeted marketing strategies. User behavior analysis enables interest-based advertising, often using cookies.
We generally remain responsible for data protection when using social media services. However, the European Court of Justice ruled that in some cases, the platform operator may share responsibility (Art. 26 GDPR). If applicable, we will inform you separately and act based on an agreement.
Note that data may be processed outside the EU (e.g., in the USA), potentially complicating the enforcement of your rights.
What data is processed?
The exact data depends on the platform. Typically, phone numbers, email addresses, contact form inputs, user behavior (e.g., likes, follows), device information, and IP addresses are collected
Auth0 Single Sign-On Privacy Policy
We use the authentication service Auth0 Single Sign-On for logging into our website. The service provider is the American company Auth0, Inc., 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA.
Auth0 processes your data, including in the USA. Auth0 is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA. For more information, visit:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
To learn more about the data processed through Auth0, please refer to their privacy policy:
https://www.okta.com/privacy-policy/.
Google Single Sign-On Privacy Policy
We also use the authentication service Google Single Sign-On for logging into our website. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.
Google processes your data, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which ensures the correct and secure transfer of personal data of EU citizens to the USA. For more details, see:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Additionally, Google uses Standard Contractual Clauses (Art. 46(2) and (3) GDPR). These are template clauses provided by the European Commission to ensure compliance with European data protection standards, even when data is transferred to third countries (e.g., the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to upholding European data protection standards for your data, even when processed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
The Google Ads Data Processing Terms, which reference the Standard Contractual Clauses, can be found here:
https://business.safety.google/intl/de/adsprocessorterms/.
You can revoke your consent for Google Single Sign-On via the opt-out function at:
https://adssettings.google.com/authenticated.
For details about the data processed by Google, refer to their Privacy Policy:
https://policies.google.com/privacy?hl=de.
Review Platforms Introduction
Summary
- Affected parties: Website visitors or users of review platforms.
- Purpose: Feedback on our products/services.
- Data processed: Includes IP address, email, name. See details below or in the respective platform’s policies.
- Storage duration: Varies by platform.
- Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests).
What are review platforms?
On various platforms, you can review our products/services. We participate to gather feedback and improve our offerings. Reviews are subject to the platform’s privacy policy and terms. Often, registration is required. Some platforms embed widgets on our site, which may transfer data to the provider.
Why do we use review platforms?
To collect feedback and enhance our products/services, providing transparency for future customers.
Data processing details:
With your consent, we share order details (e.g., order number) to verify genuine purchases. Data storage depends on the provider (e.g., IP, email).
Storage duration:
Typically, personal data is anonymized post-review. Data is stored on the provider’s servers and deleted after contract termination.
Opt-out:
You can revoke consent via our cookie management tool or browser settings.
Legal basis:
Consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR) in improving our services.
For platform-specific policies, see below.
bewertet.de Privacy Policy
We use the German platform bewertet.de (Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin).
Their privacy policy:
https://www.bewertet.de/datenschutz.
Google Customer Reviews Privacy Policy
Service provider: Google Ireland Limited (EU) / Google Inc. (USA).
Google participates in the EU-US Data Privacy Framework:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Standard Contractual Clauses apply:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
Google Ads Data Processing Terms:
https://business.safety.google/intl/de/adsprocessorterms/.
Google’s Privacy Policy:
https://policies.google.com/privacy?hl=de.
Trusted Shops Privacy Policy
Provider: Trusted Shops GmbH (Subbelrather Str. 15c, 50823 Cologne, Germany).
Privacy policy:
https://www.trustedshops.de/impressum-datenschutz/#datenschutz.
Web Design Introduction
Summary
- Purpose: Enhance user experience.
- Data processed: IP, browser/device details (varies by tool).
- Legal basis: Consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR).
Tools used:
- Font Awesome (icons):
Provider: Fonticons, Inc. (USA).
Data: IP, loaded icon files.
Storage: Few weeks (identifiable data). - https://fontawesome.com/privacy.
Support:
https://fontawesome.com/support.
Opt-out: Disable via browser settings (may limit functionality).
Note: The EU Court of Justice notes insufficient data protection for US transfers. Data may be accessed by US authorities.
Google Fonts Privacy Policy
Summary
- Affected parties: Website visitors
- Purpose: Optimization of our service performance
- Data processed: Data such as IP address and CSS/font requests
- Storage duration: Font files are stored by Google for one year
- Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What are Google Fonts?
We use Google Fonts on our website. These are “Google Fonts” provided by Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.
To use Google Fonts, you don’t need to log in or provide a password. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don’t need to worry that your Google account data will be transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely.
Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to users free of charge. Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are free software licenses.
Why do we use Google Fonts on our website?
With Google Fonts, we can use fonts on our own website without having to upload them to our own server. Google Fonts is an important component in maintaining the quality of our website. All Google Fonts are automatically optimized for the web, which saves bandwidth and is particularly advantageous for mobile devices. When you visit our site, the small file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts. Different rendering systems in various browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes visually distort texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts to present our entire online service as beautifully and consistently as possible.
What data is stored by Google?
When you visit our website, the fonts are loaded from a Google server. This external call transmits data to Google’s servers. This is how Google recognizes that you or your IP address is visiting our website. The Google Fonts API was developed to reduce the use, storage, and collection of end-user data to what is necessary for proper font delivery. API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.
Google Fonts securely stores CSS and font requests on Google and is thus protected. Through the collected usage statistics, Google can determine how well individual fonts are received. Google publishes the results on internal analytics pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google Fonts. This data is published in the BigQuery database of Google Fonts. Entrepreneurs and developers use the Google Web service BigQuery to examine and move large amounts of data.
However, it should be noted that with every Google Font request, information such as language settings, IP address, browser version, browser screen resolution, and browser name are automatically transmitted to Google’s servers. Whether this data is also stored is not clearly determinable or is not clearly communicated by Google.
How long and where is the data stored?
Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use the fonts via a Google stylesheet. A stylesheet is a template that can be used to easily and quickly change the design or font of a website.
The font files are stored by Google for one year. Google’s goal is to fundamentally improve the loading time of websites. When millions of websites refer to the same fonts, they are cached after the first visit and appear immediately on all other websites visited later. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.
How can I delete my data or prevent data storage?
The data that Google stores for a day or a year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=de&tid=313000823. In this case, you can only prevent data storage by not visiting our site.
Unlike other web fonts, Google allows us unlimited access to all fonts. So we can access a sea of fonts without limits and thus get the best out of our website. You can find more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=313000823. Although Google addresses privacy-related matters there, there is really no detailed information about data storage. It is relatively difficult to get really precise information from Google about stored data.
Legal basis
If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Art. 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data as it may occur when collected by Google Fonts.
We also have a legitimate interest in using Google Fonts to optimize our online service. The corresponding legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). However, we only use Google Fonts if you have given your consent.
Google processes your data, among other places, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Google uses so-called standard contractual clauses (= Art. 46(2) and (3) GDPR). Standard contractual clauses (SCCs) are templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards, even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google commits to complying with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
The Google Ads data processing terms (Google Ads Data Processing Terms), which refer to the standard contractual clauses, can be found at: https://business.safety.google/intl/de/adsprocessorterms/.
You can also read about what data Google generally collects and what this data is used for at: https://www.google.com/intl/de/policies/privacy/.
Online Booking Systems Introduction
Online Booking Systems Privacy Policy Summary
- Affected parties: Website visitors
- Purpose: Improvement of user experience and organization
- Data processed: Which data is processed depends heavily on the services used. Usually, this includes IP address, contact and payment data, and/or technical data. More details can be found in the respective tools used.
- Storage duration: depends on the tools used
- Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What is an online booking system?
To enable you to make bookings via our website, we use one or more booking systems. Appointments, for example, can be easily created online. A booking system is a software application integrated into our website that displays available resources (such as free appointments) and allows you to book and often pay for them directly online. You are probably already familiar with such booking systems from the catering or hotel industry. Nowadays, such systems are used in a wide variety of industries. Booking systems can be used both internally for us and for customers like you, depending on the tool and settings. In the process, personal data is usually collected and stored from you.
Most of the time, the booking works as follows: You find the booking system on our website, where you can directly book an appointment for a service with a few clicks and by providing your data, and often pay for it immediately. It may be that you can enter various details about yourself via a form. Please be aware that all data you enter can be stored and managed in a database.
Why do we use an online booking system?
We see our website in a certain way as a free service for you. You should receive helpful information and feel completely comfortable on our site. This also includes an online service that makes booking appointments or services as easy as possible for you. Gone are the days when you had to laboriously wait days for a booking confirmation via phone or email. With an online booking system, you can complete everything with a few clicks and take care of other things. The system also makes it easier for us to manage all bookings and appointments. Therefore, we consider such a booking system to be absolutely useful for both you and us.
Which data is processed?
Of course, we cannot tell you exactly which data is processed in this general information text about booking systems. This always depends on the tool used and the functions and options it contains. Many booking systems offer a range of additional features besides the conventional booking function. For example, many systems also have an external online payment system (e.g., from Stripe, Klarna, or PayPal) and a calendar synchronization function integrated. Accordingly, depending on the functions, different and varying amounts of data can be processed. Typically, data such as IP address, name and contact details, technical details about your device, and the time of a booking are processed. If you also make a payment in the system, bank details such as account number, credit card number, passwords, TANs, etc. are also stored and passed on to the respective payment provider. We recommend that you read the respective privacy policy of the tool used carefully so that you know which data is processed in detail.
Duration of data processing
Each booking system stores data for different lengths of time. Therefore, we cannot yet provide any concrete information about the duration of data processing here. In principle, however, personal data is only stored for as long as it is absolutely necessary to provide the services. Booking systems usually also use cookies that store information for different lengths of time. Some cookies are deleted immediately after leaving the site, while others can be stored for several years. You can find out more about this in our “Cookies” section. Please also take a look at the respective privacy policies of the providers. It should be explained there how long your data will be stored in the specific case.
Right to object
If you have consented to data processing by a booking system, you of course always have the option and the right to revoke this consent. So please always be aware that you have rights in relation to your personal data and that you can also make these rights effective at any time. If you do not want personal data to be processed, then no personal data may be processed. It’s that simple. The easiest way to revoke data processing is via a cookie consent tool or via other opt-out functions offered. You can also manage the storage of data by cookies directly in your browser. Until your revocation, the legality of the data management remains unaffected.
Legal basis
If you have consented to the use of booking systems, the legal basis for the corresponding data processing is this consent. According to Art. 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data as it may occur through booking systems.
Furthermore, we also have a legitimate interest in using booking systems because, on the one hand, we can expand our customer service and, on the other hand, optimize our internal booking organization. The corresponding legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). However, we only use the tools if you have given your consent. We definitely want to emphasize this again at this point.
You will receive information about specific booking systems – if available – in the following sections.
Calendly Privacy Policy
We also use the online booking system Calendly. The service provider is the American company Calendly Inc., 115 E. Main St., Ste A1B, Buford, GA 30518, USA.
Calendly processes your data, among other places, in the USA. Calendly is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Calendly uses so-called standard contractual clauses (= Art. 46(2) and (3) GDPR). Standard contractual clauses (SCCs) are templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards, even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Calendly commits to complying with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
You can find more information about the standard contractual clauses at Calendly in the data processing terms at https://calendly.com/dpa.
We hope we have been able to provide you with the most important information about Calendly’s data processing. You can find out more about the data processed through the use of Calendly in the privacy policy at https://calendly.com/privacy.
Data Processing Agreement (DPA) Calendly
In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a data processing agreement (DPA) with Calendly. You can read about what a DPA is and especially what must be included in a DPA in our general section “Data Processing Agreement (DPA)”.
This contract is required by law because Calendly processes personal data on our behalf. It clarifies that Calendly may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the data processing agreement (DPA) at https://calendly.com/dpa.
Closing Words
Congratulations! If you are reading these lines, you have really “fought” through our entire privacy policy or at least scrolled this far. As you can see from the length of our privacy policy, we take the protection of your personal data anything but lightly.
It is important to us to inform you as best we can about the processing of personal data. However, we not only want to tell you which data is processed, but also explain the reasons for using various software programs. Privacy policies usually sound very technical and legal. However, since most of you are not web developers or lawyers, we also wanted to take a different linguistic approach and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible body. We wish you a nice time and hope to welcome you back to our website soon.
All texts are copyrighted.
Source: Privacy policy created with the Privacy Policy Generator for Germany by AdSimple.