Privacy Policy
Preamble
With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, the purposes of the processing, and the scope of such processing. This privacy policy applies to all processing of personal data carried out by us, both as part of our service delivery and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).
The terms used are not gender-specific.
As of: February 19, 2024
Table of Contents
- Preamble
- Controller
- Overview of Processing Activities
- Applicable Legal Bases
- Security Measures
- Disclosure of Personal Data
- International Data Transfers
- Data Deletion
- Rights of Data Subjects
- Use of Cookies
- Providers and Services Used in Business Activities
- Provision of the Online Offering and Web Hosting
- Blogs and Publishing Media
- Contact and Request Management
- Communication via Messenger
- Web Analysis, Monitoring, and Optimization
- Plugins and Embedded Features and Content
- Changes and Updates to the Privacy Policy
- Definitions of Terms
Controller
Kathrin Nahrmann
Zum Hang 10
15749 Mittenwalde / OT Telz
Email: info@phaenomen-lipizzaner.de
Impressum
Overview of Processing Activities
The following overview summarizes the types of data processed and the purposes of processing and refers to the individuals concerned.
Types of Data Processed
- Inventory data.
- Payment data.
- Contact data.
- Content data.
- Contract data.
- Usage data.
- Meta/communication/procedural data.
Categories of Data Subjects
- Customers.
- Prospective customers.
- Communication partners.
- Users.
- Business and contractual partners.
Purposes of Processing
- Provision of contractual services and fulfillment of contractual obligations.
- Responding to contact inquiries and communication.
- Security measures.
- Direct marketing.
- Reach measurement.
- Office and organizational procedures.
- Management and response to inquiries.
- Feedback.
- Profiles with user-related information.
- Provision of our online offering and user-friendliness.
- IT infrastructure.
Applicable Legal Bases
Relevant Legal Bases under GDPR: Below is an overview of the GDPR legal bases upon which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or establishment may also apply. If more specific legal bases are applicable in individual cases, we will inform you about them in the privacy policy.
- Consent (Article 6(1)(a) GDPR): The data subject has given their consent to the processing of their personal data for one or more specific purposes.
- Contract fulfillment and pre-contractual inquiries (Article 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract.
- Legitimate interests (Article 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring data protection.
National Data Protection Regulations in Germany: In addition to the GDPR regulations, national data protection regulations apply in Germany, particularly the Federal Data Protection Act (BDSG). The BDSG includes specific regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. Data protection laws of individual federal states may also apply.
Note on the Applicability of GDPR and Swiss Data Protection Act: These privacy notices are intended to comply with both the Swiss Federal Data Protection Act (Swiss DPA) and the GDPR. Therefore, for broader geographical application and comprehensibility, the terms of the GDPR are used. Specifically, instead of the terms “processing” of “personal data,” “predominant interest,” and “particularly sensitive personal data” used in the Swiss DPA, the terms “processing” of “personal data” and “legitimate interest” and “special categories of data” used in the GDPR are applied. The legal meaning of the terms will, however, remain as per the Swiss DPA where applicable.
Security Measures
We take appropriate technical and organizational measures under the law, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
Such measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data and the associated access, input, disclosure, assurance of availability, and separation of data. We also implement procedures to ensure the exercising of data subject rights, data deletion, and responses to data threats. Moreover, we consider the protection of personal data from the outset during the development or selection of hardware, software, and procedures, in line with the principle of data protection by design and by default.
TLS/SSL Encryption (https): To protect users’ data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hypertext Transfer Protocol Secure (HTTPS) appears in the URL when a website is secured by an SSL/TLS certificate.
Disclosure of Personal Data
When processing personal data, we may disclose or transmit it to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include service providers tasked with IT-related tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and enter into contracts or agreements that serve to protect your data.
Data Transfers Within the Organization: We may transfer personal data to other entities within our organization or grant them access to this data. Where such transfers are administrative, they are based on our legitimate business and operational interests or are required for the fulfillment of our contractual obligations or where consent or legal permission has been granted.
International Data Transfers
Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing occurs within the framework of using third-party services or disclosing or transmitting data to other persons, entities, or companies, this will only be carried out in compliance with legal requirements. Where the level of data protection in the third country has been officially recognized as adequate (Art. 45 GDPR), such recognition serves as the basis for the data transfer. In other cases, data transfers occur only if the level of data protection is ensured otherwise, particularly through standard contractual clauses (Art. 46(2)(c) GDPR), express consent, or in cases of contractual or legally necessary transfer (Art. 49(1) GDPR). Furthermore, we provide you with information on the legal basis for the transfer to third countries for individual third-party providers, prioritizing adequacy decisions as the basis. Information on third-country transfers and existing adequacy decisions can be found on the European Commission’s website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en.
EU-US Trans-Atlantic Data Privacy Framework: Under the so-called “Data Privacy Framework” (DPF), the European Commission has also recognized the data protection level of certain U.S. companies as safe based on an adequacy decision dated July 10, 2023. The list of certified companies and further information about the DPF can be found on the U.S. Department of Commerce’s website: https://www.dataprivacyframework.gov/. We inform you in these privacy notices which service providers we use are certified under the Data Privacy Framework.
Data Deletion
The data processed by us will be deleted in accordance with legal requirements once their permitted consents are revoked or other permissions lapse (e.g., if the purpose for processing the data ceases to apply or they are no longer necessary for the intended purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to those purposes. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is required to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person. Further information on the retention and deletion of data may be included in our privacy notices, which take precedence for the respective processing.
Rights of Data Subjects
Rights of Data Subjects under GDPR: As a data subject, you have various rights under the GDPR, particularly those arising from Articles 15 to 21 GDPR:
- Right to Object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data carried out based on Article 6(1)(e) or (f) GDPR, including profiling based on these provisions. If your personal data is processed for direct marketing purposes, you also have the right to object to the processing for such marketing purposes, including profiling related to such direct marketing.
- Right to Withdraw Consent: You have the right to revoke any consent given at any time.
- Right of Access: You have the right to request confirmation as to whether your data is being processed and to information about this data as well as to additional information and a copy of the data as per legal requirements.
- Right to Rectification: You have the right to request the correction or completion of your data in accordance with legal requirements.
- Right to Erasure and Restriction of Processing: You have the right to demand that your data be deleted immediately or, alternatively, that its processing be restricted as per legal requirements.
- Right to Data Portability: You have the right to obtain your data in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with legal requirements.
- Right to Lodge a Complaint: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, workplace, or the place of the alleged infringement, if you consider that the processing of your personal data violates GDPR provisions.
Use of Cookies
Cookies are small text files or other storage markers that store information on end devices and retrieve information from end devices. For example, they can store the login status of a user account, a shopping cart’s content in an online shop, accessed content, or used functions of an online offering. Cookies can also serve various purposes, such as ensuring the functionality, security, and comfort of online offerings or creating visitor traffic analyses.
Consent Notice: We use cookies in compliance with legal requirements. Therefore, we obtain prior consent from users unless it is legally not required. Consent is particularly not necessary if storing and retrieving information (including cookies) is absolutely essential to provide the user with a telemedia service (our online offering) expressly requested by them. Necessary cookies typically include functions related to the display and operability of the online offering, load balancing, security, storage of user preferences, or similar purposes. Consent is communicated clearly to users and includes details about the specific use of cookies.
Storage Duration of Cookies
With regard to storage duration, the following types of cookies are distinguished:
- Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their end device (e.g., browser or mobile application).
- Persistent Cookies: Persistent cookies remain stored even after the device has been closed. For example, this allows login statuses to be saved or preferred content to be directly displayed when a user revisits a website. Similarly, data collected via cookies can be used for reach measurement. Unless users are explicitly informed about the type and storage duration of cookies (e.g., during the consent process), users should assume that cookies are persistent and the storage duration can be up to two years.
General Information on Revocation and Objection (“Opt-Out”):
Users can revoke their consent at any time and object to processing in accordance with legal requirements. For this purpose, users can, for example, restrict the use of cookies in their browser settings (although this may restrict the functionality of our online offering). Users can also object to the use of cookies for online marketing purposes via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
Legal Bases:
- Legitimate Interests (Art. 6(1)(f) GDPR).
- Consent (Art. 6(1)(a) GDPR).
Further Notes on Processing Procedures, Methods, and Services
Processing Cookie Data Based on Consent:
We use a consent management procedure to obtain, document, manage, and withdraw user consents, particularly for the use of cookies and similar technologies for storing, reading, and processing user device information. User consents for the use of cookies and the respective processing and providers are obtained, managed, and revocable by users. This consent declaration is stored to avoid repetitive queries and to demonstrate consent as required by law. Storage may occur server-side and/or in a cookie (so-called “Opt-In-Cookie” or via similar technologies) to associate the consent with a user or their device. Unless otherwise specified, the storage duration for consent can be up to two years. A pseudonymous user identifier is generated and stored with the time of consent, scope of consent (e.g., which categories of cookies and/or service providers), as well as browser, system, and device used.
Service Provider Example: Complianz:
- Purpose: Consent management procedure.
- Service Provider: Server-side and/or locally executed service under the provider’s data protection responsibility.
- Website: https://complianz.io/.
- Privacy Policy: https://complianz.io/legal/.
- Additional Information: Stores individual user IDs, language, types of consent, and the time of consent, both server-side and locally on the user’s device.
- Legal Basis: Consent (Art. 6(1)(a) GDPR).
Providers and Services Used in Business Activities
As part of our business activities, we use additional services, platforms, interfaces, or plug-ins from third parties (referred to as “services”) while observing legal requirements. The use of these services is based on our interest in ensuring proper, lawful, and efficient business operations.
Data Types Processed:
- Inventory data (e.g., names, addresses).
- Payment data (e.g., bank details, invoices, payment history).
- Contact data (e.g., email addresses, phone numbers).
- Content data (e.g., information entered in online forms).
- Contract data (e.g., contract subject, duration, customer category).
Data Subjects:
- Customers.
- Prospective customers.
- Users (e.g., website visitors, users of online services).
- Business and contractual partners.
Purposes of Processing:
- Fulfillment of contractual obligations and performance of services.
- Office and organizational procedures.
Legal Bases:
- Legitimate Interests (Art. 6(1)(f) GDPR).
Provision of the Online Offering and Web Hosting
We process user data to provide our online services. To this end, we process the IP address of the user, which is necessary to deliver the content and features of our online services to the user’s browser or device.
Data Types Processed:
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication/procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
- Content data (e.g., information entered in online forms).
Data Subjects:
- Users (e.g., website visitors, users of online services).
Purposes of Processing:
- Provision of our online offering and user-friendliness.
- IT infrastructure (operation and provision of information systems and technical devices such as computers and servers).
- Security measures.
Legal Bases:
- Legitimate Interests (Art. 6(1)(f) GDPR).
Further Notes on Processing Procedures, Methods, and Services
Provision of Online Offerings on Rented Storage Space:
To provide our online offerings, we use storage space, computing capacity, and software obtained from a suitable server provider (“web hoster”).
- Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).
Collection of Access Data and Log Files:
Access to our online offering is logged in the form of “server log files.” Server log files may include the address and name of accessed web pages and files, date and time of access, transferred data volumes, reports of successful access, browser type and version, the user’s operating system, referrer URL (previously visited page), and usually IP addresses and requesting providers.
- Purpose: Security (e.g., preventing server overload through misuse like DDoS attacks) and ensuring server stability.
- Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).
- Deletion of Data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data required as evidence is exempt from deletion until the respective incident is resolved.
Email Sending and Hosting
The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as other information regarding email dispatch (e.g., the involved providers), and the content of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes.
Please note that emails on the internet are generally not encrypted. While emails are usually encrypted during transit, they are not always encrypted on the servers from which they are sent or received (unless end-to-end encryption is used). Therefore, we cannot assume responsibility for the transmission path of emails between the sender and receipt on our server.
- Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).
Service Provider: Netclusive
- Purpose: Provision of IT infrastructure and related services (e.g., storage space and/or computing capacities).
- Service Provider: netclusive GmbH, Robert-Bosch-Str. 10, Haus I, 56410 Montabaur, Germany
- Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).
- Website: https://netclusive.de.
- Privacy Policy: https://netclusive.de/datenschutz/.
- Data Processing Agreement: Provided by the service provider.
Blogs and Publishing Media
We use blogs or similar means of online communication and publication (referred to as “publishing medium”). User data is processed for the purpose of the publishing medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. Additionally, we refer to the information on the processing of visitors to our publishing medium within this privacy policy.
Data Types Processed:
- Inventory data (e.g., names, addresses).
- Contact data (e.g., email addresses, phone numbers).
- Content data (e.g., information entered in online forms).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication/procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
Data Subjects:
- Users (e.g., website visitors, users of online services).
Purposes of Processing:
- Provision of contractual services and fulfillment of contractual obligations.
- Feedback collection (e.g., collecting feedback via online forms).
- Provision of our online offering and user-friendliness.
Legal Basis:
- Legitimate Interests (Art. 6(1)(f) GDPR).
Contact and Request Management
When contacting us (e.g., by mail, contact form, email, telephone, or social media) or within the scope of existing user and business relationships, the data provided by the inquiring persons is processed to the extent necessary to respond to the inquiries and any requested actions.
Data Types Processed:
- Contact data (e.g., email addresses, phone numbers).
- Content data (e.g., information entered in online forms).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication/procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
Data Subjects:
- Communication partners.
Purposes of Processing:
- Contact inquiries and communication.
- Management and response to inquiries.
- Feedback collection (e.g., collecting feedback via online forms).
- Provision of our online offering and user-friendliness.
Legal Bases:
- Legitimate Interests (Art. 6(1)(f) GDPR).
- Fulfillment of contractual and pre-contractual inquiries (Art. 6(1)(b) GDPR).
Additional Notes on Processing Methods and Services:
Contact Form:
When users contact us via the contact form, email, or other communication channels, we process the data provided for handling the stated request.
- Legal Bases: Fulfillment of contractual and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate Interests (Art. 6(1)(f) GDPR).
Communication via Messenger
We use messengers for communication purposes and ask you to take note of the following regarding their functionality, encryption, the use of communication metadata, and your options for objection.
You may also contact us through alternative means, such as by telephone or email. Please use the contact options provided to you or as indicated within our online offering.
Where end-to-end encryption of content is used (i.e., the content of your message and attachments), the communication content (i.e., message text and attached images) is encrypted so that only the recipient can read it. Even the messenger provider cannot access the content. You should always use the latest version of the messenger with encryption enabled to ensure the confidentiality of the message content.
However, we also inform our communication partners that the providers of messengers may still be able to determine when and with whom communication partners communicate as well as technical information regarding the device used and, depending on device settings, location information (so-called metadata).
Legal Basis for Messenger Communication:
If we request permission from our communication partners before communicating via messenger, the legal basis for our data processing is their consent. Otherwise, if we do not request consent and they contact us of their own accord, we use the messenger in relation to our contractual partners and as part of pre-contractual measures. For other interested parties and communication partners, we use messengers based on our legitimate interests in quick and efficient communication.
Revocation, Objection, and Deletion:
You can revoke your consent at any time or object to the further communication.
Web Analysis, Monitoring, and Optimization
Web analysis (also referred to as “reach measurement”) is used to evaluate visitor flows on our online offering and can include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can identify, for example, when our online offering, its functions, or content are most frequently used or invite reuse. We can also determine which areas need optimization.
In addition to web analysis, we may use testing procedures to test and optimize different versions of our online offering or its components.
Unless otherwise stated, the following purposes may involve the creation of profiles—that is, data consolidated into a usage process—and information stored or retrieved in a browser or on a user’s device. Collected data may include visited websites, utilized elements, and technical information such as the browser and operating system used, as well as usage times. If users have given consent for location data collection, their location data may also be processed.
IP addresses of users are also stored; however, we use an IP masking process (i.e., pseudonymization by shortening the IP address) to protect users. Generally, web analysis, A/B testing, and optimization do not involve storing clear user data (e.g., names or email addresses) but pseudonyms. This means neither we nor the providers of the employed software know the actual identity of users, only the data stored in their respective profiles.
Data Types Processed:
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication/procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
Data Subjects:
- Users (e.g., website visitors, users of online services).
Purposes of Processing:
- Reach measurement (e.g., access statistics, identification of recurring visitors).
- User-related profiling (creation of user profiles).
- Provision of our online offering and user-friendliness.
Security Measures:
- IP masking (pseudonymization of the IP address).
Legal Basis:
- Consent (Art. 6(1)(a) GDPR).
Further Notes on Processing Methods and Services
Google Analytics:
We use Google Analytics to measure and analyze the usage of our online offering based on a pseudonymous user ID. This ID does not contain any identifiable data, such as names or email addresses, and instead serves to associate analytical data with a specific device to track user behavior within and across sessions. Data collected includes accessed content, search terms used, repeat visits, and interactions with our online offering.
Pseudonymous user profiles may be created across multiple devices, using cookies. Google Analytics does not log or store individual IP addresses for EU users but derives broad location information (e.g., city or country) before immediately deleting IP data.
- Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
- Legal Basis: Consent (Art. 6(1)(a) GDPR).
- Website: https://marketingplatform.google.com/intl/en/about/analytics/.
- Privacy Policy: https://policies.google.com/privacy.
- Data Processing Agreement: https://business.safety.google/adsprocessorterms/.
- Basis for Third Country Transfers: Data Privacy Framework (DPF).
- Objection Option (Opt-Out): https://tools.google.com/dlpage/gaoptout?hl=en.
Google Tag Manager:
Google Tag Manager allows us to manage “website tags” via an interface, enabling integration of additional services into our online offering. The Tag Manager itself (which implements the tags) does not create user profiles or store cookies but processes the user’s IP address to operate the tool.
- Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
- Legal Basis: Consent (Art. 6(1)(a) GDPR).
- Website: https://marketingplatform.google.com/.
- Privacy Policy: https://policies.google.com/privacy.
- Data Processing Agreement: https://business.safety.google/adsprocessorterms/.
- Basis for Third Country Transfers: Data Privacy Framework (DPF).
Plugins and Embedded Features and Content
We integrate function and content elements obtained from the servers of their respective providers (“third parties”) into our online offering. These may include graphics, videos, or maps (collectively referred to as “content”).
Integration requires third-party providers to process users’ IP addresses since they cannot send the content to their browsers without the IP address. The IP address is thus necessary for displaying such content or functionality. Wherever possible, we use content only from providers that use the IP address solely to deliver the content.
Third-party providers may also use invisible “pixel tags” (also known as “web beacons”) for statistical or marketing purposes. These “pixel tags” allow information, such as visitor traffic on the pages of this website, to be evaluated. The pseudonymous information may also be stored in cookies on the user’s device and include, among other things, technical information about the browser and operating system, referring websites, visit times, and other details about the use of our online offering. This data may also be linked to similar information from other sources.
Data Types Processed:
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication/procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
- Inventory data (e.g., names, addresses).
- Contact data (e.g., email addresses, phone numbers).
- Content data (e.g., information entered in online forms).
Data Subjects:
- Users (e.g., website visitors, users of online services).
Purposes of Processing:
- Provision of our online offering and user-friendliness.
- User-related profiling (creation of user profiles).
Legal Bases:
- Consent (Art. 6(1)(a) GDPR).
- Legitimate Interests (Art. 6(1)(f) GDPR).
Further Notes on Processing Methods and Services
- Google Fonts (Hosted on Our Own Server): Provision of font files to ensure a user-friendly display of our online offering.
- Service Provider: The Google Fonts are hosted on our server; no data is transmitted to Google.
- Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).
- Font Awesome (Hosted on Our Own Server): Display of fonts and icons.
- Service Provider: The Font Awesome icons are hosted on our server; no data is transmitted to the provider of Font Awesome.
- Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).
- YouTube Videos: Video content.
- Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
- Legal Basis: Consent (Art. 6(1)(a) GDPR).
- Website: https://www.youtube.com.
- Privacy Policy: https://policies.google.com/privacy.
- Basis for Third Country Transfers: Data Privacy Framework (DPF).
- Opt-Out Option: Opt-Out Plugin, Settings for Advertising Personalization.
- Vimeo Video Player: Integration of a video player.
- Service Provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA.
- Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).
- Website: https://vimeo.com.
- Privacy Policy: https://vimeo.com/privacy.
- Data Processing Agreement: https://vimeo.com/enterpriseterms/dpa.
- Basis for Third Country Transfers: Standard Contractual Clauses (https://vimeo.com/enterpriseterms/dpa).
Changes and Updates to the Privacy Policy
We kindly ask you to regularly review the content of our privacy policy. We adapt the privacy policy as soon as changes to our data processing make this necessary. We will inform you as soon as changes require your cooperation (e.g., consent) or other individual notification.
If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time. Therefore, we ask you to verify the information before contacting us.
Definitions of Terms
In this section, you will find an overview of the terms used in this privacy policy. Where terms are defined by law, their legal definitions apply. The following explanations are intended to help with understanding.
- Personal Data: “Personal data” means any information relating to an identified or identifiable natural person (the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- Profiles with User-Related Information: The processing of “profiles with user-related information,” or simply “profiles,” includes any kind of automated processing of personal data that involves the use of personal data to analyze, evaluate, or predict certain personal aspects (e.g., interests in certain content or products, click behavior on a website, or location). Cookies and web beacons are often used for profiling purposes.
- Reach Measurement: Reach measurement (also known as “web analytics”) refers to the evaluation of visitor flows within an online offering and may include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, website operators can, for example, identify the times at which users visit their websites and which content interests them. This allows the content of the websites to be better aligned with the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis to recognize returning visitors and thus obtain more precise analyses of the use of an online offering.
- Controller: The term “controller” refers to the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processing: “Processing” means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data, whether collection, evaluation, storage, transmission, or deletion.