top of page

Imprint & Privacy Policy

Imprint:

Information according to §5 TMG

Owner:
HLJ Kälte & Wärme Building Technology
Leisibachstrasse 34
6033 Buchrain LU, Switzerland

 

Contact:
Email: hlj@mail.ch
Mobile: +41 78 408 67 24

 

Tax Office:
VAT Identification Number in accordance with §27 of the German VAT Act: [please insert if available]

 

Image and Graphic Sources:

 

Disclaimer:

Liability for Content
As a service provider, we are responsible for our own content on these pages in accordance with §7 (1) TMG and general laws. However, according to §§8 to 10 TMG, we are not obligated to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information under general laws remain unaffected. Liability in this respect is, however, only possible from the point in time at which a specific legal violation becomes known. Upon becoming aware of any such legal violations, we will remove this content immediately.

Liability for Links
Our website contains links to external third-party websites over whose content we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the linked sites is always responsible for their content. The linked sites were checked for possible legal violations at the time of linking. No illegal content was identifiable at the time of linking. However, permanent monitoring of the linked pages is not reasonable without concrete evidence of a legal violation. Should we become aware of any such infringement, we will remove such links immediately.

Copyright
The content and works created by the site operators on these pages are subject to German copyright law. The duplication, processing, distribution, and any kind of exploitation outside the limits of copyright law require the written consent of the respective author or creator. Downloads and copies of this site are only permitted for private, non-commercial use. Insofar as the content on this site was not created by the operator, the copyrights of third parties are respected. In particular, third-party content is marked as such. If you nonetheless become aware of a copyright infringement, please inform us accordingly. Upon becoming aware of any such legal violation, we will remove the content immediately.

 

Source: eRecht24

Datenschutz

Privacy Policy

Introduction
With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to simply as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and in particular on our websites, in mobile applications, and within external online presences such as our social media profiles (collectively referred to as the "online offering").

The terms used are not gender-specific.

Last updated: October 24, 2022

Contents Overview

  • Introduction

  • Controller

  • Overview of Data Processing

  • Relevant Legal Bases

  • Security Measures

  • Transfer of Personal Data

  • Data Processing in Third Countries

  • Deletion of Data

  • Use of Cookies

  • Business Services

  • Payment Methods

  • Provision of the Online Offering and Web Hosting

  • Registration, Login, and User Account

  • Contact and Inquiry Management

  • Newsletters and Electronic Notifications

  • Promotional Communication via Email, Post, Fax, or Telephone

  • Contests and Competitions

  • Web Analysis, Monitoring, and Optimization

  • Online Marketing

  • Customer Reviews and Rating Systems

  • Presence in Social Networks (Social Media)

  • Plugins and Embedded Features and Content

  • Changes and Updates to this Privacy Policy

  • Rights of Data Subjects

  • Definitions of Terms

Controller
HLJ Kälte & Wärme Building Technology
Jan Pawlowski
Leisibachstrasse 34
6033 Buchrain LU, Switzerland

Contact:
Email: hlj@mail.ch
Mobile: +41 78 408 67 24

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of their processing, and references the categories of data subjects involved.

Types of Data Processed

  • Inventory data

  • Payment data

  • Location data

  • Contact data

  • Content data

  • Contract data

  • Usage data

  • Meta/communication data

  • Event data (Facebook)

Special Categories of Data

  • Health data

Categories of Data Subjects

  • Customers

  • Prospective customers

  • Communication partners

  • Users

  • Participants in contests and competitions

  • Business and contractual partners

  • Patients

Purposes of Processing

  • Provision of contractual services and customer service

  • Contact requests and communication

  • Security measures

  • Direct marketing

  • Reach measurement

  • Tracking

  • Office and organizational procedures

  • Management and response to inquiries

  • Conducting contests and competitions

  • Feedback

  • Marketing

  • Profiling with user-related information

  • Provision of our online offer and user-friendliness

  • IT infrastructure

Relevant Legal Bases

Below is an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. Where more specific legal bases are applicable in individual cases, these will be disclosed in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of personal data for one or more specific purposes.

  • Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Additional National Regulations

In addition to the GDPR, national data protection laws in Germany apply, particularly the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG includes specific regulations on the right of access, right to erasure, right to object, processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), especially with regard to the initiation, performance, or termination of employment relationships and employee consent. State-specific data protection laws may also apply.

Security Measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons.

These measures include safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to data as well as access, input, transfer, availability, and separation of the data. We also have procedures in place to ensure the exercise of data subjects’ rights, data deletion, and responses to data breaches. Furthermore, we consider the protection of personal data when developing or selecting hardware, software, and procedures, according to the principle of data protection by design and by default.

TLS Encryption (https)

To protect the data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in your browser’s address bar.

Transfer of Personal Data

In the context of processing personal data, it may be disclosed to or transferred to other entities, companies, legally independent organizational units, or individuals. Recipients may include IT service providers or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, enter into appropriate contracts or agreements that serve to protect your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or the processing occurs through the use of third-party services or disclosure or transfer of data to other individuals, entities, or companies, this is done only in accordance with legal requirements.

Subject to express consent or legally or contractually required transfers, we process or allow data to be processed only in third countries with a recognized level of data protection, or on the basis of contractual obligations (EU Commission Standard Contractual Clauses), certifications, or binding internal data protection rules (Art. 44 to 49 GDPR; EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Deletion of Data

The data we process will be deleted in accordance with legal requirements as soon as the consents permitting processing are revoked or other permissions cease to apply (e.g., if the purpose of the processing no longer exists or the data is no longer required for that purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to those purposes. That means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person.

Our privacy notices may contain additional information on the retention and deletion of data that apply primarily to the respective processing activities.

Use of Cookies

Cookies are small text files or other storage notes that store information on end devices and read information from them. For example, to store the login status in a user account, a shopping cart in an online shop, accessed content, or used functions of an online offer. Cookies can also be used for various purposes, such as functionality, security, comfort of online services, and analysis of visitor flows.

Consent Notice

We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless this is not required by law. Consent is not necessary particularly when storing and reading information (including cookies) is strictly necessary to provide users with a telemedia service they explicitly requested (i.e., our online offer). The revocable consent is clearly communicated to users and includes information about the specific cookie usage.

Legal Basis for Cookie Processing

The legal basis for processing personal data with the help of cookies depends on whether we ask users for consent. If users consent, the legal basis is their declared consent. Otherwise, the data processed via cookies is based on our legitimate interests (e.g., in the efficient and user-friendly operation of our online offer) or, if necessary, to fulfill our contractual obligations.

We inform users about the purposes for which we use cookies throughout this privacy policy or as part of our consent and processing procedures.

Storage Duration

We distinguish between the following types of cookies based on their storage duration:

  • Temporary cookies (also: session cookies): These are deleted at the latest after a user leaves the online offer and closes their end device (e.g., browser or mobile app).

  • Permanent cookies: These remain stored even after the end device is closed. For example, login status or preferred content may be retained for the next visit. Cookies may also be used for reach measurement. Unless otherwise specified, users should assume cookies are permanent and can be stored for up to two years.

General Information on Withdrawal and Objection (Opt-Out)

Users can withdraw their consent at any time and object to processing under the legal requirements of Art. 21 GDPR. They can express their objection via their browser settings, for example, by disabling cookie usage (which may limit functionality). An objection to cookies used for online marketing can also be declared via these websites:
https://optout.aboutads.info
https://www.youronlinechoices.com/

Further Information on Processing, Procedures, and Services

Processing of Cookie Data Based on Consent
We use a cookie consent management procedure, through which user consent to the use of cookies and related services and providers is obtained, managed, and revocable. The consent declaration is stored to prevent repeated prompts and to demonstrate compliance with legal requirements. Storage may occur server-side and/or in a cookie (opt-in cookie) to assign consent to a specific user or device. Unless otherwise stated, storage can last up to two years. A pseudonymous user identifier is created and stored with the time of consent, scope of consent (e.g., categories of cookies or service providers), as well as browser, system, and device details.

Business Services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships, associated measures, and communication with the contractual partners (including pre-contractual interactions), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations. These include, in particular, the obligation to provide the agreed services, fulfill any update obligations, and remedy warranty and other service-related issues. Furthermore, we process the data to safeguard our rights, fulfill administrative tasks associated with these obligations, and for business organization purposes. Additionally, we process the data based on our legitimate interests in a proper and economically sound business operation, as well as in implementing security measures to protect our contractual partners and business operations against misuse, data threats, trade secrets, and other rights (e.g., involving telecommunications, transportation, auxiliary services, subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities).

In accordance with applicable law, we only disclose contractual partners’ data to third parties to the extent required for the aforementioned purposes or to comply with legal obligations. Contractual partners are informed about further forms of data processing, such as for marketing purposes, within this Privacy Policy.

Which data is necessary for the aforementioned purposes is communicated to contractual partners either before or during the data collection process, e.g., in online forms, via special markings (e.g., colors) or symbols (e.g., asterisks), or in person.

We delete the data after the expiration of statutory warranty and similar obligations, generally after four years, unless the data is stored in a customer account, e.g., due to statutory archiving obligations. The legal retention period for tax-relevant documents and commercial records such as ledgers, inventories, opening balances, annual financial statements, and related organizational documents is ten years. For received and sent business correspondence, the retention period is six years. The retention period begins at the end of the calendar year in which the last entry was made, the inventory, opening balance, financial statement, or report was prepared, or correspondence was received/sent, or a booking document was created or otherwise originated.

If we use third-party providers or platforms to provide our services, their terms and privacy notices apply in relation to the users and the respective providers.

Types of Data Processed:
Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, content interest, access times); Meta/communication data (e.g., device information, IP addresses).

Special Categories of Personal Data:
Health data (Art. 9(1) GDPR).

Data Subjects:
Customers; Prospects; Business and contractual partners; Patients.

Purposes of Processing:
Provision of contractual services and customer support; Security measures; Contact inquiries and communication; Office and organizational procedures; Management and response to inquiries.

Legal Bases:
Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Provision of Online Services and Web Hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to deliver the content and functions of our online services to the user’s browser or device.

Types of data processed:
Usage data (e.g., websites visited, interest in content, access times);
Meta/communication data (e.g., device information, IP addresses);
Content data (e.g., entries in online forms).

Data subjects:
Users (e.g., website visitors, users of online services).

Purposes of processing:
Provision of our online services and user-friendliness;
Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.);
Security measures.

Legal basis:
Legitimate interests (Art. 6 (1) lit. f GDPR).

Additional Notes on Processing Activities, Procedures, and Services:

Provision of Online Services on Rented Hosting Space:
We use storage space, computing capacity, and software rented or otherwise obtained from a server provider (so-called "web host") to provide our online services.
Legal basis: Legitimate interests (Art. 6 (1) lit. f GDPR).

Collection of Access Data and Log Files:
Access to our online services is logged in the form of so-called "server log files." These logs may include the address and name of the accessed web pages and files, date and time of access, data volumes transferred, success messages, browser type and version, the user's operating system, referrer URL (the previously visited page), IP addresses, and the requesting provider. These logs are used for security purposes (e.g., to detect or prevent server overloads, particularly in the case of misuse such as DDoS attacks) and to ensure server stability and performance.
Legal basis: Legitimate interests (Art. 6 (1) lit. f GDPR).
Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data retained for evidence purposes is excluded from deletion until the incident is fully resolved.

Wix:
Hosting and software for creating, providing, and operating websites, blogs, and other online services.
Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel.
Legal basis: Legitimate interests (Art. 6 (1) lit. f GDPR).
Website: https://de.wix.com
Privacy Policy: https://de.wix.com/about/privacy
Data Processing Agreement: https://www.wix.com/about/privacy-dpa-users
Additional information: As part of the aforementioned Wix services, data may also be transferred to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA, on the basis of standard contractual clauses or equivalent data protection safeguards.

Registration, Login, and User Account

Users can create a user account. During the registration process, users are informed of the required mandatory information, which is processed for the purpose of providing the user account based on contractual obligations. The processed data includes login information (username, password, and an email address).

As part of the use of registration and login features, as well as the use of the user account, we store the IP address and the time of each user action. This is based on our legitimate interest and the users’ interest in protecting against misuse and unauthorized use. These data will not be shared with third parties unless necessary to pursue legal claims or required by law.

Users may be informed by email about processes relevant to their user account, such as technical changes.

Types of data processed:
Master data (e.g., names, addresses);
Contact data (e.g., email, phone numbers);
Content data (e.g., entries in online forms);
Meta/communication data (e.g., device information, IP addresses).

Data subjects:
Users (e.g., website visitors, users of online services).

Purposes of processing:
Provision of contractual services and customer support;
Security measures;
Administration and response to inquiries;
Provision of our online services and user-friendliness.

Legal basis:
Performance of a contract and pre-contractual inquiries (Art. 6 (1) lit. b GDPR);
Legitimate interests (Art. 6 (1) lit. f GDPR).

Additional Notes:

Registration with Real Names:
Due to the nature of our community, we ask users to use our services under their real names. The use of pseudonyms is not permitted.
Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 (1) lit. b GDPR).

Deletion of Data after Termination:
When users cancel their account, their data will be deleted, provided no legal obligation, permission, or user consent exists to retain the data.
Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 (1) lit. b GDPR).

No Data Retention Obligation:
Users are responsible for securing their data before the end of the contract. We are entitled to permanently delete all user data stored during the contract period.
Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 (1) lit. b GDPR).

Contact and Request Management

When contacting us (e.g., via contact form, email, telephone, or social media), and within the scope of existing user and business relationships, the information provided by the inquiring individuals will be processed as far as is necessary to respond to contact requests and any requested actions.

Types of data processed:
Contact data (e.g., email, phone numbers);
Content data (e.g., entries in online forms);
Usage data (e.g., websites visited, interest in content, access times);
Meta/communication data (e.g., device information, IP addresses).

Data subjects:
Communication partners.

Purposes of processing:
Handling contact inquiries and communication;
Administration and response to inquiries;
Feedback collection (e.g., via online forms);
Provision of our online services and user-friendliness.

Legal basis:
Legitimate interests (Art. 6 (1) lit. f GDPR);
Performance of a contract and pre-contractual inquiries (Art. 6 (1) lit. b GDPR).

Additional Notes:

Contact Form:
When users contact us via the contact form, email, or other means, the information provided will be processed to handle the request.
Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 (1) lit. b GDPR); Legitimate interests (Art. 6 (1) lit. f GDPR).

Newsletter and Electronic Notifications

We only send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletter”) with the consent of the recipients or based on legal permission. If the content of the newsletter is specifically described during registration, this description is decisive for user consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask for your name (to address you personally in the newsletter) or other information if necessary for the purpose of the newsletter.

Double Opt-In Procedure:
Registration for our newsletter takes place via a double opt-in procedure. After registering, you will receive an email requesting confirmation of your registration. This confirmation is necessary to ensure that no one can register using someone else’s email address. Registrations are logged to verify the registration process complies with legal requirements. This includes storing the registration and confirmation time, as well as the IP address. Changes to data stored with the mailing service provider are also logged.

Deletion and Restriction of Processing:
We may retain unsubscribed email addresses for up to three years on the basis of our legitimate interests in order to be able to prove previously given consent. The processing of this data is limited to the purpose of potential legal defense. Individual deletion requests are possible at any time, provided the former existence of consent is confirmed. In the event of an obligation to permanently observe opt-outs, we reserve the right to store the email address in a blocklist solely for this purpose.

The logging of the registration process is based on our legitimate interests in ensuring a legally compliant process. If we engage a service provider to send emails, it is based on our legitimate interests in using an efficient and secure mailing system.

Content:
Information about us, our services, promotions, and offers.

Types of data processed:
Master data (e.g., names, addresses);
Contact data (e.g., email, phone numbers);
Meta/communication data (e.g., device information, IP addresses);
Usage data (e.g., websites visited, interest in content, access times).

Data subjects:
Communication partners.

Purposes of processing:
Direct marketing (e.g., via email or postal mail).

Legal basis:
Consent (Art. 6 (1) lit. a GDPR).

Opt-Out Option:
You may cancel receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. A cancellation link is included at the end of each newsletter, or you may contact us using the details provided above, preferably via email.

Additional Notes:

Measurement of Open and Click Rates:
The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file retrieved from our server (or the server of our mailing service provider) when the newsletter is opened. Technical information, such as browser and system info, IP address, and access time, is collected during this process. This information is used to improve the technical performance of the newsletter and to analyze reading behavior (e.g., opening times and locations determined via IP address).
Legal basis: Consent (Art. 6 (1) lit. a GDPR).

Advertising Communication via Email, Post, Fax, or Telephone

We process personal data for the purposes of advertising communication, which may occur through various channels, such as email, telephone, mail, or fax, in accordance with legal requirements.

Recipients have the right to withdraw any consent given at any time or object to advertising communication at any time.

After withdrawal or objection, we retain the data necessary to demonstrate the previous authorization for contact or communication for up to three years after the end of the year in which the withdrawal or objection occurred, based on our legitimate interests. The processing of this data is limited to the purpose of defending against potential claims. Based on the legitimate interest of respecting the user’s withdrawal or objection permanently, we also store the necessary data to prevent further contact (e.g., depending on the communication channel, the email address, telephone number, name).

Processed Data Types: Master data (e.g., names, addresses); contact data (e.g., email, phone numbers).

Affected Persons: Communication partners.

Processing Purposes: Direct marketing (e.g., via email or mail).

Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Contests and Competitions

We process personal data of participants in contests and competitions only in compliance with the applicable data protection regulations, insofar as the processing is necessary for the provision, execution, and settlement of the contest, the participants have consented to the processing, or the processing serves our legitimate interests (e.g., ensuring the security of the contest or protecting our interests from misuse by collecting IP addresses when submitting contest entries).

If participants’ contributions are published within the context of the contest (e.g., as part of a vote or presentation of contest entries or winners, or reporting on the contest), we point out that the names of the participants may also be published in this context. Participants may object to this at any time.

If the contest takes place on an online platform or social network (e.g., Facebook or Instagram, hereinafter referred to as "Online Platform"), the terms of use and privacy policies of the respective platforms also apply. In these cases, we point out that we are responsible for the data provided by participants in the context of the contest and that inquiries about the contest should be directed to us.

The data of the participants will be deleted as soon as the contest or competition is over, and the data is no longer necessary to inform the winners or because inquiries about the contest are expected. In general, the data of the participants will be deleted no later than 6 months after the end of the contest. Data of the winners may be retained for longer, e.g., to answer questions about the prizes or fulfill the prize services. In this case, the retention period depends on the nature of the prize and may be up to three years for goods or services, for example, to process warranty cases. Furthermore, the data of the participants may be stored longer, e.g., for reporting on the contest in online and offline media.

If data was collected in the context of the contest for other purposes, the processing and retention period will be governed by the privacy policy for that use (e.g., in the case of subscribing to a newsletter as part of a contest).

Processed Data Types: Master data (e.g., names, addresses); content data (e.g., entries in online forms); meta/communication data (e.g., device information, IP addresses).

Affected Persons: Contest and competition participants.

Processing Purposes: Conducting contests and competitions.

Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Web Analytics, Monitoring, and Optimization

Web analytics (also referred to as "reach measurement") is used to evaluate visitor traffic to our online services and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. Using reach analysis, we can determine, for example, when our online services or their functions or content are most frequently used or invited for reuse. We can also identify areas that need optimization.

In addition to web analytics, we may also use testing methods to, for example, test and optimize different versions of our online service or its components.

Unless otherwise stated below, profiles, i.e., data compiled for a specific usage event, can be created, and information may be stored in a browser or end device and read out from it. The collected information includes, in particular, visited websites and elements used there, as well as technical details such as the browser used, the computer system used, and usage times. If users have consented to the collection of their location data with us or with the providers of services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP-masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (e.g., email addresses or names) is stored during web analytics, A/B testing, and optimization; only pseudonyms are used. This means that we and the providers of the software used do not know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedure.

Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).

Affected Persons: Users (e.g., website visitors, users of online services).

Processing Purposes: Reach measurement (e.g., access statistics, recognition of repeat visitors); user profiles with user-related information (creating user profiles); tracking (e.g., interest-based/profile-based profiling, use of cookies); provision of our online services and user friendliness.

Security Measures: IP-masking (pseudonymization of the IP address).

Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Online Marketing

We process personal data for the purposes of online marketing, which includes the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users, as well as measuring their effectiveness.

For these purposes, user profiles are created and stored in a file (called a "cookie") or similar methods are used, which store relevant data about the user for displaying the aforementioned content. Such data can include, for example, viewed content, visited websites, used online networks, but also communication partners and technical details such as the browser used, the computer system used, as well as usage times and functions used. If users have consented to the collection of their location data, these may also be processed.

The IP addresses of users are also stored. However, we use available IP-masking methods (i.e., pseudonymization by shortening the IP address) to protect the users. In general, no clear user data (e.g., email addresses or names) is stored in online marketing procedures; pseudonyms are used. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users but only the data stored in their profiles.

The data in the profiles is typically stored in cookies or using similar methods. These cookies can later generally also be read out on other websites using the same online marketing procedure for analyzing and displaying content, as well as supplemented with additional data and stored on the server of the online marketing procedure provider.

In exceptional cases, clear data may be assigned to the profiles. This occurs when users, for example, are members of a social network whose online marketing procedure we use and the network links the profiles of the users with the aforementioned data. Users should note that they may make additional agreements with the providers, e.g., by consenting during registration.

We generally only have access to summarized information about the success of our advertisements. However, within the framework of conversion measurement, we can examine which of our online marketing procedures led to a conversion, i.e., for example, a contract conclusion with us. Conversion measurement is used solely to analyze the success of our marketing activities.

Unless otherwise stated, please assume that the cookies used are stored for a period of two years.

Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).

Affected Persons: Users (e.g., website visitors, users of online services).

Processing Purposes: Reach measurement (e.g., access statistics, recognition of repeat visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); marketing; profiles with user-related information (creating user profiles).

Security Measures: IP-masking (pseudonymization of the IP address).

Opt-Out Option: We refer to the privacy policies of the respective providers and the opt-out options provided by the providers (i.e., "Opt-Out"). If no explicit opt-out option is provided, you may also disable cookies in your browser settings. However, this may limit the functionality of our online services. Therefore, we also recommend the following opt-out options, which are generally offered for each region: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-border: https://optout.aboutads.info.

Customer Reviews and Evaluation Procedures

We participate in review and evaluation procedures to assess, optimize, and promote our services. When users review us through the participating review platforms or procedures or provide feedback, the terms and conditions and privacy policies of the providers also apply. In most cases, submitting a review also requires registration with the respective provider.

To ensure that the reviewers have actually used our services, we transmit the necessary data about the customer and the service used to the respective review platform (including name, email address, and order number or article number) with the customer’s consent. This data is only used to verify the authenticity of the user.

Processed Data Types: Contract data (e.g., contract subject, duration, customer category); usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).

Affected Persons: Customers; users (e.g., website visitors, users of online services).

Processing Purposes: Feedback (e.g., collecting feedback via online forms); marketing.

Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Plugins and Embedded Functions, and Content

We integrate functional and content elements into our online services that are sourced from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or city maps (collectively referred to as "content").

The integration always requires the third-party providers of this content to process the user's IP address, as they cannot deliver the content to their browser without the IP address. The IP address is therefore necessary for displaying this content or functions. We strive to use only such content where the respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be analyzed. The pseudonymous information may also be stored in cookies on the user's device, and can contain technical information about the browser and operating system, referring websites, visit time, and other usage information related to our online services. This information can also be connected with data from other sources.

Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Profile data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., input in online forms); Location data (information on the geographic position of a device or person); Event data (Facebook) ("Event Data" refers to data, such as that transmitted via the Facebook Pixel (via apps or other means), that we may transmit to Facebook, related to individuals or their actions. This includes, for example, information about website visits, interactions with content, functions, app installations, product purchases, etc.; Event data is used to create audiences for content and advertising information (Custom Audiences). Event data does not include actual content (e.g., written comments), login information, or contact information (e.g., names, email addresses, and phone numbers). Event data is deleted by Facebook within two years, and any target groups derived from them are deleted when our Facebook account is deleted).

Affected Individuals: Users (e.g., website visitors, online service users).

Purpose of Processing: Provision of our online services and user-friendliness; creating profiles with user-related information (creating user profiles); marketing.

Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); consent (Art. 6(1)(a) GDPR).

Further Information on Processing Procedures, Procedures, and Services:

Facebook Plugins and Content: Facebook Social Plugins and content – This may include content such as images, videos, or text and buttons that allow users to share content from this online service within Facebook. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/. We are jointly responsible with Meta Platforms Ireland Limited for the collection or reception of "Event Data" that Facebook collects via Facebook Social Plugins (and embedded content features) running on our online service, but not for the further processing of these data. The event data is used for the following purposes: a) Displaying content and advertising information that aligns with the presumed interests of users; b) Sending commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) Improving the delivery of advertisements and personalizing features and content (e.g., improving the recognition of which content or advertising information is likely to interest users). We have concluded a special agreement with Facebook ("Controller Addendum") that regulates, among other things, the security measures Facebook must observe and that Facebook has committed to fulfilling the rights of the affected individuals (e.g., users can directly contact Facebook for requests for information or deletion). If Facebook provides us with aggregated measurements, analytics, and reports (i.e., no information about individual users and anonymized for us), this processing occurs not as part of the joint responsibility but based on a data processing agreement ("Data Processing Terms"), "Data Security Terms," and, in regard to processing in the USA, based on standard contractual clauses ("Facebook EU Data Transfer Addendum"). Users' rights (especially the right to information, deletion, objection, and complaints to the supervisory authority) are not restricted by the agreements with Facebook.

Google Fonts (Provision on Own Server): Fonts ("Google Fonts") for a user-friendly presentation of our online services. Provider: The Google Fonts are hosted on our server, and no data is transmitted to Google. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Google Fonts (Retrieved from Google Server): Retrieval of fonts (and symbols) for the purpose of a technically secure, maintenance-free, and efficient use of fonts and symbols, taking into account their uniform presentation and any possible licensing restrictions. The provider of the fonts receives the IP address of the user in order to make the fonts available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for providing the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy.

Google Maps: We integrate maps from the "Google Maps" service provided by Google. The processed data may include IP addresses and location data of the users. Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://mapsplatform.google.com/; Privacy policy: https://policies.google.com/privacy.

Changes and Updates to the Privacy Policy

We ask you to regularly review the contents of our privacy policy. We will update the privacy policy as soon as changes to the data processing we perform make this necessary. We will inform you if any changes require your participation (e.g., consent) or other individual notifications.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that these addresses may change over time, and we ask you to check the details before contacting.

Rights of Affected Individuals

As an affected individual, you have various rights under the GDPR, particularly under Articles 15 to 21 GDPR:

  • Right to Object: You have the right to object at any time to the processing of your personal data, based on Art. 6(1)(e) or (f) GDPR, for reasons related to your particular situation. This also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for such marketing at any time. This also applies to profiling, insofar as it is related to such direct marketing.

  • Right to Withdraw Consent: You have the right to withdraw any consents you have given at any time.

  • Right to Access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and if so, to obtain access to that data and further information, including a copy of the data.

  • Right to Rectification: You have the right to request the rectification of any inaccurate data or the completion of incomplete data concerning you.

  • Right to Erasure and Restriction of Processing: You have the right to request the immediate deletion of your data, or alternatively, to request the restriction of processing, in accordance with legal requirements.

  • Right to Data Portability: You have the right to obtain the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.

  • Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work, or the location of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

Glossary of Terms

In this section, you will find an overview of the terms used in this privacy policy. Many of the terms are derived from the law, particularly from Art. 4 GDPR. The legal definitions are binding. The following explanations are intended to provide clarity.

  • Personal Data: "Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier (e.g., a cookie), or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

  • Profiles with User-Related Information: The processing of "profiles with user-related information" (or simply "profiles") includes any automated processing of personal data that uses that data to analyze or evaluate certain personal aspects of a natural person (depending on the type of profiling, this may involve various information regarding demographics, behavior, and interests, such as interaction with websites and content). Profiles are often created using cookies and web beacons.

  • Reach Measurement: Reach measurement (also known as web analytics) is used to evaluate the visitor traffic on an online service, which may include users' behavior or interests in certain information, such as website content. This allows website owners to identify when visitors access their site and which content interests them.

  • Location Data: Location data arises when a mobile device (or another device with the necessary location detection capabilities) connects to a cell tower, Wi-Fi, or other technical location-determining methods. This data indicates the geographic position of the device.

  • Tracking: "Tracking" refers to the practice of tracking users' behavior across multiple online services. Typically, behavioral and interest-related information is stored in cookies or on the servers of the tracking technology providers.

  • Controller: The "controller" is the natural or legal person, authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.

  • Processing: "Processing" refers to any operation or set of operations performed on personal data, whether or not by automated means. This includes the collection, analysis, storage, transmission, or deletion of data.

bottom of page