Table of Contents

• Introduction and Overview

• Scope

• Legal Basis

• Contact Details of the Data Controller

• Data Retention Period

• Rights Under the GDPR

• Data Transfers to Third Countries

• Security of Data Processing

• Communication

• Cookies

• Web Hosting Introduction

• Website Builder Platforms Introduction

• Web Analytics Introduction

• Social Media Introduction

• Security & Anti-Spam

• Audio & Video Introduction

• Explanation of Terms Used

• Conclusion

Introduction and Overview

This Privacy Policy (Version 25 June 2025‑313018490) explains, in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and applicable national laws, which personal data (“data”) we (as the controller) and our appointed processors (e.g., hosting providers) process now and in the future, and what legal rights you have. All terms are used in gender-neutral form.

In short: We provide you with comprehensive information about the data we process about you.

Most privacy notices sound overly technical and are filled with legal jargon. Our aim is to present the essentials as clearly and transparently as possible. Where helpful for clarity, we simplify technical terms, provide links for further information, and include diagrams. We want to show, in plain and simple language, that we only process personal data when there is a lawful basis to do so. That transparency is not possible with short, unclear, technical-legal jargon—which is unfortunately the norm on many websites. We hope you find these explanations both interesting and informative, including insights you may not have come across before.

If any questions remain, please contact the responsible party listed below (or in our imprint), follow any linked sources for more information, or consult third-party references. You’ll also find our contact details in the legal notice.

Scope

This Privacy Policy applies to all personal data processed by our company and by third-party processors we appoint. “Personal data” refers to information as defined by Article 4(1) GDPR, such as a person’s name, email address, or postal address. We process personal data in order to provide and bill for our services and products, online and offline.

This policy covers:
• All online presences operated by us (websites, online shops)
• Social media channels and email communications
• Mobile apps for smartphones and other devices

In short: This policy applies to all structured personal data processing performed via the mentioned channels. If we initiate legal relationships outside these channels, you will be informed separately.

Legal Basis

Below, we provide clear information about the legal grounds (under GDPR) that allow us to process personal data:

Our legal reference is REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL of 27 April 2016, available via EUR-Lex.

We only process your personal data if at least one of the following applies:

• Consent (Art. 6(1)(a) GDPR): You have given permission (e.g., submitting a contact form).

• Contract (Art. 6(1)(b) GDPR): We need your data to fulfill a contract or pre-contractual obligations.

• Legal obligation (Art. 6(1)(c) GDPR): We must retain data to meet legal requirements (e.g., invoices).

• Legitimate interests (Art. 6(1)(f) GDPR): We may process data when it supports our legitimate interests—provided it doesn’t infringe your rights (e.g., site security).

Other legal grounds (public interest, vital interests) are generally not applicable to us. If they ever are, they will be clearly identified.

We also comply with national laws (e.g., Austria’s DSG and Germany’s BDSG), and will flag any relevant regional laws throughout this policy.

Contact Details for the Data Controller

If you have any questions about data protection or the processing of your personal data, please use the following contact details (as per Article 4(7) GDPR):
Jhon Jimenez
Niehler Str. 209
50733 Cologne, Germany
Email: jhonjimenez@yahoo.com
Phone: +49 151 40447623
Impressum (Legal Notice): https://www.monasterium-quartet.com/impressum/

Data Retention Period

We retain personal data only as long as necessary to provide services or products. Once the purpose expires, we delete the data—unless legally required to keep it (e.g., accounting records).

If you request deletion or withdraw consent, we will erase the data promptly—unless a legal retention obligation applies.

Specific retention periods (where applicable) are explained later in this policy.

Rights Under the GDPR

Under Articles 13 and 14 GDPR, you have the following rights:

1. Right of access (Art. 15): You can request access to your personal data, including:

   • processing purposes

   • types of data processed

   • recipients or third-country transfers

   • retention periods

   • rights to rectification, erasure, restriction, or objection

   • complaint information

   • data origin (if not collected from you directly)

   • existence of automated decision-making or profiling

2. Right to rectification (Art. 16): You may ask us to correct inaccurate data.

3. Right to erasure (Art. 17): You may request deletion (“right to be forgotten”).

4. Right to restriction (Art. 18): You may request limited processing.

5. Right to data portability (Art. 20): You may receive your data in a standard format.

6. Right to object (Art. 21): You may object to processing based on public interest or legitimate interest. We will assess your objection promptly.

   • If your data is used for direct marketing or profiling, you may object at any time free of charge.

7. Right not to be subject to automated decisions (Art. 22): You may object to decisions based solely on automated processing.

8. Right to lodge a complaint (Art. 77): You can contact the relevant supervisory authority (e.g., Data Protection Authority in Austria or BfDI in Germany) if you believe your rights have been violated.

In short: You have rights—please feel free to contact us using the details above.

If you believe that the processing of your personal data violates data protection law, or that your rights under data protection legislation have otherwise been infringed, you have the right to lodge a complaint with a supervisory authority.

In Austria, this is the Data Protection Authority, which you can find online at https://www.dsb.gv.at/.

In Germany, each federal state has its own data protection commissioner. For more detailed information, you may contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

For our company, the responsible local data protection authority is:

Data Transfer to Third Countries

We only transfer or process data in countries outside the scope of the GDPR (third countries) if you have consented to such processing or if there is another legal basis. This applies in particular if the processing is legally required or necessary to fulfill a contractual relationship, and always only to the extent that it is generally permitted. In most cases, your consent is the primary basis for processing data in third countries.

Processing personal data in third countries such as the USA—where many software providers offer services and host their servers—may result in personal data being processed and stored in unexpected ways.

We explicitly point out that, in the view of the European Court of Justice, an adequate level of protection for data transfers to the USA currently exists only if the US company processing personal data of EU citizens is an active participant in the EU-US Data Privacy Framework. For more information, visit:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data being processed and stored in a non-anonymized way. Furthermore, US government agencies may have access to this data. It is also possible that the data collected may be linked to other services of the same provider, especially if you have an account with them.
Whenever possible, we strive to use server locations within the EU, provided such an option is available.

Where relevant, we will inform you more specifically in the appropriate sections of this Privacy Policy about any transfer of data to third countries.

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Where feasible, we encrypt or pseudonymize personal data. This helps us make it as difficult as possible, within reason, for third parties to derive personal information from our data.

Article 25 of the GDPR refers to “data protection by design and by default,” which means that we always consider security—both in software (e.g., forms) and hardware (e.g., access to server rooms)—and take appropriate measures accordingly. Specific measures are discussed further below where applicable.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS may sound very technical—and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.
This means that the entire transfer of data from your browser to our web server is encrypted—no one can “listen in.”

By doing this, we have added an additional layer of security and fulfill the requirement for data protection by design (Article 25(1) GDPR).
Through the use of TLS (Transport Layer Security)—a protocol for secure data transmission—we can ensure the protection of confidential information.

You can recognize this encryption by the small padlock icon in your browser (usually to the left of the web address, such as example.com) and the use of “https” (instead of “http”) in the web address.

If you’d like to learn more about encryption, we recommend searching for “Hypertext Transfer Protocol Secure wiki” for well-explained and accessible resources.

Communication
Summary of Communication
👥 Data subjects: All persons who communicate with us via telephone, email or online form
📓 Data processed: e.g. telephone number, name, email address, entered form data. More details can be found under the respective type of communication
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage period: Duration of the business case and as required by legal regulations
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. b GDPR (Contract), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

When you contact us via telephone, email or online form, personal data may be processed.

These data are processed in order to handle and manage your inquiry and the associated business case. The data are stored for as long as necessary for this purpose or as required by law.

Data Subjects

All persons who seek to contact us through the communication channels we provide are affected by these processes.

Telephone

When you call us, call data may be stored pseudonymously on the device used and by the telecommunications provider. Additionally, data such as your name and phone number may be sent via email and stored to respond to your inquiry. The data will be deleted once the business case is concluded and if permitted by legal requirements.

Email

If you communicate with us via email, the data may be stored on the respective device (computer, laptop, smartphone, etc.) and on the email server. The data will be deleted once the business case is closed and legal requirements permit.

Online Forms

If you communicate with us via online forms, the data are stored on our web server and may be forwarded to one of our email addresses. The data will be deleted once the business case is concluded and if permitted by law.

Legal Bases

Data processing is based on the following legal grounds:

• Art. 6 para. 1 lit. a GDPR (Consent): You give us your consent to store and use your data for the purposes relevant to the business case;

• Art. 6 para. 1 lit. b GDPR (Contract): It is necessary for the performance of a contract with you or with a processor, such as a telephone provider, or we need to process data for pre-contractual measures like preparing a quote;

• Art. 6 para. 1 lit. f GDPR (Legitimate Interests): We aim to handle customer inquiries and business communication in a professional manner. For this, certain technical tools such as email programs, exchange servers and mobile providers are necessary to ensure efficient communication.

Cookies
Summary of Cookies
👥 Data subjects: Visitors of the website
🤝 Purpose: Depends on the specific cookie. More details can be found below or from the software provider that sets the cookie.
📓 Data processed: Depends on the cookie used. More details can be found below or from the software provider that sets the cookie.
📅 Storage duration: Varies depending on the cookie — from a few hours to several years
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
In the following, we explain what cookies are and why they are used, so you can better understand this privacy policy.

Whenever you browse the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

There’s no denying it: cookies are truly helpful. Nearly all websites use cookies. More precisely, they use HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files saved by our website onto your device. These cookie files are automatically placed in your browser’s cookie folder — essentially the “memory” of your browser. A cookie consists of a name and a value, and when defining a cookie, one or more attributes must also be specified.

Cookies store certain user data such as language preferences or personal page settings. When you return to our site, your browser sends the “user-related” information back to our website. Thanks to the cookies, our website knows who you are and offers you your usual settings. In some browsers, each cookie has its own file; in others, like Firefox, all cookies are stored in one single file.

The following graphic illustrates a possible interaction between a web browser (e.g., Chrome) and a web server: the browser requests a website and receives a cookie from the server in return. The browser then uses this cookie again when requesting another page from the server.

There are both first-party and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each one stores different data. The expiration period of a cookie also varies – from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware.” Cookies also cannot access information on your PC.

For example, cookie data might look like this:

Name: _ga
Value: GA1.2.1326744211.152313018490-9
Purpose: Distinguishing website visitors
Expiration date: After 2 years

A browser should be able to support the following minimum sizes:

• At least 4096 bytes per cookie

• At least 50 cookies per domain

• At least 3000 cookies in total

What types of cookies are there?

The types of cookies we use specifically depend on the services employed and are detailed in the following sections of this privacy policy. For now, we will briefly explain the different types of HTTP cookies.

There are 4 types of cookies:

Essential Cookies
These are necessary to ensure the basic functions of a website. For example, when a user adds a product to their shopping cart, continues browsing, and checks out later, these cookies ensure the cart contents are retained – even if the browser window is closed.

Functional Cookies
These collect information about user behavior and any errors that may occur. They may also measure loading times and how the website behaves across different browsers.

Targeted Cookies
These enhance user experience by saving input such as location, font size, or form data.

Advertising Cookies
Also known as targeting cookies, these deliver personalized advertising to users. This can be useful – or annoying.

Typically, on your first visit to a website, you’ll be asked which types of cookies you’d like to allow. This decision is, of course, also stored in a cookie.

For those wanting to learn more about cookies and don’t mind technical documentation, we recommend: https://datatracker.ietf.org/doc/html/rfc6265, the IETF “HTTP State Management Mechanism” Request for Comments.

Purpose of Processing via Cookies
The purpose depends on the specific cookie. More details can be found below or from the software provider that sets the cookie.

What Data is Processed?
Cookies perform many helpful tasks. The data they store cannot be generalized, but we will inform you in this privacy policy about the types of data processed or stored.

Storage Duration of Cookies
Duration depends on the individual cookie and will be specified below. Some cookies are deleted in less than an hour, while others may remain on your device for several years.

You can also influence storage duration yourself. At any time, you can manually delete cookies through your browser (see “Right to Object” below). Additionally, cookies that rely on your consent will be deleted once you withdraw that consent — the legality of data processing up to that point remains unaffected.

Right to Object – How Can I Delete Cookies?

You have full control over how and whether you use cookies. No matter where a cookie originates, you can always delete, disable, or partially allow them. For example, you may block third-party cookies but allow all others.

If you want to check what cookies are stored in your browser, change cookie settings, or delete them, you can do so in your browser settings:

• Chrome: Delete, enable, and manage cookies in Chrome

• Safari: Manage cookies and website data with Safari

• Firefox: Delete cookies to remove site data from your computer

• Internet Explorer: Delete and manage cookies

• Microsoft Edge: Delete and manage cookies

If you prefer not to have any cookies at all, you can set your browser to notify you whenever a cookie is about to be set. You can then decide for each individual cookie whether to allow it or not. Instructions vary depending on your browser. We recommend searching “delete cookies in Chrome” or “disable cookies Chrome” in Google, for example.

Legal Basis

Since 2009, the so-called “Cookie Directive” requires consent (Article 6 para. 1 lit. a GDPR) for storing cookies. EU countries differ in how they implement this. In Austria, the directive was implemented in § 165 para. 3 of the Telecommunications Act (2021). In Germany, the directive was not implemented through national law directly but was largely enforced through § 15 para. 3 of the Telemedia Act (TMG), which was replaced in May 2024 by the Digital Services Act (DDG).

For strictly necessary cookies, even without consent, there are legitimate interests (Article 6 para. 1 lit. f GDPR) – usually of economic nature. We aim to provide a pleasant user experience, and certain cookies are necessary for that.

Where cookies are not strictly necessary, they are only used based on your consent (Article 6 para. 1 lit. a GDPR).

The following sections will inform you in more detail about cookie usage if the software employed uses cookies.

Legal Basis

We have a legitimate interest in using a website builder system to optimize our online service and present it to you in an efficient and user-friendly manner. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use the builder system if you have given your consent.

To the extent that the processing of data is not strictly necessary for the operation of the website, the data is processed solely on the basis of your consent. This particularly applies to tracking activities. The legal basis in such cases is Art. 6 para. 1 lit. a GDPR.

With this privacy policy, we have provided you with the most important general information regarding data processing. If you would like to learn more, you can find further information — if available — in the following section or in the provider’s privacy policy.

WordPress.com Privacy Policy

Summary
👥 Data subjects: Website visitors
🤝 Purpose: Optimization of our service performance
📓 Data processed: Technical usage information such as browser activity, clickstream behavior, session heatmaps, contact details, IP address, or your geographical location. More details can be found below in this privacy policy.
📅 Storage duration: Depends on the type of stored data and specific settings
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is WordPress?
We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Founded in 2003, the company quickly became one of the most popular content management systems (CMS) worldwide. A CMS is software that helps us create our website and present content in an organized and attractive way. This content can include text, audio, and video.

Using WordPress may involve the collection, storage, and processing of your personal data. Typically, technical data such as operating system, browser, screen resolution, or hosting provider are stored. However, personal data such as IP address, geographic data, or contact details may also be processed.

Why do we use WordPress on our website?
We have many strengths, but programming is not one of our core competencies.

Still, we want a powerful and attractive website that we can manage and maintain ourselves. A website builder or content management system like WordPress makes this possible. With WordPress, we don’t have to be coding experts to offer you a beautiful website. Thanks to WordPress, we can operate our website quickly and easily without technical knowledge. If technical issues arise or we have special requests for our website, we can still rely on our experts who are familiar with HTML, PHP, CSS, and more.

Thanks to WordPress’s ease of use and comprehensive features, we can design our web presence according to our preferences and offer you a good user experience.

What data is processed by WordPress?
Non-personal data includes technical usage information such as browser activity, clickstream data, session heatmaps, and information about your device, operating system, browser, screen resolution, language and keyboard settings, internet provider, and date of your visit.

Personal data collected typically includes contact details (email address or phone number if provided), IP address, or your geographic location.

WordPress may also use cookies to collect data, often related to your behavior on our site. For example, it can track which subpages you view frequently, how long you stay on a page, when you leave (bounce rate), or what preferences (e.g., language selection) you have set. Based on this data, WordPress can tailor its marketing efforts to your interests and behavior. When you return to our site, it may be displayed according to your previous settings.

WordPress may also use technologies such as pixel tags (web beacons) to identify you clearly as a user and possibly serve interest-based advertising.

How long and where is the data stored?
The storage duration of data depends on several factors, particularly the type of data and website-specific settings. Generally, WordPress deletes data when it is no longer needed. Exceptions exist, especially when legal obligations require longer retention. Web server logs that include your IP address and technical data are deleted by WordPress/Automattic after 30 days. Automattic uses this data for traffic analysis and troubleshooting across all WordPress sites. Deleted content on WordPress websites is also stored for 30 days in the trash to allow for recovery; afterward, it may remain in backups and caches until deleted. The data is stored on Automattic servers in the USA.

How can I delete or prevent the storage of my data?
You always have the right to access, object to, or request deletion of your personal data. You can also lodge a complaint with a supervisory authority.

In your browser, you can manage, delete, or deactivate cookies. Please note that disabled or deleted cookies may negatively affect the functionality of our WordPress site. Depending on the browser, cookie management differs. Under the “Cookies” section, you’ll find links to instructions for the most common browsers.

Legal basis
If you have consented to the use of WordPress, the legal basis for the data processing is your consent (Art. 6 para. 1 lit. a GDPR).

We also have a legitimate interest in using WordPress to optimize and present our online service. The legal basis for this is Art. 6 para. 1 lit. f GDPR. However, we only use WordPress if you have given your consent.

WordPress or Automattic processes your data in the USA, among other places. Automattic is an active participant in the EU-U.S. Data Privacy Framework, ensuring the lawful and secure transfer of personal data from EU citizens to the USA. More information is available at:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Additionally, Automattic uses Standard Contractual Clauses (SCCs) under Art. 46 para. 2 and 3 GDPR. These EU Commission-approved templates ensure that your data continues to meet EU data protection standards when transferred and stored in third countries like the USA. You can find the SCC decision and clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

For more details on the privacy policy and how WordPress processes data, visit:
https://automattic.com/privacy/

Web Analytics Introduction

Web Analytics Privacy Policy Summary
👥 Data subjects: Visitors to the website
🤝 Purpose: Evaluation of visitor information to optimize the web offering
📓 Processed data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found in the respective web analytics tool used.
📅 Storage duration: Depends on the web analytics tool used
⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Web Analytics?

We use software on our website to evaluate the behavior of website visitors, commonly referred to as web analytics or web analysis. During this process, data is collected, stored, managed, and processed by the respective analytics tool provider (also known as a tracking tool). These data are used to generate analyses of user behavior on our website and are made available to us as website operators. Most tools also offer testing capabilities. For example, we can test which offers or content resonate best with our visitors. We may show you two different versions of a page for a limited period. After this A/B test, we can determine which product or content our visitors find more appealing. In such testing procedures and other analytics processes, user profiles can be created and data may be stored in cookies.

Why Do We Use Web Analytics?

We have a clear goal for our website: we want to offer the best web experience in our industry. To achieve this, we need to provide the most relevant and engaging content and ensure that you feel comfortable while browsing our site. With the help of web analytics tools, we can closely examine how visitors use our site and make improvements accordingly. For instance, we can determine the average age of our visitors, their geographic location, peak usage times, and which pages or products are most popular. All of this information helps us tailor our website to better meet your needs, preferences, and interests.

What Data Is Processed?

The exact data stored depends on the analytics tools used. However, the following are typically recorded: the content you view on our website, the buttons or links you click, the time you visit a page, your browser type, the device used (e.g., PC, tablet, smartphone), and your operating system. If you have consented to the collection of location data, this information may also be processed by the analytics tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, they are typically stored in a pseudonymized format (i.e., anonymized and shortened). For testing, analytics, and optimization purposes, no directly identifying data such as your name, age, address, or email address is stored. All collected data is stored in a pseudonymized manner, so individuals cannot be personally identified.

The following example illustrates how Google Analytics works using client-based web tracking with JavaScript code.

Duration of Data Processing

The length of time for which data is processed always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while others can store data for several years.

Duration of Data Processing

We will inform you further below about the duration of data processing if we have additional information on this. In general, we process personal data only for as long as is absolutely necessary to provide our services and products. If required by law—such as in the case of accounting—the storage period may be exceeded.

Right to Object

You have the right at any time to withdraw your consent to the use of cookies and third-party services. This can be done either through our cookie management tool or via other opt-out features. For example, you can prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis

The use of web analytics tools is based on your consent, which we obtained through our cookie pop-up. According to Art. 6 para. 1 lit. a GDPR (consent), this consent serves as the legal basis for the processing of personal data as it may occur through web analytics tools.

In addition to your consent, we also have a legitimate interest in analyzing the behavior of website visitors in order to improve our offering technically and economically. Web analytics helps us identify website errors, detect attacks, and improve performance. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use these tools if you have given your consent.

Since web analytics tools use cookies, we also recommend reading our general cookie policy. To learn exactly what data is stored and processed, please consult the privacy policies of the respective tools.

Information on specific web analytics tools can be found—if available—in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary
👥 Data subjects: Website visitors
🤝 Purpose: Evaluation of visitor information to optimize the website
📓 Processed data: Access statistics including location of access, device data, duration and time of access, navigation behavior, and click behavior. More details can be found further below in this privacy policy.
📅 Storage period: Customizable; by default, Google Analytics 4 stores data for 14 months
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

We use the analysis and tracking tool Google Analytics 4 (GA4) from the American company Google Inc. For the European region, the responsible entity is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics collects data about your actions on our website. Using technologies such as cookies, device IDs, and login data, users can be identified across devices. This enables cross-platform analysis of your actions.

For instance, if you click a link, that action is recorded in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us tailor our website and services to your preferences. Below we explain the tool in more detail and inform you about the data it processes and how you can prevent it.

Google Analytics is a tracking tool used to analyze website traffic. The analysis is based on a pseudonymous user ID. This ID does not contain personal information such as name or address but is used to assign events to a device. GA4 uses an event-based model that collects detailed information about user interactions such as page views, clicks, scrolling, and conversion events. GA4 also includes machine learning features to better understand user behavior and trends. It uses modeling to estimate missing data and improve analysis and forecasting.

To use Google Analytics, a tracking code is integrated into our website’s code. When you visit our website, this code records actions you take. The event-based model allows us to define and track specific actions to analyze user behavior. In addition to general metrics like clicks and page views, we can also track actions important to our business, such as submitting a contact form or completing a purchase.

Once you leave our site, the data is sent to Google Analytics servers and stored there. Google processes this data and provides us with reports on user behavior. These can include:

• Audience reports: Help us understand who is interested in our services.

• Ad reports: Help us evaluate and improve our online advertising.

• Acquisition reports: Show us how users find us and which channels are most effective.

• Behavior reports: Show how users interact with our website and where they click.

• Conversion reports: Help us understand how users take desired actions (e.g., making a purchase or signing up for a newsletter).

• Real-time reports: Show what’s currently happening on our website.

Other GA4 features include:

• Event-based data model: Tracks specific events like playing a video, purchasing a product, or subscribing to a newsletter.

• Advanced analysis tools: Allow us to segment users, run comparison analyses, and track user paths.

• Predictive modeling: Uses machine learning to estimate missing data and predict future trends.

• Cross-platform tracking: Enables analysis across websites and apps if the user has consented.

Why do we use Google Analytics on our website?

Our goal is to offer you the best possible service. The statistics and insights provided by Google Analytics help us achieve this. They reveal both strengths and weaknesses of our site. On the one hand, we can optimize our content to be more easily found on Google. On the other, the data helps us understand you better and improve your experience. It also allows us to target our marketing more effectively and efficiently, reaching those truly interested in what we offer.

What data is stored by Google Analytics?

Google Analytics creates a random, unique ID using a tracking code, which is linked to your browser cookie. This way, Google Analytics recognizes you as a new user and assigns you a user ID. When you visit our site again, you are recognized as a “returning” user. All collected data is stored together with this user ID. This allows pseudonymous user profiles to be evaluated.

To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the default is a Google Analytics 4 property. Depending on the property used, data is stored for varying lengths of time.

Through identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your interactions can be measured across platforms—provided you have given consent. Interactions include all types of actions you perform on our website. If you use other Google systems (e.g., a Google account), data generated via Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we as website operators authorize it. Exceptions may occur when required by law.

According to Google, Google Analytics 4 does not log or store IP addresses. However, Google uses the IP address data to derive location information and then immediately deletes it. All IP addresses collected from users in the EU are deleted before being stored in a data center or on a server.

Since GA4 focuses on event-based data, the tool uses significantly fewer cookies than earlier versions (like Universal Analytics). Nevertheless, there are still specific cookies used by GA4, including:

• Name: _ga
  Value: 2.1326744211.152313018490-5
  Purpose: Used by analytics.js to store the user ID, generally to distinguish website visitors.
  Expiration: 2 years

• Name: _gid
  Value: 2.1687193234.152313018490-1
  Purpose: Also used to distinguish website visitors.
  Expiration: 24 hours

• Name: gat_gtag_UA<property-id>
  Value: 1
  Purpose: Used to throttle request rates. If Google Analytics is delivered via Google Tag Manager, this cookie is named dc_gtm<property-id>.
  Expiration: 1 minute

Note: This list is not exhaustive, as Google regularly changes the selection of cookies. One of GA4’s goals is to improve data protection. Therefore, the tool offers various controls for managing data collection, such as setting data retention periods.

Here’s an overview of the main types of data collected through Google Analytics:

• Heatmaps: These show which areas of our site are clicked most frequently, providing insight into user behavior.

• Session Duration: The amount of time you spend on our site without leaving. After 20 minutes of inactivity, the session ends.

• Bounce Rate: Refers to when you visit only one page on our site and then leave.

• Account Creation: If you create an account or place an order, this data is collected.

• Location: IP addresses are not logged or stored, but location data may be derived before deletion.

• Technical Information: Includes browser type, internet provider, and screen resolution.

• Source of Origin: Identifies which site or ad brought you to us.

Additional data may include contact information, ratings, media usage (e.g., playing a video), social media sharing, or adding items to favorites. This list is not exhaustive and is for general orientation regarding data storage by Google Analytics.

How long and where is the data stored?

Google has data centers around the world. You can read exactly where here: https://datacenters.google/

Your data is distributed across various physical storage devices, enabling faster access and better protection against tampering. Every data center has emergency systems in place to safeguard your data in case of hardware failure or natural disasters.

The retention period depends on the property used. Google Analytics lets us choose between four data retention options:

• 2 months: the shortest option

• 14 months: GA4’s default setting

• 26 months

• Data is only deleted manually

Additionally, there’s an option where data is only deleted if you don’t return to the website within the selected time frame. In that case, the retention period resets each time you revisit. After the period ends, data is deleted once a month. This applies to data linked to cookies, user IDs, and advertising IDs (e.g., DoubleClick cookies). Report data is stored independently in aggregate form.

How can I delete or prevent the storage of my data?

Under EU data protection laws, you have the right to access, update, delete, or restrict your data. You can prevent Google Analytics 4 from using your data via the browser add-on:
https://tools.google.com/dlpage/gaoptout?hl=de
Note: This only disables Google Analytics data collection.

If you want to manage, delete, or disable cookies in general, see the “Cookies” section for browser-specific instructions.

Legal Basis

Using Google Analytics requires your consent, which we obtained via our cookie popup. This consent provides the legal basis according to Art. 6(1)(a) GDPR.

Additionally, we have a legitimate interest in analyzing user behavior to improve our services and website performance, in accordance with Art. 6(1)(f) GDPR. We only use Google Analytics with your consent.

Google processes your data, including in the USA. Google is an active participant in the EU-U.S. Data Privacy Framework, which ensures the lawful and secure transfer of personal data.
Learn more here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Google also uses Standard Contractual Clauses (SCCs) as per Art. 46(2) and (3) GDPR. These are EU-approved templates that ensure your data remains protected under EU privacy standards even when stored in third countries like the USA.
You can find the official decision and clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Google Ads Data Processing Terms (referencing SCCs) can be found here:
https://business.safety.google/intl/de/adsprocessorterms/

We hope this overview has helped clarify how Google Analytics processes your data. For more details, visit:

• Google Analytics Terms

• Google Analytics Support

• Google Privacy Policy

Socialmediaeinleitung

Was ist Social Media?

Zusätzlich zu unserer Website sind wir auch in diversen Social-Media-Plattformen aktiv. Dabei können Daten von Usern verarbeitet werden, damit wir gezielt User, die sich für uns interessieren, über die sozialen Netzwerke ansprechen können. Darüber hinaus können auch Elemente einer Social-Media-Plattform direkt in unsere Website eingebettet sein. Das ist etwa der Fall, wenn Sie einen sogenannten Social-Button auf unserer Website anklicken und direkt zu unserem Social-Media-Auftritt weitergeleitet werden. Als sogenannte Sozialen Medien oder Social Media werden Websites und Apps bezeichnet, über die angemeldete Mitglieder Inhalte produzieren, Inhalte offen oder in bestimmten Gruppen austauschen und sich mit anderen Mitgliedern vernetzen können.

Warum nutzen wir Social Media?

Seit Jahren sind Social-Media-Plattformen der Ort, wo Menschen online kommunizieren und in Kontakt treten. Mit unseren Social-Media-Auftritten können wir unsere Produkte und Dienstleistungen Interessenten näherbringen. Die auf unserer Website eingebundenen Social-Media-Elemente helfen Ihnen, schnell und ohne Komplikationen zu unseren Social-Media-Inhalten wechseln können.

Die Daten, die durch Ihre Nutzung eines Social-Media-Kanals gespeichert und verarbeitet werden, haben in erster Linie den Zweck, Webanalysen durchführen zu können. Ziel dieser Analysen ist es, genauere und personenbezogene Marketing- und Werbestrategien entwickeln zu können. Abhängig von Ihrem Verhalten auf einer Social-Media-Plattform, können mit Hilfe der ausgewerteten Daten, passende Rückschlüsse auf Ihre Interessen getroffen werden und sogenannte Userprofile erstellt werden. So ist es den Plattformen auch möglich, Ihnen maßgeschneiderte Werbeanzeigen zu präsentieren. Meistens werden für diesen Zweck Cookies in Ihrem Browser gesetzt, die Daten zu Ihrem Nutzungsverhalten speichern.

Wir gehen in der Regel davon aus, dass wir datenschutzrechtlich verantwortlich bleiben, auch wenn wir Dienste einer Social-Media-Plattform nutzen. Der Europäische Gerichtshof hat jedoch entschieden, dass in bestimmten Fällen der Betreiber der Social-Media-Plattform zusammen mit uns gemeinsam verantwortlich im Sinne des Art. 26 DSGVO sein kann. Soweit dies der Fall ist, weisen wir gesondert darauf hin und arbeiten auf Grundlage einer diesbezüglichen Vereinbarung. Das Wesentliche der Vereinbarung ist dann weiter unten bei der betroffenen Plattform wiedergegeben.

Bitte beachten Sie, dass bei der Nutzung der Social-Media-Plattformen oder unserer eingebauten Elemente auch Daten von Ihnen außerhalb der Europäischen Union verarbeitet werden können, da viele Social-Media-Kanäle, beispielsweise Facebook oder Twitter, amerikanische Unternehmen sind. Dadurch können Sie möglicherweise Ihre Rechte in Bezug auf Ihre personenbezogenen Daten nicht mehr so leicht einfordern bzw. durchsetzen.

Welche Daten werden verarbeitet?

Welche Daten genau gespeichert und verarbeitet werden, hängt vom jeweiligen Anbieter der Social-Media-Plattform ab. Aber für gewöhnlich handelt es sich um Daten wie etwa Telefonnummern, E-Mailadressen, Daten, die Sie in ein Kontaktformular eingeben, Nutzerdaten wie zum Beispiel welche Buttons Sie klicken, wen Sie liken oder wem folgen, wann Sie welche Seiten besucht haben, Informationen zu Ihrem Gerät und Ihre IP-Adresse. Die meisten dieser Daten werden in Cookies gespeichert. Speziell wenn Sie selbst ein Profil bei dem besuchten Social-Media-Kanal haben und angemeldet sind, können Daten mit Ihrem Profil verknüpft werden.

Alle Daten, die über eine Social-Media-Plattform erhoben werden, werden auch auf den Servern der Anbieter gespeichert. Somit haben auch nur die Anbieter Zugang zu den Daten und können Ihnen die passenden Auskünfte geben bzw. Änderungen vornehmen.

Wenn Sie genau wissen wollen, welche Daten bei den Social-Media-Anbietern gespeichert und verarbeitet werden und wie sie der Datenverarbeitung widersprechen können, sollten Sie die jeweilige Datenschutzerklärung des Unternehmens sorgfältig durchlesen. Auch wenn Sie zur Datenspeicherung und Datenverarbeitung Fragen haben oder entsprechende Rechte geltend machen wollen, empfehlen wir Ihnen, sich direkt an den Anbieter wenden.

Dauer der Datenverarbeitung

Über die Dauer der Datenverarbeitung informieren wir Sie weiter unten, sofern wir weitere Informationen dazu haben. Beispielsweise speichert die Social-Media-Plattform Facebook Daten, bis sie für den eigenen Zweck nicht mehr benötigt werden. Kundendaten, die mit den eigenen Userdaten abgeglichen werden, werden aber schon innerhalb von zwei Tagen gelöscht. Generell verarbeiten wir personenbezogene Daten nur so lange wie es für die Bereitstellung unserer Dienstleistungen und Produkte unbedingt notwendig ist. Wenn es, wie zum Beispiel im Fall von Buchhaltung, gesetzlich vorgeschrieben ist, kann diese Speicherdauer auch überschritten werden.

Widerspruchsrecht

Sie haben auch jederzeit das Recht und die Möglichkeit Ihre Einwilligung zur Verwendung von Cookies bzw. Drittanbietern wie eingebettete Social-Media-Elemente zu widerrufen. Das funktioniert entweder über unser Cookie-Management-Tool oder über andere Opt-Out-Funktionen. Zum Beispiel können Sie auch die Datenerfassung durch Cookies verhindern, indem Sie in Ihrem Browser die Cookies verwalten, deaktivieren oder löschen.

Da bei Social-Media-Tools Cookies zum Einsatz kommen können, empfehlen wir Ihnen auch unsere allgemeine Datenschutzerklärung über Cookies. Um zu erfahren, welche Daten von Ihnen genau gespeichert und verarbeitet werden, sollten Sie die Datenschutzerklärungen der jeweiligen Tools durchlesen.

Rechtsgrundlage

Wenn Sie eingewilligt haben, dass Daten von Ihnen durch eingebundene Social-Media-Elemente verarbeitet und gespeichert werden können, gilt diese Einwilligung als Rechtsgrundlage der Datenverarbeitung (Art. 6 Abs. 1 lit. a DSGVO). Grundsätzlich werden Ihre Daten bei Vorliegen einer Einwilligung auch auf Grundlage unseres berechtigten Interesses (Art. 6 Abs. 1 lit. f DSGVO) an einer schnellen und guten Kommunikation mit Ihnen oder anderen Kunden und Geschäftspartnern gespeichert und verarbeitet. Wir setzen die Tools gleichwohl nur ein, soweit Sie eine Einwilligung erteilt haben. Die meisten Social-Media-Plattformen setzen auch Cookies in Ihrem Browser, um Daten zu speichern. Darum empfehlen wir Ihnen, unseren Datenschutztext über Cookies genau durchzulesen und die Datenschutzerklärung oder die Cookie-Richtlinien des jeweiligen Dienstanbieters anzusehen.

Informationen zu speziellen Social-Media-Plattformen erfahren Sie – sofern vorhanden – in den folgenden Abschnitten.

Facebook Datenschutzerklärung

Was sind Facebook-Tools?

Wir verwenden auf unserer Website ausgewählte Tools von Facebook. Facebook ist ein Social Media Network des Unternehmens Meta Platforms Inc. bzw. für den europäischen Raum des Unternehmens Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland. Mithilfe dieser Tools können wir Ihnen und Menschen, die sich für unsere Produkte und Dienstleistungen interessieren, das bestmögliche Angebot bieten.

Wenn über unsere eingebetteten Facebook-Elemente oder über unsere Facebook-Seite (Fanpage) Daten von Ihnen erhoben und weitergeleitet werden, sind sowohl wir als auch Facebook Irland Ltd. dafür verantwortlich. Für die weitere Verarbeitung dieser Daten trägt Facebook allein die Verantwortung. Unsere gemeinsamen Verpflichtungen wurden auch in einer öffentlich zugänglichen Vereinbarung unter https://www.facebook.com/legal/controller_addendum verankert. Darin ist etwa festgehalten, dass wir Sie klar über den Einsatz der Facebook-Tools auf unserer Seite informieren müssen. Weiters sind wir auch dafür verantwortlich, dass die Tools datenschutzrechtlich sicher in unsere Website eingebunden sind. Facebook ist hingegen beispielsweise für die Datensicherheit der Facebook-Produkte verantwortlich. Bei etwaigen Fragen zur Datenerhebung und Datenverarbeitung durch Facebook können Sie sich direkt an das Unternehmen wenden. Wenn Sie die Frage an uns richten, sind wir dazu verpflichtet diese an Facebook weiterleiten.

Im Folgenden geben wir einen Überblick über die verschiedenen Facebook Tools, welche Daten an Facebook gesendet werden und wie Sie diese Daten löschen können.

Neben vielen anderen Produkten bietet Facebook auch die sogenannten “Facebook Business Tools” an. Das ist die offizielle Bezeichnung von Facebook. Da der Begriff aber kaum bekannt ist, haben wir uns dafür entschieden, sie lediglich Facebook-Tools zu nennen. Darunter finden sich unter anderem:

• Facebook-Pixel
• soziale Plug-ins (wie z.B der „Gefällt mir“- oder „Teilen“-Button)
• Facebook Login
• Account Kit
• APIs (Programmierschnittstelle)
• SDKs (Sammlung von Programmierwerkzeugen)
• Plattform-Integrationen
• Plugins
• Codes
• Spezifikationen
• Dokumentationen
• Technologien und Dienstleistungen

Durch diese Tools erweitert Facebook Dienstleistungen und hat die Möglichkeit, Informationen über User-Aktivitäten außerhalb von Facebook zu erhalten.

Warum verwenden wir Facebook-Tools auf unserer Website?

Wir wollen unsere Dienstleistungen und Produkte nur Menschen zeigen, die sich auch wirklich dafür interessieren. Mithilfe von Werbeanzeigen (Facebook-Ads) können wir genau diese Menschen erreichen. Damit den Usern passende Werbung gezeigt werden kann, benötigt Facebook allerdings Informationen über die Wünsche und Bedürfnisse der Menschen. So werden dem Unternehmen Informationen über das Userverhalten (und Kontaktdaten) auf unserer Webseite zur Verfügung gestellt. Dadurch sammelt Facebook bessere User-Daten und kann interessierten Menschen die passende Werbung über unsere Produkte bzw. Dienstleistungen anzeigen. Die Tools ermöglichen somit maßgeschneiderte Werbekampagnen auf Facebook.

Daten über Ihr Verhalten auf unserer Webseite nennt Facebook „Event-Daten“. Diese werden auch für Messungs- und Analysedienste verwendet. Facebook kann so in unserem Auftrag „Kampagnenberichte“ über die Wirkung unserer Werbekampagnen erstellen. Weiters bekommen wir durch Analysen einen besseren Einblick, wie Sie unsere Dienstleistungen, Webseite oder Produkte verwenden. Dadurch optimieren wir mit einigen dieser Tools Ihre Nutzererfahrung auf unserer Webseite. Beispielsweise können Sie mit den sozialen Plug-ins Inhalte auf unserer Seite direkt auf Facebook teilen.

Welche Daten werden von Facebook-Tools gespeichert?

Durch die Nutzung einzelner Facebook-Tools können personenbezogene Daten (Kundendaten) an Facebook gesendet werden. Abhängig von den benutzten Tools können Kundendaten wie Name, Adresse, Telefonnummer und IP-Adresse versandt werden.

Facebook verwendet diese Informationen, um die Daten mit den Daten, die es selbst von Ihnen hat (sofern Sie Facebook-Mitglied sind) abzugleichen. Bevor Kundendaten an Facebook übermittelt werden, erfolgt ein sogenanntes „Hashing“. Das bedeutet, dass ein beliebig großer Datensatz in eine Zeichenkette transformiert wird. Dies dient auch der Verschlüsselung von Daten.

Neben den Kontaktdaten werden auch „Event-Daten“ übermittelt. Unter „Event-Daten“ sind jene Informationen gemeint, die wir über Sie auf unserer Webseite erhalten. Zum Beispiel, welche Unterseiten Sie besuchen oder welche Produkte Sie bei uns kaufen. Facebook teilt die erhaltenen Informationen nicht mit Drittanbietern (wie beispielsweise Werbetreibende), außer das Unternehmen hat eine explizite Genehmigung oder ist rechtlich dazu verpflichtet. „Event-Daten“ können auch mit Kontaktdaten verbunden werden. Dadurch kann Facebook bessere personalisierte Werbung anbieten. Nach dem bereits erwähnten Abgleichungsprozess löscht Facebook die Kontaktdaten wieder.

Um Werbeanzeigen optimiert ausliefern zu können, verwendet Facebook die Event-Daten nur, wenn diese mit anderen Daten (die auf andere Weise von Facebook erfasst wurden) zusammengefasst wurden. Diese Event-Daten nützt Facebook auch für Sicherheits-, Schutz-, Entwicklungs- und Forschungszwecke. Viele dieser Daten werden über Cookies zu Facebook übertragen. Cookies sind kleine Text-Dateien, die zum Speichern von Daten bzw. Informationen in Browsern verwendet werden. Je nach verwendeten Tools und abhängig davon, ob Sie Facebook-Mitglied sind, werden unterschiedlich viele Cookies in Ihrem Browser angelegt. In den Beschreibungen der einzelnen Facebook Tools gehen wir näher auf einzelne Facebook-Cookies ein. Allgemeine Informationen über die Verwendung von Facebook-Cookies erfahren Sie auch auf https://www.facebook.com/policies/cookies.

Wie lange und wo werden die Daten gespeichert?

Grundsätzlich speichert Facebook Daten bis sie nicht mehr für die eigenen Dienste und Facebook-Produkte benötigt werden. Facebook hat auf der ganzen Welt Server verteilt, wo seine Daten gespeichert werden. Kundendaten werden allerdings, nachdem sie mit den eigenen Userdaten abgeglichen wurden, innerhalb von 48 Stunden gelöscht.

Wie kann ich meine Daten löschen bzw. die Datenspeicherung verhindern?

Entsprechend der Datenschutz Grundverordnung haben Sie das Recht auf Auskunft, Berichtigung, Übertragbarkeit und Löschung Ihrer Daten.

Eine komplette Löschung der Daten erfolgt nur, wenn Sie Ihr Facebook-Konto vollständig löschen. Und so funktioniert das Löschen Ihres Facebook-Kontos:

1) Klicken Sie rechts bei Facebook auf Einstellungen.

2) Anschließend klicken Sie in der linken Spalte auf „Deine Facebook-Informationen“.

3) Nun klicken Sie “Deaktivierung und Löschung”.

4) Wählen Sie jetzt „Konto löschen“ und klicken Sie dann auf „Weiter und Konto löschen“

5) Geben Sie nun Ihr Passwort ein, klicken Sie auf „Weiter“ und dann auf „Konto löschen“

Die Speicherung der Daten, die Facebook über unsere Seite erhält, erfolgt unter anderem über Cookies (z.B. bei sozialen Plugins). In Ihrem Browser können Sie einzelne oder alle Cookies deaktivieren, löschen oder verwalten. Je nach dem welchen Browser Sie verwenden, funktioniert dies auf unterschiedliche Art und Weise. Unter dem Abschnitt „Cookies“ finden Sie die entsprechenden Links zu den jeweiligen Anleitungen der bekanntesten Browser.

Falls Sie grundsätzlich keine Cookies haben wollen, können Sie Ihren Browser so einrichten, dass er Sie immer informiert, wenn ein Cookie gesetzt werden soll. So können Sie bei jedem einzelnen Cookie entscheiden, ob Sie es erlauben oder nicht.

Rechtsgrundlage

Wenn Sie eingewilligt haben, dass Daten von Ihnen durch eingebundene Facebook-Tools verarbeitet und gespeichert werden können, gilt diese Einwilligung als Rechtsgrundlage der Datenverarbeitung (Art. 6 Abs. 1 lit. a DSGVO). Grundsätzlich werden Ihre Daten auch auf Grundlage unseres berechtigten Interesses (Art. 6 Abs. 1 lit. f DSGVO) an einer schnellen und guten Kommunikation mit Ihnen oder anderen Kunden und Geschäftspartnern gespeichert und verarbeitet. Wir setzen die Tools gleichwohl nur ein, soweit Sie eine Einwilligung erteilt haben. Die meisten Social-Media-Plattformen setzen auch Cookies in Ihrem Browser, um Daten zu speichern. Darum empfehlen wir Ihnen, unseren Datenschutztext über Cookies genau durchzulesen und die Datenschutzerklärung oder die Cookie-Richtlinien von Facebook anzusehen.

Facebook verarbeitet Daten von Ihnen u.a. auch in den USA. Facebook bzw. Meta Platforms ist aktiver Teilnehmer des EU-US Data Privacy Frameworks, wodurch der korrekte und sichere Datentransfer personenbezogener Daten von EU-Bürgern in die USA geregelt wird. Mehr Informationen dazu finden Sie auf https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Zudem verwendet Facebook sogenannte Standardvertragsklauseln (= Art. 46. Abs. 2 und 3 DSGVO). Standardvertragsklauseln (Standard Contractual Clauses – SCC) sind von der EU-Kommission bereitgestellte Mustervorlagen und sollen sicherstellen, dass Ihre Daten auch dann den europäischen Datenschutzstandards entsprechen, wenn diese in Drittländer (wie beispielsweise in die USA) überliefert und dort gespeichert werden. Durch das EU-US Data Privacy Framework und durch die Standardvertragsklauseln verpflichtet sich Facebook, bei der Verarbeitung Ihrer relevanten Daten, das europäische Datenschutzniveau einzuhalten, selbst wenn die Daten in den USA gespeichert, verarbeitet und verwaltet werden. Diese Klauseln basieren auf einem Durchführungsbeschluss der EU-Kommission. Sie finden den Beschluss und die entsprechenden Standardvertragsklauseln u.a. hier: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Die Facebook Datenverarbeitungsbedingung, welche auf die Standardvertragsklauseln verweisen, finden Sie unter https://www.facebook.com/legal/terms/dataprocessing.

Wir hoffen, wir haben Ihnen die wichtigsten Informationen über die Nutzung und Datenverarbeitung durch die Facebook-Tools nähergebracht. Wenn Sie mehr darüber erfahren wollen, wie Facebook Ihre Daten verwendet, empfehlen wir Ihnen die Datenrichtlinien auf https://www.facebook.com/privacy/policy/.

Facebook Login Privacy Policy

We have integrated the convenient Facebook Login on our website. This allows you to log in easily using your Facebook account without having to create a new user account. If you choose to register via Facebook Login, you will be redirected to the social media network Facebook. There, the login is carried out using your Facebook user data. Through this login process, information about you and your user behavior is collected and transmitted to Facebook.

To store this data, Facebook uses various cookies. Below, we show you the most important cookies that are either set in your browser or already present when you log in to our site via Facebook Login:

Name: fr
Value: 0jieyh4c2GnlufEJ9..Bde09j…1.0.Bde09j
Purpose: This cookie is used to ensure the best possible functionality of the social plugin on our website.
Expiration: after 3 months

Name: datr
Value: 4Jh7XUA2313018490SEmPsSfzCOO4JFFl
Purpose: Facebook sets the “datr” cookie when a web browser accesses facebook.com. The cookie helps identify login activities and protect users.
Expiration: after 2 years

Name: _js_datr
Value: deleted
Purpose: This session cookie is set by Facebook for tracking purposes, even if you do not have a Facebook account or are logged out.
Expiration: at the end of the session

Note: The cookies listed above are only a small selection of those Facebook uses are only a small selection of the cookies Facebook uses. Other cookies include, for example, _fbp, sb, or wd. A complete list is not possible, as Facebook uses a wide variety of cookies and applies them variably.

Facebook Login offers you a fast and simple registration process. At the same time, it allows us to share data with Facebook. This enables us to better tailor our offerings and marketing efforts to your interests and needs. The data we receive from Facebook in this way includes public information such as:

• Your Facebook name
• Your profile picture
• An associated email address
• Friend lists
• Button data (e.g., “Like” button)
• Date of birth
• Language
• Place of residence

In return, we provide Facebook with information about your activities on our website. This includes details such as your device type, which subpages you visit on our site, or which products you have purchased from us.

By using Facebook Login, you consent to the processing of your data. You may revoke this agreement at any time. If you would like more information about how Facebook processes data, we recommend reviewing Facebook’s privacy policy at: https://www.facebook.com/privacy/policy/.

If you are logged into Facebook, you can change your ad preferences at: https://www.facebook.com/adpreferences/advertisers/?entry_product=ad_settings_screen

You can also manage your advertising preferences yourself at:
https://www.facebook.com/adpreferences/advertisers/?entry_product=ad_settings_screen

Facebook Social Plugins Privacy Policy

Our website includes so-called social plugins from the company Meta Platforms Inc. You can recognize these buttons by the classic Facebook logo, such as the “Like” button (the hand with a raised thumb) or by a clear “Facebook Plugin” label. A social plugin is a small part of Facebook that is integrated into our website. Each plugin has a specific function. The most commonly used features are the well-known “Like” and “Share” buttons.

Facebook offers the following social plugins:

• “Save” button
• “Like”, Share, Send, and Quote buttons
• Page plugin
• Comments
• Messenger plugin
• Embedded posts and video player
• Group plugin

You can find more detailed information on how the individual plugins are used at:
https://developers.facebook.com/docs/plugins

We use social plugins partly to offer you a better user experience on our site, and partly because Facebook can optimize our advertising through them.

If you have a Facebook account or have previously visited https://www.facebook.com/, Facebook has likely already set at least one cookie in your browser. In this case, your browser sends information to Facebook through that cookie as soon as you visit our site or interact with social plugins (e.g., the “Like” button).

The collected information is deleted or anonymized within 90 days. According to Facebook, this data includes your IP address, the website you visited, the date and time, and additional information related to your browser.

To prevent Facebook from collecting extensive data and linking it with your Facebook account during your visit to our website, you must log out of Facebook while browsing our site.

If you are not logged into Facebook or do not have a Facebook account, your browser will send less information to Facebook, as fewer Facebook cookies are present. However, data such as your IP address or the website you are visiting may still be transmitted to Facebook. We explicitly point out that we do not know the exact content of the transmitted data. However, we strive to inform you to the best of our knowledge about the data processing involved. You can read more about how Facebook uses your data in the company’s privacy policy at:
https://www.facebook.com/about/privacy/update

The following cookies are at least set in your browser when you visit a website with Facebook social plugins:

Name: dpr
Value: not specified
Purpose: This cookie is used to ensure that social plugins function properly on our website.
Expiration: at the end of the session

Name: fr
Value: 0jieyh4313018490c2GnlufEJ9..Bde09j…1.0.Bde09j

Purpose: This cookie is also necessary to ensure the proper functioning of the plugins.
Expiration: after 3 months

Note: These cookies were set during a test, even if you are not a Facebook member.

If you are logged into Facebook, you can change your ad preferences at:
https://www.facebook.com/adpreferences/advertisers/
If you are not a Facebook user, you can generally manage your usage-based online advertising at:
https://www.youronlinechoices.com/de/praferenzmanagement/?tid=313018490.
There, you can activate or deactivate providers.

If you would like to learn more about Facebook’s data privacy, we recommend reviewing their own data policies at:
https://www.facebook.com/privacy/policy/

X (formerly: Twitter) Privacy Policy

What is X?

Our website includes functions from X. These include embedded tweets, timelines, buttons, or hashtags. X is a microblogging and social media platform operated by the American company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For the European Economic Area, the company responsible for processing personal data is Twitter International Unlimited Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland).

According to our knowledge, no personal data or data regarding your web activities are transmitted to X within the European Economic Area or Switzerland merely by embedding X functions. Only when you interact with these functions—such as by clicking a button—can data be transmitted to, stored by, and processed by X. We have no influence over this data processing and do not assume any responsibility for it.

As part of this privacy policy, we aim to give you an overview of what data X stores, how X uses that data, and how you can largely protect yourself from data transmission.

For some, X is a news service; for others, a social media platform; and still others refer to it as a microblogging service. All of these terms are valid and more or less describe the same thing.

Both individuals and companies use X to communicate with interested parties via short messages. Each message on X is limited to 280 characters and is called a “Tweet.” Unlike platforms like Facebook, X does not focus on building a “friends” network but is designed to be a global and open news platform. On X, users can also maintain anonymous accounts, and tweets can be deleted either by the company or by the users themselves.

Why do we use X on our website?

Like many other websites and companies, we try to offer our services and content through various channels and communicate with our customers. X (still better known to many as Twitter) has become a helpful “small” news tool we appreciate. We regularly tweet or retweet interesting, funny, or relevant content. We understand that you can’t follow every platform individually—after all, you have other things to do. That’s why we have integrated X functions directly into our website. This allows you to experience our X activity “on site” or follow a direct link to our X page. Through this integration, we aim to enhance our service and improve the user experience on our website.

What data is stored by X?

On some of our subpages, you will find integrated X features. If you interact with X content—such as by clicking a button—X may collect and store data. This can happen even if you do not have an X account. X refers to this information as “log data.” This may include demographic information, browser cookie IDs, your smartphone’s ID, hashed email addresses, and details about which pages you visited on X and what actions you performed. Of course, X stores even more data if you have an X account and are logged in.

Previously, this data was stored using cookies. Cookies are small text files that are typically set in your browser and transmit various pieces of information to X.

Below is an example of the cookies that may be set when you visit a website with integrated X functions, even if you are not logged into X. Please note that this list is illustrative and not exhaustive, as the specific cookies set may vary depending on your individual interactions with X content.

These cookies were identified during our test:

Name: personalization_id
Value: “v1_cSJIsogU51SeE313018490”
Purpose: This cookie stores information about how you use the website and through which advertisements you may have reached X.
Expiration: after 2 years

Name: lang
Value: de
Purpose: This cookie stores your preset or preferred language.
Expiration: at the end of the session

Name: guest_id
Value: 313018490v1%3A157132626
Purpose: This cookie is used to identify you as a guest.
Expiration: after 2 years

Name: fm
Value: 0
Purpose: Unfortunately, we could not determine the purpose of this cookie.
Expiration: at the end of the session

Name: external_referer
Value: 3130184902beTA0sf5lkMrlGt
Purpose: This cookie collects anonymous data such as how often and how long you visit X.
Expiration: after 6 days

Name: eu_cn
Value: 1
Purpose: This cookie stores user activity and serves various advertising purposes for X.
Expiration: after 1 year

Name: ct0
Value: c1179f07163a365d2ed7aad84c99d966
Purpose: Unfortunately, we could not determine the purpose of this cookie.
Expiration: after 6 hours

Name: _twitter_sess
Value: 53D%253D–dd0248313018490-
Purpose: This cookie allows you to use functions within the X website.
Expiration: at the end of the session

Note: X also works with third-party providers. Therefore, during our test, we also detected the three Google Analytics cookies: _ga, _gat, and _gid.

X uses the data collected partly to better understand user behavior and thereby improve its own services and advertising offers. The data also serves internal security measures.

How long and where is the data stored?

When X collects data from other websites, it is deleted, aggregated, or otherwise anonymized within a maximum of 30 days. X’s servers are located in various data centers across the United States. It is therefore assumed that the data collected is gathered and stored in the U.S. Our research did not confirm whether X operates its own servers in Europe. Generally, X may store collected data as long as it is useful for the company, until you delete it, or until a legal retention period applies.

X repeatedly states in its privacy policies that it does not store any data from external website visits if you or your browser are located in the European Economic Area or Switzerland. However, if you interact directly with X, it will of course store data about you.

If you have an X account, you can manage your data by clicking on the “Profile” button and then selecting “More.” After that, click on “Settings and Privacy,” where you can manage data processing individually.

If you do not have an X account, you can go to twitter.com, then click on “Personalization.” Under the section “Personalization and Data,” you can manage the data that has been collected about you.

As previously mentioned, most data is stored via cookies, which you can manage, disable, or delete in your browser. Please note that cookie settings apply only to the browser you are currently using. This means that if you use a different browser in the future, you will need to adjust your cookie preferences again. In the “Cookies” section, you will find links to instructions for the most common browsers.

You can also configure your browser to notify you whenever a cookie is about to be set. This allows you to decide on a case-by-case basis whether to allow or reject the cookie.

X also uses your data for personalized advertising both within and outside of the X platform. In the settings section “Personalization and Data,” you can disable personalized advertising.

You can also disable personalized advertising when using X in a browser by visiting:
https://optout.aboutads.info/?c=2&lang=EN

Legal Basis

If you have consented to the processing and storage of your data through integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In general, your data is also processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in facilitating fast and effective communication with you or other customers and business partners. We use integrated social media elements only if you have given your consent.

Most social media platforms also place cookies in your browser to store data. Therefore, we recommend that you read our dedicated cookie privacy text and review the privacy or cookie policies of the respective service provider.

X also processes your data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve various risks regarding the legality and security of data processing.

As a basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway—particularly in the USA) or for the transfer of data to such countries, X uses what are known as Standard Contractual Clauses (SCCs) pursuant to Article 46(2) and (3) of the GDPR. Standard Contractual Clauses are template agreements provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). By using these clauses, X commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the applicable Standard Contractual Clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

More information about the Standard Contractual Clauses used by X can be found at:
https://gdpr.twitter.com/en/controller-to-controller-transfers.html

We hope this has given you a general overview of how X processes data. We do not receive any data from X and are not responsible for what X does with your data. If you have further questions on this topic, we recommend reviewing X’s privacy policy at:
https://twitter.com/en/privacy

Security & Anti-Spam

What is security and anti-spam software?

With so-called security and anti-spam software, both you and we can protect ourselves from various spam or phishing emails and potential cyberattacks. Spam refers to mass-distributed advertising emails that you did not request. Such emails are often referred to as data garbage and can even incur costs. Phishing emails, on the other hand, are messages designed to build trust through fake communications or websites in order to obtain personal data.

Anti-spam software generally protects against unwanted spam messages or malicious emails that may, for example, introduce viruses into our system. We also use general firewall and security systems to protect our computers from unwanted network attacks.

Why do we use security and anti-spam software?

We place particular importance on security on our website—after all, it’s not just about our safety but especially about yours. Unfortunately, cyber threats have become an everyday occurrence in the world of IT and the internet. Hackers often attempt to steal personal data from IT systems through cyberattacks. That is why a strong defense system is absolutely necessary.

A security system monitors all incoming and outgoing connections to our network or computer. To achieve an even higher level of protection against cyberattacks, we use, in addition to standardized security systems on our computers, external security services as well.

Unauthorized data traffic is better prevented in this way, and we protect ourselves from cybercrime.

What data is processed by security and anti-spam software?

The specific data collected and stored depends, of course, on the service being used. However, we always strive to use programs that collect data sparingly or store only the data necessary to provide the intended service.

In general, such services may collect data such as your name, address, IP address, email address, and technical data like your browser type or version. Performance and log data may also be collected to detect potential incoming threats in a timely manner. These data are processed as part of the services and in compliance with applicable laws, including the GDPR—also for U.S.-based providers via Standard Contractual Clauses.

Some of these security services may also work with third-party providers who may store and/or process data under instruction and in accordance with privacy policies and additional security measures. Data storage typically occurs via cookies.

Duration of data processing

We provide information on the duration of data processing further below, if available. For example, security programs may store data until you or we revoke the data storage. In general, personal data is stored only for as long as is strictly necessary to provide the respective services.

In many cases, providers do not supply precise information about the storage duration. In general, personal data is stored only as long as it is absolutely necessary for the provision of the services.

Right to object

You have the right and the option at any time to withdraw your consent to the use of cookies or third-party security software. This can be done via our cookie management tool or through other opt-out mechanisms. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser.

Since such security services may also use cookies, we recommend reading our general privacy policy regarding cookies. To find out exactly what data is stored and processed about you, you should consult the respective privacy policies of the tools used.

Legal basis

We primarily use security services based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in maintaining a robust security system to protect against various cyberattacks.

Certain data processing activities—especially the use of cookies and security features—require your explicit consent. If you have consented to the processing and storage of your data through integrated security services, this consent serves as the legal basis for data processing (Art. 6 para.1 lit. a GDPR). Most of the services we use place cookies in your browser to store data. For this reason, we recommend that you carefully read our cookie privacy policy as well as the privacy or cookie policies of the respective service providers.

You can find information about specific tools—if available—in the following sections.

Akismet Privacy Policy

We use Akismet, an anti-spam solution for WordPress, on our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Automattic also processes your data in the United States, among other places. Akismet/Automattic is an active participant in the EU-US Data Privacy Framework, which ensures the lawful and secure transfer of personal data from EU citizens to the USA. You can find more information at:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Automattic also uses what are known as Standard Contractual Clauses (SCCs) pursuant to Article 46(2) and (3) of the GDPR. Standard Contractual Clauses are model templates provided by the EU Commission and are intended to ensure that your data continues to comply with European data protection standards even when transferred to and stored in third countries (such as the USA). Through the EU-U.S. Data Privacy Framework and the Standard Contractual Clauses, Automattic commits to upholding the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Data Processing Agreements, which refer to the Standard Contractual Clauses, can be found at:
https://wordpress.com/support/data-processing-agreements/

For more information about the data processed through the use of Akismet and WordPress, please refer to the privacy policy at:
https://automattic.com/privacy/

Audio & Video Introduction

What are audio and video elements?

We have embedded audio and/or video elements on our website so that you can directly watch videos or listen to music/podcasts via our site. The content is provided by third-party service providers and is therefore retrieved from their respective servers.

These elements come from platforms such as YouTube, Vimeo, or Spotify. While using these portals is usually free, some content may be paid. Through these embedded elements, you can listen to or view the respective media directly on our website.

When you use audio or video elements on our website, personal data may also be transmitted to, processed by, and stored by the respective service providers.

Why do we use audio and video elements on our website?

Naturally, we want to offer you the best possible experience on our website. We recognize that content today is no longer limited to text and static images. Instead of just providing a link to a video, we offer audio and video formats directly on our site that are entertaining, informative—or ideally, both. This enhances our service and makes it easier for you to access engaging content. In addition to texts and images, we thus provide video and/or audio content.

What data is stored by audio and video elements?

When you visit a page on our website that contains an embedded video, your server connects to the service provider’s server. In the process, data about you is also transmitted to the third party and stored there. Some data is collected and stored regardless of whether you have an account with the provider. This usually includes your IP address, browser type, operating system, and other general information about your device.

Most providers also collect information about your web activity, such as session duration, bounce rate which buttons you clicked, or through which website you accessed the service. All of this information is usually stored via cookies or pixel tags (also known as web beacons). Pseudonymized data is typically stored in cookies within your browser. The exact data that is stored and processed can always be found in the privacy policy of the respective provider.

Duration of data processing

How long the data is stored on the servers of third-party providers can be found either further down in the privacy section of the specific tool or in the provider’s privacy policy. In general, personal data is only processed for as long as it is absolutely necessary to provide our services or products. This principle usually applies to third-party providers as well.

Typically, you can assume that certain data may remain stored on the servers of third-party providers for several years. Data, especially in cookies, can be stored for varying periods. Some cookies are deleted as soon as you leave the website, while others may remain stored in your browser for several years.

Right to object

You also have the right and the option at any time to revoke your consent to the use of cookies or third-party services. This can be done through our cookie management tool or other opt-out mechanisms. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. The legality of data processing carried out prior to your withdrawal of consent remains unaffected.

Since the embedded audio and video features on our website typically use cookies, we recommend that you also read our general privacy policy regarding cookies. The privacy policies of the respective third-party providers will provide more detailed information about how your data is handled and stored.

Legal Basis

If you have consented to the processing and storage of your data through embedded audio and video elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In general, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. We only use embedded audio and video elements if you have provided your consent.

Spotify Privacy Policy

We use Spotify on our website, a tool for streaming music and podcasts. The service provider is the Swedish company Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden.

You can learn more about the data processed through the use of Spotify in their privacy policy at:
https://www.spotify.com/de/legal/privacy-policy/

YouTube Privacy Policy

What is YouTube?

We have embedded YouTube videos on our website to present interesting video content directly on our pages. YouTube is a video portal that has been a subsidiary of Google since 2006. It is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you access a page on our website that has a YouTube video embedded, your browser automatically connects to YouTube or Google’s servers. Depending on your settings, various data may be transmitted. For all data processing within the European Economic Area, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible.

Below, we explain in more detail which data is processed, why we embed YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the years, YouTube has become one of the most important social media platforms worldwide. In order to display videos on our website, YouTube provides an embed code that we integrate into our site.

Why do we use YouTube videos on our website?

YouTube is the platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And, of course, interesting videos are an essential part of that.

With our embedded videos, we provide you with additional helpful content alongside our texts and images. Furthermore, embedded videos help our website appear more prominently in Google search results. Even when we run ads via Google Ads, the data collected allows Google to display these ads only to people who are genuinely interested in our offerings.

What data is stored by YouTube?

As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can often associate your interactions on our website with your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical details such as browser type, screen resolution, or your internet provider. Additional data may include contact details, ratings, content shared on social media, or items you add to your YouTube favorites.

If you are not logged into a Google or YouTube account, Google still stores data using a unique identifier linked to your device, browser, or app. This ensures, for example, that your preferred language setting is preserved. However, many types of interaction data cannot be stored since fewer cookies are set.

Below we list cookies that were set in a browser during our test. We show, on the one hand, cookies that are set without a logged-in YouTube account and, on the other hand, those set with a logged-in account. This list does not claim to be exhaustive, as the user data always depends on interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y313018490-1
Purpose: This cookie registers a unique ID to store statistics about the viewed video.
Expiration: after session end

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google uses the PREF cookie to gather statistics on how you use YouTube videos on our website.
Expiration: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track GPS location.
Expiration: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts to estimate the user’s bandwidth on our website (with embedded YouTube video).
Expiration: after 8 months

Additional cookies that are set when you are logged into your YouTube account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7313018490-
Purpose: This cookie is used to create a profile based on your interests. The data is used for personalized advertisements.
Expiration: after 2 years

Name: CONSENT
Value: YES+AT.de+2015

Name: CONSENT
Value: YES+AT.de+2015
Purpose: This cookie stores the user’s consent status regarding the use of various Google services. CONSENT also serves security purposes by verifying users and protecting user data from unauthorized attacks.
Expiration: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to build a profile of your interests. The data helps display personalized advertising.
Expiration: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: This cookie stores information about your login credentials.
Expiration: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to build a profile of your interests.
Expiration: after 2 years

Name: SID
Value: oQfNKjAsI313018490-
Purpose: This cookie stores your Google Account ID and the time of your last login in a digitally signed and encrypted form.
Expiration: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information on how you use the website and what advertisements you may have seen before visiting our site.
Expiration: after 3 months

How long and where is the data stored?

The data collected and processed by YouTube about you is stored on Google servers…

…Most of these servers are located in the United States. At https://datacenters.google/, you can see exactly where Google’s data centers are located. Your data is distributed across the servers. This ensures faster accessibility and better protection against manipulation.

Google stores the collected data for varying durations. Some data can be deleted by you at any time, other data is automatically deleted after a certain period, and some data is retained by Google for a longer duration. Some data (such as items from “My Activity,” photos or documents, products) stored in your Google account will remain stored until you delete them. Even if you are not logged into a Google account, you can still delete certain data linked to your device, browser, or app.

How can I delete or prevent the storage of my data?

You can generally delete data manually in your Google account. With the auto-delete feature introduced in 2019 for location and activity data, information is stored for either 3 or 18 months, depending on your preference, and then automatically deleted.

Regardless of whether you have a Google account, you can configure your browser to delete or deactivate Google cookies. Depending on the browser you use, this process varies. In the “Cookies” section, you will find relevant links to instructions for common browsers.

If you generally do not want to allow cookies, you can configure your browser to notify you whenever a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal Basis

If you have given your consent for data to be processed and stored by embedded YouTube elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In general, your data may also be stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in maintaining fast and effective communication with you and other customers or business partners. However, we only use embedded YouTube elements if you have granted consent.

YouTube also places cookies in your browser to store data. Therefore, we recommend reading our privacy policy on cookies carefully and also reviewing the respective privacy policies or cookie guidelines of the service providers involved.

YouTube processes your data, among other locations, in the USA. YouTube (or Google) is an active participant in the EU-U.S. Data Privacy Framework, which regulates the proper and secure transfer of personal data from EU citizens to the USA. You can find more information here:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Google also uses what are known as Standard Contractual Clauses (SCCs) in accordance with Art. 46 para. 2 and 3 of the GDPR. These SCCs are template agreements provided by the EU Commission and are designed to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through the EU-U.S. Data Privacy Framework and these clauses, Google commits to maintaining the European level of data protection when processing your relevant data—even if stored, processed, and managed in the USA. You can find the corresponding decision and SCCs here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which reference these clauses, can be found at:
https://business.safety.google/intl/en/adsprocessorterms/

Since YouTube is a subsidiary of Google, they share a common privacy policy. To learn more about how your data is handled, we recommend reviewing their privacy policy at:
https://policies.google.com/privacy

YouTube Subscribe Button Privacy Policy

We have integrated the YouTube Subscribe Button on our website. This button is typically recognizable by the classic YouTube logo. The logo usually displays the words “Subscribe” or “YouTube” in white letters on a red background, accompanied by the white “play” symbol. However, the button may also appear in a different design.

Our YouTube channel regularly features fun, interesting, or exciting videos. With the embedded “Subscribe” button, you can subscribe to our channel directly from our website without needing to visit the YouTube platform. Our goal is to make access to our content as easy as possible. Please note that YouTube may store and process data when this button is displayed.

According to Google, YouTube sets at least one cookie when the Subscribe button is displayed on our site. This cookie stores your IP address and our URL. YouTube may also collect information about your browser, your approximate location, and your default language settings. In our test, the following four cookies were set without being logged into YouTube:

• Name: YSC
  Value: b9-CV6ojI5313018490Y
  Purpose: Registers a unique ID to store video statistics.
  Expiration: End of session
• Name: PREF
  Value: f1=50000000
  Purpose: Also registers a unique ID. Google uses PREF to gather statistics about how you use YouTube videos on our site.
  Expiration: After 8 months
• Name: GPS
  Value: 1
  Purpose: Registers your unique ID on mobile devices to track GPS location.
  Expiration: After 30 minutes
• Name: VISITOR_INFO1_LIVE
  Value: 31301849095Chz8bagyU
  Purpose: Attempts to estimate the user’s bandwidth on sites with embedded YouTube videos.
  Expiration: After 8 months

Note: These cookies were set during a test and may not represent an exhaustive list.

If you are logged into your YouTube account, YouTube can link many of your interactions on our website directly to your account using these cookies. YouTube can learn, for example, how long you spend on our site, which browser you use, your preferred screen resolution, and what actions you take.

YouTube uses this data both to improve its own services and to provide analytics and statistics for advertisers who use Google Ads.

YouTube Similar Audiences Privacy Policy

We also use the advertising tool YouTube Similar Audiences. The service provider is the American company Google LLC. For users in Europe, the responsible entity is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

YouTube processes your data, among other places, in the USA. YouTube is an active participant in the EU-U.S. Data Privacy Framework, which governs the secure and lawful transfer of personal data from EU citizens to the United States. More information is available at:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

YouTube also uses Standard Contractual Clauses in accordance with Art. 46 para. 2 and 3 GDPR. These templates, provided by the EU Commission, ensure that your data continues to meet EU privacy standards even when transferred to and stored in third countries (such as the USA). Through the Data Privacy Framework and these clauses, YouTube commits to maintaining EU-level privacy protection when processing your personal data—even in the USA. The related decision and SCCs can be found here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

More information about the data processed through YouTube Similar Audiences can be found in the privacy policy:
https://policies.google.com/privacy

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/

https://devowl.io/rcb/data-processing/

The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

Explanation of Terms Used

We always strive to make our privacy policy as clear and understandable as possible. However, this can be challenging—especially with technical and legal topics. Sometimes it is necessary to use legal terms (e.g., “personal data”) or technical expressions (e.g., “cookies”, “IP address”).

We do not want to use these terms without explanation. Below, you will find an alphabetical glossary of important terms used in this privacy policy, including definitions from the GDPR and our own explanations where appropriate.

Final Words

Congratulations! If you’re reading this, you’ve either made it through our entire privacy policy or at least scrolled all the way here. As you can see from the length of this document, we take the protection of your personal data very seriously.

It’s important to us to inform you as transparently as possible about how your data is processed. We don’t just want to tell you which data is collected, but also explain why we use certain software tools.

Typically, privacy policies sound highly technical and legal. Since most of you are neither developers nor lawyers, we’ve tried to use plain and clear language wherever possible. Of course, this isn’t always feasible due to the complexity of the topic. That’s why the most important terms are explained at the end of the policy.

If you have any questions about privacy on our website, please don’t hesitate to contact us or the responsible party listed.

We wish you a great day and hope to welcome you back to our website soon.

All texts are protected by copyright.
Source: Privacy policy created using the data protection generator for Germany by AdSimple. Also check out our sample privacy policy.