Privacy policy

Preamble

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Status: September 15, 2025

Table of contents

• Preamble
• Controller
• Overview of the processing operations
• Relevant legal bases
• Security measures
• Transmission of personal data
• General information on data storage and erasure
• Rights of the data subjects
• Business services
• Business processes and procedures
• Providers and services used in the course of business activities
• Provision of the online offering and web hosting
• Use of cookies
• Processing of data as part of the application (app)
• Registration, login and user account
• Contact and request management
• Artificial intelligence (AI)
• Newsletter and electronic notifications
• Web analysis, monitoring and optimization
• Customer reviews and evaluation procedures
• Presence in social networks (social media)
• Plug-ins and embedded functions and content
• Management, organization and support tools
• Modification and updating

Person responsible

NewLifeJobs GmbH
Unter den Linden 26
10117 Berlin
Germany

Persons authorized to represent the company: Ralf Mühlen

E-mail address: ralf.muehlen@newlifejobs.de

Phone: +491634803241

Imprint: https://www.newlifejobs.com/kontakt-impressum-datenschutzbestimmungen

Overview of processing operations

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Inventory data.
• Payment data.
• Contact data.
• Content data.
• Contract data.
• Usage data.
• Meta, communication and process data.
• Applicant data.
• Log data.

Categories of data subjects

• Beneficiaries and clients.
• Employees.
• Interested parties.
• Communication partners.
• Users.
• Applicants.
• Business and contractual partners.
• Clients.
• Third parties.
• Customers.

Purposes of the processing

• Provision of contractual services and fulfillment of contractual obligations.
• Communication.
• Security measures.
• Direct marketing.
• Range measurement.
• Office and organizational procedures.
• Organizational and administrative procedures.
• Content Delivery Network (CDN).
• Feedback.
• Marketing.
• Profiles with user-related information.
• Provision of our online services and user-friendliness.
• Information technology infrastructure.
• Public relations.
• Business processes and business management procedures.
• Artificial intelligence (AI).

Relevant legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or several specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transmission of personal data

As part of our processing of personal data, it may be transmitted to other bodies, companies, legally independent organizational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consents are revoked or there is no further legal basis for processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be stored for commercial or tax law reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection information contains additional information on the retention and deletion of data that applies specifically to certain processing operations.

If there is more than one information on the retention period or deletion period of a date, the longest period is always decisive. We only process data that is no longer stored for the originally intended purpose, but due to legal requirements or other reasons, for the reasons that justify its storage.

Retention and deletion of data: The following general periods apply to retention and archiving under German law:

• 10 years - retention period for books and records, annual financial statements, inventories, management reports, opening balance sheet and the work instructions and other organizational documents required to understand them (Section 147 (1) no. 1 in conjunction with. Para. 3 AO, § 14b Para. 1 UStG, § 257 Para. 1 No. 1 i.V.m. para. 4 HGB).
• 8 years - Accounting documents, such as invoices and expense receipts (§ 147 para. 1 no. 4 and 4a in conjunction with para. para. 3 sentence 1 AO and § 257 para. 1 no. 4 in conjunction with para. Para. 4 HGB).
• 6 years - Other business documents: commercial or business letters received, reproductions of commercial or business letters sent, other documents, insofar as they are of significance for taxation, e.g. time sheets, business records, etc. e.g. hourly wage slips, company accounting sheets, calculation documents, price markings, but also payroll accounting documents, insofar as they are not already accounting documents and till slips (§ 147 Para. 1 No. 2, 3, 5 in conjunction with Para. 3 AO, § 25 AO). Para. 3 AO, § 257 Para. 1 No. 2 and 3 in conjunction with Para. para. 4 HGB).
• 3 years - Data required to consider potential warranty claims and claims for damages or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and customary business practices.previous business experience and standard industry practices, will be stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 BGB).

Rights of the data subjects

Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

• Right to object: you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
• Right to information: You have the right to request confirmation as to whether the data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with the legal requirements.
• Right to rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with the legal requirements.
• Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.
• Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.
• Complaint to the supervisory authority: In accordance with the statutory provisions and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State in which you are habitually resident, the supervisory authority of the Member State in which you are domiciled or in which you have your habitual residence.the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Business services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners"), in the context of contractual and comparable legal relationships and related measures and with regard to communication with the contractual partners (or pre-contractual), for example to answer inquiries.

We use this data to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service disruptions. In addition, we use the data to safeguard our rights and for the purpose of the administrative tasks associated with these obligations and the company organization. We also process the data on the basis of our legitimate interests both in the proper and efficient management of our business and in security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information and rights (e.g. to the involvement of telecommunication companies and other third parties). For example, the involvement of telecommunications, transportation and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, such as for marketing purposes, as part of this privacy policy.

We inform the contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons (e.g. for tax purposes, generally ten years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications and generally after the end of the order.

• Processed data types: inventory data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); contract data (e.g. subject matter of the contract, term, customer category). Applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, CV, certificates and other personal or qualification information provided by applicants with regard to a specific position or voluntarily).
• Data subjects: Service recipients and clients; interested parties; business and contractual partners. Applicants.
• Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; communication; office and organizational procedures; organizational and administrative procedures. Business processes and business management procedures.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Recruiting services: We process the data of job candidates and the personal data of potential employers or their employees as part of our services, which include in particular the search for potential job candidates, contacting them and placing them.
  
  We process the information and contact details provided by the job candidates for the purposes of establishing, implementing and, if necessary, terminating a contract for job placement. In addition, we can ask interested parties questions about the success of our placement service at a later date in accordance with legal requirements.
  
  We process the data of job candidates and employers to fulfill our contractual obligations in order to be able to process the job placement requests submitted to us to the satisfaction of the parties involved.
  
  We may keep a record of the placement processes in order to be able to prove the existence of the contractual relationship and the consent of the interested parties in accordance with the statutory accountability obligations (Art. 5 para. 2 GDPR). This information is stored for a period of three to four years if we need to prove the original request (e.g. to be able to prove the authorization to contact the job candidates); legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Business processes and procedures

Personal data of service recipients and clients - including customers, clients or, in special cases, clients, patients or business partners as well as other third parties - are processed in the context of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business processes in areas such as customer management, sales, payment transactions, accounting and project management.

The data collected is used to fulfill contractual obligations and efficiently design operational processes. This includes the processing of business transactions, the management of customer relationships, the optimization of sales strategies and the guarantee of internal accounting and financial processes. In addition, the data supports the protection of the rights of the controller and promotes administrative tasks and the organization of the company.

Personal data may be passed on to third parties if this is necessary to fulfill the stated purposes or legal obligations. The data will be deleted after expiry of statutory retention periods or if the purpose of the processing no longer applies. This also includes data that must be stored for a longer period of time due to tax and legal obligations to provide evidence.

• Processed data types: inventory data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation); contract data (e.g. subject matter of the contract, duration, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved). Log data (e.g. log files relating to logins or the retrieval of data or access times).
• Data subjects: Service recipients and clients; interested parties; communication partners; business and contractual partners; customers; third parties; clients. Employees (e.g. employees, applicants, temporary staff and other employees).
• Purposes of Processing: Provision of contractual services and performance of contractual obligations; Office and organizational procedures; Business processes and business procedures; Security measures; Provision of our online services and usability; Communication. Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)).
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR).

Further information on processing processes, procedures and services:

• Customer management and customer relationship management (CRM): Procedures that are necessary in the context of customer management and customer relationship management (CRM) (e.g. Customer acquisition in compliance with data protection regulations, measures to promote customer loyalty and retention, effective customer communication, complaint management and customer service with consideration of data protection, data management and analysis to support the customer relationship, administration of CRM systems, secure account management, customer segmentation and target group formation); legal bases: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Client management: Procedures that are necessary in the context of client management include, for example, the acquisition and admission of new clients, the development of strategies to promote client loyalty and ensuring effective client communication and appointments. A comprehensive client service is provided. These procedures also include the management and administration of client files, the secure documentation of legal processes and ensuring the confidentiality and integrity of client data. In addition, processes are defined for the transfer of client information to third parties, such as courts or other legal service providers. Procedures are implemented for the secure and data protection-compliant deletion of client data as soon as it is no longer required or statutory retention periods have expired; legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Contact management and contact maintenance: Procedures that are necessary in the context of organizing, maintaining and securing contact information (e.g. the establishment and maintenance of a central contact database, regular updates of contact information, monitoring of data integrity, implementation of data protection measures, ensuring access controls, carrying out backups and restores).backups and restores of contact data, training employees in the effective use of contact management software, regular review of communication history and adaptation of contact strategies); legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Customer account: Customers can create an account within our online offering (e.g. customer or user account, "customer account" for short). If the registration of a customer account is required, customers will be informed of this as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration process and subsequent logins and use of the customer account, we store the IP addresses of customers together with the access times in order to be able to prove registration and prevent any misuse of the customer account. If the customer account has been terminated, the customer account data will be deleted after the termination date, unless it is stored for purposes other than provision in the customer account or must be stored for legal reasons (e.g. internal storage of customer data, order processes or invoices). It is the customer's responsibility to back up their data when the customer account is terminated; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Providers and services used in the course of business activities

As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers ("services" for short) in compliance with the legal requirements. Their use is based on our interests in the proper, lawful and economic management of our business operations and our internal organization.

• Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time). information on authorship or time of creation); contract data (e.g. subject matter of the contract, duration, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
• Data subjects: Service recipients and clients; interested parties. Business and contractual partners.
• Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; office and organizational procedures. Business processes and business management procedures.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• YouSign: Create electronic signatures, digitally sign documents, manage signature workflows and ensure legal validity; Service provider: Yousign SAS, Av Pierre Berthelot Rue De Suède, 14000 Caen, France; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://yousign.com; Privacy Policy: https://yousign.com/de-de/datenschutz. Data processing agreement: https://yousign.com/de-de/datenverarbeitung.

Provision of the online service and web hosting

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

• Processed data types: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, persons involved); log data (e.g. log files relating to logins or the retrieval of data or access times). Content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures. Content delivery network (CDN).
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web host"); legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Collection of access data and log files: Access to our online offering is recorded in the form of so-called "server log files". The server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks), and to ensure the utilization of the servers and their stability; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
• Sending and hosting emails: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, emails are encrypted in transit, but not on the servers from which they are sent and received (unless an end-to-end encryption method is used). We can therefore assume no responsibility for the transmission path of the emails between the sender and receipt on our server; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• STRATO: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: STRATO AG, Pascalstraße 10,10587 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.strato.de; Privacy Policy: https://www.strato.de/datenschutz/. Data processing agreement: Provided by the service provider.
• United Domains: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: united-domains AG, Gautinger Straße 10, 82319 Starnberg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.united-domains.de; Privacy Policy: https://www.united-domains.de/unternehmen/datenschutz/. Data processing agreement: https://www.united-domains.de/help/faq-article/wie-erhalte-ich-den-auftragsverarbeitungs-vertrag-avv-nach-dsgvo/.
• Cloudflare: Content Delivery Network (CDN) - Service that allows content of an online offer, in particular large media files such as graphics or program scripts, to be delivered faster and more securely with the help of regionally distributed servers connected via the Internet; Service provider: Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.cloudflare.com; Privacy Policy: https://www.cloudflare.com/privacypolicy/; Data processing agreement: https://www.cloudflare.com/cloudflare-customer-dpa/. Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses(https://www.cloudflare.com/cloudflare-customer-scc/).

Use of cookies

The term "cookies" refers to functions that store information on users' end devices and read it from them. Cookies can also be used for various purposes, for example to ensure the functionality, security and convenience of online services and to analyze visitor flows. We use cookies in accordance with the statutory provisions. If necessary, we obtain the user's consent in advance. If consent is not required, we rely on our legitimate interests. This applies if the storage and reading of information is essential in order to be able to provide expressly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about the scope and which cookies are used.

Information on the legal basis under data protection law: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage duration: With regard to the storage duration, a distinction is made between the following types of cookies

• Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g. browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the log-in status can be saved and preferred content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), they should assume that they are permanent and that the storage duration can be up to two years.

General information on revocation and objection (opt-out): Users can revoke the consents they have given at any time and also declare an objection to processing in accordance with the legal requirements, including by means of the privacy settings of their browser.

• Processed data types: Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
• Data subjects: Users (e.g. website visitors, users of online services).
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing processes, procedures and services:

• Processing of cookie data on the basis of consent: We use a consent management solution in which user consent is obtained for the use of cookies or for the procedures and providers mentioned in the consent management solution. This procedure is used to obtain, log, manage and revoke consent, in particular with regard to the use of cookies and comparable technologies that are used to store, read and process information on users' end devices. As part of this procedure, user consent is obtained for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management procedure. Users also have the option of managing and revoking their consent. The declarations of consent are stored in order to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. The storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information on the providers of consent management services is available, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information on the browser, the system and the end device used; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Processing of data in the context of the application (app)

We process the data of users of our application to the extent necessary to provide users with the application and its functionalities, to monitor its security and to develop it further. We may also contact users in compliance with legal requirements if communication is necessary for the purposes of administration or use of the application. Otherwise, we refer to the data protection information in this privacy policy with regard to the processing of user data.

Legal basis: The processing of data required to provide the functionalities of the application serves to fulfill contractual obligations. This also applies if the provision of the functions requires user authorization (e.g. release of device functions). If the processing of data is not necessary for the provision of the functionalities of the application, but serves the security of the application or our business interests (e.g. collection of data for the purpose of optimizing the application or security purposes), it is carried out on the basis of our legitimate interests. If users are expressly asked for their consent to the processing of their data, the data covered by the consent is processed on the basis of the consent.

• Processed data types: inventory data (e.g. full name, residential address, contact information, customer number, etc.); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures. Provision of our online services and user-friendliness.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Device authorizations for access to functions and data: The use of our application or its functionalities may require user authorizations for access to certain functions of the devices used or to the data stored on the devices or accessible with the help of the devices. By default, these authorizations must be granted by the users and can be revoked at any time in the settings of the respective devices. The exact procedure for controlling app permissions may depend on the user's device and software. Users can contact us if they require clarification. We would like to point out that the denial or revocation of the respective authorizations may affect the functionality of our application.

Registration, login and user account

Users can create a user account. As part of the registration process, users are provided with the required mandatory information and processed for the purpose of providing the user account on the basis of contractual obligations. The processed data includes in particular the login information (user name, password and an e-mail address).

As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed by email about processes that are relevant to their user account, such as technical changes.

• Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or the time of posting); personal data (e.g. e-mail addresses or telephone numbers). information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Log data (e.g. log files relating to logins or the retrieval of data or access times).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; security measures; organizational and administrative procedures. Provision of our online services and user-friendliness.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Deletion after termination.
• Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Registration with a real name: Due to the nature of our community, we ask users to only use our service using real names. This means that the use of pseudonyms is not permitted; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• User profiles are not public: User profiles are not publicly visible or accessible.
• Deletion of data after termination: If users have terminated their user account, their data will be deleted with regard to the user account, subject to a legal permission, obligation or consent of the users; legal bases: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• No obligation to retain data: It is the responsibility of users to back up their data if they terminate their contract before it ends. We are entitled to irretrievably delete all user data stored during the term of the contract; legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Contact and request management

When contacting us (e.g. by post, contact form, email, telephone or via social media) and as part of existing user and business relationships, the details of the inquiring persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.

• Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or the time of posting); personal data (e.g. e-mail addresses or telephone numbers). information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
• Data subjects: Communication partners.
• Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g. collecting feedback via online form). Provision of our online services and user-friendliness.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing processes, procedures and services:

• Contact form: When contacting us via our contact form, by e-mail or other communication channels, we process the personal data transmitted to us to answer and process the respective request. This generally includes details such as name, contact information and any other information that is provided to us and is required for appropriate processing. We use this data exclusively for the stated purpose of establishing contact and communication; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Artificial intelligence (AI)

We use artificial intelligence (AI), whereby personal data is processed. The specific purposes and our interest in using AI are set out below. By AI, we understand the term "AI system" in accordance with Article 3 no. 1 of the AI Regulation, an AI system is a machine-based system that is designed to operate autonomously to varying degrees, can be adaptable once implemented and produces results such as predictions, content, recommendations or decisions from the input received that can influence physical or virtual environments.

Our AI systems are deployed in strict compliance with legal requirements. These include both specific regulations for artificial intelligence and data protection requirements. In particular, we adhere to the principles of legality, transparency, fairness, human control, purpose limitation, data minimization, integrity and confidentiality. We ensure that the processing of personal data always takes place on a legal basis. This can be either the consent of the data subject or legal permission.

When using external AI systems, we carefully select their providers (hereinafter "AI providers"). In accordance with our legal obligations, we ensure that the AI providers comply with the applicable provisions. We also observe the obligations incumbent on us when using or operating the purchased AI services. The processing of personal data by us and the AI providers takes place exclusively on the basis of consent or legal authorization. We attach particular importance to transparency, fairness and the preservation of human control over AI-supported decision-making processes.

We implement appropriate and robust technical and organizational measures to protect the processed data. These ensure the integrity and confidentiality of the processed data and minimize potential risks. By regularly reviewing AI providers and their services, we ensure ongoing compliance with current legal and ethical standards.

• Types of data processed: Content data (e.g. textual or visual messages and posts and the information relating to them, such as authorship details or time of creation). Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
• Data subjects: Users (e.g. website visitors, users of online services). Third parties.
• Purposes of processing: Artificial intelligence (AI).
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion"
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• OpenAI API: An AI API that provides developers with access to a variety of powerful language and image models, including GPT-4 and DALL-E. The OpenAI API makes it possible to integrate complex tasks such as text generation, speech processing and image analysis into applications; Service provider: OpenAI Ireland Ltd, 117-126 Sheriff Street Upper, D01 YC43 Dublin 1, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://openai.com/product; Privacy Policy: https://openai.com/de/policies/eu-privacy-policy; Data processing agreement: https://openai.com/policies/data-processing-addendum; Basis for third country transfers: Standard Contractual Clauses(https://openai.com/policies/data-processing-addendum). Option to object (opt-out): https://privacy.openai.com/policies?modal=select-subject.

Newsletter and electronic notifications

We send newsletters, emails and other electronic notifications (hereinafter "newsletter") exclusively with the consent of the recipient or on the basis of a legal basis. If the contents of the newsletter are mentioned in the context of a registration for the newsletter, these contents are decisive for the consent of the users. To subscribe to our newsletter, it is normally sufficient to provide your e-mail address. However, in order to be able to offer you a personalized service, we may ask you to provide your name so that we can address you personally in the newsletter or to provide further information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a potential defense against claims. An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list solely for this purpose.

The registration process is logged on the basis of our legitimate interests for the purpose of proving that it has been carried out properly. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Information about us, our services, promotions and offers.

• Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved). Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
• Data subjects: Communication partners.
• Purposes of processing: Direct marketing (e.g. by email or post).
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
• Possibility of objection (opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Further information on processing operations, procedures and services:

• Reminder emails about the order process: if users do not complete an order process, we can remind users of the order process by email and send them a link to continue it. This function can be useful, for example, if the purchase process could not be continued due to a browser crash, oversight or forgetting. Sending is based on consent, which users can revoke at any time; legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
• Sending via SMS: The electronic notifications can also be sent as SMS text messages (or are sent exclusively via SMS if the sending authorization, e.g. consent, only includes sending via SMS); legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Web analysis, monitoring and optimization

Web analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offer or its functions or content are most frequently used, or invite visitors to reuse them. It also enables us to understand which areas require optimization.

In addition to web analysis, we can also use test procedures, for example to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, may be created for these purposes and information may be stored in a browser or end device and then read out. The information collected includes, in particular, websites visited and the elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data from us or from the providers of the services we use, it is also possible to process location data.

In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective process.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

• Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online services and user-friendliness.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Google Analytics (server-side use): We use Google Analytics to measure and analyze the use of our online services by users. Although user data is processed, it is not transmitted directly from the user's device to Google. In particular, the user's IP address is not transmitted to Google. Instead, the data is first transmitted to our server, where the user's data records are assigned to our internal user identification number. Subsequent transmission from our server to Google only takes place in this pseudonymized form. The identification number does not contain any unique data, such as names or e-mail addresses. It is used to assign analysis information to an end device in order to recognize which content the users have called up within one or more usage processes, which search terms they have used, which they have called up again or which they have interacted with our online offer. The time of use and its duration are also stored, as well as the sources of the users who refer to our online offering and technical aspects of their end devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies may be used. Analytics provides high-level geographic location data by collecting the following metadata from IP searches: "City" (and the derived latitude and longitude of the city), "Continent", "Country", "Region", "Subcontinent" (and the ID-based equivalents); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses(https://business.safety.google/adsprocessorterms/). Further information: https://business.safety.google/adsservices/ (types of processing and data processed).
• Google Tag Manager: We use Google Tag Manager, a software from Google that enables us to manage so-called website tags centrally via a user interface. Tags are small code elements on our website that are used to record and analyze visitor activity. This technology helps us to improve our website and the content offered on it. The Google Tag Manager itself does not create any user profiles, does not store any cookies with user profiles and does not carry out any independent analyses. Its function is limited to simplifying the integration and management of tools and services that we use on our website and making them more efficient. Nevertheless, when using the Google Tag Manager, the IP address of the user is transmitted to Google, which is necessary for technical reasons in order to implement the services we use. Cookies may also be set in the process. However, this data processing only takes place if services are integrated via the Tag Manager. For more detailed information on these services and their data processing, please refer to the further sections of this privacy policy; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data processing agreement:
  https://business.safety.google/adsprocessorterms. Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses(https://business.safety.google/adsprocessorterms).

Customer reviews and evaluation procedures

We participate in review and rating procedures in order to evaluate, optimize and advertise our services. If users rate us or otherwise provide feedback via the evaluation platforms or procedures involved, the general terms and conditions or terms of use and the providers' data protection notices also apply. As a rule, the evaluation also requires registration with the respective providers.

In order to ensure that the reviewers have actually used our services, we transmit the necessary data relating to the customer and the service used (including name, email address and order number or item number) to the respective review platform with the customer's consent. This data is used solely to verify the authenticity of the user.

• Processed data types: Contract data (e.g. subject matter of the contract, duration, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
• Data subjects: Service recipients and clients. Users (e.g. website visitors, users of online services).
• Purposes of processing: Feedback (e.g. collecting feedback via online form). Marketing.
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Google customer reviews: Service for obtaining and/or presenting customer satisfaction and customer opinions; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website : https://www.google.com/; Privacy Policy : https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF); Further information: As part of the collection of customer reviews, an identification number and time for the business transaction to be evaluated, in the case of review requests sent directly to customers, the customer's e-mail address and their country of residence as well as the review details themselves are processed; Further information on the types of processing and the data processed: https://business.safety.google/adsservices/. Data processing conditions for Google advertising products: Information on the services Data processing terms between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce user rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The latter may in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. Cookies are therefore generally stored on the user's computer, in which the user's usage behavior and interests are stored. In addition, data can also be stored in the user profiles independently of the devices used by the users (especially if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the opt-out options, please refer to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

• Types of data processed: Contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation). Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of Processing: Communication; Feedback (e.g. collecting feedback via online form). Public relations work.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Instagram: Social network, allows you to share photos and videos, comment on and favorite posts, send messages, subscribe to profiles and pages; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third country transfers: Data Privacy Framework (DPF).
• Facebook pages: Profiles within the social network Facebook - The controller is jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data of visitors to our Facebook page ("fan page"). This includes, in particular, information about user behavior (e.g. content viewed or interacted with, actions performed) and device information (e.g. IP address, operating system, browser type, language settings, cookie data). You can find more information on this in the Facebook data policy: https://www.facebook.com/privacy/policy/. Facebook also uses this data to provide us with statistical evaluations via the "Page Insights" service, which provide information about how people interact with our site and its content. The basis for this is an agreement with Facebook ("Information on Page Insights": https://www.facebook.com/legal/terms/page_controller_addendum), which regulates, among other things, security measures and the exercise of data subjects' rights. Further information can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data. Users can therefore send requests for information or deletion directly to Facebook. The rights of users (in particular information, deletion, objection, complaint to a supervisory authority) remain unaffected by this. Joint responsibility is limited exclusively to the collection of data by Meta Platforms Ireland Limited (EU). Meta Platforms Ireland Limited is solely responsible for further processing, including possible transmission to Meta Platforms Inc. in the USA; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses(https://www.facebook.com/legal/EU_data_transfer_addendum).
• LinkedIn: Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitors' data used to create the "page insights" (statistics) of our LinkedIn profiles. This data includes information about the types of content users view or interact with and the actions they take. Details are also collected about the devices used, such as IP addresses, operating system, browser type, language settings and cookie data, as well as information from the user profiles, such as job function, country, industry, hierarchy level, company size and employment status. Data protection information on the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
  We have concluded a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum", https://legal.linkedin.com/pages-joint-controller-addendum), which regulates in particular which security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of the data subjects (i.e. users can, for example, send requests for information or deletion directly to LinkedIn). The rights of users (in particular the right to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company, a company based in the EU. The further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular with regard to the transfer of data to the parent company LinkedIn Corporation in the USA; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses(https://legal.linkedin.com/dpa). Option to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Option to object (opt-out): https://myadcenter.google.com/personalizationoff.

Plug-ins and embedded functions and content

We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, but may also be linked to such information from other sources.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

• Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online services and user-friendliness.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online offering that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of displaying or user-friendliness of our online offering). The respective providers collect the IP address of the users and can process it for the purpose of transmitting the software to the user's browser and for security purposes, as well as for the evaluation and optimization of their offer. - We integrate software into our online offering that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of displaying or user-friendliness of our online offering). The respective providers collect the IP address of the users and may process it for the purpose of transmitting the software to the user's browser and for security purposes, as well as for the evaluation and optimization of their offer; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Google Fonts (obtained from the Google server): Obtaining fonts (and symbols) for the purpose of a technically secure, maintenance-free and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform presentation and consideration of possible licensing restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted that are necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA - When visiting our online offer, users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving fonts). The Google Fonts Web API provides users with the Google Fonts Cascading Style Sheets (CSS) and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referral URL (i.e. the web page on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent must adapt the font that is generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics to measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts "Analytics" page. Finally, the referral URL is logged so that the data can be used for production maintenance and to generate an aggregated report on the top integrations based on the number of font requests. According to its own information, Google does not use any of the information collected by Google Fonts to create profiles of end users or to place targeted ads; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.

Management, organization and auxiliary tools

We use services, platforms and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning and providing our services. When selecting third-party providers and their services, we observe the legal requirements.

In this context, personal data may be processed and stored on the servers of the third-party providers. This may affect various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their content.

If users are referred to third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.

• Processed data types: Content data (e.g. text or image messages and posts and the information relating to them, such as information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time data). e.g. IP addresses, time data, identification numbers, persons involved); inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers). Contract data (e.g. subject matter of the contract, term, customer category).
• Data subjects: Communication partners; users (e.g. website visitors, users of online services); interested parties. Business and contractual partners.
• Purposes of Processing: Provision of contractual services and performance of contractual obligations; Office and organizational procedures; Communication; Information technology infrastructure (Operation and provision of information systems and technical equipment (computers, servers, etc.)). Organizational and administrative procedures.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Twilio: Cloud communication platform that can be used to make and receive calls programmatically, send and receive text messages and perform other communication functions using the web service interfaces, for example; service provider: Twilio Ireland Limited, 25 - 28 North Wall Quay, North Wall, Dublin 1, D01 H104, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.twilio.com; Privacy Policy: http://www.twilio.com/en-us/legal/privacy; Data processing agreement: https://www.twilio.com/en-us/legal/data-protection-addendum. Basis for third country transfers: Data Privacy Framework (DPF), standard contractual clauses(https://www.twilio.com/legal/data-protection-addendum).
• YouSign: Create electronic signatures, sign documents digitally, manage signature workflows and ensure legal validity; Service provider: Yousign SAS, Av Pierre Berthelot Rue De Suède, 14000 Caen, France; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://yousign.com; Privacy Policy: https://yousign.com/de-de/datenschutz. Data processing agreement: https://yousign.com/de-de/datenverarbeitung.
• TidyCal: Appointment booking and management, integration with calendar services; Service provider: Sumo Group Inc. (d/b/a "TidyCal"), 1305 E. 6th St #3, Austin, TX 78702, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://tidycal.com/. Privacy Policy: https://tidycal.com/privacy-policy.

Changes and updates

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.