1. Introduction
This website is operated by: White Label Advisory GmbH. The trust and protection of our website visitors' data is of great importance to us. For this reason, we make every effort to meet the requirements of the GDPR. Below, we explain how we process your data on our website. We use the clearest and most transparent language possible so that you truly understand what happens to your data.
2. General Information
2.1 Processing of Personal Data and Other Terms
Data protection applies to the processing of personal data. "Personal" refers to all data that can be used to personally identify you — for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is "processed" whenever "something happens with it." For instance, the IP address is transmitted by the browser to our provider and stored there automatically. This constitutes processing (pursuant to Art. 4 No. 2 GDPR) of personal data (pursuant to Art. 4 No. 1 GDPR). These and other statutory definitions can be found in Art. 4 GDPR.
2.2 Applicable Regulations/Laws – GDPR, BDSG, and TDDDG
The scope of data protection is governed by law. In this case, that means the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as national legislation. In addition, the TDDDG supplements the GDPR provisions insofar as the use of cookies is concerned.
2.3 The Controller
The party responsible for data processing on this website is the controller within the meaning of the GDPR — i.e., the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data. You can reach the controller at:
White Label Advisory GmbH Shanghaiallee 9, 20457 Hamburg info@whitelabeladvisory.de
2.4 Data Protection Officer
We have appointed a data protection officer for our company. You can reach them at:
simply Legal GmbH Sebastian Schenk Burkarderstr. 36, 97082 Würzburg dpo@dieter-datenschutz.de
2.5 How Data Is Generally Processed on This Website
As already noted, certain data (e.g., IP address) is collected automatically. This data is primarily required for the technical provision of the website. To the extent we use personal data beyond this or collect other data, we will inform you accordingly or request your consent. Other personal data is shared with us consciously by you. Detailed information on this can be found below.
2.6 Your Rights
The GDPR grants you comprehensive rights. These include, for example, the right to free information about the origin, recipients, and purpose of your stored personal data. You may also request the correction, blocking, or deletion of this data, or lodge a complaint with the competent data protection supervisory authority. Any consent given may be withdrawn at any time. Details on these rights and how to exercise them can be found in the final section of this Privacy Policy.
2.7 Data Protection – Our View
For us, data protection is more than just an unwelcome obligation! Personal data has great value, and careful handling of such data should be a matter of course in our digitized world. You as a website visitor should also be able to decide for yourself what happens to your data, when, and by whom. We therefore commit to complying with all legal requirements, collecting only the data we need, and treating it with strict confidentiality.
2.8 Sharing and Deletion
The sharing and deletion of data are likewise important and sensitive matters. We therefore wish to briefly inform you of our general approach in advance. Data is only shared on a legal basis and only when this is unavoidable — in particular when dealing with a so-called processor and a data processing agreement pursuant to Art. 28 GDPR has been concluded. We delete your data when the purpose and legal basis for processing no longer apply and when no other legal obligations stand in the way of deletion. Art. 17 GDPR also provides a useful overview. For further information, please refer to this Privacy Policy and contact the controller with any specific questions.
2.9 Hosting
United Domains
Our website uses hosting and domain services provided by United Domains, operated by united-domains GmbH, headquartered in Starnberg, Germany, registered with the Munich District Court under HRB 294348. The service provides domain registration, domain management, DNS and email forwarding, and the connection of domains to external hosting providers. In the course of use, personal data is processed, including IP address, technical connection data (date, time, pages visited, browser information), tracking data (browser activity, clickstream, session heatmaps), contact information (e.g., email address or phone number, if provided), and where applicable, geographic location data. The purpose of processing is the provision and management of domains, ensuring operational security, and where applicable, communication with users, particularly in the context of administrative inquiries or support cases. The legal basis for data processing is Art. 6(1)(b) GDPR (contract performance or pre-contractual measures), Art. 6(1)(f) GDPR (legitimate interest in secure and reliable hosting), and, where technically non-essential cookies or tracking methods are used, Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG (consent). It cannot be ruled out that United Domains uses cookies in connection with analytics or tracking services; however, these are only activated following prior consent and may be revoked at any time. To the best of our current knowledge, no transfer of personal data to third countries outside the European Economic Area takes place. Personal data is deleted once the purpose of processing no longer applies, consent is withdrawn, or statutory retention periods expire. Further information can be found in the United Domains Privacy Policy: https://www.uniteddomains.com/service/privacy/
2.10 Legal Bases
The processing of personal data always requires a legal basis. Art. 6(1) sentence 1 GDPR provides for the following options:
a) The data subject has given consent to the processing of their personal data for one or more specific purposes;
b) Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract;
c) Processing is necessary for compliance with a legal obligation to which the controller is subject;
d) Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
In the sections below, we will indicate the specific legal basis applicable to each processing activity.
3. What Happens on Our Website
By visiting our website, we process personal data about you. To protect this data as effectively as possible against unauthorized access by third parties, we use SSL or TLS encryption. You can recognize this encrypted connection by the https:// or padlock symbol displayed in your browser's address bar. Below you will find details on what data is collected when you visit our website, for what purpose, and on what legal basis.
3.1 Data Collection When the Website Is Accessed
When the website is accessed, information is automatically stored in so-called server log files. This includes the following:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing device
- Time of the server request
- IP address
This data is temporarily required to display our website to you continuously and without issues. In particular, this data serves the following purposes:
- System security of the website
- System stability of the website
- Error correction on the website
- Establishing the connection to the website
- Display of the website
Processing is carried out pursuant to Art. 6(1)(f) GDPR and is based on our legitimate interest in processing this data — in particular our interest in the functionality and security of the website. This data is stored in pseudonymized form wherever possible and deleted once the respective purpose has been fulfilled. If the server log files allow identification of the data subject, the data is stored for a maximum of 14 days. An exception applies in the event of a security-relevant incident, in which case the server log files are retained until the incident has been resolved and fully investigated. No merging with other data takes place.
3.2 Cookies
3.2.1 General
This website uses so-called cookies — data records or pieces of information stored in your end device's browser that are associated with our website. The use of cookies can, in particular, make it easier for visitors to navigate the website. Our Cookie Consent Tool contains all information about the cookies we use on our website (where applicable, subject to your consent).
3.2.2 Rejecting Cookies
All cookies that are not technically necessary can be managed directly via our Cookie Consent Tool. You can also prevent cookies from being set by adjusting your browser settings. Relevant links for commonly used browsers:
- Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen
- Google Chrome: https://support.google.com/chrome/answer/95647
- Microsoft Edge: https://support.microsoft.com/de-de/windows/löschen-und-verwalten-von-cookies
- Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac
If you use a different browser, we recommend entering the name of your browser and "delete and manage cookies" into a search engine and following the official link for your browser. Alternatively, you can manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com. Please note, however, that a comprehensive blocking or deletion of cookies may impair your use of the website.
3.2.3 Technically Necessary Cookies
We use technically necessary cookies on this website to ensure our website functions correctly and in accordance with applicable laws. They help make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies. The legal basis for this is, depending on the individual case, Art. 6(1)(b), (c), and/or (f) GDPR.
3.2.4 Technically Non-Essential Cookies
We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the browsing behavior of website visitors or to offer functions that are not technically essential. The legal basis for this is your consent pursuant to Art. 6(1)(a) GDPR. Technically non-essential cookies are only set with your consent, which you can withdraw at any time in the Cookie Consent Tool.
3.3 Data Processing Through User Input
3.3.1 Our Own Data Collection
We offer the following service on our website: appointment booking. For this purpose, we collect the following data:
- Name
- Email address
- Phone number
The legal basis for this processing is Art. 6(1)(b) GDPR. The data is deleted as soon as the respective purpose no longer applies and deletion is permissible under statutory requirements.
3.3.2 Contact
a) Email
If you contact us by email, we process your email address and any other data contained in the email. This data is stored on the mail server and, in some cases, on the respective end devices. Depending on the matter, the legal basis is regularly Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR. The data is deleted as soon as the respective purpose no longer applies and deletion is permissible under statutory requirements.
b) Telephone
If you contact us by telephone, call data may be stored in pseudonymized form on the respective end device and with the telecommunications provider used. Personal data collected during the call is processed exclusively to handle your inquiry. Depending on the matter, the legal basis is regularly Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR. The data is deleted as soon as the respective purpose no longer applies and deletion is permissible under statutory requirements.
c) Contact Form — HubSpot
Our website uses the contact form provided by HubSpot, Inc., 1 Sir John Rogerson's Quay, Dublin 2, Ireland. The form is used for capturing and managing contact inquiries and supports integration with customer relationship management as well as the automation of marketing and sales processes. Data entered in the form is processed, including name, email address, phone number, company affiliation, and any additional information provided during contact. Technical data such as IP addresses and information collected via cookies about usage behavior is also processed. The processing serves the purpose of handling contact inquiries, preparing and conducting contract initiation, organizing customer relationship management, and tracking and following up on inquiries. The legal basis is Art. 6(1)(b) GDPR for (pre-)contractual measures, Art. 6(1)(f) GDPR based on the legitimate interest in efficient communication, and, where consent is required (e.g., for marketing purposes or cookie-based tracking), Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. HubSpot uses functional, analytics, and marketing cookies in connection with the form; these are only activated upon explicit consent and may be revoked at any time. A transfer of personal data to third countries, in particular the USA, may occur; HubSpot uses EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR as appropriate safeguards. Data is deleted once it is no longer required for the purposes for which it was collected, or if consent is withdrawn, unless statutory retention obligations prevent deletion. Further information: https://legal.hubspot.com/privacy-policy
d) Chat — HubSpot Chat
This website integrates the HubSpot Chat service provided by HubSpot, Inc., Two Canal Park, Cambridge, MA 02141, USA, for real-time communication and live chat functionality. The service enables website visitors to contact support or sales directly via a live chat widget, ask questions, exchange information, and, if required, schedule appointments or create support tickets. Personal data processed includes IP address, geographic location data, browser and device information, session and visit behavior, chat communication content, email addresses or other identifying information provided by the user, and any inputs in form fields during the chat. The purpose of processing is to provide low-threshold communication channels, simplify inquiries, and qualify and route incoming messages to optimize customer service. The legal basis is Art. 6(1)(b) GDPR for pre-contractual or contractual inquiries, and otherwise Art. 6(1)(f) GDPR based on the legitimate interest in effective visitor communication; for chat cookies, processing is based on Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG where consent is obtained. HubSpot Chat uses in particular functional cookies ("messagesUtk") to store interactions and chat histories; these are only set upon appropriate consent and serve exclusively for chat provision and history. The legal basis in this case is the declared consent. As HubSpot, Inc. is a US-based provider, a transfer of personal data to the USA cannot be excluded. According to HubSpot's own statements, appropriate safeguards such as EU Standard Contractual Clauses are used. Data is stored only for as long as necessary for communication, handling of the inquiry, and in accordance with statutory retention periods and any consent withdrawals; data in cookies is deleted according to the chosen storage duration or upon withdrawal of consent. Further information: https://legal.hubspot.com/privacy-policy
e) Chatbot — HubSpot Chatbot
We use the chatbot service provided by HubSpot, Inc., Two Canal Park, Cambridge, MA 02141, USA, for automated customer communication and lead generation on our website. The chatbot enables direct interaction with website visitors, answers inquiries, assists with navigation, qualifies prospective contacts, enables meeting bookings, and collects contact details for follow-up or lead nurturing. Data typically processed includes views of the chat widget, started conversations, responses to chatbot questions (such as name, email address, order number, feedback), contact details, meeting booking data, interaction data, and browser-related information. Processing is carried out for the purpose of providing customer service, qualifying leads, booking appointments, evaluating chatbot usage, and improving our digital customer service. The legal basis is generally Art. 6(1)(f) GDPR (legitimate interest in efficient communication and customer retention). Where active inquiries or appointment bookings are involved, processing is based on Art. 6(1)(b) GDPR. Where the service uses cookies or similar technologies, this is done on the basis of consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. HubSpot may use functional, analytics, and marketing cookies; these are only installed upon explicit consent. A transfer of personal data to the USA may occur. HubSpot uses EU Commission Standard Contractual Clauses as appropriate safeguards pursuant to Art. 46 GDPR. Data is deleted once no longer required for the purposes of processing, upon withdrawal of consent, or upon a deletion request under applicable law, unless longer statutory retention periods apply. Further information: https://legal.hubspot.com/privacy-policy
f) Appointment Scheduling Tool — HubSpot
We use HubSpot's appointment booking function on our website, a service of HubSpot, Inc., Two Canal Park, Cambridge, MA 02141, USA. HubSpot provides an integrated appointment scheduling platform that enables online appointment booking with automatic CRM logging. In the course of booking, personal data is processed including name, email address, any additional information entered by the person booking, IP address, browser information, and session and time data. The purpose of processing is to provide a convenient appointment booking experience, coordinate appointment requests, and manage and document them within the context of contract initiation or performance. The legal basis is Art. 6(1)(b) GDPR for appointments related to the initiation or fulfillment of contracts, and Art. 6(1)(f) GDPR based on our legitimate interest in efficient appointment management and customer communication. HubSpot uses functional cookies in the course of scheduling to provide the booking form and store session information; these cookies are only used with consent, with Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG serving as the legal basis. A transfer of data to the USA may occur. HubSpot uses EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR as appropriate safeguards. Data is deleted once the purpose of processing no longer applies, consent is withdrawn, or statutory retention periods expire. Further information: https://legal.hubspot.com/privacy-policy
3.4 Cookie Consent Tool — Cookiebot
We use the Cookiebot consent management service on our website for managing and documenting cookie consents, provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot enables the display of a customized consent banner, the automatic detection and categorization of all cookies used on the website, and blocks non-essential cookies and trackers until user consent is given. Data processed includes in particular users' consent preferences (e.g., acceptance or rejection for required, functional, statistics, and marketing cookies), the timing and status of consents given, technical metadata on cookies and trackers, and — where analytics functionality is enabled — anonymous usage data such as browser type, referrer information, timestamps, and random identifiers. The purpose of processing is the legally compliant capture, documentation, and management of cookie consents, as well as fulfillment of statutory transparency and documentation obligations regarding the use of cookies and other tracking technologies on this website. The legal basis for the processing of personal data in connection with Cookiebot is Art. 6(1)(c) GDPR for compliance with legal obligations in the context of consent management, and Art. 6(1)(f) GDPR based on the legitimate interest in a demonstrably data-protection-compliant website design. The storage and evaluation of cookie consents using technically non-essential cookies takes place exclusively on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG, which may be withdrawn at any time. Cookiebot uses both technically necessary cookies for consent management and — depending on the user's choice — optional cookies for analytics and marketing purposes. The specific cookie types and their durations are transparently listed in the cookie banner and can be viewed at any time. Cookiebot does not transfer data to third countries, as processing takes place within the European Union. Personal data related to consent is stored for as long as necessary to document the consent or as required by statutory retention obligations. Personal data is deleted at the latest once the purpose of processing no longer applies or consent is withdrawn, provided no statutory retention obligations prevent deletion. Further information: https://www.cookiebot.com/en/privacy-policy/
3.5 Website Builder System — HubSpot
We use HubSpot's website building system on our website, operated by HubSpot Ireland Limited, HubSpot House, One Sir John Rogerson's Quay, Dublin 2, Ireland. HubSpot enables the creation and management of websites, the integration of forms, landing pages, live chat, and analytical evaluations for website optimization, as well as the integration of marketing, CRM, and sales functions. In the course of use, IP addresses, visited page information (page paths), cookie consent status, website activity data, form-submitted data, and browser identification characteristics are processed. The purpose is the technical provision, optimization, and delivery of website content, as well as the capture of website interactions for marketing and analytics purposes, including lead generation and customer communication. The legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG where consent has been given via the cookie banner; otherwise Art. 6(1)(f) GDPR for the technically necessary provision and analysis of website functions. HubSpot uses various cookies, including functional cookies for website functionality as well as analytics and marketing cookies for evaluation and marketing purposes; analytics and marketing cookies are only set upon explicit consent, with Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG as the legal basis. A transfer of personal data to countries outside the European Economic Area, in particular the USA, may occur. HubSpot uses EU Commission-approved Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR as appropriate safeguards. Data is stored and deleted once it is no longer required for its processing purposes, upon withdrawal of consent, or after expiry of statutory retention periods. Further information: https://legal.hubspot.com/privacy-policy
3.6 Newsletter — Brevo (formerly Sendinblue)
Our website uses the services of Brevo (formerly Sendinblue), provided by Sendinblue (Brevo), 17 rue Salneuve, 75017 Paris, France, for the sending of newsletters and the management of recipient data. Brevo enables the creation, management, and sending of newsletters and automated email marketing campaigns, the segmentation of contact lists, the management of sign-ups via web forms, and the implementation of marketing automations. Data processed includes in particular email addresses, form submission data (such as name or individual preferences), consent indicators (opt-in status), and campaign-related information. Processing is carried out for the purpose of sending newsletters, maintaining and segmenting recipient lists, and implementing marketing automations. The legal basis is generally Art. 6(1)(a) GDPR (consent for newsletter subscription) and, for purely administrative processing within existing contractual relationships, Art. 6(1)(b) GDPR; § 25(1) TDDDG additionally applies in the case of functional or analytics cookies. Where Brevo sets cookies in connection with web forms or integrated marketing functions, this occurs exclusively on the basis of prior consent, which may be withdrawn at any time. Cookies used include in particular functional cookies and, depending on the integration, potentially analytics or marketing cookies. Processing of personal data by Brevo takes place exclusively within the European Union; no transfer to third countries occurs. Data is deleted once no longer required for the processing purpose or upon withdrawal of consent, unless statutory retention obligations prevent deletion. Further information: https://www.brevo.com/legal/privacypolicy/
Brevo (second instance)
Features of Brevo (formerly Sendinblue), a service for newsletter management and marketing automation by Sendinblue SAS, 7 Rue de Madrid, 75008 Paris, France, are used on our website. Brevo enables the sending of newsletters, the management of contact and registration data, the tracking of user interactions (e.g., email opens and clicks), the automation of email campaigns, and the synchronization of CRM data. Personal data processed includes in particular email addresses, contact details entered by users via forms (such as name or interests), and interaction data (e.g., email open rates and click rates). Processing serves the sending and analysis of newsletters, the management and segmentation of contacts, and the optimization of marketing activities. The legal basis is generally Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG upon prior consent; Art. 6(1)(b) GDPR may additionally apply in the context of existing business relationships. Where Brevo uses cookies or comparable technologies (such as tracking pixels), this occurs exclusively on the basis of consent; the type, purpose, and storage duration of cookies are specifically described in the consent banner. No transfer of personal data to third countries takes place, as data is processed on servers within the European Union. Data is deleted once the processing purpose no longer applies, consent is withdrawn, or statutory retention obligations expire. Further information: https://www.brevo.com/legal/privacypolicy/
3.7 Analytics and Tracking Tools
Google Ads
Our website uses Google Ads, an online advertising service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the placement, management, and analysis of advertisements. Google Ads enables targeted advertising based on usage data, the measurement of advertising reach, and the provision of conversion and remarketing functions. Depending on the integration, personal data processed may include IP address, browser and device type, pages visited and URLs, click data, location data (where available), conversion and engagement information (e.g., purchases, completed forms), and contact information pseudonymized by hashing when using Enhanced Conversions. Processing serves the efficient management of advertising campaigns, the measurement of ad performance (conversion tracking), re-targeting of website visitors (remarketing), analysis of user behavior in relation to ads, and optimization of ad delivery. The legal basis is generally consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG where cookies or similar recognition technologies are used; in individual cases, Art. 6(1)(f) GDPR may apply where there is a legitimate interest in efficient marketing and consent is not mandatory. Google Ads uses cookies and similar technologies to evaluate usage behavior, measure conversions, and create target groups; where analytics, conversion, and marketing cookies are involved, these are only set upon active consent by website visitors pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. A transfer of data to third countries, in particular the USA, cannot be excluded; Google uses EU Standard Contractual Clauses as appropriate safeguards pursuant to Art. 46 GDPR. Personal data is stored for as long as necessary for the stated purposes or until consent is withdrawn; statutory retention obligations remain unaffected, with deletion occurring after their expiry. Further information: https://policies.google.com/privacy
YouTube
This website integrates the YouTube service for analytics and tracking purposes, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The service enables analysis of user interaction with YouTube videos on the website — such as playing, pausing, and video progress — to understand user behavior and measure video content performance. Data typically processed includes IP address, browser and device information, video interaction data (play, pause, progress, completion), referrer URL, screen settings, language settings, and video metadata such as title and URL. Processing serves the purposes of reach measurement, optimization of video content, analysis of video interaction, and measurement of marketing success. The legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG (for access to device information and cookie placement) where consent has been given; in the absence of consent, processing is based on our legitimate interest in analytics and optimization pursuant to Art. 6(1)(f) GDPR. In connection with video embedding, YouTube may set analytics, functional, and marketing cookies; these are only used with prior explicit consent. The embedding of YouTube may result in a transfer of personal data to third countries, in particular to Google LLC servers in the USA. Google states it uses EU Commission Standard Contractual Clauses as appropriate safeguards for such transfers. Data is deleted once the processing purpose no longer applies or consent is withdrawn, provided no statutory retention obligations prevent deletion. Further information: https://policies.google.com/privacy
Google Maps
Our website uses the Google Maps mapping service to display interactive maps and show locations and route planning. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps enables the integration of maps on which locations can be displayed and interactive features such as zooming, route planning, and searching for local providers can be used. Personal data processed includes IP address, location data (where permitted), browser and device information, search queries entered, and interaction data (e.g., clicked locations). Processing serves the user-friendly provision of location information, facilitating access routes, and improving the functionality of our online offering. The legal basis is generally consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG where device information is accessed, and otherwise Art. 6(1)(f) GDPR based on the legitimate interest in need-based display of locations and user-friendly navigation. Google Maps regularly uses analytics, functional, and where applicable marketing cookies; non-essential cookies are only set upon prior consent, which may be withdrawn at any time. A transfer of personal data to third countries such as the USA cannot be excluded. Google regularly uses EU Commission Standard Contractual Clauses as an appropriate safeguard pursuant to Art. 46 GDPR. Data is deleted once no longer required for the respective purposes or upon withdrawal of consent, provided no statutory retention obligations prevent deletion. Further information: https://policies.google.com/privacy
Brevo (Analytics/Tracking)
Brevo is also used on our website for analytics and tracking purposes. Brevo is a service of Sendinblue SAS, 17 rue Salneuve, 75017 Paris, France. Brevo enables the recording of visitor behavior on the website, tracking of interactions with marketing campaigns (such as email opens, clicks, or conversions), and the integration of website and e-commerce analytics for evaluating user activity and campaign performance. Brevo typically processes IP addresses, browser type and version, operating system, referrer and exit URLs, cookie information, and — where provided via forms or tracking pixels — also contact data. Processing serves the optimization of marketing activities, analysis of usage behavior, measurement of campaign success, and business evaluation of sales and website performance. The legal basis is Art. 6(1)(a) GDPR and § 25(1) TDDDG where consent has been given for cookie placement or comparable technologies; otherwise, processing is based on Art. 6(1)(f) GDPR based on the legitimate interest in website analytics, optimization, and commercial operation. Brevo uses analytics and tracking cookies that are only activated upon prior consent, which may be withdrawn at any time with future effect. Personal data is generally processed within the European Union; no transfer to third countries takes place. Data is deleted once no longer required for the stated purposes or upon withdrawal of consent, unless statutory retention obligations prevent deletion. Further information: https://www.brevo.com/legal/privacypolicy/
LinkedIn Insight Tag
Our website uses the LinkedIn Insight Tag, an analytics and tracking service of LinkedIn Ireland Unlimited Company, Gardner House, 2 Wilton Place, Dublin 2, Ireland. The LinkedIn Insight Tag enables analysis of website visits, measurement of conversions, and the creation of target audiences for LinkedIn advertising campaigns. The service typically collects IP address, device type, operating system, referral source, referrer domain, visited URLs, timestamps, page views, form submissions, and — where visitors are LinkedIn members — information such as job title, company, and industry. Processing serves the purposes of web analytics, measurement of advertising effectiveness, audience building, and retargeting. The legal basis for the use of the LinkedIn Insight Tag is consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG where information is stored on the end device or already stored information is accessed (e.g., cookies). In the absence of consent, no processing takes place. The service uses cookies that serve both website usage analysis and marketing purposes through targeted advertising on external platforms; these cookies are only set upon explicit consent. A transfer of personal data to third countries such as the USA is possible. LinkedIn uses EU Commission-approved Standard Contractual Clauses as appropriate safeguards pursuant to Art. 46 GDPR. Data is generally deleted once no longer required for the stated purposes or upon withdrawal of consent, unless statutory retention obligations prevent deletion. Further information: https://www.linkedin.com/legal/privacy-policy
Google Tag Manager
Our website uses the Google Tag Manager service, operated by Google Ireland Limited, Google Building, 4th Floor, 70 Sir John Rogerson's Quay, Dublin 2, Ireland (D02 X576). Google Tag Manager enables various tracking and marketing scripts (so-called "tags") to be centrally managed and integrated into the website without requiring changes to the source code. The service itself does not use tracking mechanisms but forwards data streams to the integrated third-party tags. Data typically processed via Google Tag Manager includes all personal data transmitted through configured tagging, such as IP address, user interaction data (e.g., clicks, page views, form submissions), technical information about the browser or device, and where applicable, tracking IDs, geographic location data, and e-commerce information. The scope depends on the respective tag configuration and the individual third-party tags. The purpose is the efficient management and delivery of analytics and marketing tags, evaluation of user behavior, and optimization of the online offering. The legal basis is Art. 6(1)(f) GDPR based on the legitimate interest in technically secure, efficient, and cost-effective provision of analytics and marketing services. Where tracking or marketing tags are set with consent, this is based on Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Google Tag Manager itself does not set cookies but can control the triggering of cookies by integrated third-party tags. Which cookies are set in individual cases depends on the respective tag configuration; further details are provided in the relevant sections of this Privacy Policy. A transfer of personal data through Google Tag Manager to third countries, in particular the USA, may occur via downstream integrated third-party tags. Google provides appropriate safeguards pursuant to Art. 46 GDPR for its own processing, in particular the use of EU Standard Contractual Clauses. Data captured via the tag is deleted once the respective processing purpose no longer applies, consent is withdrawn, or statutory retention obligations permit deletion. Storage periods for integrated third-party services may differ and can be found in their respective privacy policies. Further information: https://policies.google.com/privacy
Google Analytics
We use the Google Analytics service on our website to evaluate visitor behavior and optimize our online offering. Google Analytics is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics collects and analyzes information about user interaction with our website, including page views, time spent, clicks, navigation, geographic origin (at city and state level), devices and browsers used, and traffic sources. Technical identifiers such as anonymized IP address, cookie IDs, client IDs, or user IDs are also processed. Where enabled, demographic characteristics and interests may also be included. Processing serves the purposes of reach measurement, analysis of user behavior, website improvement, and evaluation of marketing success. The legal basis is consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Processing only begins after active consent by website visitors. Google Analytics uses cookies stored on the end device. These are analytics cookies whose use is exclusively based on consent. A transfer of personal data to third countries (e.g., the USA) cannot be excluded. Where data is processed outside the EU/EEA, Google uses EU Commission-approved Standard Contractual Clauses as safeguards for compliance with European data protection standards. Google Analytics retention periods can be configured and default to 2 to 14 months. Data is deleted once no longer required for processing purposes or upon withdrawal of consent, provided no statutory retention obligation prevents this. Further information: https://policies.google.com/privacy
3.8 Social Media Plugins
Functions and content of the social network LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, D02 AD98, Ireland, are integrated into this website. LinkedIn enables the integration of social media content such as share buttons, embedded profiles, and direct access to network functions such as sharing, following, or logging in via LinkedIn. Personal data processed includes IP address, browser and device data, referrer URL, timestamps, interaction details (e.g., clicks, shares), LinkedIn profile information (for logged-in users, e.g., member ID and profile details), and cookies and tracking IDs. The purpose of processing is the integration and functionality of social media elements, improving reach, analyzing user behavior, targeted advertising, and professional networking. The legal basis for integration and analytics is generally Art. 6(1)(f) GDPR based on the legitimate interest in efficient information sharing and external presentation. Where personal data is processed for tracking, reach analysis, or marketing cookies, this is based on consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. LinkedIn uses various types of cookies, including functional cookies for the provision of embedded services, analytics cookies for reach measurement, and marketing cookies for displaying personalized ads. These cookies are only activated upon consent and may be withdrawn at any time. A transfer of personal data to third countries, in particular the USA, cannot be excluded; LinkedIn uses EU Standard Contractual Clauses pursuant to Art. 46 GDPR as appropriate safeguards. Personal data is deleted once no longer required for its processing purposes, upon withdrawal of consent, or when no statutory retention obligations remain. Further information: https://www.linkedin.com/legal/privacy-policy
YouTube
Video content via the YouTube service, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is integrated into this website. YouTube enables the display of videos directly on the website, allowing multimedia content to be provided for information and entertainment and enhancing user engagement. Personal data regularly processed includes IP address, browser and device information, usage data such as playback and interaction behavior, and where applicable, account-related data if users are logged into a Google or YouTube account during use. Processing serves the purpose of providing video content, making the website more engaging, increasing reach, and encouraging interaction. The legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG where consent has been given for the use of cookies and comparable technologies. Without consent, no embedding or transfer of personal data to YouTube takes place. YouTube uses cookies and similar technologies in connection with video embedding for analytics, functional, and marketing purposes; these are only set upon explicit user consent. Use of YouTube may result in a transfer of personal data to Google LLC companies in the USA; in this case, the transfer is based on EU Commission Standard Contractual Clauses as appropriate safeguards pursuant to Art. 46(2)(c) GDPR. Personal data is deleted once no longer required for processing purposes or upon withdrawal of consent, provided no statutory retention obligations prevent this. Further information: https://policies.google.com/privacy
3.9 Social Media Profiles
In addition to our website, our company is also present on social networks. We wish to present our company there and create opportunities to get in touch with us. We also use the option to place advertisements and job postings on social media. Below we provide information on what data we and the respective social network process when our profile is visited and when interactions occur.
We operate a LinkedIn profile at https://www.linkedin.com/. This social network is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Interaction with our company profile
When visiting our LinkedIn profile and interacting with us through it, we process personal data — both publicly available profile data and personal data contained in posts, comments, or direct messages sent to us. Through interactions such as liking or sharing, we can view the user profile with its public information. The legal basis is Art. 6(1)(f) GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our LinkedIn profile. Where an inquiry is related to the performance of a contract or is necessary for pre-contractual measures, our processing is based on Art. 6(1)(b) GDPR.
Page Insights
LinkedIn provides us with aggregated statistics and insights (so-called Page Insights) that give us information about how people interact with our company page. We receive information such as the number of profiles viewing, commenting on, or otherwise engaging with our posts, as well as aggregated demographic and other information that helps us understand engagement with our page. Page Insights provided by LinkedIn consist of aggregated data; LinkedIn does not provide us with personal data of members in relation to Page Insights, nor can we link Page Insights to individual members. When running advertisements, LinkedIn provides us with information about the types of people who see our ads and the performance of our ads. Personal data is only shared with us where the individual has consented to such processing. LinkedIn also provides us with information enabling us to understand which of our ads led to a purchase or an action. The purpose of this processing is to analyze our reach and adapt our content and ads to user interests. The legal basis is our legitimate interest pursuant to Art. 6(1)(1)(f) GDPR. For the processing of personal data in connection with Page Insights, processing takes place under joint controllership with LinkedIn pursuant to Art. 26(1) GDPR. We have concluded a corresponding agreement with LinkedIn, which can be accessed here. LinkedIn's contact details: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. You can contact LinkedIn's data protection officer at: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
Processing by LinkedIn
By visiting our company profile, LinkedIn may also process personal data beyond the above. In this case, processing takes place under the sole responsibility of LinkedIn and without our knowledge. Further information from LinkedIn: https://de.linkedin.com/legal/privacy-policy.
We operate a Facebook fan page at https://www.facebook.com/. This social network is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Interaction with our company profile
When visiting our Facebook profile and interacting with us through it, we process personal data — both publicly available profile data and personal data contained in posts, comments, or direct messages. Through interactions such as liking or sharing, we can view the user profile with its public information. The legal basis is Art. 6(1)(f) GDPR. Where an inquiry is related to the performance of a contract or is necessary for pre-contractual measures, our processing is based on Art. 6(1)(b) GDPR.
Page Insights
As described in Meta's Privacy Policy under "How do we use your information?", Meta collects and uses information to provide analytics services, so-called Page Insights, to page operators. This also applies to our Facebook page. Page Insights are aggregated statistics created based on certain interactions of visitors with pages and their associated content (e.g., viewing a page or video, subscribing to a page, liking or unliking a page, etc.) and logged by Meta's servers. Meta provides us with aggregated statistics and insights related to Page Insights, informing us about how people interact with our company page. We do not have access to personal data but only to aggregated Page Insights. We cannot link Page Insights to individual members. We can view anonymous statistics such as reach, page views, and likes, including breakdowns by age, gender, and location as provided by users in their Facebook profiles. For the processing of personal data in connection with Page Insights, processing takes place under joint controllership with Facebook pursuant to Art. 26(1) GDPR. We have concluded a corresponding agreement with Facebook, which can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum. Facebook's contact details: Online contact: https://www.facebook.com/help/contact/1650115808681298. Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland. You can contact Facebook's data protection officer at: https://www.facebook.com/help/contact/540977946302970. Further information on Page Insights: https://de-de.facebook.com/legal/terms/page_cntroller_addendum
Processing of personal data and cookies by Meta
When accessing a Facebook page, the IP address assigned to the end device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for "German" IP addresses). Facebook also stores information about the end devices of its users (e.g., in connection with the "Login Notification" function); Facebook may therefore be able to assign IP addresses to individual users. Anyone currently logged into Facebook has a cookie with a Facebook identifier on their end device, enabling Facebook to track who visited the page and how it was used. Through Facebook buttons embedded in websites, Facebook can record visits to those websites and link them to Facebook profiles, enabling personalized content or advertising. Information on how personal data can be managed or deleted can be found in Facebook's Privacy Center: https://www.facebook.com/privacy/center/. Further information on Facebook's data handling: http://de-de.facebook.com/about/privacy.
We operate an Instagram profile. This social media platform is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Interaction with our company profile
When visiting our Instagram profile and interacting with us through it, we process personal data — both publicly available profile data and personal data contained in posts, comments, or direct messages. Through interactions such as liking or sharing, we can view the user profile with its public information. The legal basis is Art. 6(1)(f) GDPR. Where an inquiry is related to the performance of a contract or is necessary for pre-contractual measures, our processing is based on Art. 6(1)(b) GDPR.
Insights
As described in Meta's Privacy Policy under "How do we use your information?", Meta collects and uses information to provide analytics services, so-called Insights, for page operators. This also applies to our Instagram profile. Insights are aggregated statistics created based on certain interactions of visitors with pages and their associated content, logged by Meta's servers. Meta provides us with aggregated reports informing us about how well our content, features, products, and services are performing. We do not have access to personal data but only to aggregated reports. The processing is based on our legitimate interest pursuant to Art. 6(1)(1)(f) GDPR. For the processing of personal data in connection with Insights, processing takes place under joint controllership with Meta pursuant to Art. 26(1) GDPR. We have concluded a corresponding agreement with Meta, which can be viewed here. Meta's contact details: Online contact: https://www.facebook.com/help/contact/1650115808681298. Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland. You can contact Instagram's data protection officer at: https://www.facebook.com/help/contact/540977946302970. Further information on Insights: https://de-de.facebook.com/help/pages/insights. Instagram's complete Privacy Policy: https://privacycenter.instagram.com/policy/
Processing of personal data and cookies by Meta
When accessing an Instagram page, the IP address assigned to the end device is transmitted to Meta. According to Meta, this IP address is anonymized (for "German" IP addresses). Meta also stores information about the end devices of its users (e.g., in connection with the "Login Notification" function). If you are currently logged into Instagram, a cookie with your Instagram identifier is stored on your end device, enabling Meta to track who visited and used the page. Through Meta buttons embedded in websites, Meta can record your visits to those websites and link them to your Instagram profile, enabling personalized content or advertising. Further information: https://privacycenter.instagram.com/policy/
We operate a Xing page. This social media platform is provided by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
Interaction with our company profile
When visiting our Xing profile and interacting with us through it, we process personal data — both publicly available profile data and personal data contained in posts, comments, or direct messages. Through interactions such as liking or sharing, we can view the user profile with its public information. Users may also contact us as the operator via the contact details provided. If users are logged into their XING account when accessing the company page, information about the access may be linked to the respective user account and made available to us as the operator. This can be avoided by logging out of the XING user account before accessing the company page. The legal basis is Art. 6(1)(f) GDPR. Where an inquiry is related to the performance of a contract or is necessary for pre-contractual measures, our processing is based on Art. 6(1)(b) GDPR.
Processing of personal data and cookies by Xing
When using and accessing our company profile, Xing also processes personal data under its sole responsibility. We have no influence over this processing. Xing's Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung
Google Business Profile
We maintain a Google Business Profile. In doing so, we use the information service and services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Data processing by Google
The Google page and its functions are used under our own responsibility. This applies in particular to the use of social and interactive functions (e.g., commenting, sharing, rating, direct messages). When visiting and interacting with our Google Business Profile, Google also collects your IP address and other information present in the form of cookies on your end device. Google may therefore be able to assign IP addresses to individual users or accounts. This information is used to provide us as operators with statistical information about the use of Google services. Data collected in this context is processed by Google and may be transferred to countries outside the European Union. If you contact us via our Google Business Profile or other Google services by direct message, we cannot exclude the possibility that these messages may also be read and analyzed by Google (both by employees and automatically). We therefore advise against sharing personal data there and recommend switching to another form of communication as early as possible. Further information: https://policies.google.com/privacy.
Data processing by us
As operators of our Google Business Profile, we do not collect or process any further data from the use of this offering. Upon contact or submission of a review, we process publicly available profile data and the content of the review or comment. The legal basis is Art. 6(1)(f) GDPR.
3.9.1 Threads
We also use the functions of Threads. Data collected through the use of the service, including IP address, application used, device information, pages visited, location, and mobile network operator, is processed by Meta Platform, Inc. as described above. This data may also be transferred to countries outside the European Union. Data collected is linked to the Threads account or profile. We have no control over the specifics of the data processed by Threads, including its processing, use, or sharing with third parties. Further information: https://help.instagram.com/769983657850450/?helpref=uf_share https://privacycenter.instagram.com/policy
3.10 Third-Party Content
involve.me
We embed interactive content from involve.me on our website, a service of stereosense GmbH, Gußhausstraße 15/8, 1040 Vienna, Austria. involve.me enables the integration of custom forms, quizzes, surveys, calculators, competitions, and lead generation pages to actively engage website visitors, generate leads, and enable personalized user interactions. The service processes in particular data entered by users in forms, including salutation, first name, last name, gender, date of birth, organization name, position, address, postal code, city, state, country, phone number, mobile number, fax, website, social media profiles (Facebook, X, Instagram, LinkedIn), email address, and where applicable, newsletter sign-up details. Processing is carried out for the purpose of interacting with website visitors, lead generation, conducting surveys, prize draws and product finder campaigns, and automating personalized responses. The legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG where consent has been given for processing and any tracking or marketing purposes (e.g., via cookies or analytics); otherwise, processing of functional data is based on Art. 6(1)(f) GDPR on the basis of a legitimate interest in a modern, interactive website design. involve.me may use functional, analytics, and marketing cookies; such cookies are only used upon prior consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. To the best of our current knowledge, no transfer of personal data to third countries outside the EU takes place; processing occurs within the European Union. Data is deleted once no longer required for the stated purposes, upon withdrawal of consent, or upon expiry of statutory retention periods. Further information: https://www.involve.me/privacy
3.11 Audio and Video Conferencing
Zoom
Our website uses the video conferencing and communication service Zoom, provided by Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA, with services for European users provided via regional subsidiaries such as ZVC Germany, ZVC Netherlands, or ZVC UK. Zoom enables audio and video conferences, webinars, live chats, screen sharing, and online meetings directly via the website. Data typically processed includes IP addresses, account information, session and meeting data, webinar registration information, engagement data (e.g., recordings, transcripts), and interaction data such as chat messages, shared files, or technical usage information. Processing serves the provision and management of online meetings, interactive communication, and the conduct and evaluation of digital events. The legal basis is generally Art. 6(1)(b) GDPR (performance of (pre-)contractual measures), and for support or administrative processes as well as analytics Art. 6(1)(f) GDPR (legitimate interest in efficient communication and IT security). Depending on the integration, Zoom uses functional session management cookies and potentially analytics or marketing cookies; analytics and marketing cookies are only used with consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Functional cookies are required for operation and are used pursuant to Art. 6(1)(f) GDPR in conjunction with § 25(2) TDDDG. A transfer of personal data to third countries, in particular the USA, takes place; Zoom uses EU Standard Contractual Clauses as appropriate safeguards pursuant to Art. 46(2)(c) GDPR. Storage duration depends on the respective purpose; data is deleted or blocked after the processing purpose ceases, upon withdrawal or objection, and after expiry of statutory retention periods. Further information: https://www.zoom.com/en/trust/privacy/privacy-statement/
Microsoft Teams
We integrate Microsoft Teams, provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, on our website to provide audio and video conferencing as well as chat and collaboration functions. Microsoft Teams enables the conduct and participation in online meetings, video conferences, and chats directly via the browser, the integration of appointments, shared file access, and real-time communication. Data typically processed includes profile information (e.g., name, email address, profile picture), communication content (chat messages, meeting content, shared files, recordings, transcripts), device and connection data (e.g., app version, device type, country code), usage data (usage behavior, interaction details), optionally location data, and where activated, media content (images, video recordings within meetings). The purpose of processing is the provision, conduct, and follow-up of online meetings as well as enabling efficient team communication and collaboration. The legal basis is Art. 6(1)(b) GDPR where use occurs in the context of (pre-)contractual measures, and Art. 6(1)(f) GDPR to protect the legitimate interest in a modern, efficient communication and collaboration platform. Where Microsoft Teams sets cookies for functionality, this generally occurs only with consent, which may be withdrawn at any time; the legal basis is Art. 6(1)(a) GDPR and § 25(1) TDDDG. A transfer of data to third countries, in particular the USA, may occur in connection with support, maintenance, or sub-processing; Microsoft uses EU Standard Contractual Clauses as appropriate safeguards pursuant to Art. 46 GDPR. Data is deleted once the processing purpose no longer applies, upon withdrawal of consent, or after expiry of statutory retention periods. Further information: https://privacy.microsoft.com/en-us/privacystatement
3.12 CRM Systems — HubSpot CRM
We use the HubSpot CRM system, a service of HubSpot Inc., 25 Street, Cambridge, MA 02141, USA. CRM (Customer Relationship Management) is a system for managing all interactions and relationships between a company and its current and prospective customers. It supports the automation and optimization of sales processes, marketing campaigns, customer service, and customer communication. When we collect personal data from you on our website, it is processed in the HubSpot CRM system. The legal basis is Art. 6(1)(b) GDPR. Processing is carried out for the performance of (pre-)contractual obligations. HubSpot is certified under the EU-U.S. Data Privacy Framework; EU Commission Standard Contractual Clauses (SCCs) otherwise apply. Further information: https://legal.hubspot.com/de/privacy-policy
3.13 Cloud Backups
AWS Backup
We use the AWS Backup service of Amazon Web Services, Inc., 410 Terry Ave North, Seattle, WA 98109-5210, USA, on our website for automated backup and restoration of data in our cloud infrastructure. The service enables the centralized and automated creation, retention, and restoration of backups for various AWS resources such as EC2 instances, EBS volumes, S3 buckets, RDS databases, EFS file systems, and DynamoDB tables used to operate our website. Data processed includes data from the cloud resources specified in the backup configuration, as well as metadata relating to backup processes (e.g., timestamps, resource IDs, status messages) and access and management data (e.g., IAM roles and permissions). The purpose of processing is resilience, system recovery in the event of a disaster, compliance with legal and business archiving obligations, and prevention of data loss. The legal basis is Art. 6(1)(f) GDPR based on the legitimate interest in data security and business continuity, or Art. 6(1)(b) GDPR where contractual necessity applies in individual cases. AWS Backup does not use cookies in connection with this functionality, as the service is not integrated into user interaction on the website but operates exclusively server-side for backup purposes. A transfer of data to third countries, in particular the USA, may occur in certain cases; Amazon Web Services relies on EU Standard Contractual Clauses as appropriate safeguards pursuant to Art. 46 GDPR. Data is deleted once the backup purpose no longer applies, a retention period expires, or upon request by the website operator, provided no statutory retention obligations prevent deletion. Further information: https://aws.amazon.com/privacy/
Microsoft Azure
We use Microsoft Azure services, provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA, on our website for backup and cloud storage purposes. Microsoft Azure provides cloud infrastructure enabling data storage and backup to protect against data loss, restoration, and secure management. In connection with the use of Microsoft Azure, IP addresses, authentication and access data (e.g., via Azure Active Directory), transmitted content data, upload content (e.g., backup files), and technical information such as browser and device data may be processed. The purpose is to secure and provide backups, restore the website in the event of data loss, and comply with business and IT security requirements. The legal basis is Art. 6(1)(f) GDPR based on our legitimate interest in secure and reliable data management, and where applicable Art. 6(1)(b) GDPR where processing is necessary for contract performance. The Azure backup service does not set cookies on our website. A transfer of data to the USA may occur. Microsoft uses EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR as appropriate safeguards. Data is retained by Microsoft for as long as necessary to fulfill the purpose and then deleted in accordance with statutory retention periods or upon withdrawal or cessation of purpose. Further information: https://www.microsoft.com/en-us/privacy/privacystatement
OneDrive
The Microsoft OneDrive cloud storage service, operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA, is integrated into our website. OneDrive enables the storage, synchronization, sharing, and collaborative editing and management of files and documents in real time. Data processed includes in particular contents and metadata of stored files (such as file names, file types, version histories), user and sharing data (who accessed or edited which file and when), activities relating to files (uploading, editing, sharing), and where applicable, structured data from uploaded forms or worksheets. Processing serves centralized file storage, smooth collaboration, document management, and ensuring access controls and traceability. The legal basis is Art. 6(1)(f) GDPR based on the legitimate interest in efficient teamwork, secure data management, and simplified file sharing; where files are provided or shared within a contractual relationship, Art. 6(1)(b) GDPR may additionally apply. Where cookies are set in connection with the integration, this occurs only for functionality and security; these technically necessary cookies fall under Art. 6(1)(f) GDPR and § 25(2) TDDDG; no further cookie use (e.g., for analytics) occurs via the OneDrive integration. A transfer of personal data to the USA takes place; EU Commission Standard Contractual Clauses are used as appropriate safeguards pursuant to Art. 46 GDPR, supplemented by additional technical and organizational security measures. Storage lasts for the duration of use, until files or accounts are deleted, or upon user request, provided no statutory retention obligations prevent deletion. Further information: https://www.microsoft.com/en-us/privacy/privacystatement
Vercel
We use the cloud hosting and deployment service Vercel on our website, operated by Vercel Inc., San Francisco, California, United States. Vercel enables the hosting and automated deployment of web applications as well as serverless functions and real-time analytics services. In connection with use, Vercel processes IP addresses, approximate location (city and country, derived from IP address), end device information (device type, browser, operating system), accessed page URLs (without query parameters), referrer information, hostnames, traffic data (page views, clicks, timestamps), UTM parameters (for Plus/Enterprise users), a daily pseudonymized visitor hash, web performance metrics, and other system-related information. Processing serves secure and high-performance hosting, monitoring of website performance, and ensuring the functionality of the web offering. The legal basis is Art. 6(1)(f) GDPR based on the legitimate interest in secure and efficient provision and analysis of the web offering. Vercel does not set cookies requiring consent but processes the aforementioned data for technical provision and statistical evaluation on the basis of legitimate interest. A transfer of personal data to the USA as a third country may occur; EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are used as appropriate safeguards. Storage duration depends on the respective processing purpose; personal data is deleted once no longer required for its purpose or upon expiry of a statutory retention period. Further information: https://vercel.com/legal/privacy-policy
Bubble.io
The Bubble.io service, operated by Bubble Group, Inc., 22 W 21st Street, 2nd Floor, New York, NY 10010, USA, is used on this website for cloud backup and web hosting functions. Bubble.io enables the creation, deployment, and management of web applications as well as the storage and backup of application data in the cloud. Data processed in connection with use includes in particular session IDs, session signatures, temporary user identifiers (including for non-logged-in visitors via cookies), and — where configured — form content, user-generated data, browser information, and interaction data. Processing serves the provision and backup of the respective web application, backup functionality, and the stability and security of the website. The legal basis is Art. 6(1)(b) GDPR where contractual or pre-contractual measures are involved, and Art. 6(1)(f) GDPR based on the legitimate interest in the technical and organizational security of data and ensuring website functionality; where consent is obtained for optional cookies or additional functions, processing is based on Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Bubble.io uses essential cookies, including functional cookies for session management and temporary storage of user information. Analytics or marketing cookies are only set upon consent and may be withdrawn at any time. Essential cookies are used on the basis of Art. 6(1)(f) GDPR and § 25(2)(2) TDDDG. A transfer of personal data to the USA takes place; EU Commission Standard Contractual Clauses are used as appropriate safeguards. Data is generally deleted once the purpose of processing no longer applies, consent is withdrawn, or no statutory retention obligations prevent deletion. Further information: https://bubble.io/privacy
GitHub
We use the GitHub cloud backup and hosting service on our website, operated by GitHub Germany GmbH, Berlin, Germany (Charlottenburg District Court, HRB 229086 B). GitHub provides version control and source code backup, repository management, cloud backup functions, and static hosting (e.g., GitHub Pages). Data typically processed in connection with use includes IP addresses, browser and device information, visited pages and repositories, interaction events (such as clicks on repository widgets), GitHub usernames and where applicable profile data (upon authentication), and referrer information. Processing serves the backup and versioning of project files as part of cloud backup, provision of hosting and integration functions, and analysis and improvement of the offering. The legal basis is Art. 6(1)(f) GDPR based on the legitimate interest in efficient management and backup of digital projects, and Art. 6(1)(b) GDPR where (pre-)contractual obligations are fulfilled. GitHub may set functional and analytics cookies, particularly when embedded content is accessed (e.g., Gists, project pages); their use is based on consent, with Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG as the legal basis. A transfer of personal data to third countries, in particular the USA, may occur; EU Standard Contractual Clauses are used as appropriate safeguards. Data is deleted once the storage purpose no longer applies or consent is withdrawn, provided statutory retention obligations do not prevent this. Further information: https://docs.github.com/site-policy/privacy-policies/github-privacy-statement
3.14 Further Services
xano
https://www.xano.com/ This service will be added shortly.
4. Other Important Information
Finally, we wish to provide you with comprehensive and detailed information about your rights and how you will be informed about changes to data protection requirements.
4.1 Your Rights in Detail
4.1.1 Right of Access pursuant to Art. 15 GDPR
You may request confirmation of whether personal data concerning you is being processed. If so, you may request further information about the nature and manner of processing. A detailed list can be found in Art. 15(1)(a) to (h) GDPR.
4.1.2 Right to Rectification pursuant to Art. 16 GDPR
This right covers the correction of inaccurate data and the completion of incomplete personal data.
4.1.3 Right to Erasure pursuant to Art. 17 GDPR
The so-called "right to be forgotten" gives you the right, under certain conditions, to request the erasure of your personal data by the controller. This is generally the case where the purpose of processing has ceased, consent has been withdrawn, or the original processing lacked a legal basis. A detailed list of grounds can be found in Art. 17(1)(a) to (f) GDPR. This "right to be forgotten" also corresponds to the controller's obligation under Art. 17(2) GDPR to take appropriate steps to bring about a general erasure of the data.
4.1.4 Right to Restriction of Processing pursuant to Art. 18 GDPR
This right is subject to the conditions set out in Art. 18(1)(a) to (d) GDPR.
4.1.5 Right to Data Portability pursuant to Art. 20 GDPR
This establishes the general right to receive your own data in a commonly used format and to have it transmitted to another controller. This applies, however, only to data processed on the basis of consent or a contract pursuant to Art. 20(1)(a) and (b) GDPR and only to the extent technically feasible.
4.1.6 Right to Object pursuant to Art. 21 GDPR
You may generally object to the processing of your personal data. This applies in particular where your interest in objecting outweighs the legitimate interest of the controller in processing, and where processing relates to direct marketing and/or profiling.
4.1.7 Right to Individual Decision-Making pursuant to Art. 22 GDPR
You generally have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. This right is also subject to limitations and additions under Art. 22(2) and (4) GDPR.
4.1.8 Further Rights
The GDPR contains comprehensive rights to inform third parties of whether or how you have exercised rights under Art. 16, 17, or 18 GDPR — but only to the extent this is possible or feasible with reasonable effort. We would like to remind you of your right to withdraw consent given pursuant to Art. 7(3) GDPR at any time. The lawfulness of processing carried out prior to withdrawal is not affected. We would also like to draw your attention to your rights under §§ 32 et seq. BDSG, which are largely identical in substance to the rights described above.
4.1.9 Right to Lodge a Complaint pursuant to Art. 77 GDPR
You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you infringes this Regulation.
5. What If the GDPR Is Abolished Tomorrow or Other Changes Occur?
This Privacy Policy is current as of April 14, 2026. From time to time it is necessary to update the content of the Privacy Policy to respond to factual and legal changes. We therefore reserve the right to amend this Privacy Policy at any time. We will publish the updated version at the same location and recommend that you read the Privacy Policy regularly.
Created with the kind support of Dieter macht den Datenschutz.