Scope

This privacy policy applies to our website https://paceviewer.com/ („Website“) and the associated web application https://app.paceviewer.com/ („PaceViewer App“) (Section I.) as well as our social media presence (Section II.). It does not extend to any linked websites or online presences of other providers.

Controller

The controller responsible for the processing of personal data within the scope of this privacy policy is:

PaceViewer GmbH Heiligengeiststraße 6-8, 26121 Oldenburg Email: hello@paceviewer.com

Data Protection Inquiries

If you have any questions regarding data protection in relation to our company or our Website, you can contact us using the contact details provided in the „Controller“ section.

Security

We have taken comprehensive technical and organizational measures to protect your personal data from unauthorized access, misuse, loss and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art.

Your Rights

You have the following rights with regard to your personal data, which you can assert against us:

Right of access: You can request information in accordance with Art. 15 GDPR about your personal data that we process.
Right to rectification: If the information concerning you is not (or no longer) accurate, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request completion.
Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
Right to restriction of processing: You have the right to request a restriction on the processing of your personal data in accordance with Art. 18 GDPR.
Right to Object to Processing: You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data carried out on the basis of Art. 6 (1) 1 lit. e) or lit. f) GDPR, in accordance with Art. 21 (1) GDPR. We will no longer process your data in this case unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Further processing also takes place if the processing serves the assertion, exercise or defense of legal claims (Art. 21 (1) GDPR). In addition, you have the right under Art. 21 (2) GDPR to object at any time to the processing of your personal data for the purpose of direct marketing; this also applies to profiling insofar as it is related to such direct marketing. We will inform you of the right to object in this privacy policy in connection with the respective processing.
Right to withdraw your consent: If you have given your consent for processing, you have the right to withdraw it at any time with effect for the future in accordance with Art. 7 (3) GDPR.
Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format („data portability“) as well as the right to transmit this data to another controller, if the conditions of Art. 20 (1) lit. a, b GDPR are met (Art. 20 GDPR).

You can exercise your rights by contacting us using the contact details provided in the „Controller“ section.

If you believe that the processing of your personal data violates data protection law, you also have the right under Art. 77 GDPR to lodge a complaint with a authority for data protection of your choice. This includes the authority for data protection responsible for the controller:

Der Landesbeauftragte für den Datenschutz Niedersachsen, Postfach 221, 30002 Hannover or: Prinzenstraße 5, 30159 Hannover, Germany, Phone: +49 (0511) 120-4500, Email: poststelle@lfd.niedersachsen.de, https://www.lfd.niedersachsen.de.

Website and PaceViewer App

Unless otherwise stated, the following information applies to both the Website and the PaceViewer App.

1. Access to our Website and PaceViewer App

When you access our Website or the PaceViewer App, your browser transmits information to the server in order to enable a connection and to display the content securely, quickly, stably and in the correct format on your device.

The following data may be processed in this context:

Browser type/browser version
Operating system used
Language and version of the browser software
Date and time of access
Hostname of the accessing device
IP address
Content of the request (specific website)
Access status/HTTP status code
Websites accessed via the Website or the PaceViewer App
Referrer URL (the previously visited website)
Message whether the access was successful
Amount of data transferred and
Time zone difference to GMT

Further storage of this data takes place to ensure the functionality of the website and the PaceViewer App and the security of the information technology systems.

The legal basis for processing is Art. 6 (1) s.1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the Website and the PaceViewer App as well as the integrity and security of the website and the PaceViewer App. Upon request, we provide information about the balancing of interests carried out. The storage of access data, in particular the IP address, enables us to detect and defend against misuse. This includes, for example, the defense against requests that overload the service or any bot usage. The access data is deleted as soon as it is no longer required to achieve the purpose of its processing. In the case of data collection for the provision of the Website, this is the case when you end your visit to the Website or the PaceViewer App. The log data is deleted at the latest after 30 days.

You can object to the processing. Your right to object exists on grounds relating to your particular situation. You can submit your objection to us using the contact details provided in the „Controller“ section.

2. End Device Information

In addition to the aforementioned access data, technologies are used when using the Website and the PaceViewer app that store information on your end device (e.g. desktop PC, laptop, tablet and smartphone) or access information that is already stored on your end device. These technologies may include, for example, cookies, pixels, LocalStorage, SessionStorage, IndexedDB or browser fingerprinting technologies. These technologies can be used to recognise you across devices and websites.

In accordance with § 25 (1) TDDDG (German Telecommunications Digital Services Data Protection Act, Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz), we generally require your consent to use these technologies. According to § 25 (2) TDDDG, such consent is only not required if the technologies either enable the transmission of a message via a public telecommunications network or if they are necessary to provide a telemedia service that you have expressly requested.

Technically necessary terminal device information

In addition to the aforementioned access data, technologies are used when using the Website and the PaceViewer App that store information on your terminal device (e.g. desktop PC, laptop, tablet and smartphone) or access information already stored on your terminal device. These technologies may include, for example, so-called cookies, pixels, LocalStorage, SessionStorage, IndexedDB or browser fingerprinting technologies. These technologies can be used to recognize you across devices and websites.

In accordance with § 25 (1) TDDDG, we generally require your consent to use these technologies. Such consent is not required under § 25 (2) TDDDG only if the technologies either enable the transmission of a message via a public telecommunications network or if they are strictly necessary to provide a tele media service as explicitly requested by you.

Technically necessary end device information

Some elements of our Website serve the sole purpose of transmitting a message (§ 25 (2) No. 1 TDDDG) or are strictly necessary to provide you with our Website, the PaceViewer App or individual functionalities of our website or the PaceViewer App (§ 25 (2) No. 2 TDDDG):

Language settings
Color scheme settings
Log-in information, i.e. information about the region/country of access, time zone

The elements are deleted once storage is no longer required.

You can prevent processing by making the appropriate settings in your browser software. For elements whose storage duration is not limited to the session, you can delete the elements after the end of your session in the settings of your browser software.

Technically non-necessary end device information

We also use elements on the Website and the PaceViewer App that are not technically necessary. In accordance with legal requirements, we only use these technologies with your consent. Information about the individual technologies and functions can be found within the Consent-Management-Platform („Cookie Banner“) as well as organized by individual functions in the following information.

Consent-Management-Platform

To obtain consent on our Website https://paceviewer.com/ for the processing of your end device information and personal data by means of cookies or other tracking technologies, we use a consent tool. This gives you the opportunity to consent to or reject the processing of your end device information and personal data by means of cookies or other tracking technologies for the purposes listed in the consent tool. Such processing purposes may include, for example, the integration of external elements, integration of streaming content, statistical analysis, reach measurement, individualized product recommendations or individualized advertising.

You can grant or refuse your consent for all processing purposes or grant or refuse your consent for individual purposes. The settings you have made can also be changed by you afterwards. The purpose of integrating the consent tool is to leave the decision about the setting of cookies and similar functionalities to the users of our websites and to offer the possibility to change settings already made during further use of our Website. While using the consent tool, personal data as well as information from the end devices used are processed by us. The information about the settings you have made is also stored on your end device.

The legal basis for processing is Art. 6 (1) s. 1 lit. c) GDPR in conjunction with Art. 7 (1) GDPR, insofar as the processing serves to fulfil the legally standardized obligation to provide evidence for the granting of consent. Otherwise, Art. 6 (1) s. 1 lit. f) GDPR is the relevant legal basis. Our legitimate interests in the processing lie in the storage of user settings and preferences regarding the use of cookies and the evaluation of consent rates. Upon request, we provide information about the balancing of interests carried out. The user settings made are stored until they are no longer required for the purposes for which they were collected, unless you delete the information about your user settings in the designated end device capacities beforehand.

Recipients of the personal data processed in this context are the providers of the Consent-Management-Platform we use:

Borlabs GmbH (Hamburger Str. 11, 22083 Hamburg, Germany) regarding the Consent-Management-Platform „Borlabs Cookie“

3. Contact with our company

When you contact our company, e.g. by email or via the contact form on the Website, the personal data you provide will be processed by us in order to respond to your inquiry. For processing inquiries via the contact form, it is mandatory to provide a first and last name, a valid business email address and the name of your company. At the time of sending the message to us, your IP address as well as the date and time of registration are also processed. The legal basis for processing is Art. 6 (1) s. 1 lit. f) GDPR or Art. 6 (1) s. 1 lit. b) GDPR if the contact is aimed at concluding a contract. If the inquiry is aimed at concluding a contract, the provision of your data is required and mandatory. If the data is not provided, the conclusion or execution of a contract and the processing of the inquiry is not possible. The other data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems. We delete the data incurred in this process after processing is no longer required – as a rule two years after the end of communication – or restrict processing if necessary to compliance with existing mandatory legal retention obligations.

You can object to the processing if it is based on Art. 6 (1) s. 1 lit. f) GDPR. Your right to object exists on grounds relating to your particular situation. You can submit your objection to us using the contact details provided in the „Controller“ section.

4. Test Access and online contract conclusion

If you wish to request test access or place an order via our Website, it is necessary and mandatory for the initiation and conclusion of the contract that you provide personal data such as your first and last name, your address, your email address and the company tax ID. The mandatory information required for order and contract processing is marked separately, further information is provided voluntarily. We process your data for order processing and for this purpose will in particular forward payment data to the payment service provider you have selected. The legal basis for processing is Art. 6 (1) s. 1 lit. b) GDPR. The provision of your data is required and mandatory for the conclusion or execution of the contract. If you do not provide your data, the conclusion and/or execution of the contract is not possible.

We delete the data incurred in this context after storage is no longer required or restrict processing if legal retention obligations exist. Due to mandatory commercial and tax law provisions, we are obliged to retain your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations.

5. Login area / customer account

To use our PaceViewer App, you need a login, for which you must register with the following information:

First and last name,
Email address and
Self-selected password

Furthermore, at the time of registration, your IP address as well as the date and time of registration are processed.

The following functions are available in the login area:

Modification of your profile data
Review of orders/bookings made
Manage, change, or cancel newsletter subscription
Management of the account linking with your Google/Microsoft account (further information under the section „Linking with Google/Microsoft Account“)

If you use the login area of the PaceViewer App to, for example, edit profile data or view orders made, we also process the data about you required for contract initiation or contract fulfilment, in particular address data and information on the payment method.

The legal basis for processing is Art. 6 (1) s. 1 lit. b) GDPR. The provision of the data is required and mandatory for the conclusion or execution of the contract. If you do not provide your data, you can neither register nor use the login area, i.e. the conclusion and/or execution of a contract is not possible.

Your data will be deleted as soon as it is no longer required for the processing purpose. This is the case after deletion of the customer account, unless we are obliged to retain the data due to legal provisions. In this case, we restrict processing. Due to mandatory commercial and tax law provisions, we are obliged to retain your address, payment and order data for a period of up to ten years.

6. Linking with Google/Microsoft Account

To use our services for your monitoring, you can link your Google and/or Microsoft account within the PaceViewer App using the OAuth procedure. Through this linking, the PaceViewer App can access the Google Ads and/or Microsoft Advertising data and subsequently process it for you. The data access serves exclusively for the analysis, reporting and presentation of performance in the functionalities of the PaceViewer App.

The following data is processed by the PaceViewer App:

Microsoft

E-mail addresses (linked user account)
First and last names (linked user account)
Accounts (ID, name, time zone, currency)
Campaigns (ID, name, labels)
Metrics (time, costs, conversions, revenue, impressions, clicks)

Google

E-mail addresses (linked user account)
First and last names (linked user account)
Accounts (ID, name, time zone, currency)
Campaigns (ID, name, labels)
Metrics (time, costs, conversions, revenue, impressions, clicks)

Disclosure: Data is only disclosed to processors (e.g. hosting) based on a data processing agreement in accordance with Art. 28 GDPR.

Data security: In the case of linking, no passwords from Google or Microsoft accounts are stored, only OAuth tokens. The data is encrypted both during transmission and at rest in accordance with the current state of technology.

The data retrieved via the linking is deleted as soon as it is no longer required for the processing purpose. This is the case after deletion of the customer account or at any time upon request. The linking between a Google or Microsoft account and the PaceViewer App can be terminated at any time in the customer account.

7. Customer Advertising

We reserve the right to use the email address you provided during the order in accordance with legal provisions to send you the following content by email during or following the order, unless you have already objected to this processing of your email address:

Information on new features of our app
New offers for service offerings of our products and services
Individual customer consulting
Invitations to events of our company
Requests for special wishes
Requests for customer feedback / customer satisfaction
In case of cancellation: request for feedback and customer retention

The legal basis for data processing is Art. 6 (1) s. 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing are to increase and optimize our service offerings, send direct marketing and ensure customer satisfaction. Upon request, we provide information about the balancing of interests carried out. We delete your data when you end the usage process, but at the latest 3 years after termination of the contract.

We inform you that you can object to the receipt of direct marketing as well as to the processing for the purpose of direct marketing at any time, without incurring any costs other than the transmission costs according to the basic tariffs. You have a general right to object without giving reasons (Art. 21 (2) GDPR). To do this, click on the unsubscribe link in the respective email or send us your objection to the contact details provided in the „Controller“ section.

8. Payment processing

On our Website we offer various payment methods. After selecting one of the offered payment methods, the payment data you provided (e.g. as part of the order process) together with information about your order as well as first and last name, purpose, order/invoice/customer number are processed for the purpose of payment processing. To assign your payment, we process your delivery/billing address, email address and the selected payment method. In the event of transmission of the data required for payment processing, this is done via the secure „SSL“ procedure.

For payment processing, we also partially use external payment service providers. Further information on these payment service providers can be found in the „Payment Service Providers“ section.

The legal basis for processing is Art. 6 (1) s. 1 lit. b) GDPR. The provision of your payment data is required and mandatory for the conclusion or execution of the contract. If the payment data is not provided, the conclusion and/or execution of the contract using the selected payment method is not possible.

Payment Service Providers:

PayPal

On our Website we offer you payment via „PayPal“ (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg as well as PayPal Holdings, Inc., 2211 North First Street · 95131 San José, California, USA; hereinafter: „PayPal“). For payment, you must log in to your PayPal account. Your payment data provided to PayPal is processed by PayPal for the purpose of payment processing. Further information on data processing by PayPal can be found here: https://www.paypal.com/de/legalhub/paypal/privacy-full?locale.x=en_DE.

In order to assign your payment, we process your delivery/billing address, email address and the selected payment method. We delete the data incurred in this context after storage is no longer required or restrict processing if legal retention obligations exist. Due to mandatory commercial and tax law provisions, we are obliged to retain your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations.

The legal basis is Art. 6(1)(1) lit. b) GDPR. The provision of your payment data is required and mandatory for the conclusion or execution of the contract. If the payment data is not provided, the conclusion and/or execution of the contract using the payment method PayPal is not possible.

PayPal also processes your data in the USA. Standard data protection clauses have been concluded with PayPal Holdings, Inc. to commit PayPal Holdings, Inc. to an appropriate level of data protection. You can view a copy of the standard data protection clauses at PayPal at https://www.paypal.com/de/smarthelp/contact-us/privacy. Further information, including on the storage period, can be found in PayPal’s privacy policy at https://www.paypal.com/de/legalhub/paypal/privacy-full?locale.x=en_DE.

Integration of Payment Service Providers

The payment options „SEPA Direct Debit“, „PayPal“ and „Credit Card“ are integrated via „Stripe“ (Stripe Payments Europe, Ltd., c/o A&L Goodbody, IFSC North Wall Quay Co Dublin, D01 H104, Ireland as well as Stripe, Inc., Townsend Street, San Francisco, CA 94103, USA; hereinafter: „Stripe“). If you select one of the mentioned payment options, your payment data provided during the booking process together with the information about your booking will be passed on to Stripe for the purpose of payment processing. The processing is based on Art. 6(1) s. 1 lit. b) GDPR. The provision of the payment data is required and mandatory for the conclusion or execution of the contract. If the payment data is not provided, the conclusion and/or execution of the contract using the mentioned payment methods is not possible. Stripe also processes your data for the purpose of fraud prevention. For this purpose, Stripe uses cookies or other technologies to track specific user behaviour on our website. With the help of cookies and other tracking technologies, Stripe processes the information generated about the use of our Website by your device – e.g. that you have accessed a specific website – and processes, among other things, the data mentioned in the „Access to Our Website“ section, in particular your IP address, browser information, the previously visited website as well as the date and time of the server request. The processing is based on Art. 6 (1) s.1 lit. f) GDPR. Our legitimate interests lie in fraud prevention. Upon request, we provide information about the balancing of interests carried out. With the collected information, potential harmful or illegal activities can be detected. As part of the data processing, your data is also transferred to the USA. For data transfer to the USA, there is a data protection adequacy decision by the EU Commission. In addition, standard data protection clauses have been concluded with Stripe, Inc. to commit Stripe, Inc. to an adequate level of data protection. You can request a copy of the standard data protection clauses from Stripe at privacy@stripe.com. Further information on data protection and the storage period at Stripe can be found at: https://stripe.com/de/privacy.

You can object to the processing if it is based on Art. 6(1) s. 1 lit. f) GDPR. Your right to object exists on grounds relating to your particular situation. You can submit your objection to us using the contact details provided in the „Controller“ section.

9. Website Hosting

We use external hosting services from the provider Mittwald CM Service GmbH & Co. KG (Königsberger Straße 4-6, 32339 Espelkamp, Germany, hereinafter Mittwald), which serve to provide the following services on our Website: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services, hosting of the WordPress website. For these purposes, all data – including the access data mentioned under the section „Access to Our Website“ – is processed that is required for the operation and use of our Website.

Mittwald processes your personal data as our processor based on a data processing agreement in accordance with Art. 28 GDPR.

10. PaceViewer App Hosting

We use external hosting services from the provider Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany, hereinafter Hetzner), which serve to provide the following services on our app: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. For these purposes, all data – including the access data mentioned under the section „Access to Our Website“ – is processed that is required for the operation and use of our App. Hetzner processes your personal data as our processor based on a data processing agreement in accordance with Art. 28 GDPR.

11. Integration of third-party content

YouTube Videos

We use plug-ins of the video platform „YouTube.de“ or „YouTube.com“, a service of YouTube, LLC (principal place of business at 901 Cherry Avenue, San Bruno, CA 94066, USA; hereinafter: „YouTube“), for which „Google“ (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: „Google“) is the controller within the meaning of data protection law. By processing data through the plug-ins, we pursue the purpose of integrating visual content („videos“) that we have published on Youtube.de or Youtube.com on this website as well. All videos are integrated in „enhanced privacy mode“, which means that no data about you as a user is transmitted to YouTube if you do not play the videos. While videos are being played on our Website, YouTube receives the information that you have accessed the corresponding subpage of our Website. In addition, some of the data mentioned in the section „Access to our Website“ is transmitted to Google. This occurs regardless of whether YouTube provides a user account through which you are logged in, or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish the association with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and processes it regardless of the existence of a user account with Google for purposes of advertising, market research and/or demand-oriented design of its website. Regarding the storage of and access to information on your device, your consent is the legal basis pursuant to Section 25 (1) TDDDG; for further processing, your consent is likewise the legal basis pursuant to Art. 6 (1) s. 1 lit. a) GDPR. Google also processes the data in part in the USA. For data transfer to the USA, a data protection adequacy decision of the EU Commission exists. Google, LLC is certified under this framework. In addition, so-called Standard Contractual Clauses have been concluded with Google, LLC to oblige Google, LLC to an adequate level of data protection. You can obtain a copy of the Standard Contractual Clauses at https://cloud.google.com/terms/sccs. Further information on the purpose and scope of processing by YouTube and the storage duration at YouTube or Google can be found in Google’s privacy policy at https://policies.google.com/privacy.

You can revoke your consent to the processing at any time by refusing the use of cookies and similar tracking technologies in our consent tool . The lawfulness of the processing remains unaffected until the revocation is exercised.

12. Services for statistical, analysis and marketing purposes

We use services from third-party providers for statistical, analysis and marketing purposes. In this way, we are able to provide you with a user-friendly, optimized use of the Website. The third-party providers use cookies, pixels, browser fingerprinting or other tracking technologies to control their services. We inform you below about the services of external providers currently used on our Website as well as about the respective processing in individual cases and about your existing revocation options.

Google Analytics 4

To optimally align our Website with user interests, we use „Google Analytics 4“, a web analysis service from „Google“ (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: „Google“ and „Google Analytics 4“). Google Analytics 4 uses so-called cookies, which are stored on your device for recognition purposes, as well as similar tracking methods for recognizing devices such as counting pixels, device fingerprinting and programming interfaces (e.g. APIs and SDKs) to process information from your device. For this purpose, your device is assigned a randomly generated identification number (cookie ID/device ID). Using these technologies, Google processes the information generated about the use of our Website by your device as well as access data for the purpose of statistical analysis – e.g. accessing a specific website, number of unique visitors, entry and exit pages, duration of visit, clicking, swiping and scrolling behaviour, activation of buttons, newsletter registration, bounce rate and similar user interactions. For this purpose, it can also be determined whether different devices belong to you or to your household. Access data includes in particular the IP address, browser and device information, cookie ID/device ID, the previously visited website as well as the date and time of the server request. Individual IP addresses are not logged or stored in Google Analytics 4 systems. At the moment your IP address is captured by Google in special local data centres in the EU, your IP address is used to determine location information. Subsequently, the IP address is deleted before the access data is stored in a data centre or on a server for Google Analytics. Google Analytics 4 does not provide precise geographic location data, but only general location information such as the region and city of the device’s location, which is derived from the IP address. Google will process this information to evaluate your use of the Website, to compile reports on Website activities for us and – insofar as we separately indicate this – to provide us with further services related to Website use. If you are registered with a Google service, Google can assign the Website visit to a user account and create and evaluate cross-application user profiles.

In addition, a cross-platform analysis of user behaviour on websites and apps that use Google Analytics 4 technologies takes place. This allows user behaviour to be equally captured, measured and compared in different environments. For example, automated scroll events of the user are captured to enable a better understanding of the use of websites and apps. Different cookie IDs/device IDs are used for different devices for this purpose. Subsequently, we are provided with anonymized statistics created according to selected criteria about the use of the different platforms.

Regarding the storage of and access to information on your device, the legal basis is Section 25 (1) TDDDG; for further processing, the legal basis is Art. 6 (1) s. 1 lit. a) GDPR. Google also processes the data in part in the USA. For data transfer to the USA, an adequacy decision of the EU Commission exists. In addition, so-called Standard Contractual Clauses have been concluded with Google to oblige Google to an adequate level of data protection. You can obtain a copy of the Standard Contractual Clauses at https://cloud.google.com/terms/sccs. Your data in connection with Google Analytics 4 will be deleted after 24 months at the latest. Further information on data protection at Google can be found at: http://www.google.de/intl/de/policies/privacy.

Google Ads Remarketing

We use the tool Google Ads with the Dynamic Remarketing function from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: „Google“ and „Google Ads“). With the Dynamic Remarketing function, we can recognize users of our Website on other websites within the Google advertising network (in the „Google“ search or on „YouTube“, so-called „Google Ads“ or on other websites) and present them with advertising tailored to their interests. The advertisements may also relate to products and services that you have already viewed on our websites. For this purpose, the interaction of users on our Website is analysed, e.g. which offers the user was interested in, to be able to display targeted advertising to users on other sites even after visiting our Website. If you visit our Website, a cookie is stored on your device by Google Ads. Using the cookies, Google processes the information generated by your device about the use of our Website and interactions with our Website as well as in particular your IP address, browser information, the previously visited website as well as the date and time of the server request, for the purpose of delivering personalized advertisements. For this purpose, it can also be determined whether different devices belong to you or to your household. If users are registered with a Google service, Google can assign the visit to the user account and create and evaluate cross-application user profiles. Regarding the storage of and access to information on your device, the legal basis is Section 25 (1) TDDDG; for further processing, the legal basis is Art. 6 (1) s. 1 lit. a) GDPR. Google also processes the data in part in the USA. For data transfer to the USA, a data protection adequacy decision of the EU Commission exists. In addition, so-called Standard Contractual Clauses have been concluded with Google to oblige Google to an adequate level of data protection. You can obtain a copy of the Standard Contractual Clauses at https://cloud.google.com/terms/sccs. The storage duration at Google is a maximum of 12 months. Further information on data protection and the storage duration at Google can be found at: https://policies.google.com/privacy.

Google Ads Conversions

We use the Google Ads service from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: „Google“ and „Google Ads“) to draw attention to our offers on external websites using advertising materials (formerly so-called „Google AdWords“). We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. These advertising materials are delivered by Google via so-called ad servers. For this purpose, we use ad server cookies, through which certain parameters for reach measurement, such as display of the advertisements or clicks by users, can be measured.

If you reach our Website via a Google advertisement, a cookie is stored on your device by Google Ads. Using the cookies, Google processes the information generated by your device about interactions with our advertising materials (accessing a specific website or clicking on an advertising material), in particular your IP address, browser information, the previously visited website as well as the date and time of the server request, for the purpose of analysing and visualizing the reach measurement of our advertisements.

For this purpose, it can also be determined whether different devices belong to you or to your household. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider obtains and processes your IP address. We only receive statistical evaluations from Google for measuring the success of our advertising materials. Regarding the storage of and access to information on your device, the legal basis is Section 25 (1) TDDDG; for further processing, the legal basis is Art. 6 (1) s. 1 lit. a) GDPR. Google also processes the data in part in the USA. For data transfer to the USA, a data protection adequacy decision of the EU Commission exists. In addition, so-called Standard Contractual Clauses have been concluded with Google to oblige Google to an adequate level of data protection. You can obtain a copy of the Standard Contractual Clauses at https://cloud.google.com/terms/sccs. The storage duration at Google is a maximum of 12 months. Further information on data protection and the storage duration at Google can be found at: https://policies.google.com/privacy.

Google Ads Enhanced Conversions

To optimize the success of our advertising campaigns and better understand them, we use the „Google Enhanced Conversions“ function of the Google Ads service from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: „Google“). In doing so, Google processes the personal data previously provided by our customers or users during the ordering process or during newsletter registration, captured by conversion tracking tags and then transmitted to Google, such as name/first name and email addresses. The information processed in this way is mapped into hashed checksums („hash values“) using cryptographic methods („Secure Hashing Algorithm 256“ („SHA 256“)) before transmission to Google. This pseudonymized customer information is then automatically matched by Google after transmission with available information from Google accounts. In this way, the „conversions“ of our campaign are assigned to ad events such as clicks or views. Regarding the storage of and access to information on your device as well as the hashing of your personal data, your consent is the legal basis pursuant to Section 25 (1) TDDDG; for further processing, your consent is likewise the legal basis pursuant to Art. 6 (1) s. 1 lit. a) GDPR. Google also processes the data in part in the USA. For data transfer to the USA, a data protection adequacy decision of the EU Commission exists. Google is certified under this framework. In addition, so-called Standard Contractual Clauses have been concluded with Google to oblige Google to an adequate level of data protection. You can obtain a copy of the Standard Contractual Clauses at https://cloud.google.com/terms/sccs. The storage duration at Google is a maximum of fourteen months. Further information on data protection and the storage duration at Google can be found at: https://policies.google.com/privacy.

Microsoft Ads Remarketing

We use the tracking functions of Bing Ads from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; hereinafter: „Microsoft“ and „Microsoft Ads“) on our Website. In doing so, a cookie is stored on the user’s device by Microsoft to measure the reach of our advertisements and to enable the attribution of the success of an advertising material. We use the online advertising service „Microsoft Ads“ which uses technologies such as „cookies“, „tracking pixels“ and „device fingerprinting“ to display interest-based advertisements to users in relation to search results in search engines from „Bing“ and „Yahoo“. The advertisements may also relate to products and services that users have already viewed on our Website. For this purpose, the interaction of users on our Website is analysed in advance, e.g. which offers users are interested in, to be able to display targeted advertising to users on other sites even after visiting our Website. If users visit our Websites, a cookie is stored on users‘ devices by Microsoft Ads. Using cookies and tracking pixels, Microsoft processes the information generated by users‘ devices about the use of our Website and interactions with our Website as well as access data, in particular the IP address, browser information, the previously visited website as well as the date and time of the server request, across devices for the purpose of delivering and analysing personalized advertisements. For this purpose, it can also be determined whether different devices belong to you or to your household. The legal basis regarding the storage of and access to information on your device is your consent pursuant to Section 25 (1) TDDDG; for further processing, your consent is likewise the legal basis pursuant to Art. 6 (1) s. 1 lit. a) GDPR. Microsoft also processes the data in part in the USA. For data transfer to the USA, a data protection adequacy decision of the EU Commission exists. In addition, so-called Standard Contractual Clauses have been concluded with Microsoft Corporation to oblige Microsoft Corporation to an adequate level of data protection. You can obtain a copy of the Standard Contractual Clauses by request at https://go.microsoft.com/fwlink/p/?linkid=2126612. The storage duration of the information in the Microsoft Ads cookies is 13 months. Further information on data protection and the storage duration in the context of „Microsoft Ads“ can be found at: https://www.microsoft.com/de-de/privacy/privacystatement.

Microsoft Ads Conversion

We use the tracking functions of Bing Ads from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; hereinafter: „Microsoft“ and „Microsoft Ads“) on our Website. In doing so, a cookie is stored on the user’s device by Microsoft to measure the reach of our advertisements and to enable the attribution of the success of an advertising material. The online advertising service „Microsoft Ads“ uses technologies such as „cookies“, „tracking pixels“ and „device fingerprinting“ to serve relevant ads to users and to improve reports on the effectiveness of campaigns. In doing so, information that is stored on users‘ devices is also processed. If users access our Website due to a click on an advertisement in the Bing and Yahoo search engines, a cookie is stored on users‘ devices by Microsoft Ads and a click ID is assigned to your browser. Using cookies and tracking pixels, Microsoft processes the information generated by users‘ devices about the use of our Website and interactions with our Website as well as access data, in particular the IP address, browser information, the previously visited website as well as the date and time of the server request, across devices for the purpose of delivering and analysing personalized advertisements. For this purpose, it can also be determined whether different devices belong to you or to your household. In addition, the online advertising service Microsoft Ads makes it possible to measure the reach of our advertisements and to enable the attribution of the success of an advertising material. For this purpose, ad server cookies are used, through which certain parameters for reach measurement, such as display of the advertisements, duration of viewing or clicks by users, can be measured. Regarding the storage of and access to information on your device, the legal basis is Section 25 (1) TDDDG; for further processing, the legal basis is Art. 6 (1) s. 1 lit. a) GDPR. Microsoft also processes the data in part in the USA. For data transfer to the USA, a data protection adequacy decision of the EU Commission exists. In addition, so-called Standard Contractual Clauses have been concluded with Microsoft Corporation to oblige Microsoft Corporation to an adequate level of data protection. You can obtain a copy of the Standard Contractual Clauses by request at https://go.microsoft.com/fwlink/p/?linkid=2126612. The storage duration of the information in the Microsoft Ads cookies is 13 months. Further information on data protection and the storage duration in the context of „Microsoft Ads“ can be found at: https://www.microsoft.com/de-de/privacy/privacystatement.

Microsoft Ads Enhanced Conversion Tracking

We use the „Enhanced Conversion Tracking“ („Enhanced Conversions“) function of the „Microsoft Ads“ service from „Microsoft Corporation“ (One Microsoft Way, Redmond, WA 98052-6399, USA; hereinafter: „Microsoft“ and „Microsoft Ads“) on our Website to optimize the success of our advertising campaigns and better understand them. In doing so, „Microsoft“ processes the information previously provided by our customers or users during the ordering process or during newsletter registration and captured by us via conversion tracking tags and then transmitted to „Microsoft“, such as name/first name and email addresses. The data processed in this way is mapped into hashed codes or checksums („hash values“) using cryptographic methods („Secure Hashing Algorithm 256“ („SHA 256“)) before transmission to „Microsoft“. This pseudonymized customer information is then automatically matched by „Microsoft“ after transmission with available information from „Microsoft“ accounts. In this way, the „conversions“ of our campaign are assigned to ad events such as clicks or views. Regarding the storage of and access to information on your device as well as the hashing of your personal data, your consent is the legal basis pursuant to Section 25 (1) TDDDG; for further processing, your consent is likewise the legal basis pursuant to Art. 6 (1) s. 1 lit. a) GDPR. „Microsoft“ also processes the data in part in the USA. For data transfer to the USA, a data protection adequacy decision of the EU Commission exists. „Microsoft Corporation“ is certified under this framework. In addition, so-called Standard Contractual Clauses have been concluded with „Microsoft“ to oblige „Microsoft“ to an adequate level of data protection. You can obtain a copy of the Standard Contractual Clauses by request at https://go.microsoft.com/fwlink/p/?linkid=2126612. The storage duration regarding the hashed data at „Microsoft“ is a maximum of thirty days. Further information on data protection and the storage duration at „Microsoft“ can be found at https://www.microsoft.com/en-us/privacy/privacystatement#maincookiessimilartechnologiesmodule.

Microsoft Clarity

To optimally align our Website with user interests, we use „Microsoft Clarity“, a service from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; hereinafter: „Microsoft“ and „Microsoft Ads“). Microsoft Clarity uses so-called „cookies“, which are stored on your device for recognition purposes, as well as similar tracking methods for recognizing devices such as counting pixels, device fingerprinting and programming interfaces (e.g. APIs and SDKs) to process information from your device. For this purpose, your device is assigned a randomly generated identification number (cookie ID/device ID).

Using these technologies, „Microsoft“ processes the information generated about the use of our Website by your device as well as access data for the purpose of statistical analysis – e.g. accessing a specific website, number of unique visitors, entry and exit pages, duration of visit, clicking, swiping and scrolling behaviour, activation of buttons, newsletter registration, bounce rate and similar user interactions. For this purpose, it can also be determined whether different devices belong to you or to your household. Access data includes in particular the IP address, browser and device information, cookie ID/device ID, the previously visited website as well as the date and time of the server request.

Regarding the storage of and access to information on your device, your consent is the legal basis pursuant to Section 25 (1) TDDDG; for further processing, your consent is likewise the legal basis pursuant to Art. 6 (1) s. 1 lit. a) GDPR. Microsoft also processes the data in part in the USA. For data transfer to the USA, an adequacy decision of the EU Commission exists. Microsoft Corporation is certified under this framework. In addition, so-called Standard Contractual Clauses have been concluded with Microsoft Corporation to oblige Microsoft Corporation to an adequate level of data protection. You can obtain a copy of the Standard Contractual Clauses by request at https://go.microsoft.com/fwlink/p/?linkid=2126612. The storage duration of the information in the Microsoft Clarity cookies is up to 12 months. Further information on data protection and the storage duration in the context of Microsoft Clarity can be found at: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/richtlinien-zur-datensicherheit-und-datnschutzerklaerung.

LinkedIn Ads (Retargeting)

In addition, the analysis and retargeting functions „LinkedIn Ads“ from LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland; hereinafter: „LinkedIn“) are used on our Website. In doing so, LinkedIn processes the information generated in particular using cookies, tracking pixels and fingerprinting methods about the use of our Website by your device to capture specific user behaviour on our Website. In doing so, information stored on users‘ devices is also processed, e.g. in particular IP addresses, browser information, login data, information about the operating system used as well as other data mentioned in the section „Access to our website“. This allows us to specifically address users of our Website and users of LinkedIn who belong to a comparable target group with interest-based advertisements („LinkedIn Ads“) during their visit to the social network LinkedIn, which are based on previous usage behaviour. Using the tracking technologies employed by LinkedIn, your internet browser automatically establishes a direct connection with LinkedIn’s servers. If you are registered with a LinkedIn service, LinkedIn can assign the captured information to your user account. Even if you do not have a user account with LinkedIn or have not logged in, there is a possibility that LinkedIn obtains and processes in particular your IP address and other identifying characteristics. In doing so, we do not carry out any personal identification of the respective users. The possibility of retargeting exists for us up to 90 days after your visit to our Website, unless you have consented to the processing again. Regarding the storage of and access to information on your device, the legal basis is your consent pursuant to Section 25 (1) TDDDG; for further processing, the legal basis is consent pursuant to Art. 6 (1) s. 1 lit. a) GDPR. LinkedIn also processes the data in the USA. For data transfer to the USA, a data protection adequacy decision of the EU Commission exists. LinkedIn is certified under this framework. We have concluded so-called Standard Contractual Clauses with LinkedIn to oblige LinkedIn to an adequate level of data protection. Upon request, we will be happy to provide you with a copy. Further information on data protection and the storage duration at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

LinkedIn Ads (Conversion)

We use the „LinkedIn Ads“ functions from LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland; hereinafter: „LinkedIn“) on our Website. If you reach our Website via an advertisement from LinkedIn, a cookie is set on your device or in your browser by LinkedIn to measure the reach of our advertisements, to enable the attribution of the success of an advertising material in relation to a specific campaign, and to continuously improve our advertisements. Using the cookies, LinkedIn processes the information generated by your device about interactions with our advertising materials (e.g. accessing a specific website or clicking on an advertising material) as well as some of the data mentioned in the section „Access to our Website“, such as your IP address, device and browser information, referrer URL as well as timestamps for the purpose of analysing the reach and success measurement of our advertisements, whereby LinkedIn shortens the IP addresses. By using the conversion tracking functions of LinkedIn, we can in particular determine to what extent the advertisements we have placed have influenced relevant actions on our Website. For this purpose, your browser automatically establishes a direct connection with the LinkedIn server. If you are logged in to a LinkedIn service, LinkedIn can assign the captured information, in particular information about the visit to our Website, to your user account. The direct identifiers of registered users processed in this context are removed by LinkedIn within seven days, and the remaining data is then deleted within 180 days. Even if you do not have a user account with LinkedIn or have not logged in, there is a possibility that LinkedIn obtains and processes in particular your IP address and other identifying characteristics. As part of the evaluation, LinkedIn does not share any personal data with us but only transmits statistical evaluations for measuring the success of our advertising materials. We thereby learn in the form of statistics to what extent our advertisements displayed on LinkedIn are successful and have led to relevant actions on our Website. We also receive statistical analyses about which groups of people (e.g. of a specific job title, company, industry) have performed actions. Based on this, we can specify our target groups and improve the targeting of our advertising materials. Regarding the storage of and access to information on your device, consent pursuant to Section 25 (1) TDDDG is the legal basis; for further processing, consent pursuant to Art. 6 (1) s. 1 lit. a) GDPR is the legal basis for processing. LinkedIn also processes the data in the USA. For data transfer to the USA, a data protection adequacy decision of the EU Commission exists. LinkedIn is certified under this framework. We have additionally concluded so-called Standard Contractual Clauses with LinkedIn to oblige LinkedIn to an adequate level of data protection. Upon request, we will be happy to provide you with a copy. Further information on data protection and the storage duration at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

Social Media Presence

1. General

We maintain publicly accessible profiles on various social networks (hereinafter collectively: „Our Profiles“). Your visit to Our Profiles initiates a multitude of data processing operations. Below, we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles. You are not obligated to provide us with your personal data. However, this may be necessary for individual functionalities of our profiles on social networks. These functionalities are not available to you or are only available to a limited extent if you do not provide us with your personal data.

When you visit our profiles, your personal data is collected, used and stored not only by us, but also by the operators of the respective social network. This also occurs if you do not have a profile on the respective social network yourself. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily comprehensible to us. Details about the collection and storage of your personal data as well as the nature, scope and purpose of their use by the operator of the respective social network can be found in the privacy policies of the respective operator:

a) Instagram

The privacy policy for the social network Instagram, which is operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, can be viewed at https://privacycenter.instagram.com/policy.

b) LinkedIn

The privacy policy for the social network LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, can be viewed at https://ch.linkedin.com/legal/privacy-policy.

2. Communication with Users

The use of our profiles serves the purposes of public relations about our company and communication and contact with potential customers. As part of the use of our profiles, we process personal data such as your name, your profile picture and your information that you have provided as part of the interactive functions (e.g. commenting, sharing and rating). The legal basis for the operation of our profiles and the processing of personal data is Art. 6 (1) s. 1 lit. f) GDPR. Our legitimate interest lies in the public relations of our company.

When visiting our profiles, data may be processed outside the European Union and in particular in the USA. For data transfer to the USA, a data protection adequacy decision of the EU Commission exists. The aforementioned social media providers are certified under this framework. Further information about a possible data transfer to a third country and the applicable legal basis for this can be found in the privacy policies of the social networks.

We have no influence on the storage duration of your personal data that you have published on our profiles. We store your data until the purpose of processing is achieved or we restrict the processing if statutory retention obligations exist. Further information on data protection and the storage duration can be found in the privacy policies of the social networks linked above.

You can object to the processing. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details specified in the „Controller“ section.

3. Statistical Information and Joint Controllership with Social Networks

The operators of the social networks on which we maintain our profiles provide us with statistical evaluations of the interactions with our profiles in anonymized form. We use this data to improve the user experience on our profiles. Conclusions about individual users and access to individual user profiles by us are not possible. Our legal basis for processing the information from the statistical evaluation is Art. 6 (4) GDPR in conjunction with Art. 6 (1) s. 1 lit. f) GDPR. Our legitimate interest in the statistical evaluation lies in the improvement and adaptation of our advertising measures based on the collected information and the possibility to learn more about the interaction of users on our profiles.

According to the case law of the European Court of Justice, the use of statistical evaluations may in certain circumstances be classified as data processing under joint controllership of the operator of the social network and the profile holder. Against this background, we have concluded an agreement on joint controllership pursuant to Art. 26 GDPR with the following operators of social networks:

a) LinkedIn

The agreement on joint controllership for LinkedIn Page Insights can be viewed at https://legal.linkedin.com/pages-joint-controller-addendum.

b) Facebook

The agreement on joint controllership for Instagram and Facebook Page Insights can be viewed at https://www.facebook.com/legal/controller_addendum.

Privacy Policy