Privacy policy

Mars 2025


Table of Contents

  • Responsible
  • Treatment Overview
  • Legal Basis
  • Security Measures
  • Transmission of Personal Data
  • International Data Transfers
  • General Information on Data Storage and Deletion
  • Rights of Data Subjects
  • Provision of Online Services and Web Hosting
  • Use of Cookies
  • Contact and Request Management
  • Web Analytics, Monitoring and Optimization
  • Customer Reviews and Evaluation Procedures
  • Social Media Presence
  • Plugins and Integrated Functions and Contents

Responsible

  • Svenja Gossing
  • Neusser Str. 41
  • 50670 Cologne
  • Germany
  • Email address: hallo@utes-huus-foehr.de

Treatment Overview

This overview summarizes the types of data processed, the purposes of their processing, and the data subjects.

Types of Data Processed

  • Inventory data
  • Contact details
  • Content data
  • Contractual data
  • Usage Data
  • Metadata, communication and procedure data
  • Log data

Categories of Persons Concerned

  • Service recipients and customers
  • Communication partners
  • Users

Purposes of Processing

  • Communication
  • Security measures
  • Range measurement
  • Follow up
  • Training of target groups
  • Organizational and administrative procedures
  • Feedback
  • Marketing
  • Profiles with user information
  • Provision of our online services and user-friendliness
  • Technological infrastructure
  • Public relations

Legal Basis

Legal basis under the GDPR: This overview sets out the legal bases under the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your country of residence or in our country.

  • Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Performance of Contract and Pre-Contractual Requests (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate Interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany

In addition to the GDPR data protection regulations, national data protection regulations apply in Germany. These include, among other things, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific regulations regarding the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, as well as the transfer and automated decision-making in individual cases, including profiling. In addition, the data protection laws of the individual federal states may apply.

Note on the Application of the GDPR and the Swiss LPD

This privacy policy aims to provide information in accordance with both the Swiss Data Protection Act (DPA) and the General Data Protection Regulation (GDPR). For this reason, please note that, due to the broader territorial scope and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms "processing" of "personal data", "overriding interest", and "particularly sensitive personal data" used in the DPA, the terms "processing" of "personal data", "legitimate interest", and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms will continue to be determined in accordance with the DPA in the context of its application.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to data, as well as access, capture, disclosure, availability, and separation of data. In addition, we have implemented procedures to ensure the exercise of data subject rights, data deletion, and responses to data compromise. Furthermore, we already consider the protection of personal data in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Transmission of Personal Data

As part of our processing of personal data, it may happen that the data is transmitted or disclosed to other organizations, companies, legally independent entities, or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)), or if this occurs in connection with the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only done in compliance with legal requirements.

Subject to explicit consent or contractual or legally required transfer, we do not process or allow the processing of data in third countries with a recognized level of data protection, including through standard contractual clauses certified in accordance with the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR), or on the basis of other appropriate safeguards (Art. 46 GDPR). Information on transfers to third countries and existing adequacy decisions can be found on the European Commission's information page: Adequacy Decisions of the European Commission.

As part of the adequacy decision of July 10, 2023, the European Commission has also recognized the level of data protection for certain companies from the United States as secure under the so-called "Data Protection Framework" (DPF). The list of certified companies and further information on the DPF can be found on the website of the U.S. Department of Commerce at the following address: Data Protection Framework. We inform you in the privacy information which of our used service providers are certified in accordance with the Data Protection Framework.

General Information on Data Storage and Deletion

We delete personal data processed by us in accordance with legal provisions as soon as the consents granted are revoked or other permissions cease to apply (e.g. if the purpose for processing such data ceases to apply or if they are no longer necessary for this purpose).

If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. That is, the data will be blocked and will not be processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person.

Our privacy information contains additional information about data storage and deletion that applies specifically to individual processing operations.

If multiple deletion deadlines or deadlines are specified for a date, the longest deadline or deadline will always apply.

Unless a deadline explicitly begins on a specific date and is at least one year long, it automatically begins at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships, in the context of which data is stored, the triggering event is the time at which the termination or other end of the legal relationship becomes effective.

Data that is no longer stored for the original purpose but must be retained due to legal obligations or other reasons will only be processed for the purposes justifying its retention.

Other Notes on Processing Operations, Procedures and Services

Data retention and archiving: The following retention periods apply under German law:

  • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets and work instructions and other organizational documents necessary for their understanding (§ 147(1) nos. 1 and 3 AO, § 14b(1) UStG, § 257(1) nos. 1 and 4, (4) HGB).
  • 8 years - Accounting documents, such as invoices and expense receipts (§ 147(1) nos. 4 and 4a in conjunction with (3) sentence 1 AO, § 257(1) no. 4 in conjunction with (4) HGB).
  • 6 years - Other business documents: received business or commercial letters, copies of sent business or commercial letters, and other documents, insofar as they are relevant for taxation, e.g., pay slips, profit and loss account sheets, calculation documents, price labels, but also payroll documents, insofar as they are not already accounting documents, and cash register rolls (§ 147(1) nos. 2, 3, 5 in conjunction with (3) AO, § 257(1) nos. 2 and 3 in conjunction with (4) HGB).
  • 3 years - Data required to consider possible warranty and compensation claims or other similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and standard industry practice, are stored for the duration of the ordinary statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Data Subject Rights under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to Revoke Consent: You have the right to revoke any consent given at any time.
  • Right to Information: You have the right to obtain confirmation as to whether data in question is being processed and to obtain information about that data as well as other information and a copy of the data in accordance with legal requirements.
  • Right of Rectification: In accordance with legal requirements, you have the right to request the completion of data concerning you or the rectification of incorrect data concerning you.
  • Right to Erasure and Restriction of Processing: In accordance with legal requirements, you have the right to require that data concerning you be erased immediately or, alternatively, to request the restriction of processing of data in accordance with legal requirements.
  • Right to Data Portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with legal requirements, or to request their transfer to another data controller.
  • Complaint to the Supervisory Authority: You also have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State where you habitually reside, where you work or where the alleged infringement was committed, if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Provision of Online Services and Web Hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.

Types of Data Processed: Usage Data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions); Metadata, communication and procedure data (e.g. IP addresses, time information, identification numbers, persons involved). Log Data (e.g. log files related to connections or data retrieval or access).

Data Subjects: Users (e.g. website visitors, users of online services).

Purposes of Processing: Provision of our online services and user-friendliness; Technological infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.

Retention and Deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion."

Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).

Other Notes on Processing Operations, Procedures and Services

Collection of Access Data and Log Files: Access to our online services is recorded in the form of so-called server log files. The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user's operating system, the referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting access provider. The server log files may be used for security purposes, e.g. to prevent server overload (in particular in the case of abusive attacks, so-called DDoS attacks), and to ensure server usability and stability; Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).

Data Deletion: Log file information is retained for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until the incident in question has been finally clarified.

Use of Cookies

"Cookies" are functions that store and read information on users' devices. Cookies can be used for various purposes, such as ensuring the functionality, security, and convenience of online services, as well as creating visitor flow analyses. We use cookies in accordance with legal requirements. For this purpose, we obtain prior consent from users where necessary. If consent is not required, we use cookies based on our legitimate interests. This applies if the storage and reading of information, such as for the expressly requested provision of content and functions, is essential.

This includes, for example, storing settings and ensuring the functionality and security of our online services. Consent can be revoked at any time. We provide clear information about the scope and cookies used.

Notes on Legal Bases

Whether or not we process personal data using cookies depends on consent. If consent is available, it serves as the legal basis. Without consent, we base processing on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage Duration

Regarding the storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also: Session Cookies or Sitzungscookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their device (e.g. browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, login status can be saved, and preferred content can be displayed directly when the user visits a website again. Similarly, user data collected using cookies can be used to measure reach.

Unless we provide users with explicit information about the type and storage duration of cookies (for example, when obtaining consent), they should assume that these are permanent cookies with a storage duration of up to two years.

General Notes on Withdrawal and Opt-Out

Users can revoke the consents they have given at any time and also object to processing in accordance with legal requirements, also using the privacy settings of their browser.

Types of Data Processed: Metadata, communication and procedure data (e.g. IP addresses, time information, identification numbers, persons involved).

Data Subjects: Users (e.g. website visitors, users of online services).

Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Other Notes on Processing Operations, Procedures and Services

Processing of Cookie Data Based on Consent: We use a consent management solution in which users' consent to the use of cookies or the procedures and providers named in the consent management solution is obtained. This procedure is used to obtain, record, manage, and revoke consents, in particular regarding the use of cookies and similar technologies that store or access information on users' devices. As part of this procedure, users' consents are stored for the use of cookies and the associated processing of information, including the providers named in the consent management procedure. Users can also manage and revoke their consents.

Declarations of consent are stored so that they do not have to be queried again and to comply with the legal obligation to provide proof of consent. Storage may take place server-side and/or in a cookie (so-called opt-in cookie) or by similar technologies, in order to be able to associate the consent with a specific user or their device. Unless specifically stated by the consent management service providers, the following information applies: The storage period for consent is up to two years. A pseudonymous user ID is created and stored with the time of consent, information on the scope of consent (e.g., which cookie categories and/or service providers), and information on the browser, system, and device used; Legal Basis: Consent (Art. 6(1)(a) GDPR).

Contact and Request Management

When you contact us (for example, via a contact form, email, telephone or via social media) as well as within the framework of existing user and business relationships, the information of the persons making the request is processed to the extent necessary to respond to contact requests and the requested actions.

Types of Data Processed: Inventory data (e.g. names, addresses); Contact data (e.g. email, telephone numbers); Content data (e.g. text entries, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Metadata, communication and procedure data (e.g. IP addresses, time information, identification numbers, persons involved).

Persons Concerned: Communication partners.

Purposes of Processing: Communication; Organizational and administrative procedures; Feedback (e.g., collecting feedback via an online form); Provision of our online services and user-friendliness.

Retention and Deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion."

Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR). Performance of Contract and Pre-Contractual Requests (Art. 6(1)(b) GDPR).

Other Notes on Processing Operations, Procedures and Services

Contact Form: When you contact us via our contact form, email or other communication channels, we process the personal data you provide to answer and process the corresponding request. This generally includes name, contact information and, if applicable, other information necessary for the proper processing of the request. We use this data exclusively for the stated purposes of contact and communication; Legal Basis: Performance of Contract and Pre-Contractual Requests (Art. 6(1)(b) GDPR), Legitimate Interests (Art. 6(1)(f) GDPR).

Web Analytics, Monitoring and Optimization

Web analytics (also known as "reach measurement") is used to evaluate visitor flows to our online services and may include information about visitor behavior, interests, or demographic data, such as age or gender, in the form of pseudonymous values. Through reach measurement, we can, for example, recognize when our online services or their functions or content are used most frequently or invite users to reuse them. Likewise, we can understand which areas require optimization.

In addition to web analysis, we may also use test procedures, for example, to test and optimize different versions of our online services or their components.

Unless otherwise stated below, profiles, i.e. summarized data for a usage process, may be created and stored in a browser or terminal device and read from it. The information collected includes, in particular, the websites visited and the elements used, as well as technical information such as the browser used, the computer system used and information on the times of use. If users have consented to the collection of their location data, the processed data may also include location data.

The users' IP addresses are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of web analysis, A/B testing, and optimization, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Notes on Legal Bases

If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Types of Data Processed: Usage Data (e.g. websites visited, interest in content, access times); Metadata, communication and procedure data (e.g. IP addresses, time information, identification numbers, persons involved).

Data Subjects: Users (e.g. website visitors, users of online services).

Purposes of Processing: Reach measurement (e.g. access statistics, recognition of returning visitors); Profiles with user information (creation of user profiles); Provision of our online services and user-friendliness.

Retention and Deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion." Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users' devices for up to two years.).

Security Measures: IP Masking (pseudonymization of the IP address).

Legal Basis: Consent (Art. 6(1)(a) GDPR). Legitimate Interests (Art. 6(1)(f) GDPR).

Other Notes on Processing Operations, Procedures and Services

Google Analytics: We use Google Analytics to measure and analyze the use of our online services based on a pseudonymous user ID number. This ID number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to a device in order to recognize which content users have accessed in one or more user processes, which search terms they have used, which content they have accessed again or with which they have interacted with our online services. Likewise, the time of use and its duration, as well as the sources of users referring to our online services and the technical aspects of their devices and browsers, are stored.

Pseudonymous user profiles are created with information from the use of various devices, where cookies may be used. Google Analytics does not log or store individual IP addresses for users in the EU. Analytics provides approximate geographic location data by deriving the following metadata from IP addresses: city (and the latitude and longitude derived from the city), continent, country, region, subcontinent (and the identifier-based counterparts). For data traffic from the EU, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, cannot be accessed, and is not used for any other purpose. When Google Analytics collects measurement data, all IP requests are processed on servers based in the EU before the traffic is forwarded to the Analytics servers for processing; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Art. 6(1)(a) GDPR); Website: Google Marketing Platform; Security Measures: IP Masking (IP pseudonymization); Privacy Policy: Google Privacy Policy; Data Processing Agreement: Google Ads Data Processing Terms; Basis for Data Transfer to Third Countries: Data Protection Framework (DPF); Opt-Out: Google Analytics Opt-Out Add-on, Ad Settings: Google Ads Personalization. Additional Information: Google Ad Services (types of processing and data processed).

Customer Reviews and Evaluation Procedures

We participate in evaluation and rating procedures to assess, optimize, and promote our services. When users evaluate us or provide feedback via participating platforms or evaluation procedures, the providers' terms and conditions of use and privacy notices also apply. Typically, evaluation also requires registration with the respective providers.

To ensure that reviewers have actually used our services, we transmit, with the customers' consent, the necessary data about the customer and the service used to the respective review platform (including name, email address, and order number or item number). This data is used solely to verify the authenticity of the user.

Types of Data Processed: Contractual data (e.g., purpose of the contract, duration, customer category); Usage data (e.g., websites visited, interest in content, access times); Metadata, communication and procedure data (e.g., IP addresses, time information, identification numbers, persons involved).

Data Subjects: Recipients of services and customers. Users (e.g. website visitors, users of online services).

Purposes of Processing: Feedback (e.g. collecting feedback via an online form); Marketing.

Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).

Social Media Presence

We maintain online presences within social networks and process user data in this context in order to communicate with users active on these networks or to provide them with information about us.

Please note that user data may be processed outside the European Union. This may pose risks to users, for example, as it may make it more difficult to enforce user rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on the users' usage behavior and resulting interests. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably match the users' interests. For these purposes, cookies are usually stored on users' computers, in which the users' usage behavior and interests are stored. In addition, data independent of the devices used by the users can also be stored in the usage profiles (especially if the users are members of the respective networks and logged in there).

For a detailed presentation of the respective forms of processing and the options for objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the exercise of data subject rights, we also draw attention to the fact that these can be exercised most effectively with providers. Only providers have access to user data and can take appropriate measures and provide information directly. If you still need assistance, you can contact us.

Types of Data Processed: Contact Data (e.g., email, telephone numbers); Content Data (e.g., text entries, photographs, videos); Usage Data (e.g., websites visited, interest in content, access times); Metadata, communication and procedure data (e.g., IP addresses, time information, identification numbers, persons involved).

Data Subjects: Users (e.g. website visitors, users of online services).

Purposes of Processing: Communication; Feedback (e.g., collecting feedback via an online form); Public relations.

Retention and Deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion."

Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).

Other Notes on Processing Operations, Procedures and Services

Instagram: Social network, allows sharing photos and videos, commenting and liking posts, sending messages, subscribing to profiles and pages; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR); Website: Instagram; Privacy Policy: Instagram Privacy Policy. Basis for Data Transfer to Third Countries: Data Protection Framework (DPF).

Facebook Pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (called "Fanpage"). This data includes information about the types of content that users view or interact with, or the actions they take (see "What you and others do" in Facebook's Data Policy: Facebook Data Policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in Facebook's Data Policy: Facebook Data Policy). As explained in Facebook's Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called "Page Insights," to page operators to provide them with information about how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook ("Page Insights Information," Facebook Page Insights Information), which regulates, among other things, the security measures that Facebook must observe and in which Facebook has committed to respecting the rights of data subjects (i.e., users can, for example, send requests for information or deletion directly to Facebook). User rights (in particular to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Page Insights Information" (Facebook Page Insights Information). Joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further data processing is the sole responsibility of Meta Platforms Ireland Limited, which includes, in particular, the transfer of data to the parent company Meta Platforms, Inc. in the USA; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR); Website: Facebook; Privacy Policy: Facebook Privacy Policy. Basis for Data Transfer to Third Countries: Data Protection Framework (DPF).

Plugins and Integrated Functions and Contents

We integrate functional and content elements into our online services, which are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may include, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").

Integration always requires that third-party providers of this content process the user's IP address, as without the IP address, they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content or function. We strive to only use content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may include, among other things, technical information about the browser and operating system, referring websites, visiting times, and other information about the use of our online service, as well as links to this information from other sources.

Notes on Legal Bases

If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Types of Data Processed: Usage Data (e.g. websites visited, interest in content, access times); Metadata, communication and procedure data (e.g. IP addresses, time information, identification numbers, persons involved).

Data Subjects: Users (e.g. website visitors, users of online services).

Purposes of Processing: Provision of our online services and user-friendliness; Reach measurement (e.g. access statistics, recognition of returning visitors); Tracking (e.g. interest/behavior-based tracking, use of cookies); Target group formation; Marketing.

Retention and Deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion." Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users' devices for up to two years.).

Legal Basis: Consent (Art. 6(1)(a) GDPR). Legitimate Interests (Art. 6(1)(f) GDPR).

Other Notes on Processing Operations, Procedures and Services

YouTube Videos: Video Content; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Art. 6(1)(a) GDPR); Website: YouTube; Privacy Policy: Google Privacy Policy; Basis for Data Transfer to Third Countries: Data Protection Framework (DPF). Opt-Out: Google Analytics Opt-Out Add-on, Ads Settings: Google Ads Personalization.[object Object]