Privacy Policy

‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎‎

Preamble

With the following privacy policy, we would like to inform you about the types of your
personal data (hereinafter also referred to as “data”) we process, for what purposes and to
what extent. This Privacy Policy applies to all processing of personal data carried out by us,
both in the context of providing our services and especially on our websites, in mobile
applications, and within external online presences, such as our social media profiles
(hereinafter collectively referred to as “Online Services”).
The terms used are not gender-specific.
Date: October 01, 2024

Table of Contents

Controller

Florian Nase
Jablonskistraße 15
10405, Berlin
Germany
Email Address:
detectsamples@gmail.com
Imprint:
https://detectsamples.com/legal-notice/

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their
processing and refers to the persons concerned.

Types of Processed Data

  • Inventory Data.
  • Location Data.
  • Contact Data.
  • Content Data.
  • Contract Data.
  • Usage Data.
  • Meta, Communication and Procedure Data.

Categories of Affected Persons

  • Communication Partners.
  • Users.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact requests and communication.
  • Reach measurement.
  • Office and organizational procedures.
  • Affiliate tracking.
  • Management and response to inquiries.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online services and user-friendliness.
  • Information technology infrastructure.

Relevant Legal Bases

Relevant Legal Bases according to GDPR: In the following, you will find
an overview of the legal bases of the GDPR on which we process personal data. Please
note that in addition to the provisions of the GDPR, national data protection regulations in
your or our country of residence or seat may apply. Furthermore, if more specific legal bases
apply in individual cases, we will inform you of them in the privacy policy.

  • Consent (Art. 6 para. 1 s. 1 lit. a GDPR)– The data subject has
    given consent to the processing of their personal data for one or more specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit.
    b GDPR)
    – Processing is necessary for the performance of a contract to which the
    data subject is party, or for the implementation of pre-contractual measures taken at the data
    subject’s request.
  • Legitimate Interests (Art. 6 para. 1 s. 1 lit. f GDPR)
    Processing is necessary to protect the legitimate interests of the controller or a third party,
    unless the interests or fundamental rights and freedoms of the data subject, which require
    protection of personal data, prevail.

National Data Protection Regulations in Germany: In addition to the data
protection regulations of the GDPR, national regulations on data protection apply in
Germany. This includes in particular the Federal Data Protection Act
(Bundesdatenschutzgesetz– BDSG). The BDSG contains special provisions on the right to
information, the right to deletion, the right to object, the processing of special categories of
personal data, processing for other purposes and transmission as well as automated
decision-making in individual cases including profiling. In addition, state data protection laws
of the individual federal states may apply.
Note on the Application of GDPR and Swiss DPA: These data protection
notices serve both to provide information according to the Swiss Federal Act on Data
Protection (Swiss DPA) as well as the General Data Protection Regulation (GDPR). For this
reason, we ask you to note that due to the broader spatial application and comprehensibility,
the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal
data”, “overriding interest” and “particularly sensitive personal data” used in the Swiss DPA,
the terms “processing” of “personal data”, “legitimate interest” and “special categories of
data” used in the GDPR are used. However, the legal meaning of the terms will continue to
be determined according to the Swiss DPA in the context of its application.

Security Measures

Wetake appropriate technical and organizational measures in accordance with legal
requirements, considering the state of the art, the costs of implementation, and the nature,
scope, circumstances, and purposes of processing as well as the varying likelihood and
severity of the risk to the rights and freedoms of natural persons, to ensure a level of security
appropriate to the risk.
The measures include in particular ensuring the confidentiality, integrity, and availability of
data by controlling physical and electronic access to the data as well as access to, input,
transfer, ensuring availability, and their separation. Furthermore, we have established
procedures to ensure the exercise of data subject rights, data deletion, and responses to
data compromise. Additionally, we consider the protection of personal data already in the
development or selection of hardware, software, and procedures, in accordance with the
principle of data protection, through technology design and data protection-friendly default
settings.
TLS/SSL encryption (https): To protect user data transmitted via our online services, we use
TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing
Internet connections by encrypting data transmitted between a website or app and a browser
(or between two servers). Transport Layer Security (TLS) is an updated and more secure
version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when
a website is secured with an SSL/TLS certificate.

Transmission of Personal Data

In the course of our processing of personal data, it may happen that the data is transferred
to other bodies, companies, legally independent organizational units, or persons, or that it is
disclosed to them. The recipients of this data may include, for example, service providers
entrusted with IT tasks or providers of services and content that are integrated into a
webpage. In such cases, we comply with legal requirements and, in particular, conclude
corresponding contracts or agreements that serve to protect your data with the recipients of
your data.
Data transfer within the organization: We may transfer personal data to other bodies within
our organization or grant them access to this data. If this transfer is for administrative
purposes, the transfer of the data is based on our legitimate corporate and business
interests or occurs if it is necessary for the fulfillment of our contractual obligations or if
consent of the data subjects or a legal permission exists.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the
European Union (EU), the European Economic Area (EEA)) or if the processing takes place
in the context of the use of third-party services or the disclosure or transfer of data to other
persons, bodies, or companies, this occurs only in accordance with legal requirements. If the
data protection level in the third country has been recognized by an adequacy decision (Art.
45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only take
place if the level of data protection is otherwise secured, in particular by standard contractual
clauses (Art. 46 para. 2 lit. c GDPR), explicit consent, or in the case of contractual or legally
required transmission (Art. 49 para. 1 GDPR). In addition, we inform you about the basis of
third-country transfers with individual providers from the third country, whereby adequacy
decisions are primarily considered as the basis. Information on third-country transfers and
existing adequacy decisions can be obtained from the information offering of the EU
Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimensio
n-data-protection_de.

Deletion of Data

The data processed by us is deleted in accordance with legal requirements as soon as the
consent allowed for processing is revoked or other permissions lapse (e.g., if the purpose of
processing this data has ceased or if they are not required for the purpose). If the data is not
deleted because they are required for other and legally permissible purposes, their
processing is restricted to these purposes. That is, the data is blocked and not processed for
other purposes. This applies, for example, to data that must be retained for commercial or
tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal
claims or to protect the rights of another natural or legal person. Our data protection notices
may also contain further information on the storage and deletion of data, which primarily
apply to the respective processing operations.

Rights of the Data Subjects

Rights of data subjects according to the GDPR: As data subjects, you have various rights
under the GDPR, which result in particular from Art. 15 to 21 GDPR:

  • Right to Object: You have the right, for reasons arising from
    your particular situation, to object at any time to the processing of personal data concerning
    you, which is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based
    on these provisions. If the personal data concerning you is processed for direct marketing
    purposes, you have the right to object at any time to the processing of personal data
    concerning you for such marketing; this also applies to profiling to the extent that it is
    associated with such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw
    consent at any time.
  • Right of Access: You have the right to request confirmation as
    to whether data concerning you is being processed and to information about this data, as
    well as further information and a copy of the data in accordance with legal requirements.
  • Right to Rectification: You have the right, in accordance with
    legal requirements, to request the completion of data concerning you or the rectification of
    inaccurate data concerning you.
  • Right to Erasure and Restriction of Processing: In accordance
    with legal requirements, you have the right to demand that data concerning you be erased
    immediately or, alternatively, to demand a restriction of the processing of the data in
    accordance with legal requirements.
  • Right to Data Portability: You have the right to receive data
    concerning you, which you have provided to us, in a structured, commonly used, and
    machine-readable format in accordance with legal requirements, or to request their
    transmission to another controller.
  • Right to Lodge a Complaint with a Supervisory Authority:
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a
    complaint with a supervisory authority, in particular in the Member State of your habitual
    residence, place of work, or place of the alleged infringement, if you believe that the
    processing of personal data concerning you infringes the GDPR.

Use of Cookies

Cookies are small text files or other storage notes that store information on end devices and
read information from end devices, e.g., to store the login status in a user account, a
shopping cart content in an e-shop, the accessed content or used functions of an online
service. Cookies can also be used for various purposes, e.g., for the functionality, security,
and comfort of online services, as well as for the creation of analyses of visitor flows.
Notes on Consent: We use cookies in accordance with legal regulations.
Therefore, we obtain prior consent from users, unless such consent is not legally required.
Consent is particularly not necessary when the storage and reading of information, including
cookies, is absolutely necessary to provide a telemedia service (our online service) explicitly
requested by the users. The absolutely necessary cookies usually include cookies with
functions for the display and operability of the online service, load balancing, security, storing
user preferences and selection options, or similar purposes related to the provision of the
main and ancillary functions of the online service requested by the users. The revocable
consent is clearly communicated to the users and contains information about the respective
cookie use.
Notes on Data Protection Legal Bases: The data protection legal basis on
which we process the users’ personal data with the help of cookies depends on whether we
ask users for consent. If the users consent, the legal basis for processing their data is the
declared consent. Otherwise, the data processed with the help of cookies are processed on
the basis of our legitimate interests (e.g., in a commercial operation of our online service and
improvement of its usability) or, if this is part of fulfilling our contractual obligations, when the
use of cookies is necessary to fulfill our contractual obligations. We clarify the purposes for
which the cookies are processed by us in the course of this privacy policy or in the context of
our consent and processing processes.
Storage Duration: In terms of storage duration, the following types of
cookies are distinguished:

  • Temporary Cookies (also: Session or Session Cookies):
    Temporary cookies are deleted at the latest after a user has left an online offer and closed
    their end device (e.g., browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even
    after closing the end device. For example, the login status can be saved or preferred content
    can be displayed directly when the user revisits a website. Likewise, the data collected with
    the help of cookies from users can be used for reach measurement. Unless we provide
    users with explicit information about the type and storage duration of cookies (e.g., as part of
    obtaining consent), users should assume that cookies are permanent and the storage
    duration can be up to two years.

General Notes on Revocation and Objection (so-called “Opt-Out”): Users
can revoke their given consents at any time and object to processing in accordance with
legal requirements. For this purpose, users can, among other things, restrict the use of
cookies in the settings of their browser (which may also limit the functionality of our online
offer). An objection to the use of cookies for online marketing purposes can also be declared
via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

  • Legal Bases: Legitimate Interests (Art. 6 Abs. 1 S. 1 lit. f
    GDPR). Consent (Art. 6 Abs. 1 S. 1 lit. a GDPR).

Additional Information on Processing Operations, Procedures, and
Services:

  • Processing of Cookie Data Based on Consent: We use a
    cookie consent management procedure in which users’ consents to the use of cookies, or
    the processes and providers mentioned in the context of the cookie consent management
    procedure, are obtained, managed, and revoked by the users. The declaration of consent is
    stored in order not to have to repeat its query and to be able to prove the consent in
    accordance with the legal obligation. The storage can occur server-side and/or in a cookie
    (so-called opt-in cookie, or using comparable technologies), in order to be able to assign the
    consent to a user, or their device. Subject to individual information about the providers of
    cookie management services, the following notes apply: The duration of the storage of
    consent can be up to two years. Here, a pseudonymous user identifier is formed and stored
    with the time of consent, information on the scope of consent (e.g., which categories of
    cookies and/or service providers), as well as the browser, system, and end device used;
    Legal Bases: Consent (Art. 6 Abs. 1 S. 1 lit. a
    GDPR).

Provision of the Online Offer and Web Hosting

Weprocess the data of users to be able to provide our online services. For this purpose, we
process the IP address of the user, which is necessary to transmit the contents and functions
of our online services to the user’s browser or end device.

  • Types of Processed Data: Usage data (e.g., visited websites,
    interest in content, access times); Meta, communication, and procedural data (e.g., IP
    addresses, time stamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online
    services).
  • Purposes of Processing: Provision of our online offer and
    user-friendliness. Information technology infrastructure (operation and provision of
    information systems and technical devices (computers, servers, etc.)).
  • Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f
    GDPR).

Additional Information on Processing Operations, Procedures, and
Services:

  • Provision of Online Offer on Rented Storage Space: For the
    provision of our online offer, we use storage space, computing capacity, and software that
    we rent or otherwise obtain from a corresponding server provider (also known as “web
    hoster”); Legal Bases: Legitimate Interests (Art. 6 Para. 1
    S. 1 lit. f GDPR).

Blogs and Publication Media

Weuse blogs or similar means of online communication and publication (hereinafter
“publication medium”). The data of the readers are processed for the purposes of the
publication medium only to the extent necessary for its presentation and communication
between authors and readers or for security reasons. Otherwise, we refer to the information
on the processing of visitors to our publication medium as part of these privacy notices.

  • Types of Processed Data: Inventory data (e.g., names,
    addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online
    forms); Usage data (e.g., visited websites, interest in content, access times); Meta,
    communication, and procedural data (e.g., IP addresses, time stamps, identification
    numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online
    services).
  • Purposes of Processing: Provision of contractual services and
    fulfillment of contractual obligations; Feedback (e.g., collecting feedback via online form).
    Provision of our online offer and user-friendliness.
  • Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f
    GDPR).

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone, or via social media) and in
the context of existing user and business relationships, the information provided by the
inquiring persons is processed to the extent necessary to answer the contact inquiries and
any requested measures.

  • Types of Processed Data: Contact data (e.g., email, telephone
    numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites,
    interest in content, access times); Meta, communication, and procedural data (e.g., IP
    addresses, time stamps, identification numbers, consent status).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Contact requests and communication;
    Administration and answering of inquiries; Feedback (e.g., collecting feedback via online
    form). Provision of our online offer and user-friendliness.
  • Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f
    GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b
    GDPR).

Additional Information on Processing Operations, Procedures, and
Services:

  • Contact Form: When users contact us via our contact form,
    email, or other communication channels, we process the data communicated to us in this
    context to handle the expressed concern; Legal Bases:
    Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), Legitimate
    Interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as “reach measurement”) serves the evaluation of the visitor
flows of our online offer and may include behavior, interests, or demographic information
about the visitors, such as age or gender, as pseudonymous values. With the help of reach
analysis, we can e.g., recognize at what time our online offer or its functions or contents are
most frequently used or invite for reuse. Likewise, we can understand which areas need
optimization.
In addition to web analysis, we can also use test procedures to test and optimize different
versions of our online offer or its components.
Unless otherwise stated below, profiles can be created for these purposes, i.e., data
summarized in a usage process can be stored and read out in a browser or an end device.
The collected information includes in particular visited websites and used elements as well
as technical information, such as the browser used, the computer system used, and
information on usage times. If users have consented to the collection of their location data
with us or with the providers of the services we use, location data can also be processed.
The IP addresses of users are also stored. However, we use an IP masking procedure (i.e.,
pseudonymization by shortening the IP address) to protect the users. In general, no clear
data of users (such as e-mail addresses or names) are stored in the context of web
analytics, A/B testing, and optimization, but pseudonyms. That is, neither we nor the
providers of the software used know the actual identity of the users, only the information
stored in their profiles for the purposes of the respective procedures.

  • Types of Processed Data: Usage data (e.g., visited websites,
    interest in content, access times); Meta, communication, and procedural data (e.g., IP
    addresses, time stamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online
    services).
  • Purposes of Processing: Reach measurement (e.g., access
    statistics, recognition of returning visitors). Profiles with user-related information (creation of
    user profiles).
  • Security Measures: IP Masking (pseudonymization of the IP
    address).
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR).

Additional Information on Processing Operations, Procedures, and
Services:

  • Jetpack (WordPress Stats): Jetpack provides analytics
    functions for WordPress software; Service Provider: Aut O’Mattic A8C
    Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR);
    Website: https://automattic.com; Privacy Policy: https://automattic.com/privacy. Basis for Third-Country
    Transfer:
    EU-US Data Privacy Framework (DPF).

Affiliate Programs and Affiliate Links

In our online offer, we integrate so-called affiliate links or other references (which can
include, for example, search masks, widgets, or discount codes) to the offers and services of
third parties (collectively referred to as “Affiliate Links”). When users follow the affiliate links
or then take up the offers, we may receive a commission or other benefits (collectively
referred to as “commission”).
To be able to track whether users have taken up the offers of an affiliate link we used, it is
necessary that the respective third-party providers learn that users have followed an affiliate
link within our online offer. The assignment of the affiliate links to the respective business
transactions or other actions (e.g., purchases) serves solely the purpose of commission
accounting and is discontinued as soon as it is no longer necessary for the purpose.
For the purposes of the aforementioned assignment of the affiliate links, the affiliate links can
be supplemented with certain values that are part of the link or can be stored otherwise, e.g.,
in a cookie. The values can include in particular the originating website (referrer), the time,
an online identifier of the operators of the website where the affiliate link was located, an
online identifier of the respective offer, the type of link used, the type of offer, and an online
identifier of the user.
Notes on Legal Bases: If we ask users for their consent to the use of
third-party providers, the legal basis for the processing of data is consent. Otherwise, the
data of the users are processed on the basis of our legitimate interests (i.e., interest in
efficient, economic and recipient-friendly services). In this context, we would also like to refer
to the information on the use of cookies in this privacy policy.

  • Types of Processed Data: Contract data (e.g., subject matter of
    the contract, duration, customer category); Usage data (e.g., visited websites, interest in
    content, access times); Meta, communication, and procedural data (e.g., IP addresses, time
    stamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online
    services).
  • Purposes of Processing: Affiliate tracking.
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR).
    Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Presences in Social Networks (Social Media)

Wemaintain online presences within social networks and process user data in this context in
order to communicate with the users active there or to offer information about us.
Wepoint out that user data can be processed outside the European Union. This can pose
risks for users because, for example, the enforcement of users’ rights could be made more
difficult.
Furthermore, user data within social networks are usually processed for market research
and advertising purposes. For example, usage profiles can be created based on the users’
behavior and resulting interests. The usage profiles can, in turn, be used to place
advertisements inside and outside the networks that presumably correspond to the interests
of the users. For these purposes, cookies are usually stored on the users’ computers, where
the users’ behavior and interests are stored. Furthermore, data can also be stored in the
usage profiles independently of the devices used by the users (especially if the users are
members of the respective platforms and are logged in to them).
For a detailed description of the respective processing forms and the opt-out options, we
refer to the privacy statements and information provided by the operators of the respective
networks.
Also, in the case of requests for information and the assertion of data subject rights, we point
out that these can be most effectively claimed from the providers. Only the providers have
access to the users’ data and can take direct action and provide information. If you still need
help, you can contact us.

  • Types of Processed Data: Contact data (e.g., email, telephone
    numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites,
    interest in content, access times); Meta, communication, and procedural data (e.g., IP
    addresses, time stamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online
    services).
  • Purposes of Processing: Contact requests and communication;
    Feedback (e.g., collecting feedback via online form). Marketing.
  • Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f
    GDPR).

Additional Information on Processing Operations, Procedures, and
Services:

Plugins and Embedded Functions and Content

In our online offer, we integrate functional and content elements that are obtained from the
servers of their respective providers (hereinafter referred to as “Third-Party Providers”).
These can be, for example, graphics, videos, or city maps (hereinafter uniformly referred to
as “Content”).
The integration always presupposes that the third-party providers of this content process the
IP address of the users, as without the IP address they could not send the content to their
browser. The IP address is thus necessary for the display of this content or functions. We
strive to use only those contents whose respective providers use the IP address solely for
the delivery of the contents. Third-party providers can also use so-called pixel tags (invisible
graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel
tags” can be used to evaluate information such as visitor traffic on the pages of this website.
The pseudonymous information can also be stored in cookies on the user’s device and may
include, among other things, technical information about the browser and operating system,
referring web pages, visiting time, and other information about the use of our online offer, as
well as being linked to such information from other sources.

  • Types of Processed Data: Usage data (e.g., visited websites,
    interest in content, access times); Meta, communication, and procedural data (e.g., IP
    addresses, time stamps, identification numbers, consent status); Inventory data (e.g.,
    names, addresses); Contact data (e.g., email, telephone numbers); Content data (e.g.,
    entries in online forms). Location data (information about the geographical position of a
    device or person).
  • Affected Persons: Users (e.g., website visitors, users of online
    services).
  • Purposes of Processing: Provision of our online offer and
    user-friendliness; Marketing. Profiles with user-related information (creation of user
    profiles).
  • Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f
    GDPR).

Additional Information on Processing Operations, Procedures, and
Services:

  • Integration of Third-Party Software, Scripts, or Frameworks (e.g.,
    jQuery):
    We integrate into our online offer software that we retrieve from servers of
    other providers (e.g., function libraries that we use for the presentation or user-friendliness of
    our online offer). In this process, the respective providers collect the IP address of the users
    and can use it for the purpose of transmitting the software to the users’ browser as well as
    for security purposes, and also for the evaluation and optimization of their offer.- We
    integrate into our online offer software that we retrieve from servers of other providers (e.g.,
    function libraries that we use for the presentation or user-friendliness of our online offer). In
    this process, the respective providers collect the IP address of the users and can use it for
    the purpose of transmitting the software to the users’ browser as well as for security
    purposes, and also for the evaluation and optimization of their offer; Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f
    GDPR).
  • Google Maps: We integrate the maps of the service “Google
    Maps” from the provider Google. The processed data may include in particular IP addresses
    and location data of the users; Service Provider: Google Cloud EMEA
    Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal
    Bases:
    Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f GDPR);
    Website: https://mapsplatform.google.com/; Privacy
    Policy:
    https://policies.google.com/privacy. Basis for Third-Country
    Transfer:
    EU-US Data Privacy Framework (DPF).
  • Instagram Plugins and Content: Instagram plugins and content- This can include, for example, content such as images, videos, or texts and buttons with
    which users can share content from this online offer within Instagram.- We are jointly
    responsible with Meta Platforms Ireland Limited for the collection or receipt as part of a
    transmission (but not the further processing) of “event data” that Facebook collects via
    functions of Instagram (e.g., embedding functions for content), which are executed on our
    online offer, or receives as part of a transmission for the following purposes: a) Display of
    content as well as advertising information that correspond to the presumed interests of the
    users; b) Delivery of commercial and transaction-related messages (e.g., addressing users
    via Facebook Messenger); c) Improvement of ad delivery and personalization of features
    and content (e.g., improvement of detection, which content or advertising information
    presumably corresponds to the interests of the users). We have entered into a special
    agreement with Facebook (“Controller Addendum”, https://www.facebook.com/
    legal/controller_addendum
    ), which in particular regulates which security measures
    Facebook must observe (https://www.facebook.com/
    legal/terms/data_security_terms
    ) and in which Facebook has agreed to fulfill the data
    subject rights (i.e., users can, for example, request information or deletion directly from
    Facebook). Note: When Facebook provides us with measurements, analyses, and reports
    (which are aggregated, i.e., contain no information about individual users and are
    anonymous to us), then this processing is not carried out within the framework of the joint
    responsibility, but on the basis of a processing agreement (“Data Processing Terms”, https://www.facebook.com/
    legal/terms/dataprocessing
    ), the “Data Security Terms” (https://www.facebook.com
    /legal/terms/data_security_terms
    ) and, in terms of processing in the USA, based on
    standard contractual clauses (“Facebook EU Data Transfer Addendum”, https://www.facebook.com/
    legal/EU_data_transfer_addendum
    ). The rights of the users (in particular to information,
    deletion, objection, and complaint to the competent supervisory authority) are not restricted
    by the agreements with Facebook; Service Provider: Meta Platforms
    Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f
    GDPR);
    Website: https://www.instagram.com. Privacy
    Policy:
    https://instagram.com/about/legal/privacy.
  • YouTube Videos: Video content; Service
    Provider:
    Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
    Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f
    GDPR);
    Website: https://www.youtube.com; Privacy
    Policy:
    https://policies.google.com/privacy; Basis for Third-Country
    Transfer:
    EU-US Data Privacy Framework (DPF).
    Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for display of
    advertising: https://adssettings.google.com
    /authenticated
    .

Management, Organization, and Tools

Weuse services, platforms, and software of other providers (hereinafter referred to as
“third-party providers”) for the purposes of organization, administration, planning, and
provision of our services. When selecting third-party providers and their services, we comply
with legal requirements.
In this context, personal data can be processed and stored on the servers of third-party
providers. Various data that we process according to this privacy policy can be affected. This
data can include, in particular, master data and contact data of users, data on processes,
contracts, other processes, and their contents.
If users are referred to the third-party providers or their software or platforms in the context
of communication, business, or other relationships with us, the third-party providers can
process usage data and metadata for security purposes, service optimization, or marketing
purposes. Therefore, we ask to observe the privacy notices of the respective third-party
providers.

  • Types of Processed Data: Content data (e.g., entries in online
    forms); Usage data (e.g., visited websites, interest in content, access times); Meta,
    communication, and procedural data (e.g., IP addresses, time stamps, identification
    numbers, consent status).
  • Affected Persons: Communication partners; Users (e.g.,
    website visitors, users of online services).
  • Purposes of Processing: Contact requests and communication;
    Provision of contractual services and fulfillment of contractual obligations. Office and
    organizational procedures.
  • Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f
    GDPR).

Additional Information on Processing Operations, Procedures, and
Services:

  • WeTransfer: Transfer of files over the internet; Service
    Provider:
    WeTransfer BV, Oostelijke Handelskade 751, Amsterdam, 1019 BW,
    Netherlands; Legal Bases: Legitimate Interests (Art. 6
    Para. 1 S. 1 lit. f GDPR);
    Website: https://wetransfer.com.
    Privacy Policy:https://wetransfer.com/legal.

Changes and Updates to the Privacy Policy

Weask you to regularly inform yourself about the content of our privacy policy. We will adapt
the privacy policy as soon as changes in the data processing we perform make it necessary.
Wewill inform you as soon as changes require your participation (e.g., consent) or another
individual notification.
If we provide addresses and contact information of companies and organizations in this
privacy policy, please note that the addresses can change over time and we ask you to verify
the information before making contact.

Definitions

In this section, you will find an overview of the terminologies used in this privacy policy.
Insofar as the terminologies are legally defined, their legal definitions apply. The following
explanations are intended mainly for understanding.

  • Affiliate Tracking: Within the framework of affiliate tracking,
    links are logged, with the help of which the linking websites refer users to websites with
    product or other offers. The operators of the respective linking websites can receive a
    commission if users follow these so-called affiliate links and then take up the offers (e.g., buy
    goods or use services). For this purpose, it is necessary that the providers can track whether
    users who are interested in certain offers subsequently take them up at the prompting of the
    affiliate links. Therefore, for the functionality of affiliate links, it is necessary that they be
    supplemented with certain values that become part of the link or can be stored otherwise,
    e.g., in a cookie. The values include in particular the originating website (referrer), the time,
    an online identifier of the operators of the website where the affiliate link was located, an
    online identifier of the respective offer, an online identifier of the user, as well as
    tracking-specific values, such as advertising material ID, partner ID, and categorizations.
  • Personal Data: “Personal data” are all information that relates
    to an identified or identifiable natural person (hereinafter “data subject”); an identifiable
    natural person is one who can be identified, directly or indirectly, in particular by reference to
    an identifier such as a name, an identification number, location data, an online identifier
    (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic,
    mental, economic, cultural or social identity of that natural person.
  • Profiles with User-Related Information: The processing of
    “profiles with user-related information,” or simply “profiles,” includes any type of automated
    processing of personal data that consists of using that personal data to analyze, evaluate, or
    predict certain personal aspects relating to a natural person (depending on the type of
    profiling, this can include different information concerning demographics, behavior, and
    interests, such as interaction with websites and their content, etc.). Cookies and web
    beacons are often used for purposes of profiling.
  • Reach Measurement: Reach measurement (also known as
    web analytics) serves to evaluate the visitor flows of an online offer and can include the
    behavior or interests of visitors to certain information, such as content of websites. With the
    help of reach analysis, operators of online offers can e.g., recognize at what time users visit
    their websites and for which content they are interested. This way, they can e.g., adapt the
    contents of the websites better to the needs of their visitors. For purposes of reach analysis,
    pseudonymous cookies and web beacons are often used to recognize returning visitors and
    thus obtain more accurate analyses of the use of an online offer.
  • Location Data: Location data arises when a mobile device (or
    another device with the technical requirements for location determination) connects to a cell
    tower, WLAN, or similar technical means and functions for location determination. Location
    data serve to indicate the geographically determinable position of the earth where the
    respective device is located. Location data can e.g., be used to display map functions or
    other location-dependent information.
  • Controller: The “controller” is the natural or legal person,
    authority, institution, or other body that alone or jointly with others determines the purposes
    and means of processing personal data.
  • Processing: “Processing” is any operation or set of operations
    which is performed on personal data or on sets of personal data, whether or not by
    automated means. The term is broad and encompasses practically any handling of data,
    whether it be collecting, evaluating, storing, transmitting, or deleting.