Privacy Policy Notices

Security and Protection of Your Personal Data

We consider it our primary responsibility to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access.

As a private-sector company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the new Federal Data Protection Act (BDSG-neu). We have taken technical and organizational measures to ensure that both we and our external service providers comply with data protection regulations.

Name and Address of the Data Controller:

Controller:

If you have any questions regarding the collection, processing, or use of your personal data, or for information, corrections, restrictions, or deletions of data, as well as revocations of any consents granted or objections to specific data uses, please contact us directly using the contact details above.

Definitions

The legislator requires that personal data must be processed lawfully, in good faith, and in a manner that is comprehensible for the data subject ("Lawfulness, fairness, transparency"). To ensure this, we inform you of the specific legal definitions used in this privacy policy:

Lawfulness of Processing

The processing of personal data is only lawful if there is a legal basis for the processing. The legal basis for the processing may, in accordance with Article 6(1) sentence 1 of the GDPR, be:

in particular, lit. a – f GDPR:

1. The data subject has given consent to the processing of their personal data for one or more specific purposes;
2. The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
3. The processing is necessary for compliance with a legal obligation to which the controller is subject;
4. The processing is necessary in order to protect the vital interests of the data subject or another natural person;
5. The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
6. The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Telecommunications Telemedia Data Protection Act (TTDSG)

The legal basis for storing and retrieving information on the user’s terminal device is consent, as per § 25(1) sentence 1 TTDSG. This consent is requested when the website is accessed.

According to § 25(2) No. 2 TTDSG, consent is not required if the storage of information on the user's terminal device or the access to information already stored is strictly necessary to provide a telemedia service expressly requested by the user. You can see which cookies are classified as strictly necessary (often referred to as "technically necessary cookies") in the cookie settings, which therefore fall under the exception rule of § 25(2) TTDSG and do not require consent.

Please note that the legal basis for the subsequent processing of personal data is derived from the GDPR. The relevant legal bases for the processing of personal data on this website are provided further in these privacy notices.

Information about the Collection of Personal Data

Below we inform you about the collection of personal data when using our website. Personal data includes, for example, name, address, email addresses, and user behavior.

Collection of Personal Data When Visiting Our Website

When using our website for informational purposes only, meaning that you do not register or otherwise transmit information to us, we collect only the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred
• Website from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software

After technical evaluation, this data is immediately deleted. This data collection is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR to protect our legitimate interests in a correct display of our website offering, as well as compliance with the EU General Data Protection Regulation in terms of security and confidentiality.

The Supervisory Authority Responsible for Us Is:

Address:

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
P.O. Box 30 40
55020 Mainz
Phone: +49 (0) 6131 208-2449
Fax: +49 (0) 6131 208-2497
Email: [email protected]

User Account on Our Website

The data subject has the option of creating a customer account on the website of the controller by providing personal data. The following personal data is collected for this purpose:

• Salutation
• First name
• Last name
• Date of birth (optional)
• Email address
• Referred by (optional)

In the customer account, several delivery and billing addresses can be stored. The following data can be entered here:

• Company
• Street and house number
• Address supplement
• Postal code and city
• Country
• If applicable, federal state
• Phone

In the order process, additional comments regarding the order can be submitted.

The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for its own purposes. For example, we use your email only in direct connection with your order. Typical emails would be: order confirmations, invoices, credit notes, delivery notes, shipment tracking, delivery delays, complaints, or reminders.

The controller may arrange for the transfer to one or more processors, such as a parcel service provider, who will also use the personal data exclusively for internal purposes attributable to the controller.

The entire BioProphyl website, including your personal information, credit card or bank details, is transmitted encrypted via a so-called SSL connection (Secure Socket Layer). This website offers secure communication. Secure communication means that the information you provide, such as your bank details, is encrypted in such a way that it cannot be read or intercepted by others. An encrypted connection can be recognized by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. Furthermore, by registering on the controller's website, the IP address assigned by the Internet Service Provider (ISP) of the data subject, the date, and the time of registration are stored. The storage of this data takes place against the background that this is the only way to prevent misuse of our services, and this data makes it possible, if necessary, to clarify criminal offenses. In this respect, the storage of this data is necessary for the protection of the controller. This data is not generally passed on to third parties unless there is a legal obligation to pass it on or the transfer serves the purpose of law enforcement.

Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f) GDPR. If the creation of the customer account is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR.

Purpose of Data Processing

The processing of personal data from the customer account is used to process the order and to minimize misuse of orders.

The registration of the data subject by voluntarily providing personal data is intended to enable the controller to offer content or services to the data subject that can only be offered to registered users due to the nature of the matter. The optional date of birth is used for age verification of alcoholic products (Juvenile Protection Act). The "Referred by" field is used for marketing purposes. Registered users have the option at any time to modify or completely delete the personal data provided during registration from the controller's database.

Duration of Storage

The data remains until the customer deletes their user account.

Contact Through the Website

If a data subject contacts the controller via email or a contact form, the personal data transmitted by the data subject is automatically stored. The following data is required for this:

• First name
• Last name
• Email address
• Your message

There is also a contact option for retailers and therapists ("Retailer Inquiry"). The following data is collected here:

• Company
• Contact person
• Street
• Postal code and city
• Phone
• Fax
• Email address
• Website
• VAT ID
• Order quantity
• Sales focus
• Business license
• Comment

At the time of sending the above messages, the following data is also stored:

The user's IP address
Date and time of contact
During the sending process, your consent to this privacy policy is obtained.

Alternatively, contact is possible via the provided email address. In this case, the personal data transmitted with the email is stored. No data is shared with third parties in this context. The data is used exclusively for processing the conversation.

Legal Basis for Data Processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a) GDPR, provided the user's consent is present.

The legal basis for processing the data transmitted during the sending of an email is Art. 6 para. 1 lit. f) GDPR. If the email contact is aimed at concluding a contract, the legal basis for processing changes to Art. 6 para. 1 lit. b) GDPR.

Purpose of Data Processing

The processing of personal data from the input mask is solely for handling the contact request.

Duration of Storage

The duration of storage depends on the respective purpose and the necessity of storage. For contact inquiries based on your consent, your data is generally stored until revocation, unless the legal basis has changed to contract initiation or contract conclusion (Art. 6 para. 1 lit. b) GDPR), in which case we store your tax-relevant data for up to 10 years (in accordance with AO, HGB).

Payment and Delivery Service Providers

Data is only transferred to third parties within the scope of legal requirements. We only transfer user data to third parties if it is necessary for billing purposes or for other purposes required to fulfill our contractual obligations to the users. If we use subcontractors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with relevant legal provisions. In such cases, the scope of the transmitted data is limited to the necessary minimum. The processing of relevant payment data is carried out by external service providers for security reasons.

If there is a legitimate interest, BioProphyl® GmbH may exchange data with credit agencies for credit checks, in compliance with data protection regulations.

Secupay

When paying by the payment method "direct debit," the purchase price claim is assigned to secupay AG, Goethestraße 6, 01896 Pulsnitz. Your bank or credit card account will be charged upon completion of the order. The data required for payment processing will be transmitted to secupay AG. To assess the risk of default, secupay AG may conduct a credit check. Information on your previous payment behavior and creditworthiness information based on mathematical-statistical procedures using address data (scoring) will be obtained from infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden, and EOS Payment Solutions GmbH, Steindamm 80, 20099 Hamburg. You can obtain more information about data processing and storage directly from secupay AG.

Legal basis for processing: Art. 6 para. 1 lit. b) GDPR

Giropay

When paying by "Giropay," "Sofort transfer," or "credit card," the bank data is encrypted and transmitted to our payment service provider PAYONE GmbH, Fraunhoferstraße 2-4, 24118 Kiel, where it is processed. PAYONE is a company of the Sparkassen-Finanzgruppe and is authorized by the German Federal Financial Supervisory Authority as a payment institution.

Legal basis for processing: Art. 6 para. 1 lit. b) GDPR

Klarna

Klarna is an online payment service provider that enables purchase on account or flexible installment payment. Klarna also offers additional services, such as buyer protection or identity and credit checks.

The operator of Klarna is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.

If the person concerned selects "purchase on account" or "installment purchase" during the ordering process in our online shop, personal data is automatically transmitted to Klarna. By selecting one of these payment options, the person concerned consents to the transmission of personal data required for processing the invoice or installment purchase or for identity and credit checks.

The personal data transmitted to Klarna includes first name, last name, address, date of birth, gender, email address, IP address, phone number, mobile phone number, and other data necessary to process the invoice or installment purchase. Personal data related to the respective order is also necessary to fulfill the purchase contract. In particular, payment information such as bank details, card number, expiry date, and CVC code, number of items, item numbers, data on goods and services, prices, and tax details, information on past purchasing behavior, or other financial information may be exchanged.

The data transmission primarily aims to verify identity, administer payments, and prevent fraud. The personal data exchanged between Klarna and the controller may be transmitted by Klarna to credit agencies. This transmission serves identity and credit checks.

Klarna may also transmit personal data to affiliated companies (Klarna Group) and service providers or subcontractors, provided this is necessary to fulfill contractual obligations or process data on their behalf.

To decide on establishing, executing, or terminating a contractual relationship, Klarna collects and uses data and information on the person's previous payment behavior and probability values for future behavior (so-called scoring). The scoring is calculated using scientifically recognized mathematical-statistical methods.

The person concerned can withdraw consent for handling personal data at any time with Klarna. A withdrawal does not affect personal data that must be processed, used, or transmitted to fulfill (contractual) payment processing.

Klarna's applicable data protection regulations can be accessed at https://cdn.klarna.com/1.0/shared/content/policy/data/en_en/data_protection.pdf.

Legal basis for processing: Art. 6 para. 1 lit. b) GDPR

Paypal

The controller has integrated components of PayPal on this website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also allows for virtual payments through credit cards if the user does not have a PayPal account. A PayPal account is managed via an email address, making a traditional account number unnecessary. PayPal enables online payments to third parties and receipt of payments. PayPal also provides trustee functions and buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the person concerned selects "PayPal" as a payment option during the order process in our online shop, personal data of the person concerned is automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transmission of personal data required for payment processing.

The personal data transmitted to PayPal includes first name, last name, address, email address, IP address, phone number, mobile phone number, or other data necessary for payment processing. Personal data related to the respective order is also necessary to fulfill the purchase contract.

The transmission of data aims to process payments and prevent fraud. The controller will transmit personal data to PayPal, particularly if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the controller may be transmitted by PayPal to credit agencies. This transmission serves identity and credit checks.

PayPal may transmit personal data to affiliated companies and service providers or subcontractors, provided this is necessary to fulfill contractual obligations or process data on their behalf.

The person concerned can withdraw consent for handling personal data at any time with PayPal. A withdrawal does not affect personal data that must be processed, used, or transmitted to fulfill (contractual) payment processing.

PayPal's applicable data protection regulations can be accessed at https://www.paypal.com/en/webapps/mpp/ua/privacy-full.

The processing of personal data is intended to pay for the order.

Legal basis for processing: Art. 6 para. 1 lit. b) GDPR

The customer has no option to object. As an alternative, the customer can pay by invoice. Please note that in the case of payment by "invoice," personal data such as the name and bank details are transmitted to the recipient bank.

The customer is also free to collect the goods against cash payment directly at BioProphyl GmbH, Erlenweg 2 in 56729 Nitz during business hours as listed in the imprint.

Postwerbung

Wir behalten uns vor, Ihren Vor- und Nachnamen sowie Ihre Postanschrift für eigene Werbezwecke zu nutzen, z.B. zur Zusendung von interessanten Angeboten und Informationen zu unseren Produkten per Briefpost. Die Werbesendungen werden im Rahmen einer Verarbeitung in unserem Auftrag durch einen Dienstleister erbracht, an den wir Ihre Daten hierzu weitergeben.

Rechtsgrundlage für die Datenverarbeitung

Rechtsgrundlage für die Verarbeitung der Daten ist bei Vorliegen einer Einwilligung des Nutzers Art. 6 Abs. 1 lit. a) DSGVO.

Zweck der Datenverarbeitung

Dies dient der Wahrung unserer im Rahmen einer Interessenabwägung überwiegenden berechtigten Interessen an einer werblichen Ansprache.

Dauer, für die die personenbezogenen Daten gespeichert werden

Das Kriterium für die Dauer der Speicherung von personenbezogenen Daten ist die jeweilige gesetzliche Aufbewahrungsfrist. Nach Ablauf der Frist werden die entsprechenden Daten, routinemäßig gelöscht, sofern sie nicht mehr zur Vertragserfüllung oder Vertragsanbahnung erforderlich sind oder Sie Ihre Einwilligung nicht widerrufen haben oder gegen die Datenverarbeitung nicht widersprochen haben.

Privacy Notice for Applicants

We are pleased that you are interested in us and have applied or are applying for a position in our company. We would like to provide you with the following information regarding the processing of your personal data in connection with your application.

We process the data you have sent us in connection with your application in order to evaluate your suitability for the position (or possibly other open positions in our company) and to carry out the application process.

The legal basis for processing your personal data in this application process is primarily Section 26 of the German Federal Data Protection Act (BDSG). According to this, data processing is permissible if it is necessary in connection with the decision to establish an employment relationship.

If, after the conclusion of the application process, data is necessary for legal prosecution, data processing may be carried out on the basis of the requirements of Article 6 of the GDPR, particularly for the protection of legitimate interests under Article 6 para. 1 lit. f) GDPR. Our interest then lies in asserting or defending claims.

Applicant data will be deleted 6 months after a rejection.

If you have consented to further storage of your personal data, we will include your data in our applicant pool. The data will be deleted after two years.

If you are awarded a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system.

We use a specialized software provider for the application process. This provider acts as a service provider for us and may, in connection with system maintenance and support, also gain knowledge of your personal data. We have entered into a data processing agreement with this provider, which ensures that data processing is carried out in a permissible manner.

Your application data will be reviewed by the HR department upon receipt of your application. Suitable applications will then be forwarded internally to the department managers responsible for the respective open position. The further process will then be coordinated. In the company, only those persons who require access to your data for the proper execution of our application process have access.

The data is processed exclusively in data centers in the Federal Republic of Germany.

You have the right to request information about the personal data we process about you.

If your request for information is not made in writing, we ask for your understanding that we may request proof from you to confirm that you are the person you claim to be.

Furthermore, you have the right to rectification or deletion or to restrict processing, as far as you are legally entitled to do so.

Furthermore, you have the right to object to the processing within the scope of the legal provisions. The same applies to the right to data portability.

Use of Cookies

In addition to the previously mentioned data, cookies or similar technologies such as pixels (hereinafter generally referred to as "cookies") are used on your computer during your use and visit to our website. Cookies are small text files that are stored by your browser on your device to save certain information or image files such as pixels. Upon your next visit to our website with the same device, the information stored in the cookies is either sent back to our website ("First Party Cookie") or to another website to which the cookie belongs ("Third Party Cookie").

By the stored and returned information, the respective website recognizes that you have already accessed and visited it with the browser of your device. We use this information to design and display the website to you according to your preferences optimally. Only the cookie itself is identified on your device. Any further storage of personal data will only take place with your explicit consent or if it is absolutely necessary to use the service you have accessed.

This website uses the following types of cookies, whose scope and functionality are explained below:

• Strictly necessary cookies (Type a)
• Functional and performance cookies (Type b)
• Cookies requiring consent (Type c)

We will inform you in the tools we use about which types of cookies are set and used.

Strictly Necessary Cookies (Type a)

Strictly necessary cookies ensure functions that are essential for you to use our websites as intended. These cookies are exclusively used by us and are therefore First Party Cookies. This means that all information stored in the cookies is sent back to our website.

For example, strictly necessary cookies ensure that, as a logged-in user, you remain logged in when accessing various subpages of our website and do not have to re-enter your login data each time you access a new page.

The use of strictly necessary cookies on our website is possible without your consent. For this reason, strictly necessary cookies cannot be deactivated or activated individually. However, you always have the option of generally disabling cookies in your browser (see below).

Legal basis: Art. 6 para. 1 lit. f) GDPR

Functional and Performance Cookies (Type b)

Functional cookies enable our website to store information you have already provided (such as registered name or language selection) and offer you improved and more personalized functions based on this. These cookies only collect and store anonymized information, so they do not track your movements on other websites.

Performance cookies collect information about how our websites are used to improve their attractiveness, content, and functionality. These cookies help us determine, for example, whether and which subpages of our website are visited and which content users are particularly interested in. Specifically, we collect the number of page accesses, the number of subpages accessed, the time spent on our website, the sequence of pages visited, the search terms that led you to us, the country, region, and possibly the city from which access is made, as well as the share of mobile devices accessing our websites. We also collect movements, "clicks," and scrolling with the computer mouse to understand which areas of our website are of particular interest to users. As a result, we can tailor the content of our website more specifically to the needs of our users and optimize our offering. The IP address of your computer transmitted for technical reasons is automatically anonymized and does not allow us to draw any conclusions about individual users.

You can object to the use of functional and performance cookies at any time by adjusting your cookie settings accordingly.

Legal basis: Art. 6 para. 1 lit. f) GDPR

Cookies Requiring Consent (Type c)

Cookies that are neither strictly necessary (Type a) nor functional or performance cookies (Type b) will only be used after your consent.

We reserve the right to use information obtained through cookies from an anonymized analysis of visitor behavior on our websites to show you specific advertising for certain of our products on our own websites. We believe that users benefit from this because we display advertising or content based on their browsing behavior that we assume aligns with their interests, so they see less random advertising or content that may be of less interest to them.

Marketing cookies originate from external advertising companies (Third Party Cookies) and are used to collect information about the websites visited by the user to create targeted advertising for the user.

Opt-out for Marketing Cookies

You can also manage cookies used for online advertising through tools developed in many countries under self-regulation programs, such as the U.S.-based https://www.aboutads.info/choices/ or the EU-based http://www.youronlinechoices.com/uk/your-ad-choices.

You can revoke this consent for cookies at any time with future effect here.

Legal basis: Art. 6 para. 1 lit. f) GDPR

Managing and Deleting All Cookies

Furthermore, you can configure your internet browser to prevent cookies from being stored on your device altogether or to ask you each time if you agree to cookies being set. You can also delete cookies that have already been set at any time. Please refer to your browser's help function for details on how to do this.

The following data is stored and transmitted by the online shop in the cookies described here for the following purposes:

• Cookie: csrf[*]
• Purpose: Ensures the security of the website and provides protection against CSRF attacks (Cross-Site-Request-Forgery).
• Expiration: End of session

• Cookie: session-
• Purpose: Used to identify the session.
• Expiration: End of session

• Cookie: timezone
• Purpose: Stores the visitor's timezone.
• Expiration: 1 month

• Cookie: sw-cache-hash
• Purpose: Contains the active rules and the active currency. This cookie is set when the active rules no longer match the standard (e.g., customer login / items in the cart).
• Expiration: End of session

• Cookie: sw-states
• Purpose: Describes the current session in simple tags such as "cart-filled" and "logged-in." When the client tags match the response header sw-invalidation-states, the cache is skipped. This function is used, for example, to store the cache only for logged-in customers.
• Expiration: End of session

Adcell

We use the affiliate program from ADCELL, a company of Firstlead GmbH, Rosenfelder Str. 15-16, 10315 Berlin. To correctly track sales and/or leads, ADCELL sets cookies on the customer's (visitor's) computer. These cookies are set by the domain www.adcell.de/js/track.js. These cookies comply with the applicable privacy policies. The cookies used by ADCELL are accepted by default by the internet browser. ADCELL tracking cookies do not store any personally identifiable information such as names or IP addresses, only the ID of the referring partner and the order number of the advertisement clicked on by the visitor (banner, text link, etc.). The partner ID is used to allocate the commission payable to the referring partner when a transaction is completed.

The current privacy policies of Adcell can be found at https://www.adcell.de/agb.

Personalized advertising can be disabled via the following link: https://www.adcell.de/datenschutz

Additionally, the following cookies may be embedded through Adcell:

ad4mat.de: This is a company of advanced store GmbH, Alte Jakobstraße 79/80, D-10179 Berlin. Further information can be found at: https://www.ad4mat.com/de/datenschutz/ and http://www.advanced-store.com/de/dsgvo-cookies/.

Cookies used: Type c.
Legal basis: Art. 6 para. 1 lit. a) GDPR
Purpose of processing: Marketing purposes.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website will usually be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before being transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity, and provide other services related to website usage and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google.

You can prevent the storage of cookies by selecting the appropriate settings on your browser. However, we would like to point out that if you do this, you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of the data generated by the cookie related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are processed in a truncated form, which prevents personal identification. If the data collected about you includes any personal reference, this will be excluded immediately, and the personal data will thus be deleted without delay.

We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained help us to improve our offer and make it more interesting for you as a user.

In the course of processing, data may be transmitted to the USA. The security of the transmission is safeguarded by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security corresponding to that of the GDPR. If the standard contractual clauses are insufficient to ensure an adequate level of security, your consent in accordance with Art. 49 para. 1 lit. a) GDPR may serve as the legal basis for the transmission to third countries.

Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

User conditions: http://www.google.com/analytics/terms/us.html
Privacy overview: http://www.google.com/intl/en/analytics/learn/privacy.html
Privacy policy: http://www.google.de/intl/en/policies/privacy

This website also uses Google Analytics for cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data," "personal data."

Cookies used: Type c.
Legal basis: Art. 6 para. 1 lit. a) GDPR
Purpose of processing: Marketing purposes.

Google Ads Conversion

We use the Google Ads Conversion offering to draw attention to our attractive offers on external websites using advertisements (Google Ads). In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We aim to show you advertisements that are of interest to you, to make our website more interesting for you, and to achieve a fair calculation of advertising costs.

These ads are delivered by Google via so-called "ad servers." For this purpose, we use ad server cookies that allow certain parameters for success measurement, such as the display of ads or clicks by users, to be measured. If you access our website via a Google ad, Google Ads will store a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions), and opt-out information (indicating that the user no longer wishes to be addressed) are generally stored as analysis values.

These cookies allow Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their device has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page (conversion page).

In the course of processing, data may be transmitted to the USA. The security of the transmission is safeguarded by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security corresponding to that of the GDPR. If the standard contractual clauses are insufficient to ensure an adequate level of security, your consent in accordance with Art. 49 para. 1 lit. a) GDPR may serve as the legal basis for the transmission to third countries.

Cookies used: Type c.
Legal basis: Art. 6 para. 1 lit. a) GDPR
Purpose of processing: Marketing purposes.

Microsoft "Bing Ads"

This website uses the conversion tracking technology "Bing Ads" from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads places a cookie on your computer if you reached our website via a Microsoft Bing ad. Cookies are small text files that are stored on your computer system. These cookies expire after 180 days and are not used to personally identify you. If the user visits certain pages of this website and the cookie has not yet expired, Microsoft and we can recognize that the user clicked on the ad and was redirected to that page (conversion page).

The information obtained using the conversion cookie is used to create conversion statistics, i.e., to track how many users reach a conversion page after clicking on an ad. We learn the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.

You can check whether advertising cookies from Microsoft are set in your browser and disable them at http://www.youronlinechoices.com/uk/your-ad-choices/. Further information about Microsoft's Bing Ads privacy policy can be found at: https://privacy.microsoft.com/en-us/privacystatement.

In the course of processing, data may be transmitted to the USA. The security of the transmission is safeguarded by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security corresponding to that of the GDPR. If the standard contractual clauses are insufficient to ensure an adequate level of security, your consent in accordance with Art. 49 para. 1 lit. a) GDPR may serve as the legal basis for the transmission to third countries.

Cookies used: Type c.
Legal basis: Art. 6 para. 1 lit. a) GDPR
Purpose of processing: Marketing purposes.

CrazyEgg

This site uses the tracking tool CrazyEgg.com to record randomly selected individual visits with anonymized IP addresses only. Crazy Egg is operated by Crazy Egg, Inc., 16220 Ridgeview Lane, La Mirada, CA, 90638, USA. This tracking tool allows the use of cookies to analyze how you use the website (e.g., which content is clicked on). A usage profile is visually presented in the form of so-called "heatmaps." Only pseudonymized usage profiles are created.

Crazy Egg's privacy policy can be found at https://www.crazyegg.com/privacy.

The information is used solely to improve the user-friendliness of our services and for marketing purposes. Crazy Egg allows us to track how different changes to a website affect it, such as changes to input fields, design, etc. A/B tests serve to improve user-friendliness and performance of online offerings. In A/B testing, different versions of a website or its elements, such as input forms, are displayed, differing in content or design. By observing how users interact with each version, we determine which one best meets their needs. "Clicktracking" allows us to track user movements within an entire online offering. Cookies are generally stored on the users' devices for this purpose.

In the course of processing, data may be transmitted to the USA. The security of the transmission is safeguarded by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security corresponding to that of the GDPR. If the standard contractual clauses are insufficient to ensure an adequate level of security, your consent in accordance with Art. 49 para. 1 lit. a) GDPR may serve as the legal basis for the transmission to third countries.

You can object to the collection, processing, and recording of data generated by CrazyEgg.com at any time by following the instructions at https://www.crazyegg.com/opt-out.

Cookies used: Type c.
Legal basis: Art. 6 para. 1 lit. a) GDPR
Purpose of processing: Marketing purposes.

Cashbackworld

Description and scope of data processing

This website uses the affiliate program of Cashbackworld, a company of mWG myWorld Germany GmbH, Gereonstraße 1 – 3, D-50670 Cologne. To accurately track sales and/or leads, we place a cookie named "Tradedoubler" on the customer's (visitor's) computer, provided its origin is from Cashbackworld ads. Sales and/or leads are tracked by the operating company Tradedoubler GmbH, Herzog-Wilhelm-Straße 26, 80331 Munich, Germany.

This cookie complies with the respective data protection regulations. The cookies used by Cashbackworld are accepted by the browser by default. Cashbackworld tracking cookies do not store any personally identifiable data, only the ID of the referring partner (similar to Adcell). The partner ID is used to assign the commission payable to the referring partner when a transaction is completed.

The applicable privacy policy of Cashbackworld can be accessed at https://www.cashbackworld.com/de/privacy-policy.

The applicable privacy policy of Tradedoubler can be found at http://www.tradedoubler.com/de/privacy-policy/.

Cookies used: Type c.
Legal basis: Art. 6 para. 1 lit. a) GDPR
Purpose of processing: Marketing purposes.

Vimeo

Description and scope of data processing

Our website embeds some videos from the platform "Vimeo." The operator of this platform is: Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA.

To enhance privacy, we use a "preview solution": The videos are embedded in our site only with a preview image and a privacy notice. Only when you click on the preview image or the privacy notice will the plugin/video be activated. The user will then see the embedded video stream on our site. Cookies are only set after clicking on the preview image and the privacy notice.

The privacy policies of Vimeo can be found here: https://vimeo.com/privacy.

Data transfers to third countries are possible. Standard contractual clauses under Art. 46 GDPR are concluded to ensure adequate guarantees. Further information can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

To protect your rights and personal data, we have implemented Vimeo with a so-called two-click solution, which ensures that data is only transferred to Vimeo after you have explicitly activated the card function. More information can be found at https://vimeo.com/cookie_policy and https://vimeo.com/cookie_list.

The user can prevent Vimeo from setting cookies at any time by configuring their browser settings to block cookies, as mentioned above, or deleting cookies that have already been set.

Legal basis: Art. 6 para. 1 lit. f) GDPR
Purpose of processing: Marketing purposes.

YouTube

We have embedded YouTube videos in our online offering, which are stored on http://www.YouTube.com and can be played directly from our website. All of these are embedded in "extended privacy mode," meaning that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the following data be transmitted. We have no control over this data transfer.

By visiting the website, YouTube receives information that you have accessed the corresponding subpage of our website. The data specified in Section 2 of this notice will also be transmitted. This occurs regardless of whether YouTube provides a user account that you are logged into or whether no user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not wish this data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research, and/or tailored website design. Such an analysis is done (even for users who are not logged in) to provide tailored advertising and inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact YouTube to exercise this right.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in their privacy policy. There, you will also find more information about your rights and options for protecting your privacy.

In the course of processing, data may be transmitted to the USA. The security of the transmission is safeguarded by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security corresponding to that of the GDPR. Data transfers to third countries are possible. Standard contractual clauses under Art. 46 GDPR are concluded to ensure adequate guarantees. More information can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

The YouTube privacy policy can be found here: https://policies.google.com/privacy?hl=en

Google also provides several options to object to the collection of your data: https://policies.google.com/privacy#infochoices.

Legal basis: Art. 6 para. 1 lit. f) GDPR
Purpose of processing: Marketing purposes.