Last update of the privacy policy: 15.01.2025
This privacy policy is intended to inform users about the nature, scope and purpose of the collection and use of personal data by us. It also explains the rights of persons whose data is affected.
Introduction
In general, you can use our website without providing personal data. However, if you wish to make use of certain services offered by our company via the website, the processing of personal data may be necessary. If this processing is necessary and there is no legal basis, we will generally obtain your consent.
We only process personal data in the context of our services or business activities if there is a valid legal basis for doing so.
Personal data such as names, addresses, e-mail addresses or telephone numbers are processed in accordance with the General Data Protection Regulation (GDPR) and the applicable country-specific data protection laws.
In this privacy policy, technical terms are explained in clear language and links to further information are provided where necessary.
If you have any further questions, please use the links provided or contact us directly using the contact details below, which you can also find in the legal notice.
Area of application
This privacy policy applies to all personal data processed by our company and to all personal data processed by third-party companies acting on our behalf (processors). Personal data is all information within the meaning of Art. 4 No. 1 of the General Data Protection Regulation (GDPR), such as names, e-mail addresses and postal addresses. The processing of personal data enables us to provide and bill our services and products, both online and offline.
This Privacy Policy applies to all our online platforms (websites, online stores), social media accounts and email communications, as well as mobile apps for smartphones and other devices.
Explanation of the terms used
We strive to make our privacy policy as simple and understandable as possible. However, this can be a challenge, especially when it comes to technical or legal issues. In some cases, it is necessary to use legal terms (e.g. personal data) or technical terms (e.g. cookies, IP address).
In this section, you will find a list of key terms that may not have been fully clarified in the General Data Protection Regulation (GDPR). For terms defined in the General Data Protection Regulation (GDPR), we provide the relevant text of the General Data Protection Regulation (GDPR) and provide additional explanations where necessary.
Processor
Definition according to Article 4 of the General Data Protection Regulation
“Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”
This means that the processor processes personal data on behalf of and under the instruction of the controller without deciding on the means and purposes of the data processing. It therefore acts exclusively in accordance with the controller’s instructions and carries out the data processing, for example as part of services such as hosting, IT support or cloud services.
As the owner of this website and as a company, we are responsible for the data that we collect and process from you. However, other entities, known as processors, may also process personal data on our behalf. These include service providers such as hosting or cloud services, payment platforms, newsletter providers or tax consultants.
Third parties
Definition in accordance with Article 4 of the General Data Protection Regulation
According to the General Data Protection Regulation (GDPR), the term “third party” refers to any natural or legal person, public authority, agency or other body other than the data subject, the controller (i.e. the person or organization that processes the data) or the processor (who processes data on behalf of the controller). A third party is therefore a party outside the direct relationship between the data subject and the controller or processor.
Restriction of processing
Definition according to Article 4 of the General Data Protection Regulation
“Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.”
This means that the processing of this data is restricted to certain purposes and may no longer be used in full. This restriction of processing often comes into effect if, for example, the accuracy of the data is disputed by the data subject or the data is not to be deleted but its use must be restricted (e.g. during an audit).
You have the right to request that the processing of your personal data be restricted. This means that certain data, such as your name, date of birth or address, can be marked in such a way that further use is restricted. For example, you can request that your data no longer be used for personalized advertising. no longer be used for personalized advertising.
Consent
Definition according to Article 4 of the General Data Protection Regulation
The term “consent” is defined in Article 4(11) of the GDPR. It states:
“Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
Important characteristics of consent under the GDPR are therefore
- Voluntariness: The data subject must give their consent without coercion or pressure.
- For the specific case: Consent must relate to a clearly defined purpose.
- Informed: The person must be sufficiently informed about the type of data processing.
- Unambiguous: Consent must be unambiguous and given by an action or declaration (e.g. by ticking a box or by verbal consent).
On websites, consent is usually obtained via a cookie consent tool. When you visit a website for the first time, a banner usually appears asking for your consent to data processing. You can often adjust these settings and decide which types of data processing you allow or reject. Your personal data cannot be processed without your consent. Consent is often obtained via digital tools, but can also be given in writing.
Recipient
Definition according to Article 4 of the General Data Protection Regulation
The term “recipient” is defined in Article 4(9) of the GDPR. It states:
“Recipient” means a natural or legal person, public authority, agency, or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
This means that the recipient can be anybody to which personal data is transmitted. This includes not only “third parties” (persons outside the company), but also internal units or institutions. However, authorities that receive data as part of a statutory investigation mandate are excluded from this definition. These are not considered recipients within the meaning of the GDPR.
Any person or organization that receives and thus processes personal data is considered a recipient. This includes both us and our service providers (processors). However, public authorities with investigative powers are not considered recipients in this context.
Personal data
Definition in accordance with Article 4 of the General Data Protection Regulation
The term “personal data” is defined in Article 4(1) of the GDPR. It states:
“Personal data” means any information relating to an identified or identifiable natural person (the so-called ‘data subject’). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
This means that personal data includes all information that relates to a specific person or makes them identifiable. This includes obvious information such as the name or address, but also indirect information such as IP addresses or genetic data which, in combination with other data, enable identification.
Common examples are
Your name
- Your address
- E-mail address
- Postal address
- Telephone number
- Date of birth
- Identification numbers (e.g. social security, tax ID, passport or student ID)
- Financial data (e.g. bank account numbers, credit information, account balances, etc.)
- IP address, location data
Similarly, certain “special categories” of personal data are considered particularly sensitive and require special protection, including
- Race or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Membership of a trade union
- Genetic data (e.g. from blood or saliva samples)
- Biometric data (e.g. to identify mental, physical or behavioral characteristics)
- Information on health
- Data on sexual orientation or sex life
Pseudonymization
Definition according to Article 4 of the General Data Protection Regulation
The term “pseudonymization” is defined in Article 4(5) of the GDPR. According to the GDPR, pseudonymization means
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
This means that during pseudonymization, personal data is changed in such a way that it can no longer be assigned to a specific person without further information. The additional information that would be required to reassign the data to a person must be stored separately and securely. This serves to protect privacy, as although the data itself can be processed further, it is no longer possible to directly identify the person concerned.
It is important to distinguish between pseudonymization and anonymization. With anonymization, all personal identifiers are completely removed, making it almost impossible to trace or re-identify the person even with considerable technical means.
Processing
Definition according to Article 4 of the General Data Protection Regulation
The term “processing” is defined in Article 4(2) of the GDPR. According to the GDPR, processing means:
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
This means that the term “processing” is very broad and covers practically every action or process in connection with personal data. This includes not only the obvious activities such as storing or changing data, but also processes such as collecting, organizing, transmitting or deleting this data.
In our privacy policy, we refer to any activity that involves the handling of personal data. As set out in the General Data Protection Regulation, this includes everything from the collection and storage of data to its use or deletion.
Legal basis of the GDPR
This privacy policy explains the legal basis of the GDPR, which allows us to process personal data. For EU law, please refer to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. You can read the EU General Data Protection Regulation online at EUR-Lex, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679
Your personal data is processed on the basis of the statutory provisions of the General Data Protection Regulation (GDPR). Our data processing is based in particular on the following legal bases:
- Consent (Art. 6 para. 1 lit. a GDPR): Your personal data will be processed if you have expressly given us your consent to do so. You can revoke this consent at any time with effect for the future.
- Contract fulfillment (Art. 6 para. 1 lit. b GDPR): We process your data in order to fulfill a contract with you or to take pre-contractual measures at your request, such as processing orders, providing services or responding to your inquiries.
- Fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR): It may be necessary to process your data in order to comply with legal obligations, such as the storage of tax data or the fulfillment of requests by authorities.
- Legitimate interests (Art. 6 para. 1 lit. f GDPR): If we have a legitimate interest in processing your data that does not outweigh your fundamental rights, we base the processing on this basis. This can be done, for example, to optimize our website, for marketing measures or to ensure IT security.
As a rule, we have no other reasons for processing data. If we do, we will inform you of this.
Contact information
The person responsible, within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws in the Member States of the European Union and other relevant data protection regulations, is
Niels Stummeyer
Herzog-Ferdinand-Str. 36
32425 Minden, Germany
Email: ed.oidutsenotrekoj@liambew
Imprint: https://jokertonestudio.de/en/imprint
Duration of storage
As a general rule, we only store personal data for as long as is absolutely necessary for the provision of our services and products. This personal data is deleted as soon as the purpose for its processing no longer applies. However, if statutory provisions require the storage of such data, it will be stored in accordance with the statutory requirements.
If you request the deletion of your data or revoke your consent to processing, we will delete the data as quickly as possible, provided that there are no statutory retention obligations.
Where available, we will inform you of the specific retention periods for the individual types of data processing.
Communication
Overview of communication
When you contact us by telephone, in writing by e-mail or via an online form, personal data may be processed. This personal data is processed in order to process and manage your request and all related processes. The data will be stored for the duration required by law.
This applies to every person who contacts us via the communication channels we provide.
When communicating by email, data may be stored on the respective device (e.g. computer, laptop, smartphone) and email server. The data is deleted as soon as the business transaction is completed and the legal provisions permit this.
Online forms
If you contact us via an online form, the data will be stored on the web server and forwarded to our email if necessary. The data will be deleted once the inquiry or business transaction has been completed and the legal provisions permit this.
Telephone
When contacting us by telephone, the call data is stored pseudonymized on the respective device and with the telecommunications provider. In addition, data such as your name and telephone number may be forwarded by email and stored in order to process your request. The data will be deleted as soon as the matter has been dealt with and the legal provisions permit this.
Explanation of the legal basis
Data processing is based on the following legal bases:
Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR: Our aim is to manage customer inquiries and business communications professionally. This requires certain technical systems, such as email platforms, exchange servers and mobile providers, to ensure efficient communication.
Consent pursuant to Art. 6 para. 1 lit. a GDPR: You give your consent to the storage and use of your data for business-related purposes.
Contract pursuant to Art. 6 para. 1 lit. b GDPR: Processing is necessary for the performance of a contract with you or a processor (e.g. telecommunications provider) or for pre-contractual measures, such as the preparation of an offer.
Data processing agreement (DPA)
We do not work alone and are often dependent on the services of other companies or persons. In the context of cooperation with these partners and service providers, it may be necessary to pass on personal data for processing. These partners act as processors and we conclude a so-called data processing agreement (DPA) with them.
The processing of your personal data takes place strictly in accordance with our instructions and is governed by the GDPR, in accordance with the requirements of the GDPR. This agreement must be in writing, whereby an electronic agreement is also considered “in writing” in this context. Personal data will only be processed on the basis of the terms of the agreement.
Rights under the General Data Protection Regulation (GDPR)
In accordance with Articles 13 and 14 of the General Data Protection Regulation, we would like to inform you of the rights you have to ensure fair and transparent data processing.
Right to information (Article 15 GDPR)
You have the right to know whether we are processing data about you. If this is the case, you can request a copy of your data together with the following information
- The purpose of the data processing
- The categories (types) of data being processed
- Who receives this data and how security is ensured if it is transferred to third countries
- The duration for which the data will be stored
- The existence of rights to rectification, erasure or restriction of processing
- The right to object to processing
- the right to lodge a complaint with a supervisory authority
- The source of the data if we have not received it from you
- whether profiling is carried out, i.e. whether your data is automatically analyzed to create a personal profile
Right to rectification (Article 16 GDPR)
You have the right to request the rectification of your data if you discover inaccuracies.
Right to erasure (Article 17 GDPR)
You have the right to request the erasure of your data, also known as the “right to be forgotten”.
Right to restriction of processing (Article 18 GDPR)
You have the right to restrict the processing of your data, which means that we may retain it but not use it any further.
Right to data portability (Article 20 GDPR)
You have the right to data portability, i.e. you can request your data in a commonly used format.
Right to object (Article 21 GDPR)
You have the right to object to data processing, which may lead to a change in the way we process your data.
If your data is processed on the basis of Article 6(1)(e) (public interest or exercise of official authority) or Article 6(1)(f) (legitimate interests), you can object to the processing and we will examine your objection immediately.
If your data is used for direct marketing, you can object to this processing at any time and we will stop using your data for this purpose.
If your data is used for profiling purposes, you can object at any time and we will stop using your data for profiling purposes.
Right not to be subject to automated decision-making (Article 22 GDPR)
You may have the right not to be subject to decisions based solely on automated processing, such as profiling.
Right to lodge a complaint (Article 77 GDPR)
You have the right to lodge a complaint with a data protection authority if you believe that our processing of your personal data violates the GDPR.
Web hosting
The lawfulness of the processing of personal data in the context of web hosting is based on Article 6(1)(f) of the General Data Protection Regulation (protection of legitimate interests). The use of professional hosting services is essential in order to present our company in a secure and user-friendly manner on the Internet and to be able to respond to possible attacks and complaints if necessary.
In order to ensure compliance with data protection regulations and guarantee data security, we have concluded a data processing agreement (DPA) with our hosting provider, as provided for in Articles 28 and 29 of the GDPR.
Our hosting provider is:
Hetzner Cloud GmbH
Feringastrasse 12A
85774 Unterföhring
Unterföhring, Germany
The provider of our website automatically transmits information in server log files, which your browser automatically transmits to us. This information includes
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
Information on data protection at Hetzner Cloud GmbH can be found at https://www.hetzner.com/de/legal/privacy-policy/
Content Delivery Network (CDN)
Caching with the Quic.Cloud Content Delivery Network
This website may use caching to improve loading and response times and user-friendliness.
We use the caching provider for this purpose:
QUIC Cloud Inc.
150 Allen Rd, Suite 204
Basking Ridge, NJ 07920, USA
Caching may store duplicate copies of each web page displayed on this website. All cache files are temporary and are only retrieved by third parties if this is necessary for the technical support of the cache plug-in provider. The expiration of cache files is managed according to a schedule set by the website administrator, although the administrator can delete them earlier if necessary. We may also use QUIC.cloud services to temporarily process and cache your data.
Further information can be found
- in the QUIC.cloud GDPR sub-processors under: https://www.quic.cloud/gdpr-subprocessors/.
- in the QUIC.cloud privacy policy at: https://quic.cloud/privacy-policy/,
- in the QUIC.cloud data processing agreement at: https://www.quic.cloud/dataprocessing/
Security of data processing
As the data controller, we have taken numerous technical and organizational measures to protect the personal data processed via this website. However, we would like to point out that although we strive for maximum protection, Internet-based data transmissions can never be completely secure due to potential security vulnerabilities. Therefore, data subjects have the option of transmitting their personal data to us by alternative means, e.g. by telephone.
Article 25 of the General Data Protection Regulation emphasizes the importance of considering security and taking appropriate measures by developing technology and privacy-friendly default settings for both software (e.g. forms) and hardware (e.g. access to the server room).
We strive to encrypt or pseudonymize personal data whenever possible and we take measures to prevent third parties from accessing personal information from our data.
TLS encryption with HTTPS
We use HTTPS (Hypertext Transfer Protocol Secure) to ensure secure data transmission over the Internet. All data transmitted from your browser to our web server is protected against interception, so that no one can “eavesdrop” on the communication.
You can check whether we use this security measure for data transmission by looking for the small lock symbol in the top left corner of your browser next to the web address (e.g. examplepage.com) and observing the use of “https” instead of “http” in our URL.
By implementing this additional layer of protection, we increase data security in accordance with Article 25(1) of the General Data Protection Regulation. We can ensure the protection of confidential information through the use of TLS (Transport Layer Security), an encryption protocol for secure internet communication.
Protection against unauthorized access
To protect our services, access to the website and the stored data, we use various tools and work with contract providers who, to the best of our knowledge and belief, meet the necessary technical and security requirements. These tools and providers are described in more detail in this privacy policy under section (“Security & anti-spam”).
Cookies
Many websites and servers use cookies, each of which has a unique cookie ID. It consists of a string of characters through which websites and servers can be assigned to the specific website in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other internet browsers that contain other cookies.
Cookies enable services on this website that would not be possible without them. They enable us to customize the information and offers on our website for each user. Cookies help us, for example, to recognize returning users in order to provide them with a smooth visit. Users do not have to re-enter their login details each time they visit, as the website remembers this information through the cookies stored on their device.
Our website uses cookies to improve the use and functionality of our services and to provide you with an optimized user experience. Cookies are small text files that are stored on your device as soon as you visit our website. They contain information that makes it possible to recognize your browser on future visits or to save certain user settings.
We use cookies, local storage and session storage on some of our websites to improve user-friendliness, efficiency and security. Local storage and session storage allow your browser to store information on your computer or mobile device.
Users have the option to prevent the use of cookies on our website at any time by adjusting the settings of their internet browser and thus permanently opting out of their use. They can also delete cookies that have already been saved via their browser or other software applications, which is possible with all common web browsers. However, deactivating cookies can lead to functional restrictions on our website.
Types of cookies
Which cookies we use in detail depends on the services offered and is explained in more detail in the following sections of this privacy policy.
We use different types of cookies for different purposes:
- Necessary cookies: These cookies are required for the website to function properly. Without these cookies, basic functions such as navigating the website or accessing secure areas would not be possible.
- Functional cookies: These cookies enable us to save your preferred settings, e.g. your language or region. This makes using our website more convenient and efficient for you.
- Performance and analytics cookies: With these cookies, we collect anonymized data about how visitors use our website, e.g. which pages are accessed most frequently. This information helps us to improve the performance of our website and customize content.
- Marketing and tracking cookies: These cookies track your use of our website in order to show you targeted advertising that is relevant to you. Information about your activities on our website is shared with third-party providers, such as advertising partners.
When you visit a website for the first time, you are usually asked to select which types of cookies you wish to allow and this selection is stored in a cookie.
Cookie-Consent-Management-Tool
What is a cookie consent management tool?
We use a consent management tool on our website to facilitate the proper and secure handling of scripts and cookies for both you and us. This tool automatically generates a cookie pop-up, scans and checks all scripts and cookies, grants the required cookie consent in accordance with data protection laws and helps us to keep track of all cookies.
The cookie consent management tool identifies and categorizes all existing cookies. As a visitor to our website, you have the option of deciding which scripts and cookies you wish to accept or reject. You can manage your cookie preferences via the consent system.
Real Cookie-Banner
We use the “Real Cookie Banner” consent tool to manage the cookies and similar technologies (such as tracking pixels) used on our website and the corresponding consents. You can find more information about how the “Real Cookie Banner” works at https://devowl.io/de/rcb/datenverarbeitung/.
The legal basis for the processing of personal data in this context is Article 6(1)(c) of the GDPR and Article 6(1)(f) of the GDPR. Our legitimate interest lies in the management of the cookies and similar technologies used and the associated consents.
The provision of personal data is neither a contractual requirement nor necessary for the conclusion of a contract. You are not obliged to provide your personal data. However, if you choose not to provide this information, we will not be able to manage your consent effectively.
Registration process
When you register on our website, we only collect the data that is necessary for the registration process. This usually includes personal information such as your name, your e-mail address and a password. Please use a secure password and ensure that you use an e-mail address that you check regularly.
In addition, your IP address and the date and time are recorded when you register. This serves to protect against misuse and helps to solve criminal offenses if necessary. This data is only passed on to third parties if there is a legal obligation to do so or if it is necessary for criminal prosecution.
The data entered will only be used for internal purposes and to provide the requested services. If necessary, your data may be passed on to service providers, such as payment providers, who will also only use it for the purpose of processing.
You have the option of changing or deleting your data at any time after registration, provided that there are no statutory retention obligations. You can contact us at any time if you require information about the stored data or assistance in changing or deleting it.
Storage duration
We will retain the data entered for as long as the account exists and is actively used, as well as for the duration of the contractual obligations between us, until the corresponding claims are time-barred. Furthermore, we will retain your data for as long as necessary to fulfill legal obligations. After this period, we will retain accounting records that are part of the contract (such as invoices, contracts, account statements, etc.) and other relevant business records for the period required by law (usually several years).
Right to object
If you have registered and entered your data, but would like to stop the processing, this is not a problem. The rights under the General Data Protection Regulation apply during registration, login and also after opening an account with us. To exercise your rights, please contact the data protection officer mentioned above. If you already have an account with us, you can easily check and manage your data directly in your account.
Web analysis
The use of web analytics tools requires your consent. In accordance with Article 6 (1) (a) of the GDPR, this consent serves as the legal basis for the processing of personal data that may arise when using web analytics.
In addition to obtaining your consent, we also have a legitimate interest in analyzing the behavior of our website visitors in order to improve our offer technically and economically. Web analysis enables us to identify errors on the website, detect attacks and improve our profitability. The legal basis for this processing is Article 6 (1) (f) of the GDPR, which relates to legitimate interests. We use the following tools for these purposes:
WP-Statistics (Plugin)
Our website uses the WordPress analytics plugin WP-Statistics, provided by wp-statistics.com. The data collected is used in anonymized form to create basic statistics to measure reach. No user profiles are created and no cookies are set for this purpose. All data collected by WP-Statistics is stored completely anonymously on our web server so that a visitor cannot be personally identified, even retrospectively.
For more details, please visit: WP-Statistics Privacy Policy (https://wp-statistics.com/privacy-and-policy/)
E-mail marketing
Legal basis
Our newsletters are sent on the basis of your consent (Article 6 (1) (a) of the GDPR). This means that we may only send you newsletters if you have actively subscribed to them. We may also send you advertising messages if you are a customer and have not objected to the use of your email address for direct marketing.
Why do we use e-mail marketing?
Our aim is to stay in touch with you and provide you with important information about our company on a regular basis. To achieve this, we use email marketing, often referred to as “newsletters” or “mailing lists”, which is an important part of our online marketing strategy. With your consent or where permitted by law, we will send you newsletters, special offers, system emails and other notifications by email.
To ensure that our newsletters are fast and secure, we work with a service provider who offers a professional mailing tool for our email marketing. Our aim is to keep you informed about our products and services while promoting our business objectives.
What data is processed?
If you register for our newsletter on our website, you must confirm your registration by e-mail. In addition to your e-mail address and IP address, we may also collect your title, name, address and telephone number, but only if you consent to the storage of this data. The provision of this data is voluntary; however, if you do not enter the required data, you will not be able to use the service. In addition, we may collect data about your device or your preferred content on our website. We record your consent to ensure compliance with our legal obligations.
Registration procedure with “double opt-in”
We use a “double opt-in” procedure for our mailing list subscriptions. After you have entered your details in the mailing list form, we will send a confirmation request to the e-mail address you have provided. You must actively confirm your subscription by clicking on the link in the confirmation e-mail. Without this confirmation, you will not be added to the mailing list.
With this procedure, we ensure that we have your consent to send you our information (newsletter) and that the data you have provided is correct.
Duration of data processing
If you decide to remove your e-mail address from our newsletter distribution list, we reserve the right to retain your e-mail address for up to three years on the basis of our legitimate interest in proving your consent. We will only process this data if we need to defend ourselves against any claims.
If you confirm your consent to receive our newsletter, you can request the deletion of your e-mail address at any time. If you do not permanently withdraw your consent, we reserve the right to blacklist your e-mail address. If you voluntarily subscribe to our newsletter, your e-mail address will be stored by us.
Storage of information
Your data from the registration forms on our website is stored on the server of our web hosting service provider. This data is not passed on or processed by other service providers.
Right to object
You can unsubscribe from the newsletter at any time by withdrawing your consent. This process is quick and can usually be completed in a few seconds or with just a few clicks. Every email contains a link at the end that you can use to cancel your newsletter subscription. If the link is not available, please contact us by e-mail and we will cancel your subscription immediately.
SMTP services
We have commissioned service providers (so-called SMTP services) that meet the requirements of the GDPR to send emails. These providers guarantee the technical and secure execution of our e-mail dispatch, both for newsletters and for necessary service-related e-mails (e.g. registration confirmations).
We use one or more of the following providers
- Amazon SES (privacy policy)
- Emailit (privacy policy)
- Postmark (Privacy Policy / EU Data Protection)
Order processing
Where offered, we have concluded an order processing agreement (AVV) with the listed service providers to ensure the proper handling of your data.
Security & Anti-Spam
Legal basis
We use security services primarily on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) to maintain a robust security system against various cyber threats.
Since certain processing operations primarily concern cookies and security features, your consent is decisive for this. Most of the services we use set cookies in your browser to store data. We therefore refer you to our cookie privacy policy and the privacy and cookie policies of the respective service providers.
If you consent to the processing and storage of your data by integrated security services, this consent serves as the legal basis for data processing (Art. 6 (1) (a) GDPR).n.
Use of security and anti-spam software
The security of our website is a very high priority for us. This relates to our own protection, ensuring the functionality of the website and, significantly, to your security and your data. By using security and anti-spam software, we ensure that we have a functioning defense system against cyber threats and hackers. These security systems monitor all incoming and outgoing connections to our network or computer. To enhance our defense against cyber threats, in addition to the standard security measures on our computers, we use additional external security services to prevent unauthorized traffic
Data processing by security and anti-spam software
The specific data that is collected and stored varies depending on the service. However, we strive to use programs that keep data collection to a minimum and only store information that is necessary for the functionality of the service. This typically includes data such as your name, address, IP address, email address and technical information such as browser type or version. Performance and log data may also be collected in order to detect potential threats in good time. All data processing is done in accordance with applicable laws, including GDPR for US providers (via standard contractual clauses). In some cases, these security services may work with third party providers who may store and/or process data in compliance with our privacy policies and security protocols. Data is generally stored through cookies.
Duration of data processing
If available, we provide information about the duration of data processing. For example, security programs may retain data until you or we request its deletion. In general, personal data is only stored for as long as is necessary for the provision of the service. Unfortunately, we often lack precise information from providers about the duration of data storage.
Right to object
You have the right to withdraw your consent to the use of cookies or third-party security software at any time. This can be done via our cookie management tool or other opt-out functions. For example, you can prevent the collection of cookie data by managing, disabling or deleting cookies in your browser.
SolidWP privacy policy
We use SolidWP Security, a security plugin for the WordPress content management system, to protect our website. SolidWP is part of the StellarWP brands and is owned by Liquid Web LLC (2703 Ena Drive, Lansing, MI 48917, USA).
Your data may also be processed by SolidWP in the United States. It is important to note that the European Court of Justice does not currently recognize an adequate level of protection for data transfers to the United States, which may lead to various legal and security issues in data processing.
SolidWP uses standard contractual clauses (Art. 46 (2) and (3) GDPR) for the processing or transfer of data to recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, in particular the USA). The EU Commission provides Standard Contractual Clauses (SCC) to ensure that your data complies with European data protection standards when transferred and stored in third countries, such as the USA. Liquid Web undertakes to comply with European data protection standards when processing your relevant data, even if it is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission, which is available here: Decision of the EU Commission.
https://eur-lex.europa.eu/eli/decimpl/2021/914/oj?locale=de
There is a link to download the data processing addendum on the website https://www.liquidweb.com/blog/liquid-web-and-gdpr-compliance/
Further information on data processing by SolidWP or Liquid Web can be found in the respective privacy policies:
Liquid Web Privacy Policy: https://www.liquidweb.com/about-us/policies/privacy-policy/
SolidWP Privacy Policy: https://solidwp.com/privacy-policy/
Quic.cloud (WAF)
To ensure the secure and smooth operation of our website, we use the provider QUIC.cloud.
When you visit our website, personal data is processed.
Categories of data processed:
Technical connection data when accessing the server (IP address, date, time, requested page, browser information).
Purpose of the processing:
Delivery and provision of the website.
Legal basis for the processing:
A legitimate interest which overrides the rights and freedoms of data subjects (Art. 6 (1) (f) GDPR).
Legitimate interests in this context:
A strong economic interest in the safe and efficient operation of technical systems.The data may be transmitted to the processor:
QUIC Cloud Inc.
150 Allen Rd, Suite 204,
Basking Ridge,
NJ 07920, USA.
For more information, please read QUIC.cloud’s privacy policy: https://quic.cloud/privacy-policy/
and the QUIC.cloud data processing agreement: https://www.quic.cloud/dataprocessing/
and the QUIC.cloud GDPR sub-processors: https://www.quic.cloud/gdpr-subprocessors/.
Duration of processing:
Variable and ends when the purpose of processing ceases to apply.
We have concluded a data processing agreement (DPA) with the service provider to ensure data protection and data security.
Tunestile Cloudflare (Spam protection)
We use the Cloudflare Tunestile function of Cloudflare Inc. on our website in connection with our forms. This function helps to distinguish whether the entries originate from a natural person or are misused by automated systems.
The IP address and other data required for the operation of Cloudflare Tunestile are transmitted to Cloudflare.
Data may be transmitted to the processor:
Cloudflare Inc.
8665 3rd St. #200,
San Francisco, CA 94107, USA
Legal basis for the processing:
A legitimate interest which overrides the rights and freedoms of the data subject (Art. 6 (1) (f) GDPR).
Legitimate interests in this context:
Cloudflare Turnstile is processed in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in ensuring personal responsibility on the Internet and preventing abuse and spam. This may also involve the transfer of personal data to Cloudflare servers in the USA.
For more information about Cloudflare Turnstile and Cloudflare’s privacy policy, please visit https://www.cloudflare.com/de-de/trust-hub/privacy-and-data-protection/
https://www.cloudflare.com/cloudflare-customer-dpa/
Audio & Video Content
YouTube
We have embedded YouTube videos on our website in order to offer you interesting content directly on our platform. YouTube is a video platform that has been owned by Google since 2006 and is operated by YouTube, LLC, headquartered at 901 Cherry Ave. in San Bruno, CA 94066, USA. When you visit a page on our website that contains an embedded YouTube video, your browser automatically establishes a connection to the YouTube or Google servers. Depending on your settings, various data may be transmitted. In Europe, all data processing is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Our offers can also be viewed on YouTube, but the videos themselves are hosted on YouTube’s servers.
The videos remain blocked until you consent to the use of cookies by YouTube. When you play a video, further information about your user behavior may be transmitted to YouTube. YouTube may create a user profile, even if you are not logged in. If you have a Google account and are logged in, the data will be linked directly to your account.
YouTube uses this information for advertising and market research, among other things. If you wish to object to the creation of such a profile, you can do so directly with YouTube.
Further information on data protection can be found in YouTube’s privacy policy. There you will also find information on how you can manage your data protection settings:
As YouTube is a subsidiary of Google, its privacy policy is standardized. If you would like to find out more about how your data is handled, we recommend that you read Google’s privacy policy: Google Privacy Policy(https://policies.google.com/privacy?hl=de)
In addition, Google processes your personal data in the USA and complies with the EU-U.S. Privacy Shield: EU-U.S. Privacy Shield (https://www.privacyshield.gov/EU-US-Framework)
Legal basis:
The legal basis for data processing is Art. 6(1)(a) GDPR (consent).
Bunny.net
We may also use the services of Bunny.net to provide video content in our online course area. You can read their privacy policy here https://bunny.net/privacy/
When you visit our website, your personal data is processed.
Categories of data processed:
Technical connection data when accessing the server (IP address, date, time, requested page, browser information).
Purpose of the processing:
Delivery and provision of the content of the website.
Legal basis for processing:
Our legitimate interest, which overrides the rights and freedoms of data subjects (Art. 6 (1) (f) GDPR).
Legitimate interests:
A strong commercial interest in maintaining the secure and efficient operation of the technical systems.
The data may be transferred to the processor,
Bunny CDN
Cesta Komandanta, Staneta 4a, 1215 Medvode, Slovenia.
Duration of processing:
Variable, it ends when the purpose of the processing no longer exists.
We have concluded a data processing agreement with Bunny.net to ensure compliance with data protection regulations.
Social Media Connection
Meta / Facebook Pixel
We use Meta Pixel from Facebook to track conversions. The service provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected may also be transferred to the USA and other third countries.
By using this pixel, we can monitor the behavior of website visitors after they have clicked on a Facebook ad and been redirected to the provider’s website. This serves to evaluate the effectiveness of Facebook ads for statistical and market research purposes and enables the optimization of future advertising strategies.
From our perspective as the website operator, the data collected is anonymous, i.e. we cannot draw any conclusions about individual users. However, Facebook stores and processes this data and can thus assign it to specific user profiles and use it for its advertising purposes in accordance with its data usage policy. This enables Facebook to place advertisements both on its platform and beyond, and we as the site operator have no influence on this use of data.
The Facebook pixel is used on the basis of Art. 6 (1) (f) GDPR, as the website operator has a legitimate interest in effective advertising strategies, including on social media. If consent is obtained (e.g. for the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR, and you can revoke this consent at any time.
You can find more information on protecting your privacy in Facebook’s privacy policy: Facebook Privacy Policy (https://de-de.facebook.com/about/privacy/)
You can also deactivate the re-marketing function for user-defined target groups in the Ad settings section here: Ad settings(https://www.facebook.com/ads/preferences/?entryproduct=adsettings)
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook via the website of the European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/de/praferenzmanagement/
Conclusion
As set out in our Privacy Policy, we take the protection of your personal data very seriously. We believe it is important to provide you with clear and accurate information about how your personal data is processed. Our aim is not only to inform you about what data is collected, but also to help you understand the reasons for using various software programs.
If you have any questions about data protection on our website, please contact us.