Preamble

With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both as part of providing our services and especially on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

Effective Date: April 26, 2024

Table of Contents

• Preamble
• Data Controller
• Overview of Processing Activities
• Relevant Legal Basis
• Security Measures
• Transfer of Personal Data
• International Data Transfers
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Blogs and Publication Media
• Web Analytics, Monitoring, and Optimization
• Online Marketing
• Affiliate Programs and Affiliate Links
• Customer Reviews and Rating Procedures
• Presence in Social Networks (Social Media)
• Plugins and Embedded Functions and Content
• Definitions of Terms

Data Controller

Judith Urbanski
c/o flexdienst – #10023
Kurt-Schumacher-Straße 76
67663 Kaiserslautern, Deutschland
Email Address: sizzlingandfrizzling@gmail.com

Attention: Unfortunately, sending packages or parcels to this address is not possible. Please get in touch with me if you would like to send me items, samples, or if you are interested in a collaboration.

Overview of Processing Activities

The following overview summarizes the types of processed data and the purposes of their processing and refers to the data subjects.

Types of Processed Data

• Inventory data.
• Contact data.
• Content data.
• Contract data.
• Usage data.
• Meta, communication, and procedural data.
• Log data.

Categories of Data Subjects

• Service recipients and clients.
• Interested parties.
• Users.

Purposes of Processing

• Communication.
• Security measures.
• Reach measurement.
• Tracking.
• Audience building.
• Affiliate tracking.
• Organizational and administrative procedures.
• Feedback.
• Marketing.
• Profiles with user-related information.
• Provision of our online offering and user-friendliness.
• Information technology infrastructure.
• Public relations.

Relevant Legal Basis

Relevant Legal Basis under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we base the processing of personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence. If more specific legal bases are applicable in individual cases, we will inform you of them in the privacy policy.

• Consent (Art. 6(1)(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Legitimate Interests (Art. 6(1)(1)(f) GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany: In addition to the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases including profiling. Furthermore, the data protection laws of the individual federal states may apply.

Note on the Applicability of GDPR and Swiss DPA: This privacy policy is intended to provide information under both the Swiss Federal Act on Data Protection (Swiss DPA) and the General Data Protection Regulation (GDPR). Therefore, please note that for broader spatial application and understanding, the terms of the GDPR are used. Specifically, instead of the terms "processing" of "personal data," "overriding interest," and "sensitive personal data" used in the Swiss DPA, the terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" used in the GDPR are employed. However, the legal meaning of the terms will still be determined according to the Swiss DPA within its scope of applicability.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying probabilities of occurrence and the severity of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to the data, input, transmission, ensuring availability, and separation of data. Additionally, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data hazards. Furthermore, we consider the protection of personal data in the development or selection of hardware, software, and procedures according to the principle of data protection by design and by default.

Securing Online Connections with TLS/SSL Encryption Technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and encrypted.

Transfer of Personal Data

In the course of processing personal data, it may occur that this data is transmitted to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include, for example, service providers tasked with IT tasks or providers of services and content integrated into a website. In such cases, we observe legal requirements and conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing occurs in the context of using third-party services or disclosing or transmitting data to other persons, entities, or companies, this is done only in accordance with legal requirements. If the level of data protection in the third country has been recognized as adequate by a decision of the EU Commission (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers occur only if the data protection level is otherwise ensured, especially through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49 para. 1 GDPR). Furthermore, we inform you of the basis for third-country transfers with the individual providers from the third country, with adequacy decisions taking precedence. Information on third-country transfers and existing adequacy decisions can be obtained from the EU Commission's information offerings: EU Commission Data Protection Information.

EU-US Trans-Atlantic Data Privacy Framework: As part of the "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as secure in the framework of the adequacy decision of 10.07.2023. The list of certified companies and further information about the DPF can be found on the website of the US Department of Commerce: https://www.dataprivacyframework.gov/ (in English). We inform you within the scope of the data protection notices which service providers we use are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal grounds for processing exist. This applies to cases where the original purpose of processing no longer exists or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax reasons, or whose storage is necessary for legal prosecution or the protection of the rights of other natural or legal persons, must be archived accordingly.

Our data protection notices contain additional information on data retention and deletion specifically applicable to certain processing processes.

Where there are multiple indications of retention periods or deletion deadlines for a piece of data, the longest period always applies.

If a period does not explicitly begin on a specific date and lasts at least one year, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the period is the effective date of termination or other ending of the legal relationship.

Data that is no longer needed for the originally intended purpose but is kept due to legal requirements or other reasons is processed solely for the reasons justifying its retention.

Further Information on Processing Procedures, Methods, and Services:

• Data Retention and Deletion: The following general periods apply for retention and archiving under German law:
  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the working instructions and other organizational documents necessary to understand them, booking receipts, and invoices (§ 147 para. 3 in conjunction with para. 1 No. 1, 4 and 4a AO, § 14b para. 1 UStG, § 257 para. 1 No. 1 and 4, para. 4 HGB).
  • 6 years – Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents that are significant for taxation, such as time sheets, business accounting records, calculation documents, price markings, but also payroll documents, as long as they are not already booking receipts and cash register receipts (§ 147 para. 3 in conjunction with para. 1 No. 2, 3, 5 AO, § 257 para. 1 No. 2 and 3, para. 4 HGB).
  • 3 years – Data required to consider potential warranty and compensation claims or similar contractual claims and rights and related inquiries, based on previous business experiences and common industry practices, are stored for the duration of the regular legal statute of limitations of three years (§§ 195, 199 BGB).
  .

Rights of Data Subjects

Rights of data subjects under the GDPR: As data subjects, you have various rights under the GDPR, particularly from Articles 15 to 21 GDPR:

• Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw any given consent at any time.
• Right to access: You have the right to request confirmation as to whether data concerning you is being processed and to access this data and further information and a copy of the data in accordance with legal requirements.
• Right to rectification: You have the right to request the completion of data concerning you or the correction of incorrect data concerning you in accordance with legal requirements.
• Right to erasure and restriction of processing: You have the right to request that data concerning you be deleted immediately or, alternatively, to request a restriction of the processing of the data in accordance with legal requirements.
• Right to data portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format in accordance with legal requirements or to request its transmission to another controller.
• Right to lodge a complaint with a supervisory authority: You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the requirements of the GDPR.

Provision of the Online Offering and Web Hosting

We process the data of users to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to deliver the content and functionalities of our online services to the user's browser or device.

• Processed data types: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, time data, identification numbers, involved persons); log data (e.g., log files concerning logins or data retrieval or access times). Content data (e.g., textual or visual messages and contributions as well as related information, such as authorship details or time of creation).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Providing Online Services on Rented Storage Space: We use storage space, computing power, and software from a corresponding server provider (also known as a "web host") to provide our online services. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Collection of Access Data and Logfiles: Access to our online services is logged in the form of so-called "server logfiles." Server logfiles may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, messages about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and IP addresses and the requesting provider. Server logfiles can be used for security purposes, e.g., to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the utilization and stability of the servers. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidence purposes are excluded from deletion until the respective incident is finally clarified.
• Email Sending and Hosting: The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the addresses of recipients and senders, as well as further information regarding email dispatch (e.g., the involved providers) and the contents of the respective emails, are processed. These data can also be processed for spam detection purposes. Please note that emails are generally not sent encrypted over the internet. Usually, emails are encrypted during transit, but not on the servers from which they are sent and received, unless end-to-end encryption is used. We cannot take responsibility for the transmission path of emails between the sender and our server. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• STRATO: Services in the field of providing IT infrastructure and related services (e.g., storage space and/or computing power); Service provider: STRATO AG, Pascalstraße 10, 10587 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.strato.de; Privacy policy: https://www.strato.de/datenschutz/. Data processing agreement: Provided by the service provider.
• WordPress.com: Hosting and software for creating, providing, and operating websites, blogs, and other online services; Service provider: Aut O’Mattic A8C Irland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Irland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com; Privacy policy: https://automattic.com/privacy/; Data processing agreement: https://wordpress.com/support/data-processing-agreements/. Basis for third country transfers: Data Privacy Framework (DPF).

Use of Cookies

Cookies are small text files or other memory notes that store information on end devices and read them out. For example, to store the log-in status in a user account, a shopping cart content in an e-shop, the accessed contents or used functions of an online offer. Cookies can also be used for various purposes, such as functionality, security, and comfort of online offers, as well as for creating analyses of visitor flows.

Consent Information: We use cookies in compliance with legal regulations. Therefore, we obtain prior consent from users unless it is not required by law. Permission is especially unnecessary when storing and reading the information, including cookies, is strictly necessary to provide users with a telemedia service (our online offer) they explicitly request. The revocable consent is clearly communicated to them and contains the information about the respective cookie usage.

Data Protection Legal Basis: The data protection legal basis on which we process users' personal data with the help of cookies depends on whether we ask for their consent. If users agree, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., an economic operation of our online offer and improving its usability) or, if it is within our contractual obligations, necessary to fulfill our contractual duties. We clarify the purposes for which the cookies are used within this privacy policy or as part of our consent and processing procedures.

Storage Duration: Regarding storage duration, the following types of cookies are distinguished:

• Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes their end device (e.g., browser or mobile application).
• Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, the log-in status can be saved, and preferred content can be displayed directly when the user revisits a website. Likewise, user data collected with the help of cookies can be used for reach measurement. If we do not provide explicit information about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that these are permanent cookies and the storage duration can be up to two years.

General Information on Withdrawal and Objection (Opt-out): Users can withdraw their given consents at any time and object to the processing according to the legal requirements, including via their browser's privacy settings.

Cookie settings/objection option:
https://brutzel-brat-und-knusper.eu/en/cookie-richtlinie-eu/#cmplz-cookies-overview

• Processed data types: Meta-, communication-, and procedural data (e.g., IP addresses, time information, identification numbers, involved persons).
• Affected persons: Users (e.g., website visitors, users of online services).
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Complianz: Consent management: Procedure for obtaining, logging, managing, and withdrawing consents, especially for the use of cookies and similar technologies for storing, reading, and processing information on users' end devices and their processing; Service provider: Execution on servers and/or computers under its own data protection responsibility; Website: https://complianz.io/; Privacy policy: https://complianz.io/legal/. Further information: An individual user ID, language, types of consents, and the time of their submission are stored server-side and in the cookie on the users' device.

Blogs and Publication Media

We use blogs or similar means of online communication and publication (hereinafter "publication medium"). The readers' data are processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. Otherwise, we refer to the information on processing visitors of our publication medium within this privacy policy.

• Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and contributions and related information such as authorship or creation time); usage data (e.g., page views and duration, click paths, usage intensity and frequency, used device types and operating systems, interactions with content and functions). Meta-, communication-, and procedural data (e.g., IP addresses, time information, identification numbers, involved persons).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Feedback (e.g., collecting feedback via online form); provision of our online offer and user-friendliness; communication; organizational and administrative procedures. Security measures.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Comments and Contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security, in case someone leaves illegal content (insults, forbidden political propaganda, etc.) in comments and contributions. In such cases, we could be held liable for the comment or contribution and are therefore interested in the author's identity.
  
  We also reserve the right to process users' data for spam detection based on our legitimate interests.
  
  We also reserve the right to store users' IP addresses during surveys for their duration and use cookies to prevent multiple votes.
  
  The information provided in comments and contributions about the person, any contact and website information, and the content provided will be permanently stored by us until the users object; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Comment Subscriptions: Users can subscribe to follow-up comments with their consent. They will receive a confirmation email to verify that they are the owner of the entered email address. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will contain instructions on how to revoke consent. For the purpose of verifying user consent, we store the registration time along with the IP address of the users and delete this information when users unsubscribe from the subscription.
  
  You can unsubscribe from our subscription at any time, i.e., revoke your consent. We may retain unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove previously given consent. The processing of this data is limited to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed; Legal basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR).

Web Analytics, Monitoring, and Optimization

Web analysis (also known as "reach measurement") is used to evaluate the visitor flows of our online offering and may include pseudonymous values related to the behavior, interests, or demographic information of visitors, such as age or gender. Through reach measurement, we can, for example, identify at what time our online offering or its functions or content are most frequently used or invite reuse. Similarly, we can understand which areas need optimization.

In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles can be created for these purposes, i.e., data compiled into a usage process, and information can be stored and read in a browser or end device. The collected information includes, in particular, visited websites and used elements as well as technical details, such as the browser used, the computer system used, and information on usage times. If users have agreed to the collection of their location data to us or to the providers of the services we use, location data may also be processed.

Moreover, users' IP addresses are stored. However, we use IP masking (i.e., pseudonymization by truncating the IP address) to protect users. Generally, no clear user data (e.g., email addresses or names) are stored within the framework of web analysis, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the used software know the actual identity of the users, only the data stored in their profiles for the respective processes.

Legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

• Processed data types: Usage data (e.g., web pages visited, duration of visit, click paths, usage intensity and frequency, used device types, and operating systems, interactions with content and functions). Meta-, communication-, and procedural data (e.g., IP addresses, time information, identification numbers, involved persons).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, identification of recurring visitors). Profiles with user-related information (creating user profiles).
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Google Tag Manager: We use Google Tag Manager, a service by Google, which allows us to manage website tags centrally via an interface. Tags are small code elements on our website that serve to capture and analyze visitor activities. This technology helps us to improve our website and the content offered on it. The Google Tag Manager itself does not create user profiles, store cookies with user profiles, or conduct independent analyses. Its function is limited to integrating and managing tools and services we use on our website in a simpler and more efficient manner. Nevertheless, the IP address of the users is transmitted to Google when using the Google Tag Manager, which is technically necessary to implement the services we use. Cookies may also be set during this process. However, this data processing only occurs if services are integrated through the Tag Manager. For more detailed information about these services and their data processing, we refer you to the subsequent sections of this privacy policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Data processing agreement:
  https://business.safety.google/adsprocessorterms. Basis for third country transfers: Data Privacy Framework (DPF).

Online Marketing

We process personal data for the purpose of online marketing, which includes the marketing of advertising spaces or the display of advertising and other content (collectively referred to as "content") based on potential user interests and measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called "cookie") or similar procedures are used, by means of which the information relevant to the display of the aforementioned content is stored about the user. This may include, for example, viewed content, visited websites, used online networks, but also communication partners and technical information, such as the browser used, the computer system used, as well as information on usage times and used functions. If users have agreed to the collection of their location data, these can also be processed.

Additionally, users' IP addresses are stored. However, we use available IP masking (i.e., pseudonymization by truncating the IP address) to protect users. Generally, no clear user data (e.g., email addresses or names) are stored within the framework of online marketing, but pseudonyms. This means that neither we nor the providers of the online marketing procedures know the actual identity of the users, only the data stored in their profiles.

The statements in the profiles are usually stored in the cookies or by means of similar procedures. These cookies can generally also be read later on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, and supplemented with additional data and stored on the server of the online marketing procedure provider.

Exceptionally, it is possible to assign clear data to the profiles, especially when users are members of a social network whose online marketing procedures we use and the network links the user profiles with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g., by giving consent during registration.

We generally only have access to aggregated information about the success of our advertisements. However, we can check within the framework of so-called conversion measurements which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract conclusion with us. The conversion measurement is solely used for the success analysis of our marketing measures.

Unless otherwise stated, please assume that the used cookies will be stored for a period of two years.

Notes on Legal Bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

Notes on withdrawal and objection:

We refer you to the privacy policies of the respective providers and the specified opt-out options (so-called "opt-out"). If no explicit opt-out option has been specified, there is the possibility that you can deactivate cookies in your browser settings. However, this may limit the functionality of our online offering. We therefore additionally recommend the following opt-out options, which are offered collectively for respective areas:

a) Europa: https://www.youronlinechoices.eu.

b) Canada https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-regional: https://optout.aboutads.info.

• Processed data types: Usage data (e.g., web pages visited, duration of visit, click paths, usage intensity and frequency, used device types, and operating systems, interactions with content and functions). Meta-, communication-, and procedural data (e.g., IP addresses, time information, identification numbers, involved persons).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, identification of recurring visitors); Tracking (e.g., interest/behavior-based profiling, use of cookies); Audience formation; Marketing. Profiles with user-related information (creating user profiles).
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Google Adsense with personalized ads: We integrate the Google Adsense service, which allows personalized ads to be placed within our online offering. Google Adsense analyzes user behavior and uses this data to deliver targeted advertising tailored to the interests of our visitors. We receive financial compensation for each ad placement or other use of these ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/Data processing terms for Google advertising products: Information on services, data processing terms between controllers, and standard contractual clauses for third-country data transfers: https://business.safety.google/adscontrollerterms.

Affiliate Programs and Affiliate Links

We integrate so-called affiliate links or other references (such as search masks, widgets, or discount codes) to offers and services from third-party providers into our online offering (collectively referred to as "affiliate links"). If users follow the affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third-party providers (collectively referred to as "commission").

To track whether users have taken advantage of the offers of an affiliate link used by us, it is necessary for the respective third-party providers to know that the users have followed an affiliate link used within our online offering. The assignment of the affiliate links to the respective transactions or other actions (e.g., purchases) is solely for the purpose of commission settlement and is abolished as soon as it is no longer necessary for the purpose.

For the purposes of the aforementioned assignment of affiliate links, the affiliate links can be supplemented with certain values that are part of the link or can be stored elsewhere, e.g., in a cookie. The values may include, in particular, the referring website (referrer), the time, an online identifier of the operators of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer, and an online identifier of the user.

Notes on Legal Bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, the data of the users will be processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

• Processed data types: Contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and duration of visits, click paths, usage intensity, and frequency, types of devices used and operating systems, interactions with content and functions). Meta-, communication-, and procedural data (e.g., IP addresses, time data, identification numbers, involved persons).
• Affected persons: Interested parties. Users (e.g., website visitors, users of online services).
• Purposes of processing: Affiliate tracking.
• Legal basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Amazon affiliate program: Affiliate partner program (Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates); Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxemburg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.amazon.de; Privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010. Basis for third country transfers: Data Privacy Framework (DPF).

Customer Reviews and Rating Procedures

We participate in review and rating procedures to evaluate, optimize, and promote our services. When users review us via the participating review platforms or procedures or otherwise provide feedback, the general terms or usage conditions and the privacy notices of the providers apply. As a rule, the review also requires registration with the respective providers.

To ensure that the reviewing individuals have actually used our services, we transmit the necessary data regarding the customer and the used service to the respective review platform with the consent of the customers (including name, email address, and order number or item number). These data are solely used to verify the authenticity of the user.

• Processed data types: Contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and duration of visits, click paths, usage intensity, and frequency, types of devices used and operating systems, interactions with content and functions). Meta-, communication-, and procedural data (e.g., IP addresses, time data, identification numbers, involved persons).
• Affected persons: Service recipients and clients. Users (e.g., website visitors, users of online services).
• Purposes of processing: Feedback (e.g., collecting feedback via online form). Marketing.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Review widget: We integrate so-called "review widgets" into our online offering. A widget is a functional and content element embedded in our online offering that displays variable information. It can be presented, for example, in the form of a seal or similar element, sometimes also called a "badge." The corresponding content of the widget is displayed within our online offering but is retrieved from the servers of the respective widget provider at that moment. Only in this way can the current content, especially the respective current rating, be shown. For this purpose, a data connection from the website called within our online offering to the widget provider's server must be established, and the widget provider receives certain technical data (access data, including IP address) necessary to deliver the widget's content to the user's browser. Furthermore, the widget provider receives information that users have visited our online offering. This information can be stored in a cookie and used by the widget provider to recognize which online offerings participating in the review procedure the user has visited. The information can be stored in a user profile and used for advertising or market research purposes; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Presence in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with the users active there or to offer information about us.

We point out that user data can be processed outside the European Union. This may pose risks for users because, for example, it could make it more difficult to enforce users' rights.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For instance, usage profiles can be created based on user behavior and the resulting interests of the users. These profiles might be used to display advertisements inside and outside the networks that presumably match the users' interests. Generally, cookies are stored on users' computers to save their usage behavior and interests. Additionally, usage profiles can also store data independently of the devices used by the users (especially if they are members of the respective platforms and logged in).

For a detailed presentation of the respective processing forms and the opt-out options, we refer to the privacy policies and statements of the operators of the respective networks.

Also, in the case of information requests and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only they have access to the user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

• Processed data types: Contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or pictorial messages and contributions as well as information regarding them, such as details about the authorship or the time of creation). Usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, types of devices used, and operating systems, interactions with content and functions).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Communication; feedback (e.g., collecting feedback via online form). Public relations.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Instagram: Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy. Basis for third country transfers: Data Privacy Framework (DPF).
• Pinterest: Social network; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Irland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.pinterest.com. Privacy policy: https://policy.pinterest.com/de/privacy-policy.
• TikTok: Social network/video platform; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland und TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.tiktok.com. Privacy policy: https://www.tiktok.com/de/privacy-policy.
• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Opt-out option: https://myadcenter.google.com/personalizationoff.

Plugins and Embedded Functions and Content

We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (referred to hereinafter as "third-party providers"). These can include, for example, graphics, videos, or city maps (referred to uniformly as "content").

The integration always requires that the third-party providers of this content process the IP address of the users, as they cannot send the content to their browser without the IP address. The IP address is therefore necessary for the presentation of these contents or functions. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information, such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the users' device and include technical information about the browser and operating system, referring websites, visit time, and other details about the use of our online offering, as well as be connected with such information from other sources.

Notes on Legal Bases: If we ask the users for their consent to the use of third-party providers, the legal basis for the data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

• Processed data types: Usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, types of devices used, and operating systems, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or pictorial messages and contributions as well as information regarding them, such as details about the authorship or the time of creation).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; marketing. Profiles with user-related information (creation of user profiles).
• Legal basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Integration of third-party software, scripts, or frameworks (e.g., jQuery): We integrate software into our online offering that we retrieve from servers of other providers (e.g., functional libraries that we use for the presentation or user-friendliness of our online offering). The respective providers collect the IP address of the users and can process it for purposes of transmitting the software to the users' browsers and for security, evaluation, and optimization of their offerings. – We integrate software into our online offering that we retrieve from servers of other providers (e.g., functional libraries that we use for the presentation or user-friendliness of our online offering). The respective providers collect the IP address of the users and can process it for purposes of transmitting the software to the users' browsers and for security, evaluation, and optimization of their offerings; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Google Fonts (obtained from Google servers): The retrieval of fonts (and icons) serves the purpose of technically secure, maintenance-free, and efficient use of fonts and icons with respect to their up-to-dateness, load times, uniform display, and consideration of potential licensing restrictions. The IP address of the user is communicated to the font provider so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, and hardware used) is transmitted, which is necessary for providing the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA – When visiting our online offering, users' browsers send their HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts, followed by the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referring URL (i.e., the webpage on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a specific font family is requested. In the case of the Google Fonts Web API, the user agent must adapt the font generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics, which measure the popularity of font families. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referring URL is logged so that the data can be used for production maintenance and to generate an aggregated report on the top integrations based on the number of font requests. According to Google, none of the information collected by Google Fonts is used to create profiles of end users or to serve targeted ads. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy.
• Instagram plug-ins and content: Instagram plug-ins and content – This may include, for example, content such as images, videos, or texts and buttons that users can use to share content from this online offering within Instagram. – We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt within the framework of a transmission (but not the further processing) of "event data" that Facebook collects or receives within the framework of a transmission for the following purposes via Instagram functions (e.g., embedding functions for content) that are executed on our online offering: a) Displaying content and advertising information that presumably matches users' interests; b) Delivering commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) Improving ad delivery and personalizing features and content (e.g., improving the recognition of which content or advertising information presumably matches users' interests). We have entered into a special agreement with Facebook ("Controller Addendum", https://www.facebook.com/legal/controller_addendum), which specifies in particular what security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill data subject rights (i.e., users can, for example, submit requests for information or deletion directly to Facebook). Note: When Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e., do not contain details of individual users and are anonymous to us), this processing is not carried out within the framework of joint responsibility but based on a data processing agreement ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Terms" (https://www.facebook.com/legal/terms/data_security_terms) and with regard to processing in the USA on the basis of standard contractual clauses ("Facebook-EU Data Transfer Addendum", https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of the users (especially the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com. Privacy policy: https://instagram.com/about/legal/privacy/.
• Pinterest Plugins and Content: Pinterest plugins and content – This can include content such as images, videos, or texts and buttons with which users can share content from this online offer within Pinterest; Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.pinterest.com. Privacy policy: https://policy.pinterest.com/de/privacy-policy.
• YouTube-Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Opt-out option: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff.

Definitions of Terms

In this section, you will find an overview of the terminology used in this privacy policy. Where terms are legally defined, their legal definitions apply. The following explanations are primarily intended to aid understanding.

• Affiliate Tracking: In the context of affiliate tracking, links are logged through which referring websites direct users to websites with product or other offers. The operators of the respective referring websites can receive a commission if users follow these so-called affiliate links and subsequently use the offers (e.g., purchase goods or use services). It is necessary for the providers to track whether users who are interested in certain offers subsequently use them prompted by the affiliate links. Therefore, for the functionality of affiliate links, it is necessary that they be supplemented by certain values that become part of the link or are otherwise stored, e.g., in a cookie. These values include, in particular, the originating website (referrer), the time, an online identifier of the operators of the website where the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising medium ID, partner ID, and categorizations.
• Inventory Data: Inventory data includes essential information necessary for the identification and management of contractual partners, user accounts, profiles, and similar assignments. This data can include personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between individuals and services, institutions, or systems by enabling unique assignment and communication.
• Content Data: Content data includes information generated during the creation, editing, and publication of content of all kinds. This category of data can include texts, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not only limited to the actual content but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates.
• Contact Data: Contact data is essential information that enables communication with individuals or organizations. It includes, among other things, phone numbers, postal addresses, and email addresses, as well as communication tools such as social media handles and instant messaging identifiers.
• Meta, Communication, and Procedural Data: Meta, communication, and procedural data are categories that include information about how data is processed, transmitted, and managed. Metadata, also known as data about data, includes information that describes the context, origin, and structure of other data. This can include details such as file size, creation date, author of a document, and change histories. Communication data records the exchange of information between users across various channels, such as email traffic, call logs, messages on social networks, and chat histories, including the involved parties, timestamps, and transmission paths. Procedural data describes the processes and workflows within systems or organizations, including workflow documentation, transaction logs, and activity logs, which are used for tracking and reviewing operations.
• Usage Data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This data encompasses a wide range of information showing how users use applications, which features they prefer, how long they stay on certain pages, and which paths they navigate through an application. Usage data can also include usage frequency, activity timestamps, IP addresses, device information, and location data. It is particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. Additionally, usage data plays a crucial role in identifying trends, preferences, and potential problem areas within digital offerings.
• Personal Data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Profiles with User-Related Information: The processing of "profiles with user-related information," or simply "profiles," involves any kind of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person (depending on the type of profiling, different information concerning demographics, behavior, and interests, such as interaction with websites and their content, etc.) to analyze, evaluate, or predict them (e.g., interests in certain content or products, click behavior on a website, or location). Cookies and web beacons are often used for profiling purposes.
• Log Data: Log data is information about events or activities that have been logged in a system or network. This data typically contains information such as timestamps, IP addresses, user actions, error messages, and other details about the use or operation of a system. Log data is often used to analyze system issues, monitor security, or generate performance reports.
• Reach Measurement: Reach measurement (also known as web analytics) is used to evaluate the visitor flow of an online offer and can include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, operators of online offers can recognize, for example, when users visit their websites and what content they are interested in. This allows them to better adapt the content of the websites to the needs of their visitors. For reach analysis purposes, pseudonymous cookies and web beacons are often used to recognize returning visitors and obtain more precise analyses of the use of an online offer.
• Tracking: Tracking refers to the ability to trace users' behavior across multiple online offers. Typically, behavioral and interest information about the used online offers is stored in cookies or on the servers of the providers of tracking technologies (so-called profiling). This information can then be used, for example, to display advertisements to users that are likely to correspond to their interests.
• Controller: A "controller" is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: "Processing" is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers practically any handling of data, whether collecting, evaluating, storing, transmitting, or deleting.
• Contract Data: Contract data refers to specific information related to the formalization of an agreement between two or more parties. They document the conditions under which services or products are provided, exchanged, or sold. This category of data is essential for managing and fulfilling contractual obligations and includes both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data can include the start and end dates of the contract, the type of agreed services or products, price agreements, payment terms, termination rights, extension options, and special conditions or clauses. They serve as the legal basis for the relationship between the parties and are crucial for clarifying rights and obligations, enforcing claims, and resolving disputes.
• Audience Targeting: Audience targeting (also “Custom Audiences”) refers to the identification of target groups for advertising purposes, such as displaying advertisements. For example, based on a user's interest in certain products or topics on the internet, it can be inferred that this user is interested in advertisements for similar products or the online shop where they viewed the products. “Lookalike Audiences” (or similar audiences) refers to the display of content deemed suitable for users whose profiles or interests presumably match those of the users whose profiles were created. For the purposes of creating custom audiences and lookalike audiences, cookies and web beacons are usually used.

Created with the free privacy policy generator by Dr. Thomas Schwenke.