Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

As of June 27, 2023

Table of Contents

- preamble

- Responsible

- Overview of processing activities

- Relevant legal bases

- Security measures

- Transfer of personal data

- International data transfers

- Use of cookies

- Business services

- Suppliers and services used in the course of business activities

- Provision of the online service and web hosting

- Registration, login and user account

- Single sign-on login

- Blogs and publication media

- Contact and inquiry management

- Chatbots and chat functions

- Video conferences, online meetings, webinars and screen sharing

- Application process

- Cloud services

- Newsletters and electronic notifications

- Advertising communication via email, post, fax or telephone

- Web analytics, monitoring and optimization

- Online marketing

- Customer reviews and rating procedures

- Presences in social networks (social media)

- Plugins and embedded functions as well as content

- Management, organization and support tools

- Changes and updates to the privacy policy

Responsible

BUILD A ROCKET GmbH

Grüner Weg 10

50825 Cologne

Managing Directors: Alexander Albrecht, Tobias Heim

E-mail address:

hello@buildarocket.com

Imprint:

https://buildarocket.com/en/imprint

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. Furthermore, should more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Application process as a pre-contractual or contractual relationship (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data, such as severe disability or ethnic origin) are requested from applicants during the application process so that the controller or the data subject can exercise their rights and fulfill their obligations under employment law and social security and social protection law, their processing is carried out in accordance with Art. 9 para. 2 lit. b GDPR, in the case of protecting the vital interests of the applicants or other persons in accordance with Art. 9 para. 2 lit. c GDPR, or for purposes of preventive or occupational medicine, for assessing the employee's fitness for work, for medical diagnosis, the provision of health or social care or treatment, or for the management of health or social care systems and services in accordance with Art. 9 para. 2 lit. h GDPR. In the case of the disclosure of special categories of data based on voluntary consent, their processing is carried out on the basis of Art. 9 para. 2 lit. a. GDPR.

National data protection regulations in Germany: In addition to the GDPR data protection regulations, national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains specific provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may also apply.

Notice regarding the applicability of the GDPR and the Swiss Federal Act on Data Protection (FADP): This privacy notice serves to provide information in accordance with both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). Therefore, please note that, due to broader geographical applicability and clarity, the GDPR terms have been replaced with Swiss terms. In particular, instead of the GDPR terms "processing" of "personal data" (or simply "data") and "legitimate interest," the Swiss FADP terms "processing" of "personal data" and "overriding interest" are used. However, the legal meaning of these terms remains governed by the Swiss FADP.

Overview of processing activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of data processed

Inventory data.

Payment details.

Contact details.

Content data.

Contract details.

Usage data.

Metadata, communication data and process data.

Applicant data.

Image and/or video recordings.

Categories of affected persons

Customers.

Employees

Interested parties.

Communication partner.

Users.

Applicants.

Business and contractual partners.

People pictured.

Purposes of processing

Provision of contractual services and customer service.

Contact requests and communication.

Security measures.

Direct marketing.

Range measurement.

Tracking.

Office and organizational procedures.

Remarketing.

Conversion measurement.

Click tracking.

Target group definition.

Managing and responding to inquiries.

Application process.

Feedback.

Marketing.

Profiles containing user-related information.

Registration procedure.

Provision of our online services and user-friendliness.

Information technology infrastructure.

Security measures

In accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, transfer of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

IP address truncation: If IP addresses are processed by us or by the service providers and technologies we use, and processing a full IP address is not necessary, the IP address is truncated (also known as "IP masking"). This involves removing the last two digits, or the last part of the IP address after a period, or replacing them with placeholders. The purpose of truncating the IP address is to prevent or significantly hinder the identification of a person based on their IP address.

TLS encryption (https): To protect the data you transmit via our online service, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in your browser's address bar.

Transfer of personal data

As part of our processing of personal data, it may be necessary to transfer or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

Data transfer within the corporate group: We may transfer personal data to other companies within our corporate group or grant them access to this data. If this transfer is for administrative purposes, it is based on our legitimate business interests, is necessary for the fulfillment of our contractual obligations, or is permitted by law.

Data transfer within the organization: We may transfer personal data to other entities within our organization or grant them access to this data. If this transfer is for administrative purposes, it is based on our legitimate business interests, is necessary for the performance of our contractual obligations, or is permitted by law.

International data transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if processing takes place in the context of using third-party services or disclosing or transferring data to other persons, bodies or companies, this will only be done in accordance with legal requirements.

Subject to explicit consent or where transfer is required by contract or law, we only process or have data processed in third countries with a recognized level of data protection, contractual obligations through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Articles 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Use of cookies

Cookies are small text files or other storage markers that store information on and read information from end devices. For example, they can be used to save login status in a user account, shopping cart contents in an online store, accessed content, or used functions of an online service. Cookies can also be used for various other purposes, such as improving the functionality, security, and user-friendliness of online services, as well as analyzing visitor traffic.

Information on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless legally required. In particular, consent is not necessary if the storage and reading of information, including cookies, is strictly necessary to provide users with a telemedia service (i.e., our online service) they have expressly requested. Strictly necessary cookies generally include those with functions that serve the display and operation of the online service, load balancing, security, the storage of user preferences and choices, or similar purposes related to providing the main and secondary functions of the online service requested by the user. The revocable consent is clearly communicated to users and includes information on the respective cookie usage.

Information on the legal basis for data protection: The legal basis for processing users' personal data using cookies depends on whether we request user consent. If users consent, the legal basis for processing their data is their explicit consent. Otherwise, data processed using cookies is processed based on our legitimate interests (e.g., in the efficient operation of our online services and improving their usability) or, if this occurs within the scope of fulfilling our contractual obligations, if the use of cookies is necessary to meet our contractual obligations. We explain the purposes for which we process cookies in this privacy policy or within the framework of our consent and processing procedures.

Storage duration: The following types of cookies are distinguished with regard to storage duration:

Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).

Persistent cookies: Persistent cookies remain stored even after the user closes their device. This allows, for example, login status to be saved or preferred content to be displayed directly when the user revisits a website. Similarly, user data collected using cookies can be used for audience measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are persistent and can be stored for up to two years.

General information on revocation and objection (so-called "opt-out"): Users can revoke their consent at any time and object to processing in accordance with legal requirements. To do this, users can, among other things, restrict the use of cookies in their browser settings (although this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ .

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). reCAPTCHA is used to verify whether data entered on our websites (e.g., in a contact form) is entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g., IP address, the website visitor's time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analysis runs entirely in the background. Website visitors are not notified that an analysis is taking place.

Data processing is carried out on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web services from abusive automated data scraping and spam.

Further information about Google reCAPTCHA and Google's privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing procedures, methods and services:

Processing of cookie data based on consent: We use a cookie consent management process to obtain, manage, and revoke user consent for the use of cookies and the processing activities and providers mentioned within the cookie consent management process. The consent declaration is stored to avoid having to request it again and to be able to demonstrate consent in accordance with legal requirements. Storage can be server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to assign consent to a user or their device. Subject to individual information regarding the providers of cookie management services, the following applies: The storage period for consent can be up to two years. A pseudonymous user identifier is created and stored along with the time of consent, information on the scope of consent (e.g., which categories of cookies and/or service providers), and the browser, operating system, and device used. Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Business services

We process data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as "contractual partners") within the framework of contractual and similar legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractually), e.g. to answer inquiries.

We process this data to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations, and remedying warranty claims and other service disruptions. Furthermore, we process the data to protect our rights and for the purposes of the administrative tasks associated with these obligations, as well as for company organization. We also process the data based on our legitimate interests in proper and efficient business management and security measures to protect our contractual partners and our business operations from misuse, compromise of their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other support services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of applicable law, we only disclose contractual partner data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about other forms of processing, e.g., for marketing purposes, within the framework of this privacy policy.

We will inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special markings (e.g. colors) or symbols (e.g. stars or similar), or personally.

We delete data after the expiry of statutory warranty periods and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, for example, as long as it must be retained for legal archiving purposes. The statutory retention period is ten years for tax-relevant documents, as well as for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions necessary for understanding these documents, and other organizational documents and accounting records. For received commercial and business correspondence and copies of sent commercial and business correspondence, the retention period is six years. This period begins at the end of the calendar year in which the last entry was made in the book, the inventory, opening balance sheet, annual financial statement, or management report was prepared, the commercial or business correspondence was received or sent, the accounting record was created, the record was made, or the other documents were created.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply to the relationship between users and the providers.

Types of data processed: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email addresses, telephone numbers); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., websites visited, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).

Affected persons: Customers; prospective customers; business and contractual partners.

Purposes of processing: Provision of contractual services and customer service; security measures; contact requests and communication; office and organizational procedures; administration and answering of inquiries.

Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Customer Account: Customers can create an account within our online service (e.g., customer or user account, hereinafter referred to as "customer account"). If registration of a customer account is required, customers will be informed of this, as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration, as well as subsequent logins and use of the customer account, we store the customers' IP addresses along with the access times in order to prove registration and prevent any misuse of the customer account. If the customer account has been terminated, the customer account data will be deleted after the termination date, unless it is retained for purposes other than providing the customer account or must be retained for legal reasons (e.g., internal storage of customer data, order processes, or invoices). It is the customers' responsibility to back up their data when terminating their customer account; legal basis: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Agency services: We process our clients' data within the scope of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services; legal basis: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Suppliers and services used in the course of business activities

In the course of our business activities, we use additional services, platforms, interfaces, or plug-ins from third-party providers (hereinafter referred to as "Services") in compliance with legal requirements. Their use is based on our legitimate interest in the proper, lawful, and efficient management of our business operations and internal organization.

Affected persons: Customers; prospective customers; users (e.g. website visitors, users of online services); business and contractual partners.

Purposes of processing: Provision of contractual services and customer service; office and organizational procedures.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Lexoffice: Online software for invoicing, accounting, banking, and tax filing with document storage; Service provider: Haufe Service Center GmbH, Munzinger Straße 9, 79111 Freiburg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.lexoffice.de ; Privacy policy: https://www.lexoffice.de/datenschutz/ ; Data processing agreement: https://www.lexoffice.de/auftragsverarbeitung/

Provision of the online service and web hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Types of data processed: Usage data (e.g., websites visited, interest in content, access times); meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); content data (e.g., entries in online forms).

Affected persons: Users (e.g., website visitors, users of online services); business and contractual partners.

Purposes of processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); Security measures.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Collection of Access Data and Log Files: Access to our online services is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, so-called DDoS attacks), and to ensure server capacity and stability. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.

Email sending and hosting: The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the addresses of the recipients and senders, as well as other information relating to email transmission (e.g., the providers involved) and the content of the respective emails, are processed. The aforementioned data may also be processed for spam detection purposes. Please note that emails are generally not encrypted when sent over the internet. While emails are usually encrypted during transmission, they are not encrypted on the servers from which they are sent and received (unless end-to-end encryption is used). We therefore cannot assume any responsibility for the transmission of emails between the sender and their receipt on our server. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Content Delivery Network: We use a Content Delivery Network (CDN). A CDN is a service that enables the faster and more secure delivery of online content, especially large media files such as graphics or program scripts, using regionally distributed servers connected via the internet; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Amazon Web Services (AWS): Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://aws.amazon.com/de/ ; Privacy policy: https://aws.amazon.com/de/privacy/ ; Data processing agreement: https://aws.amazon.com/de/compliance/gdpr-center/ ; Standard contractual clauses (ensuring a level of data protection when processing in third countries): Incorporated into the data processing agreement.

KeyCDN: Content Delivery Network (CDN) – a service that enables faster and more secure delivery of online content, especially large media files such as graphics or program scripts, using regionally distributed servers connected via the internet; Service provider: proinity LLC, Reichenauweg 1, 8272 Ermatingen, Switzerland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.keycdn.com/ ; Privacy policy: https://www.keycdn.com/privacy ; Further information: https://www.keycdn.com/gdpr .

Registration, login and user account

Users can create a user account. During registration, users are informed of the required mandatory information, which is processed for the purpose of providing the user account based on contractual obligations. The processed data includes, in particular, login information (username, password, and email address).

When you use our registration and login functions, as well as your user account, we store your IP address and the time of each action. This storage is based on our legitimate interests, as well as those of our users, in protection against misuse and other unauthorized use. We do not generally share this data with third parties unless it is necessary to pursue our legal claims or we are legally obligated to do so.

Users can be informed via email about processes relevant to their user account, such as technical changes.

Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. email addresses, telephone numbers); content data (e.g. entries in online forms); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).

Affected persons: Users (e.g., website visitors, users of online services).

Purposes of processing: Provision of contractual services and customer service; security measures; administration and response to inquiries; provision of our online services and user-friendliness.

Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

User profiles are not public: User profiles are not publicly visible or accessible.

Two-factor authentication: Two-factor authentication provides an additional layer of security for your user account and ensures that only you can access your account, even if someone else knows your password. For this purpose, you must perform an additional authentication measure besides your password (e.g., entering a code sent to a mobile device). We will inform you about the procedure we use; legal basis: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Single sign-on login

Single sign-on (SSO) refers to methods that allow users to log in to our online services using a single user account with a SSO provider (e.g., a social network). SSO authentication requires that users are registered with the respective SSO provider and enter the necessary login credentials in the designated online form, or are already logged in to the SSO provider and confirm the SSO login via a button.

Authentication takes place directly with the respective single sign-on provider. During this authentication process, we receive a user ID indicating that the user is logged in to the respective single sign-on provider under this user ID, and a unique ID (so-called "user handle") that we cannot use for any other purpose. Whether additional data is transmitted to us depends solely on the single sign-on method used, the data sharing settings chosen during authentication, and the data users have authorized in their privacy or other account settings with the single sign-on provider. Depending on the single sign-on provider and the user's choices, this data may vary, but it typically includes the email address and username. The password entered during the single sign-on process with the single sign-on provider is neither visible to us nor stored by us.

Users are asked to note that while their data stored with us can be automatically synchronized with their user account at the single sign-on provider, this is not always possible or actually occurs. For example, if users' email addresses change, they must update them manually in their user account with us.

We may use single sign-on registration, if agreed with the users, within the scope of or before the fulfillment of the contract, provided the users have been asked to do so, process it within the scope of consent, and otherwise use it on the basis of our legitimate interests and the interests of the users in an effective and secure registration system.

Should users decide they no longer wish to use their account linked to the single sign-on provider for the single sign-on process, they must disconnect this link within their account with the single sign-on provider. If users wish to delete their data with us, they must cancel their registration with us.

Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).

Affected persons: Users (e.g., website visitors, users of online services).

Purposes of processing: Provision of contractual services and customer service; security measures; registration procedures.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Google Single Sign-On: Authentication service; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.google.de ; Privacy policy: https://policies.google.com/privacy ; Opt-out option: Settings for displaying advertisements: https://adssettings.google.com/authenticated .

Twitch: Chats and live streams; Service provider: Twitch Interactive, Inc., 350 Bush Street, 2nd Floor, San Francisco, CA 94104, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.twitch.tv/ ; Privacy policy: https://www.twitch.tv/p/de-de/legal/privacy-notice/ .

Blogs and publication media

We use blogs or similar online communication and publication tools (hereinafter referred to as "publication medium"). Reader data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers, or for security reasons. For further information regarding the processing of visitor data to our publication medium, please refer to the privacy policy.

Types of data processed: Inventory data (e.g., names, addresses); contact data (e.g., email addresses, telephone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).

Affected persons: Users (e.g., website visitors, users of online services).

Purposes of processing: Provision of contractual services and customer service; feedback (e.g. collecting feedback via online form); provision of our online services and user-friendliness.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Contact and inquiry management

When you contact us (e.g. by post, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the information of the requesting persons is processed to the extent necessary to answer the contact requests and any requested measures.

Types of data processed: Contact data (e.g., email addresses, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).

Affected persons: Communication partners.

Purposes of processing: Contact requests and communication; administration and response to inquiries; feedback (e.g. collecting feedback via online form); provision of our online services and user-friendliness.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing procedures, methods and services:

Contact form: When users contact us via our contact form, email or other communication channels, we process the data provided to us in this context to handle the communicated request; legal bases: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Zoho CRM: Customer management as well as process and sales support with personalized customer service and multi-channel communication, i.e., management of customer inquiries from various channels, as well as analysis and feedback functions; Service provider: Zoho Corporation GmbH, Trinkausstr. 7, 40213 Düsseldorf, Germany; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.zoho.com/de/crm/ ; Privacy policy: https://www.zoho.com/de/privacy.html?lb=de ; Standard contractual clauses (guaranteeing a level of data protection when processing in third countries): https://www.zoho.com/privacy/dpa/DPA_zoho_eu.pdf .

Chatbots and chat functions

We offer online chat and chatbot functions as communication options (collectively referred to as "chat services"). A chat is a real-time online conversation. A chatbot is software that answers user questions or informs them via messages. When you use our chat functions, we may process your personal data.

If you use our chat services within an online platform, your identification number will also be stored within that platform. We may also collect information about which users interact with our chat services and when. Furthermore, we store the content of your conversations via the chat services and log registration and consent processes in order to be able to provide proof of compliance with legal requirements.

We would like to inform users that the respective platform provider may be able to determine whether and when users communicate with our chat services, as well as collect technical information about the user's device and, depending on their device settings, location information (so-called metadata) for the purposes of optimizing the respective services and for security purposes. Furthermore, the metadata of communication via chat services (i.e., information about who communicated with whom) may be used by the respective platform providers for marketing purposes or to display personalized advertising, in accordance with their terms and conditions, which we refer to for further information.

If users opt in to receive regular messages from a chatbot, they can unsubscribe at any time. The chatbot will guide users through the process of unsubscribing and the necessary terms. Unsubscribing from chatbot messages will delete the user's data from the message recipient list.

We use the aforementioned information to operate our chat services, e.g., to address users personally, to answer their inquiries, to deliver any requested content, and also to improve our chat services (e.g., to "teach" chatbots answers to frequently asked questions or to identify unanswered inquiries).

Legal basis: We use chat services based on consent, meaning we have previously obtained permission from users to process their data within the context of our chat services (this applies to cases where users are asked for their consent, e.g., so that a chatbot can send them regular messages). If we use chat services to answer user inquiries about our services or our company, this is done for contractual and pre-contractual communication purposes. Furthermore, we use chat services based on our legitimate interests in optimizing the chat services, their operational efficiency, and improving the user experience.

Revocation, objection and deletion: You can revoke your consent at any time or object to the processing of your data within the scope of our chat services.

Affected persons: Communication partners.

Purposes of processing: Contact requests and communication; direct marketing (e.g. by email or post).

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Discord: Chat, audio and video transmissions, instant messaging and community management; Service provider: Discord, Inc., 444 De Haro St, Suite 200, San Francisco, California 94107, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://discordapp.com/ ; Privacy policy: https://discordapp.com/privacy .

Video conferences, online meetings, webinars and screen sharing

We use third-party platforms and applications (hereinafter referred to as “conference platforms”) for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as “conferences”). We comply with legal requirements when selecting conference platforms and their services.

Data processed by conference platforms: When participating in a conference, the conference platforms process the following personal data of the participants. The scope of processing depends, firstly, on which data is required for a specific conference (e.g., providing access data or full names) and, secondly, on which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, the conference platforms may also process participant data for security purposes or service optimization. The processed data includes personal data (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the internet connection, information on the participants' devices, their operating system, browser and its technical and language settings, information on the content of the communication processes, i.e., entries in chats as well as audio and video data, and the use of other available functions (e.g., surveys). The content of the communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users on the conference platforms, further data may be processed in accordance with the agreement with the respective conference provider.

Logging and recording: If text entries, participation results (e.g., from surveys), and video or audio recordings are logged, participants will be informed transparently in advance and asked for their consent if necessary.

Participant data protection measures: Please refer to the privacy policies of the conference platforms for details on how your data is processed and select the optimal security and privacy settings within the platform's settings. Furthermore, please ensure data and privacy protection in the background of your recording for the duration of the video conference (e.g., by informing roommates, locking doors, and using the background blur function where technically possible). Links to the conference rooms and access data must not be shared with unauthorized third parties.

Legal basis for processing: If, in addition to the conference platforms, we also process user data and request users' consent to the use of the conference platforms or specific functions (e.g., consent to conference recordings), the legal basis for processing is this consent. Furthermore, our processing may be necessary for the performance of our contractual obligations (e.g., in participant lists, in the case of processing meeting results, etc.). Otherwise, user data is processed based on our legitimate interests in efficient and secure communication with our communication partners.

Affected persons: Communication partners; users (e.g., website visitors, users of online services); persons depicted.

Purposes of processing: Provision of contractual services and customer service; contact requests and communication; office and organizational procedures.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Microsoft Teams: Conference and communication software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.microsoft.com/de-de/microsoft-365 ; Privacy statement: https://privacy.microsoft.com/de-de/privacystatement , Security information: https://www.microsoft.com/de-de/trustcenter ; Standard contractual clauses (guaranteeing a level of data protection when processing in third countries): https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA .

Application process

The application process requires applicants to provide us with the data necessary for their assessment and selection. The required information is specified in the job description or, in the case of online forms, in the information provided there.

Generally, the required information includes personal details such as name, address, contact information, and proof of qualifications necessary for the position. We will gladly provide further details upon request.

If available, applicants can submit their applications to us using an online form. The data is transmitted to us using state-of-the-art encryption. Applicants can also submit their applications via email. However, please note that emails are generally not encrypted when sent over the internet. While emails are usually encrypted during transmission, they are not encrypted on the servers from which they are sent and received. Therefore, we cannot assume any responsibility for the security of the application during transmission between the sender and its receipt on our server.

For the purposes of candidate sourcing, application submission and candidate selection, we may, in compliance with legal requirements, use applicant management or recruitment software and platforms and services from third-party providers.

Applicants are welcome to contact us regarding the method of submitting their application or to send us their application by post.

Processing of special categories of data: Insofar as special categories of personal data (Art. 9 para. 1 GDPR, e.g., health data such as disability status or ethnic origin) are requested from applicants during the application process, their processing is carried out so that the controller or the data subject can exercise their rights and fulfill their obligations under employment law and social security and social protection law, in the case of the protection of the vital interests of the applicants or other persons, or for the purposes of preventive or occupational medicine, for the assessment of the employee's fitness for work, for medical diagnosis, for the provision of health or social care or treatment, or for the management of health or social care systems and services (Art. 9 para. 2 lit. b), c) and h) GDPR).

Data Deletion: If an application is successful, the data provided by applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Subject to a legitimate objection from the applicant, deletion will take place no later than six months after the application date. This allows us to answer any follow-up questions regarding the application and to comply with our obligations under the regulations on equal treatment of applicants. Invoices for any travel expense reimbursements will be archived in accordance with tax regulations.

Inclusion in a talent pool: Inclusion in a talent pool, if offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the ongoing application process, and that they can withdraw their consent at any time for the future.

Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. email addresses, telephone numbers); content data (e.g. entries in online forms); applicant data (e.g. personal details, postal and contact addresses, application documents and the information contained therein, such as cover letters, CVs, certificates, and other information relating to a specific position or voluntarily provided by applicants regarding their person or qualifications).

Affected persons: Applicants.

Purposes of processing: Application process (establishment and any subsequent implementation as well as possible subsequent termination of the employment relationship).

Legal basis: Application process as a pre-contractual or contractual relationship (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Cloud services

We use software services accessible via the Internet and running on the servers of their providers (so-called "cloud services", also referred to as "Software as a Service") for storing and managing content (e.g. document storage and management, exchange of documents, content and information with specific recipients or publication of content and information).

Within this framework, personal data may be processed and stored on the providers' servers, insofar as this data is part of communication processes with us or is otherwise processed by us as set out in this privacy policy. This data may include, in particular, master data and contact details of users, data relating to transactions, contracts, other processes, and their content. The cloud service providers also process usage data and metadata, which they use for security purposes and service optimization.

If we provide forms, documents, and content to other users or publicly accessible websites using cloud services, the providers may store cookies on users' devices for web analytics purposes or to remember user settings (e.g., in the case of media control).

Types of data processed: Inventory data (e.g., names, addresses); Contact data (e.g., email addresses, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Image and/or video recordings (e.g., photographs or video recordings of a person).

Affected persons: Customers; employees (e.g., current employees, applicants, former employees); prospective customers; communication partners.

Purposes of processing: Office and organizational procedures; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); provision of contractual services and customer service.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Adobe Creative Cloud: Applications and cloud storage for photo editing, video editing, graphic design, and web development; Service provider: Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.adobe.com/de/creativecloud.html ; Privacy policy: https://www.adobe.com/de/privacy.html ; Data processing agreement: Provided by the service provider; Standard contractual clauses (ensuring an adequate level of data protection when processing in third countries): Included in the data processing agreement.

Microsoft Cloud Services: Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland; Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f ) GDPR); Website: https://microsoft.com/de-de ; Privacy statement: https://privacy.microsoft.com/de-de/privacystatement ; Security information: https://www.microsoft.com/de-de/trustcenter ; Data processing agreement: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA Standard contractual clauses (ensuring data protection standards for processing in third countries): https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA .

Newsletters and electronic notifications

We only send newsletters, emails, and other electronic notifications (hereinafter "newsletters") with the recipient's consent or where legally permitted. If the content of the newsletter is specifically described during the registration process, this description is decisive for the user's consent. Otherwise, our newsletters contain information about our services and our company.

To subscribe to our newsletters, you generally only need to provide your email address. However, we may ask you to provide a name for personalized addressing in the newsletter, or other information if required for the purposes of the newsletter.

Double opt-in procedure: Subscription to our newsletter is always carried out using a double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing using someone else's email address. Newsletter subscriptions are logged to document the registration process in accordance with legal requirements. This includes recording the registration and confirmation times as well as the IP address. Changes to your data stored with the email service provider are also logged.

Erasure and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove previously given consent. The processing of this data is limited to the purpose of defending against potential claims. An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed. In cases where we are obligated to permanently respect objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The registration process is logged based on our legitimate interests for the purpose of documenting its proper execution. If we engage a service provider to send emails, this is done based on our legitimate interests in an efficient and secure email delivery system.

Contents:

Information about us, our services, promotions and offers.

Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status); usage data (e.g. websites visited, interest in content, access times).

Affected persons: Communication partners.

Purposes of processing: Direct marketing (e.g. by email or post).

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Right to object (opt-out): You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to receiving further newsletters. You will find an unsubscribe link at the end of each newsletter, or you can use one of the contact options listed above, preferably email.

Further information on processing procedures, methods and services:

Measuring open and click rates: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server, or, if we use a mailing service provider, from their server, when the newsletter is opened. During this retrieval, technical information such as browser and system details, as well as your IP address and the time of retrieval, are collected. This information is used to technically improve our newsletter based on the technical data or to analyze target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us to understand the reading habits of our users and to adapt our content to them or to send different content according to their interests. The measurement of open and click rates, as well as the storage of these results in user profiles and their further processing, are based on user consent. A separate revocation of this performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Advertising communication via email, post, fax or telephone

We process personal data for the purposes of advertising communication, which may take place via various channels, such as email, telephone, post or fax, in accordance with legal requirements.

Recipients have the right to withdraw their consent at any time or to object to promotional communications at any time.

After revocation or objection, we store the data necessary to prove previous authorization for contacting or sending information for up to three years after the end of the year of revocation or objection, based on our legitimate interests. The processing of this data is limited to the purpose of defending against potential claims. Based on our legitimate interest in permanently respecting users' revocations or objections, we also store the data necessary to prevent renewed contact (e.g., depending on the communication channel, email address, telephone number, name).

Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. email addresses, telephone numbers).

Affected persons: Communication partners.

Purposes of processing: Direct marketing (e.g. by email or post).

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Web analytics, monitoring and optimization

Web analytics (also known as "reach measurement") is used to evaluate visitor traffic to our online services and can include pseudonymous data on visitor behavior, interests, or demographic information such as age or gender. Reach analysis allows us, for example, to identify when our online services, their features, or content are most frequently used or encourage repeat visits. It also helps us understand which areas require optimization.

In addition to web analytics, we can also use testing procedures to, for example, test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles—that is, data aggregated from a usage session—may be created for these purposes, and information may be stored in and retrieved from a browser or device. The data collected includes, in particular, visited websites and elements used therein, as well as technical information such as the browser and operating system used, and usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, location data may also be processed.

User IP addresses are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored for web analytics, A/B testing, and optimization; instead, pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).

Affected persons: Users (e.g., website visitors, users of online services).

Purposes of processing: Remarketing; target group formation; reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); provision of our online service and user-friendliness.

Security measures: IP masking (pseudonymization of the IP address).

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Google Analytics 4: We use Google Analytics to measure and analyze the use of our online services based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It serves to assign analytical information to a device in order to recognize which content users have accessed within one or more usage sessions, which search terms they have used, whether they have revisited the content, or how they have interacted with our online services. The time and duration of use are also stored, as well as the sources of users who refer to our online services and technical aspects of their devices and browsers. Pseudonymous user profiles are created using information from the use of various devices, and cookies may be used. In Google Analytics, data on geographic location is processed at a higher level by collecting the following metadata based on the IP address: "City" (and the inferred latitude and longitude of the city), "Continent," "Country," "Region," "Subcontinent" (and the ID-based equivalents). To ensure the protection of user data in the EU, Google receives and processes all user data via domains and servers within the EU. User IP addresses are not logged and are shortened by default by removing the last two digits. This IP address shortening takes place on EU servers for EU users. Furthermore, all sensitive data collected from users in the EU is deleted before being stored on EU domains and servers. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website : https://marketingplatform.google.com/intl/de/about/analytics/ ; Privacy policy: https://policies.google.com/privacy ; Data processing agreement: https://business.safety.google/adsprocessorterms/ Standard contractual clauses (guaranteeing a level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms ; Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de , Ad settings: https://adssettings.google.com/authenticated ; Further information: https://privacy.google.com/businesses/adsservices (types of processing and data processed).

Target group creation with Google Analytics: We use Google Analytics to display ads placed within Google's and its partners' advertising services only to users who have shown an interest in our online offerings or who exhibit certain characteristics (e.g., interests in specific topics or products, determined based on the websites they visit) that we transmit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interests of users. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website : https://marketingplatform.google.com ; Legal basis: https://business.safety.google/adsprocessorterms/ ; Privacy policy: https://policies.google.com/privacy ; Data processing agreement: https://business.safety.google/adsprocessorterms/ Further information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices ; Data processing terms for Google advertising products and standard contractual clauses for third-country data transfers: https://business.safety.google/adsprocessorterms .

Google Universal Analytics: Audience Measurement and Web Analytics - We use Universal Analytics, a version of Google Analytics, to conduct user analysis based on a pseudonymous user identification number. This identification number does not contain any personally identifiable information, such as names or email addresses. It serves to assign analytical information to a user, for example, to recognize which content users have accessed during a session or whether they revisit our website. Pseudonymous user profiles are created using information from the use of various devices; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com ; Terms and Conditions: https://business.safety.google/adsprocessorterms/ ; Privacy Policy: https://policies.google.com/privacy ; Data Processing Agreement: https://business.safety.google/adsprocessorterms ; Standard contractual clauses (guaranteeing a level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms ; Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de , Ad settings: https://adssettings.google.com/authenticated ; Further information: https://privacy.google.com/businesses/adsservices (types of processing and data processed).

Google Tag Manager: Google Tag Manager is a solution that allows us to manage website tags via a single interface and thus integrate other services into our online offering (see further details in this privacy policy). The Tag Manager itself (which implements the tags) does not, for example, create user profiles or store cookies. Google only receives the user's IP address, which is necessary to run the Google Tag Manager; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com ; Privacy policy: https://policies.google.com/privacy ; Data processing agreement: https://business.safety.google/adsprocessorterms ; Standard contractual clauses (guaranteeing a level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms .

Online marketing

We process personal data for online marketing purposes, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on the potential interests of users, as well as the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (a "cookie") or similar methods are used to store user information relevant to displaying the aforementioned content. This information may include, for example, viewed content, visited websites, used online networks, as well as communication partners and technical information such as the browser used, the computer system used, and information about usage times and functions used. If users have consented to the collection of their location data, this data may also be processed.

Users' IP addresses are also stored. However, we use available IP masking methods (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored as part of the online marketing process; instead, pseudonyms are used. This means that neither we nor the providers of the online marketing methods know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is generally stored in cookies or using similar methods. These cookies can later be read on other websites that use the same online marketing methods and analyzed for the purpose of displaying content, as well as supplemented with further data and stored on the server of the online marketing provider.

In exceptional cases, personal data may be associated with profiles. This occurs, for example, when users are members of a social network whose online marketing methods we use and the network links the user profiles with the aforementioned information. Please note that users may enter into additional agreements with the providers, for example, by giving their consent during registration.

We generally only receive access to aggregated information about the success of our advertisements. However, through conversion tracking, we can examine which of our online marketing methods have led to a conversion, i.e., a contract signed with us. Conversion tracking is used solely to analyze the success of our marketing efforts.

Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

Affected persons: Users (e.g., website visitors, users of online services).

Purposes of processing: Audience measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); marketing; profiles with user-related information (creation of user profiles); conversion measurement (measuring the effectiveness of marketing measures); provision of our online services and user-friendliness; click tracking.

Security measures: IP masking (pseudonymization of the IP address).

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Right to object (opt-out): We refer you to the privacy policies of the respective providers and the opt-out options provided by them. If no explicit opt-out option is provided, you can disable cookies in your browser settings. However, this may restrict the functionality of our website. We therefore also recommend the following opt-out options, which are offered for specific regions: a) Europe: https://www.youronlinechoices.eu . b) Canada: https://www.youradchoices.ca/choices . c) USA: https://www.aboutads.info/choices . d) Cross-region: https://optout.aboutads.info .

Further information on processing procedures, methods and services:

Google Ad Manager: We use the "Google Marketing Platform" (and services such as "Google Ad Manager") to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). The Google Marketing Platform is characterized by the fact that ads are displayed in real time based on users' presumed interests. This allows us to display ads for and within our online services in a more targeted manner, so that users only see ads that potentially match their interests. For example, if a user is shown ads for products they have previously viewed on other online services, this is called "remarketing." Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://marketingplatform.google.com ; Privacy policy: https://policies.google.com/privacy ; Further information: Types of processing and data processed : https://privacy.google.com/businesses/adsservices Data processing terms for Google advertising products: Information on the services, data processing terms between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms ; if Google acts as a data processor, data processing terms for Google advertising products and standard contractual clauses for third-country transfers of data: https://business.safety.google/adsprocessorterms .

Google Ads and conversion tracking: Online marketing methods for placing content and ads within the service provider's advertising network (e.g., in search results, videos, on websites, etc.) so that they are displayed to users who are likely to be interested in the ads. We also measure ad conversion, i.e., whether users have taken the opportunity to interact with the ads and use the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Website: https://marketingplatform.google.com ; Privacy policy : https://policies.google.com/privacy Further information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices ; Data processing terms between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms .

UTM Parameters: Analysis of sources and user actions based on extending web addresses referring to us with an additional parameter, the "UTM" parameter. For example, a UTM parameter like "utm_source=platformX &utm_medium=video" tells us that a person clicked the link on platform X within a video. UTM parameters provide information about the link's source, the medium used (e.g., social media, website, newsletter), the type of campaign, or the campaign content (e.g., post, link, image, and video). With this information, we can, for example, check our online visibility or the effectiveness of our campaigns. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Customer reviews and rating procedures

We participate in review and rating processes to evaluate, optimize, and promote our services. When users rate us through the participating rating platforms or processes, or otherwise provide feedback, the providers' terms and conditions and privacy policies also apply. As a rule, registration with the respective providers is also required to submit a rating.

To ensure that reviewers have actually used our services, we transmit the necessary data regarding the customer and the service used (including name, email address, and order number or item number) to the respective review platform with the customer's consent. This data is used solely to verify the user's authenticity.

Types of data processed: Contract data (e.g., subject matter of the contract, term, customer category); usage data (e.g., websites visited, interest in content, access times); meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).

Affected persons: Customers; users (e.g., website visitors, users of online services).

Purposes of processing: Feedback (e.g. collecting feedback via online form); marketing.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Google Customer Reviews: Service for collecting and/or displaying customer satisfaction and customer opinions; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Terms and Conditions: https://support.google.com/merchants/topic/7259129?hl=de&ref_topic=7257954 ; Privacy Policy: https://policies.google.com/privacy ; Further information: When collecting customer reviews, an identification number and the time of the business transaction being reviewed are processed. For review requests sent directly to customers, the customer's email address, country of residence, and the review details themselves are processed. Further information on the types of processing and the data processed : https://privacy.google.com/businesses/adsservices Data processing terms for Google advertising products: Information on the services, data processing terms between controllers and standard contractual clauses for third-country data transfers: https://business.safety.google/adscontrollerterms .

Presences in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about ourselves.

Please note that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce their rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on usage patterns and the resulting user interests. These user profiles can then be used to display advertisements both within and outside the networks that are presumably tailored to the users' interests. For these purposes, cookies are typically stored on users' computers, recording their usage patterns and interests. Additionally, user profiles can also store data independent of the devices used by the users (especially if the users are members of the respective platforms and are logged in).

For a detailed description of the respective processing methods and the options for objecting (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Regarding requests for information and the assertion of data subject rights, we would like to point out that these can be most effectively addressed directly with the service providers. Only the providers have access to user data and can take appropriate action and provide information directly. However, should you require assistance, you can contact us.

Affected persons: Users (e.g., website visitors, users of online services).

Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com ; Privacy policy: https://www.linkedin.com/legal/privacy-policy ; Data processing agreement: https://legal.linkedin.com/dpa ; Standard contractual clauses (guaranteeing a level of data protection when processing in third countries): https://legal.linkedin.com/dpa ; Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

Plugins and embedded functions as well as content

We integrate functional and content elements into our online services that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as "content").

The integration of third-party content always requires that these providers process users' IP addresses, as they cannot send the content to users' browsers without them. The IP address is therefore necessary for displaying this content or these functions. We strive to use only content from providers who use IP addresses solely for content delivery. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags allow for the analysis of information such as visitor traffic on the pages of this website. The pseudonymized information can also be stored in cookies on users' devices and may include, among other things, technical information about the browser and operating system, referring websites, the time of visit, and other information about the use of our online services, as well as be combined with such information from other sources.

Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Inventory data (e.g., names, addresses); Contact data (e.g., email addresses, telephone numbers); Content data (e.g., entries in online forms).

Affected persons: Users (e.g., website visitors, users of online services).

Purposes of processing: Provision of our online services and user-friendliness; marketing; profiles with user-related information (creation of user profiles); provision of contractual services and customer service.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Integration of third-party software, scripts, or frameworks (e.g., jQuery): We integrate software into our online services that we retrieve from third-party servers (e.g., function libraries that we use for the presentation or user-friendliness of our online services). In doing so, the respective providers collect users' IP addresses and may process them for the purpose of transmitting the software to users' browsers, for security purposes, and for evaluating and optimizing their services. Legal basis : Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Google Fonts (retrieved from Google servers): Fonts (and symbols) are retrieved for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their consistent display, and compliance with any applicable licensing restrictions. The user's IP address is transmitted to the font provider so that the fonts can be made available in the user's browser. Furthermore, technical data (language settings, screen resolution, operating system, hardware used) is transmitted, which is necessary for providing the fonts depending on the device used and the technical environment. This data may be processed on a server of the font provider in the USA. When visiting our website, users' browsers send HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then with the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitor, and the referring URL (i.e., the webpage where the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent must adapt the font that is generated for the specific browser type. The user agent is primarily logged for debugging purposes and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts Analytics page. Finally, the referring URL is logged so that the data can be used for production maintenance and to generate an aggregated report of top integrations based on the number of font requests. According to Google, none of the information collected by Google Fonts is used to create end-user profiles or to serve targeted ads; Service provider:Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fonts.google.com/ ; Privacy policy: https://policies.google.com/privacy ; Further information: https://developers.google.com/fonts/faq/privacy?hl=de .

Instagram Plugins and Content: Instagram Plugins and Content – This may include, for example, content such as images, videos, or text, and buttons that allow users to share content from this online service within Instagram. – We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt, as part of a transfer (but not the further processing), of "event data" that Facebook collects or receives through Instagram functions (e.g., content embedding functions) implemented on our online service for the following purposes: a) Displaying content and advertising information that corresponds to the presumed interests of users; b) Delivering commercial and transactional messages (e.g., contacting users via Facebook Messenger); c) Improving ad delivery and personalizing features and content (e.g., improving the recognition of which content or advertising information is presumably relevant to users' interests). We have concluded a special agreement with Facebook ("Addendum for Controllers", https://www.facebook.com/legal/controller_addendum ) which specifically regulates which security measures Facebook must observe ( https://www.facebook.com/legal/terms/data_security_terms ) and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can, for example, send information or deletion requests directly to Facebook). Note: When Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e., do not contain information about individual users and are anonymous to us), this processing does not occur under joint controllership but on the basis of a data processing agreement ("Data Processing Terms," https://www.facebook.com/legal/terms/dataprocessing ), the "Data Security Terms" ( https://www.facebook.com/legal/terms/data_security_terms ), and, with regard to processing in the USA, on the basis of standard contractual clauses ("Facebook EU Data Transfer Addendum," https://www.facebook.com/legal/EU_data_transfer_addendum ). The rights of users (in particular, the rights to information, erasure, objection, and lodging a complaint with the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 GDPR). Article 6(1)(f) GDPR); Website: https://www.instagram.com ; Privacy Policy: https://instagram.com/about/legal/privacy .

Twitter plugins and content: Twitter plugins and buttons – This may include content such as images, videos, or text, and buttons that allow users to share content from this website on Twitter; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, Parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://twitter.com/de ; Privacy policy: https://twitter.com/privacy , (Settings: https://twitter.com/personalization ).

YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.youtube.com ; Privacy policy: https://policies.google.com/privacy ; Opt-out options: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de , Settings for ad display: https://adssettings.google.com/authenticated .

Font Awesome (retrieved from the provider's server): Retrieval of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their consistent display, and compliance with any applicable licensing restrictions. The user's IP address is transmitted to the font provider so that the fonts can be made available in the user's browser. Furthermore, technical data (language settings, screen resolution, operating system, hardware used) is transmitted, which is necessary for providing the fonts depending on the devices used and the technical environment; Service provider: Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, MA 02140, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fontawesome.com/ ; Privacy policy: https://fontawesome.com/privacy .

Adobe Typekit fonts: We integrate fonts ("Typekit fonts") from the provider Adobe, whereby user data is used solely for the purpose of displaying the fonts in the user's browser. This integration is based on our legitimate interests in the technically secure, maintenance-free, and efficient use of fonts, their consistent display, and in compliance with any applicable licensing restrictions. Service provider: Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.adobe.com/de ; Privacy policy: https://www.adobe.com/de/privacy.html .

Management, organization and support tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning, and delivering our services. We comply with legal requirements when selecting third-party providers and their services.

Within this framework, personal data may be processed and stored on the servers of third-party providers. This may involve various types of data, which we process in accordance with this privacy policy. This data may include, in particular, master data and contact details of users, data relating to transactions, contracts, other processes, and their content.

If users are referred to third-party providers or their software or platforms in the course of communication, business, or other relationships with us, these third-party providers may process usage data and metadata for security, service optimization, or marketing purposes. We therefore ask you to review the privacy policies of the respective third-party providers.

Types of data processed: Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).

Affected persons: Communication partners; users (e.g., website visitors, users of online services).

Purposes of processing: Provision of contractual services and customer service; office and organizational procedures; contact requests and communication.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Basecamp: Project management tool; Service provider: Basecamp, LLC., 30 N. Racine Ave, Suite 200 Chicago, Illinois 60607, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://basecamp.com ; Privacy policy: https://basecamp.com/about/policies .

Changes and updates to the privacy policy

We ask that you regularly review the content of our privacy policy. We will update the privacy policy as soon as changes to our data processing activities make this necessary. We will inform you if any changes require action on your part (e.g., consent) or any other individual notification.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting them.

Privacy Policy

Let's work together.

Let's work together.

Let's work together.

Let's work together.