Privacy Policy

The following document outlines the privacy policy, detailing how user information is collected, used, and protected.

Privacy Policy

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to shortly as "data") that we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

Controller

Josef-Maria Kamysek
Rua Aperana 113
22450-190 Rio de Janeiro

Mail Address: contact@learnwith.news

Overview of Processing

The following overview summarizes the types of data processed, the purposes of their processing, and refers to the affected individuals.

Types of Processed Data

  • Inventory data.
  • Payment data.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.

Categories of Affected Individuals

  • Customers.
  • Prospects.
  • Communication partners.
  • Users.
  • Business and contractual partners.
  • Pupils/Students/Participants.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact inquiries and communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organizational procedures.
  • Conversion measurement.
  • Administration and response to inquiries.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Registration procedures.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

Relevant Legal Bases

Relevant Legal Bases according to the GDPR:

Below, you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of personal data concerning them for a specific purpose or multiple specified purposes.
  • Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary to protect the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data.

National data protection regulations in Germany: In addition to the GDPR, there are national data protection regulations in Germany, including the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special provisions regarding the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of individual federal states may apply.

Note on the applicability of the GDPR and Swiss DPA: These data protection notices serve to inform both under the Swiss Federal Data Protection Act (Swiss DPA) and the General Data Protection Regulation (GDPR). Therefore, please note that for broader spatial applicability and understanding, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DPA such as "processing" of "personal data," "overriding interest," and "particularly sensitive personal data," the terms used in the GDPR such as "processing" of "personal data," "legitimate interest," and "special categories of data" are used. However, the legal meaning of the terms continues to be determined within the scope of the applicability of the Swiss DPA.

Security Measures

In accordance with legal requirements, considering the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as the relevant access, input, disclosure, availability, and segregation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also consider the protection of personal data in the development or selection of hardware, software, and procedures in accordance with the principles of data protection, through technology design and privacy-friendly default settings.

Transmission of Personal Data

In the course of our processing of personal data, it may occur that data is transmitted to other entities, companies, legally independent organizational units, or individuals or disclosed to them. Recipients of this data may include service providers responsible for IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or the disclosure or transfer of data to other individuals, entities, or companies, this only occurs in accordance with legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfer. Otherwise, data transfers only take place if the level of data protection is otherwise guaranteed, especially through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transfer (Art. 49 GDPR). Furthermore, we will inform you about the foundations of the transfer to third countries for each provider from the third country, with adequacy decisions taking precedence as the basis. Information on third-country transfers and existing adequacy decisions can be found in the information provided by the European Commission: EU Commission Data Protection - International Dimension.

EU-US Trans-Atlantic Data Privacy Framework: As part of the "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection as safe for certain companies in the USA through an adequacy decision dated July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at Data Privacy Framework (in English). We will inform you in the context of the data protection notices which service providers certified under the Data Privacy Framework we use.

Rights of Data Subjects

Rights of data subjects under the GDPR: As data subjects, you have various rights under the GDPR, especially arising from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent at any time.
  • Right to information: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and other information according to legal requirements.
  • Right to rectification: You have the right to obtain the rectification of inaccurate personal data concerning you according to legal requirements.
  • Right to erasure and restriction of processing: You have the right, according to legal requirements, to request the immediate erasure of personal data concerning you or, alternatively, to request the restriction of processing.
  • Right to data portability: You have the right, in accordance with legal requirements, to receive personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transmission of such data to another controller.
  • Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, especially in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the provisions of the GDPR.

Use of Cookies

Cookies are small text files or other storage mechanisms that store information on end devices and retrieve information from end devices. For example, they store login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the functions used in an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as creating analyses of visitor flows.

Information on Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, unless it is not legally required. Consent is not necessary, in particular, when storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offering) expressly requested by them. Cookies that are absolutely necessary usually include cookies with functions related to the display and functionality of the online offering, load balancing, security, storage of user preferences, and choices, or similar purposes related to the provision of the main and ancillary functions of the online offering requested by users. The revocable consent is clearly communicated to users and includes information about the specific use of cookies.

Notes on Legal Bases for Data Protection: The legal basis on which we process users' personal data using cookies depends on whether we ask for user consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, data processed using cookies is based on our legitimate interests (e.g., in the economic operation of our online offering and improving its usability), or if the use of cookies is necessary to fulfill our contractual obligations, the legal basis is the necessity for the performance of a contract. We clarify the purposes for which we process cookies during this privacy policy or as part of our consent and processing processes.

Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
  • Persistent Cookies: Persistent cookies remain stored even after closing the end device. For example, the login status can be saved or preferred content can be displayed directly when a user revisits a website. Data collected with the help of cookies can also be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are persistent, and the storage duration can be up to two years.

General Notes on Revocation and Objection (Opt-Out): Users can revoke their given consents at any time and object to processing in accordance with legal requirements. For this purpose, users can restrict the use of cookies in their browser settings (which may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further Information on Processing Processes, Procedures, and Services:

  • Processing of Cookie Data Based on Consent: We use a consent management process: a process for obtaining, logging, managing, and revoking consents, especially for the use of cookies and similar technologies for storing, reading, and processing information on users' end devices, as well as their processing within the framework of the consent management process: a process for obtaining, logging, managing, and revoking consents, especially for the use of cookies and similar technologies for storing, reading, and processing information on users' end devices. Within this process, consents for the use of cookies, as well as the processing and providers mentioned in the consent management process: a process for obtaining, logging, managing, and revoking consents, especially for the use of cookies and similar technologies for storing, reading, and processing information on users' end devices, as well as their processing, can be obtained, managed, and revoked by users. The consent declaration is stored to avoid having to repeat the query and to be able to prove consent in accordance with legal obligations. Storage can be done server-side and/or in a cookie (so-called opt-in cookie or with comparable technologies) to assign the consent to a user or their device. Subject to individual information on providers of cookie management services, the following notes apply: The storage duration of the consent can be up to two years. A pseudonymous user identifier is created, and the time of consent, information about the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and device used, are stored; Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Business Services

We process data of our contractual and business partners, such as customers and prospects (collectively referred to as "contractual partners"), within the framework of contractual and similar legal relationships, as well as related measures and in the context of communication with contractual partners (or pre-contractually), for example, to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed-upon services, any obligations to update, and remedy warranty and other performance disruptions. Furthermore, we process the data to safeguard our rights and for the purposes of administrative tasks associated with these obligations and organizational management. Additionally, we process the data based on our legitimate interests in proper and efficient business management, as well as security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about other forms of processing, such as for marketing purposes, as part of this privacy policy.

We inform contractual partners about which data is necessary for the aforementioned purposes before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as they must be retained for archiving purposes due to legal requirements. The statutory retention period is ten years for tax-relevant documents, as well as for commercial books, inventories, opening balances, annual financial statements, instructions required for understanding these documents, and other organizational documents and booking documents, and six years for received commercial and business letters and copies of sent commercial and business letters. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement, or the management report was prepared, the commercial or business letter was received or sent, or the booking document was created, and the recording was made, or the other documents were created.

To the extent that we use third-party providers or platforms to provide our services, the terms and privacy policies of the respective third-party providers or platforms apply in the relationship between users and the providers.

  • Processed Data Types: Master Data (e.g., names, addresses); Payment Data (e.g., bank details, invoices, payment history); Contact Data (e.g., email, phone numbers); Contract Data (e.g., contract object, term, customer category).
  • Data Subjects: Prospects; Business and Contractual Partners; Students/Participants.
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Handling of contact inquiries and communication; Office and organizational procedures; Management and response to inquiries.
  • Legal Bases: Contract Performance and Pre-Contractual Inquiries (Art. 6(1)(b) GDPR); Legal Obligation (Art. 6(1)(c) GDPR); Legitimate Interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Educational and Training Services: We process the data of participants in our educational and training offerings (collectively referred to as "trainees") to be able to provide them with our training services. The processed data, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual and training relationship. Processing methods also include performance evaluation and the evaluation of our services and those of the instructors. In the course of our activities, we may also process special categories of data, especially information about the health of trainees, as well as data revealing ethnic origin, political opinions, religious or philosophical beliefs. To do so, we obtain explicit consent from the trainees if necessary and process special categories of data only when necessary for the provision of training services, for purposes of health care, social protection, or protection of vital interests of the trainees; Legal Basis: Contract Performance and Pre-contractual Inquiries (Art. 6(1)(b) GDPR).

  • Offer of Software and Platform Services: We process the data of our users, registered and potential test users (hereinafter collectively referred to as "users"), to provide them with our contractual services and, based on legitimate interests, to ensure the security and further development of our offering. The required information is marked as such within the framework of the order, order processing, or comparable contract conclusion and includes the information required for the provision of services and billing, as well as contact information to be able to conduct any necessary consultations; Legal Basis: Contract Performance and Pre-contractual Inquiries (Art. 6(1)(b) GDPR).

Payment Methods

In the context of contractual and other legal relationships, based on legal obligations, or otherwise based on our legitimate interests, we offer efficient and secure payment options to the data subjects and, for this purpose, use additional service providers (collectively "payment service providers").

The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract-related information, amounts, and recipient-related information. The information is necessary to carry out transactions. However, the data entered is processed and stored only by the payment service providers. In other words, we do not receive account- or credit card-related information but only information confirming or negatively confirming the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit reporting agencies. This transmission serves identity and credit checks. We refer to the terms and conditions and privacy policies of the payment service providers for this purpose.

The terms and conditions and privacy policies of the respective payment service providers, which are available on the respective websites or transaction applications, apply to payment transactions. We also refer to these for further information and the exercise of withdrawal, information, and other data subject rights.

  • Processed Data Types: Master Data (e.g., names, addresses); Payment Data (e.g., bank details, invoices, payment history); Contract Data (e.g., contract object, term, customer category); Usage Data (e.g., visited websites, interest in content, access times); Meta-, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Customers; Prospects.
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations.
  • Legal Basis: Contract Performance and Pre-contractual Inquiries (Art. 6(1)(b) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Stripe: Payment Services
    • Technical integration of online payment methods.
    • Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.
    • Legal Basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).
    • Website: Stripe.
    • Privacy Policy: Stripe Privacy Policy.
    • Basis for data transfer to third countries: EU-US Data Privacy Framework (DPF).

Provision of the Online Offering and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Processed Data Types: Usage Data (e.g., visited websites, interest in content, access times); Meta-, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status); Content Data (e.g., entries in online forms).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.). Security measures.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Provision of Online Offering on Rented Storage Space:

    • We use storage space, computing capacity, and software from a server provider (also called "web hoster") for providing our online offering.
    • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

  • Collection of Access Data and Log Files:

    • Access to our online offering is logged in the form of "server log files."
    • Server log files may include the address and name of the accessed websites and files, date and time of access, transmitted data volumes, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider.
    • Server log files can be used for security purposes, such as avoiding server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the load and stability of the servers.
    • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
    • Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidence purposes is excluded from deletion until the final clarification of the respective incident.

  • Email Sending and Hosting:

    • Web hosting services we use include the sending, receiving, and storage of emails.
    • For these purposes, the addresses of recipients and senders, as well as other information concerning email transmission (e.g., the involved providers) and the contents of the respective emails, are processed.
    • The aforementioned data may also be processed for the purpose of detecting SPAM.
    • Please note that emails on the Internet are generally not sent encrypted. Emails are usually encrypted during transport, but (unless an end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot assume responsibility for the transmission path of emails between the sender and our server.
    • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

  • Content Delivery Network (CDN):

    • We use a Content Delivery Network (CDN) to deliver content, especially large media files such as graphics or program scripts, more quickly and securely through regionally distributed servers connected via the Internet.
    • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Single Sign-On Authentication

"Single Sign-On" or "Single Sign-On Authentication" refers to procedures that allow users to log in to our online offering, among other services, using a user account with a Single Sign-On provider (e.g., a social network). For Single Sign-On Authentication, users must be registered with the respective Single Sign-On provider and enter the necessary access data in the designated online form or confirm the Single Sign-On Authentication via a button if already logged in with the Single Sign-On provider.

The authentication process occurs directly with the Single Sign-On provider. As part of this authentication, we receive a user ID with the information that the user is logged in under this user ID with the respective Single Sign-On provider and an ID (known as "User Handle") that is not usable for other purposes. Whether additional data is transmitted depends solely on the chosen Single Sign-On method, the selected data permissions during authentication, and the data users have shared in the privacy or other settings of their user account with the Single Sign-On provider. Depending on the Single Sign-On provider and user preferences, various data may be included, typically including the email address and username. The password entered with the Single Sign-On provider during the Single Sign-On process is not visible to us, nor is it stored by us.

Users should note that the information stored with us may automatically be compared with their user account with the Single Sign-On provider, but this is not always possible or may not actually occur. For example, if users change their email addresses, they must manually update this information in their user account with us.

We may use Single Sign-On Authentication, as agreed with users, within or before contract fulfillment, provided users have consented to it. Otherwise, we employ it based on our legitimate interests and the users' interests in an effective and secure login system.

If users decide not to use the link between their user account with the Single Sign-On provider for Single Sign-On Authentication, they must disconnect this link within their user account with the Single Sign-On provider. If users wish to delete their data with us, they must terminate their registration with us.

  • Processed Data Types: Master Data (e.g., names, addresses); Contact Data (e.g., email, phone numbers); Usage Data (e.g., visited websites, interest in content, access times); Meta-, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Authentication procedures.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Apple Single Sign-On: Authentication services for user logins, provision of Single Sign-On functionalities, management of identity information, and application integrations; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: Apple; Privacy Policy: Apple Privacy.

  • Google Single Sign-On: Authentication services for user logins, provision of Single Sign-On functionalities, management of identity information, and application integrations; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: Google; Privacy Policy: Google Privacy; Basis for third-country transfer: EU-US Data Privacy Framework (DPF); Opt-out: Ad Settings.

  • Microsoft Single Sign-On: Authentication services for user logins, provision of Single Sign-On functionalities, management of identity information, and application integrations; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: Microsoft; Privacy Policy: Microsoft Privacy; Basis for third-country transfer: EU-US Data Privacy Framework (DPF); More information: Microsoft Trust Center.

  • X Single Sign-On: Authentication services for user logins, provision of Single Sign-On functionalities, management of identity information, and application integrations; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: Twitter; Privacy Policy: Twitter Privacy, (Settings: Twitter Personalization); Data Processing Agreement: Twitter DPA; Basis for third-country transfer: Standard Contractual Clauses (Twitter DPA).

Blogs and Publishing Media

We utilize blogs or similar means of online communication and publication (hereinafter "Publishing Medium"). The data of readers are processed for the purposes of the Publishing Medium only to the extent necessary for its presentation, communication between authors and readers, or for security reasons. For further information on processing the visitors of our Publishing Medium, refer to the information within these privacy notices.

  • Processed Data Types: Master Data (e.g., names, addresses); Contact Data (e.g., email, phone numbers); Content Data (e.g., inputs in online forms); Usage Data (e.g., visited websites, interest in content, access times); Meta-, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness; Contact inquiries and communication; Management and response to inquiries.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Comment Subscriptions: Users can subscribe to follow-up comments with their consent. Users receive a confirmation email to verify ownership of the entered email address. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will include information on revocation options. For the purpose of proving user consent, we store the registration time along with the users' IP addresses and delete this information when users unsubscribe from the subscription.

    You can cancel the receipt of our subscription at any time, i.e., revoke your consent. We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to prove a previously given consent. The processing of this data is limited to the purpose of potential defense against claims. Individual deletion requests are possible at any time, provided that the former existence of consent is confirmed; Legal basis: Consent (Art. 6(1)(a) GDPR).

  • Contact and Inquiry Management:

    When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within existing user and business relationships, the information of the inquiring individuals is processed as far as necessary to respond to contact inquiries and any requested measures.

    • Processed Data Types: Contact Data (e.g., email, phone numbers); Content Data (e.g., inputs in online forms); Usage Data (e.g., visited websites, interest in content, access times); Meta-, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
    • Data Subjects: Communication Partners.
    • Purposes of Processing: Contact inquiries and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness.
    • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Contact Form:

    When users contact us via our contact form, email, or other communication channels, we process the data provided in this context to handle the stated inquiry; Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Push Notifications

With the users' consent, we can send users so-called "Push Notifications." These are messages displayed on users' screens, devices, or browsers, even when our online service is not actively being used.

To subscribe to push notifications, users must confirm the browser or device prompt to receive push notifications. This consent process is documented and stored. Storage is necessary to determine whether users have agreed to receive push notifications and to provide evidence of consent. For these purposes, a pseudonymous identifier of the browser (so-called "Push Token") or the device ID of an end device is stored.

Push notifications may be necessary for the fulfillment of contractual obligations (e.g., relevant technical and organizational information for using our online service)

  • Processed Data Types: Usage Data (e.g., visited websites, interest in content); Meta-, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers).

  • Data Subjects: Communication Partners.

  • Purposes of Processing: Provision of our online offering and user-friendliness.

  • Legal Bases: Consent (Art. 6(1)(a) GDPR). Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "Newsletters") only with the consent of the recipients or legal permission. If the contents of a newsletter are specifically described during registration, they are decisive for the user's consent. In addition, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name, for personal address in the newsletter, or additional information if necessary for the purposes of the newsletter.

Double Opt-In Process: The registration for our newsletter generally takes place in a so-called double opt-in process. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with other people's email addresses. Newsletter registrations are logged to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the sending service provider are also logged.

Deletion and Restriction of Processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to prove a previously given consent. The processing of this data is limited to the purpose of potential defense against claims. Individual deletion requests are possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently observe contradictions, we reserve the right to store the email address solely for this purpose in a blocking list ("blocklist").

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper course. If we commission a service provider with the sending of emails, this is done based on our legitimate interests in an efficient and secure dispatch system.

Contents:

Information about us, our services, promotions, and offers.

  • Processed Data Types: Inventory Data (e.g., names, addresses); Contact Data (e.g., email, phone numbers); Meta-, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status); Usage Data (e.g., visited websites, interest in content, access times).

  • Data Subjects: Communication Partners.

  • Purposes of Processing: Direct marketing (e.g., by email or postal).

  • Legal Bases: Consent (Art. 6(1)(a) GDPR).

  • Opt-Out Possibility: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent, or object to further receipt. You can find a link to unsubscribe from the newsletter either at the end of each newsletter or use any of the contact options provided above, preferably email.

Further Notes on Processing Procedures, Methods, and Services:

Measurement of Open and Click Rates:

The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server upon opening the newsletter, or, if we use a mailing service provider, from their server. In the course of this retrieval, technical information such as browser information and your system, as well as your IP address and the time of retrieval, is initially collected.

These pieces of information are used for the technical improvement of our newsletter based on technical data or target groups and their reading behavior, determined by their retrieval locations (identifiable using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until their deletion. The evaluations help us recognize user reading habits and adapt our content to them or send different content based on the interests of our users.

Advertising Communication via Email, Post, Fax, or Telephone

We process personal data for the purpose of advertising communication through various channels, such as email, telephone, post, or fax, in accordance with legal requirements.

Recipients have the right to revoke given consents at any time or to object to advertising communication at any time.

After revocation or objection, we store the data required to prove the previous authorization for contact or sending for up to three years after the end of the year of revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of potential defense against claims. Based on the legitimate interest in permanently observing the users' revocation or objection, we also store the data required to avoid further contact (e.g., depending on the communication channel, the email address, telephone number, name).

  • Processed Data Types: Inventory Data (e.g., names, addresses); Contact Data (e.g., email, phone numbers).
  • Data Subjects: Communication Partners.
  • Purposes of Processing: Direct marketing (e.g., by email or postal).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "Newsletter") only with the consent of the recipients or legal permission. If the contents of the newsletter are specifically described during the registration, they are decisive for the users' consent. Furthermore, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal addressing in the newsletter or additional information if necessary for the purposes of the newsletter.

Double-Opt-In Procedure: The registration for our newsletter generally follows a so-called Double-Opt-In procedure. In other words, after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with third-party email addresses. Newsletter registrations are logged to demonstrate compliance with legal requirements. This includes storing the registration and confirmation timestamp as well as the IP address. Changes to your data stored by the mailing service provider are also logged.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove a previously given consent. The processing of this data is limited to the purpose of potential defense against claims. Individual deletion requests are possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently consider objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper course. If we commission a service provider for the dispatch of emails, this is done based on our legitimate interests in an efficient and secure delivery system.

Contents: Information about us, our services, promotions, and offers.

  • Processed Data Types: Inventory Data (e.g., names, addresses); Contact Data (e.g., email, phone numbers); Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status); Usage Data (e.g., visited websites, interest in content, access times).
  • Data Subjects: Communication Partners.
  • Purposes of Processing: Direct Marketing (e.g., by email or postal).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR).
  • Opt-Out Option: You can cancel the receipt of our newsletter at any time, i.e., revoke your consents or object to further receipt. A link to unsubscribe from the newsletter can be found either at the end of each newsletter or you can use one of the contact options provided above, preferably by email.

Further Notes on Processing Procedures, Methods, and Services:

Measurement of Open and Click Rates: The newsletters include a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server or, if we use a mailing service provider, from their server when the newsletter is opened. In the course of this retrieval, technical information such as browser and system details, as well as your IP address and the time of retrieval, are initially collected.

These pieces of information are used for the technical improvement of our newsletter based on technical data or the target audience and their reading behavior, depending on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. These pieces of information are assigned to individual newsletter recipients and stored in their profiles until deletion. The evaluations help us recognize the reading habits of our users and tailor our content to them or send different content based on the interests of our users.

Advertising Communication via Email, Post, Fax, or Phone

We process personal data for the purpose of advertising communication, which can take place through various channels such as email, phone, post, or fax, in accordance with legal requirements.

Recipients have the right to revoke granted consents at any time or to object to advertising communication at any time.

After revocation or objection, we store the data required to prove the previous authorization for contacting or sending information for up to three years after the end of the year of revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of potential defense against claims. Based on the legitimate interest of permanently considering user revocations or objections, we also store the data required to prevent renewed contact (e.g., email address, phone number, name, depending on the communication channel).

  • Processed Data Types: Inventory Data (e.g., names, addresses); Contact Data (e.g., email, phone numbers).
  • Data Subjects: Communication Partners.
  • Purposes of Processing: Direct Marketing (e.g., by email or postal).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR). Legitimate Interests (Art. 6(1)(f) GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as "reach measurement") is used to evaluate the visitor flows of our online offering and may include pseudonymous values such as behavior, interests, or demographic information about visitors, such as age or gender. Through reach analysis, we can identify, for example, the times when our online offering or its functions or content are most frequently used or invite reuse. We can also determine which areas require optimization.

In addition to web analysis, we may use test procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e., data combined for a usage process, may be created and information stored in a browser or on an end device for these purposes and retrieved from it. The collected information includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data to us or the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, clear data of users (such as email addresses or names) is not stored in the context of web analysis, A/B testing, and optimization, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users but only the information stored in their profiles for the purposes of the respective procedures.

  • Processed Data Types: Usage Data (e.g., visited websites, interest in content, access times); Meta, Communication, and Process Data (e.g., IP addresses, time stamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Reach Measurement (e.g., access statistics, recognition of recurring visitors); Profiles with user-related information (creation of user profiles).
  • Security Measures: IP Masking (Pseudonymization of the IP address).

Online Marketing

We process personal data for the purposes of online marketing, including the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on potential user interests and measuring their effectiveness.

For these purposes, user profiles are created and stored in a file (a so-called "cookie") or similar procedures are used to store information about the user that is relevant for the display of the aforementioned content. This information may include viewed content, visited websites, used online networks, as well as communication partners and technical details such as the browser used, the computer system used, and information about usage times and functions used. If users have consented to the collection of their location data, this data may also be processed.

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, clear data of users (such as email addresses or names) is not stored in the context of online marketing procedures, but pseudonyms. This means that we and the providers of the online marketing procedures do not know the actual identity of the users but only the information stored in their profiles.

The information in the profiles is usually stored in cookies or similar procedures. These cookies can generally also be read and supplemented with additional data for the purpose of displaying content on other websites that use the same online marketing procedure, and can be analyzed, as well as stored on the server of the online marketing procedure provider.

Exceptionally, clear data may be assigned to the profiles. This is the case, for example, if users are members of a social network whose online marketing procedures we use, and the network links the profiles of users with the information mentioned above. Please note that users may make additional agreements with the providers, e.g., by giving consent as part of the registration.

In general, we only have access to aggregated information about the success of our advertisements. However, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us, as part of so-called conversion measurements. The conversion measurement is used solely for the analysis of the success of our marketing measures.

Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

  • Processed Data Types: Usage Data (e.g., visited websites, interest in content, access times); Meta, Communication, and Process Data (e.g., IP addresses, time stamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Reach Measurement (e.g., access statistics, recognition of recurring visitors); Tracking (e.g., interest/behavior-based profiling, use of cookies); Marketing; Profiles with user-related information (creation of user profiles). Conversion Measurement (measurement of the effectiveness of marketing measures).
  • Security Measures: IP Masking (Pseudonymization of the IP address).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR). Legitimate Interests (Art. 6(1)(f) GDPR).
  • Opt-Out Option: We refer to the privacy policies of the respective providers and the opt-out options indicated for the providers (so-called "opt-out"). If no explicit opt-out option has been indicated, there is the possibility to

Additional Information on Processing Processes, Procedures, and Services:

  • Google Ads and Conversion Measurement:

    • Online marketing procedures for placing content and ads within the service provider's advertising network (e.g., in search results, in videos, on websites, etc.), so that they are displayed to users who have a presumed interest in the ads. We also measure the conversion of ads, i.e., whether users have taken the opportunity to interact with the ads and use the advertised offers (so-called Conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1)(a) GDPR), Legitimate Interests (Art. 6(1)(f) GDPR); Website: Google Marketing Platform; Privacy Policy: Google Privacy Policies; Legal basis for data transfer to third countries: EU-US Data Privacy Framework (DPF); Further information: Types of processing and processed data: Google Ads Services. Data processing conditions between controllers and standard contractual clauses for third-country data transfers: Google Ads Controller Terms.

  • Google Adsense with Personalized Ads:

    • We use the Google Adsense service with personalized ads to display ads within our online offering and receive compensation for their display or other use; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: Google Marketing Platform; Privacy Policy: Google Privacy Policies; Legal basis for data transfer to third countries: EU-US Data Privacy Framework (DPF); Further information: Types of processing and processed data: Google Ads Services. Data processing conditions for Google advertising products: Information on services and data processing conditions between controllers and standard contractual clauses for third-country data transfers: Google Ads Controller Terms.

  • Google Adsense with Non-Personalized Ads:

    • We use the Google Adsense service with non-personalized ads to display ads within our online offering and receive compensation for their display or other use; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: Google Marketing Platform; Privacy Policy: Google Privacy Policies; Legal basis for data transfer to third countries: EU-US Data Privacy Framework (DPF); Further information: Types of processing and processed data: Google Ads Services. Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: Google Ads Controller Terms.

Social Media Presence

We maintain online presences within social networks and process user data in this context to communicate with active users or to provide information about us.

Please note that user data may be processed outside the European Union in this context. This may pose risks for users, as the enforcement of user rights, for example, could be more challenging.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and resulting interests. These usage profiles can, in turn, be used to display advertisements within and outside the networks that presumably correspond to the interests of users. For these purposes, cookies are usually stored on users' computers, in which user behavior and interests are stored. In addition, data can be stored in usage profiles independently of the devices used by users (especially if users are members of the respective platforms and are logged in).

For a detailed presentation of the respective processing methods and options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

In the case of information requests and the exercise of data subject rights, we also point out that these can be most effectively asserted with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need assistance, you can contact us.

  • Processed Data Types: Contact Data (e.g., email, phone numbers); Content Data (e.g., entries in online forms); Usage Data (e.g., visited websites, interest in content, access times); Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Contact inquiries and communication; Feedback (e.g., collecting feedback via online form); Marketing.
  • Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

  • Instagram:

    • Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate Interests (Art. 6(1)(f) GDPR); Website: Instagram; Privacy Policy: Instagram Privacy Policies.

  • LinkedIn:

    • Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate Interests (Art. 6(1)(f) GDPR); Website: LinkedIn; Privacy Policy: LinkedIn Privacy Policy; Legal basis for data transfer to third countries: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (LinkedIn DPA); Opt-out option: LinkedIn Ad Settings; Additional Information: We, together with LinkedIn Ireland Unlimited Company, are responsible for collecting data of visitors for the purpose of creating "Page Insights" (statistics) of our LinkedIn profiles. For detailed information on user data processing by LinkedIn, refer to LinkedIn's Privacy Policy: LinkedIn Privacy Policy. We have a specific agreement with LinkedIn Ireland, "Page Insights Joint Controller Addendum," which outlines security measures and LinkedIn's commitment to fulfilling data subject rights.

  • TikTok:

    • Social network / Video platform; Service providers: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal basis: Legitimate Interests (Art. 6(1)(f) GDPR); Website: TikTok; Privacy Policy: TikTok Privacy Policy.

  • Twitter:

    • Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate Interests (Art. 6(1)(f) GDPR); Privacy Policy: Twitter Privacy Policy (Settings: Twitter Personalization).

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offering, obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may include graphics, videos, or maps (hereinafter uniformly referred to as "content").

The integration always requires that the IP address of users be processed by the third-party providers, as they could not send the content to their browser without the IP address. The IP address is thus necessary for the presentation of this content or functions. We strive to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. "Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users' devices and may include technical information about the browser and operating system, referring websites, visit times, as well as other information about the use of our online offering, possibly linked with such information from other sources.

  • Processed Data Types: Usage Data (e.g., visited websites, interest in content, access times); Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness.
  • Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

  • Google Fonts (Retrieval from Google Server):
    • Retrieval of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols concerning freshness and loading times, their uniform representation, and consideration of possible license restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be provided to the user's browser. In addition, technical data (language settings, screen resolution, operating system, used hardware) are transmitted, which are necessary for providing fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA. When users visit our online offering, their browser sends HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, describing the browser and operating system versions of the website visitors, as well as the referrer URL (i.e., the website on which the Google font should be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families that the user wants to load. This data is logged so that Google can determine how often a particular font family is requested. The Google Fonts Web API requires the user agent to customize the font generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts "Analytics" page. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations can be generated based on the number of font requests. Google, according to its own information, does not use any of the information collected by Google Fonts to create profiles of end users or to display targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate Interests (Art. 6(1)(f) GDPR); Website: Google Fonts; Privacy Policy: Google Privacy Policies; Legal basis for data transfer to third countries: EU-US Data Privacy Framework (DPF); Further information: Google Fonts FAQ on Privacy.

Amendment and Update of the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or individual notification. If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time, and we ask you to verify the information before contacting them.