NUVEL-STUDIOS-3.png

data protection

This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) in connection with the provision of our services and within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”). With regard to the terms used, such as “processing” or “controller,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).


Controller
Nuvel Studios
Heinestraße 51A
64295, Darmstadt

Phone: +49 160 95847158
Email: [email protected]

 

Types of data processed
- Inventory data (e.g., personal master data, names, or addresses).
- Contact data (e.g., email, phone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects
Visitors and users of the online offering (hereinafter, we also refer to the data subjects collectively as “users”).

Purpose of processing
- Provision of the online offering, its functions, and content.
- Responding to contact requests and communicating with users.
- Security measures.
- Reach measurement/marketing

Terms used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); A natural person is considered identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Relevant legal basis

In accordance with Art. 13 GDPR, we hereby inform you of the legal basis for our data processing. For users within the scope of the General Data Protection Regulation (GDPR), i.e. the EU and the EEC, the following applies if the legal basis is not specified in the privacy policy:

The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR;

The legal basis for processing for the performance of our services and the implementation of contractual measures as well as for responding to inquiries is Art. 6 (1) (b) GDPR;

The legal basis for processing to fulfill our legal obligations is Art. 6 (1) lit. c GDPR;

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.

The legal basis for the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6 para. 1 lit. e GDPR.

The legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR.

The processing of data for purposes other than those for which it was collected is governed by the provisions of Article 6(4) GDPR.

The processing of special categories of data (in accordance with Article 9(1) GDPR) is governed by the provisions of Article 9(2) GDPR.

 

 

Security Measures

We take, in accordance with the statutory requirements and taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures particularly include securing the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transmission, securing availability, and separation related to it. Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data, and response to data threats. Additionally, we consider the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Cooperation with Processors, Joint Controllers, and Third Parties
If, within the scope of our processing, we disclose data to other persons and companies (processors, joint controllers, or third parties), transmit it to them, or otherwise grant them access to the data, this only occurs on the basis of a legal permission (e.g., if a transfer of data to third parties, such as payment service providers, is necessary to fulfill the contract), if users have consented, a legal obligation requires it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

If we disclose, transmit, or otherwise grant access to data to other companies of our corporate group, this occurs particularly for administrative purposes as a legitimate interest and beyond that on a basis corresponding to legal requirements.

Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation) or if this occurs within the framework of using services of third parties or disclosure or transmission of data to other persons or companies, this only occurs if it is necessary to fulfill our (pre-) contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the legal requirements are met. That is, processing occurs, for example, on the basis of special guarantees, such as the officially recognized determination of an EU-equivalent level of data protection or compliance with officially recognized specific contractual obligations.

Rights of Data Subjects
You have the right to request confirmation as to whether data concerning you is being processed and to request information about this data as well as further information and a copy of the data in accordance with legal requirements.

You have, in accordance with legal requirements, the right to request the completion of data concerning you or the correction of inaccurate data concerning you.

You have, in accordance with legal requirements, the right to request that data concerning you be deleted immediately, or alternatively, in accordance with legal requirements, to request a restriction of the processing of the data.

You have the right to request that the data concerning you, which you have provided to us, be received in accordance with legal requirements and to demand its transmission to other controllers.

You also have, in accordance with legal requirements, the right to lodge a complaint with the competent supervisory authority.

Right of Withdrawal
You have the right to revoke given consents with effect for the future.

Right to Object
You may object at any time to the future processing of data concerning you in accordance with legal requirements. The objection can, in particular, be made against processing for direct marketing purposes.

Cookies and Right to Object to Direct Marketing
“Cookies” are small files that are stored on users’ computers. Different information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, or “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offering and closes their browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login status can be stored. “Permanent” or “persistent” cookies are those that remain stored even after closing the browser. For example, the login status can be stored if users visit it again after several days. Similarly, in such a cookie, users’ interests can be stored, which are used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller operating the online offering (otherwise, if it is only their cookies, they are called “first-party cookies”).

We can use temporary and permanent cookies and explain this in the context of our privacy policy.

If users do not want cookies to be stored on their computers, they are asked to deactivate the corresponding option in their browser settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to functional limitations of this online offering.

A general objection to the use of cookies used for online marketing purposes can, for many services, especially in the case of tracking, be declared via the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, cookie storage can be prevented by disabling them in the browser settings. Please note that then not all functions of this online offering may be usable.

Deletion of Data

The data processed by us is deleted or its processing restricted in accordance with the statutory requirements. Unless expressly stated otherwise in this privacy policy, the data stored with us is deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations oppose the deletion.

If the data is not deleted because it is required for other legally permissible purposes, its processing is restricted. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the contents of our privacy policy. We adjust the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require an action on your part (e.g., consent) or another individual notification.

Business-Related Processing

Additionally, we process

  • Contract data (e.g., contract subject, duration, customer category).

  • Payment data (e.g., bank details, payment history)
    from our customers, prospects, and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.

Order Processing in the Online Shop and Customer Account

We process the data of our customers in the context of order transactions in our online shop to enable them to select and order the chosen products and services, as well as their payment and delivery or execution.

The processed data includes inventory data, communication data, contract data, payment data, and the persons affected by the processing include our customers, prospects, and other business partners. The processing is carried out for the purpose of providing contractual services within the operation of an online shop, billing, delivery, and customer services. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.

The processing is carried out to fulfill our services and perform contractual measures (e.g., execution of order transactions) and to the extent legally required (e.g., legally required archiving of business transactions for commercial and tax purposes). The data marked as necessary is required for the justification and fulfillment of the contract. We disclose the data to third parties only in the context of delivery, payment, or within the scope of statutory permissions and obligations, as well as if this is based on our legitimate interests, about which we inform you in this privacy policy (e.g., to legal and tax advisors, financial institutions, freight companies, and authorities).

Users can optionally create a user account, which allows them in particular to view their orders. During registration, the required mandatory information is communicated to users. User accounts are not public and cannot be indexed by search engines. When users have terminated their account, their data regarding the user account is deleted, subject to retention required for commercial or tax law reasons. Information in the customer account remains until its deletion with subsequent archiving in the case of a legal obligation or our legitimate interests (e.g., in the case of legal disputes). It is the responsibility of users to secure their data upon termination before the end of the contract.

During registration, re-login, and the use of our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as the users’ interest in protection against misuse and other unauthorized use. A transfer of this data to third parties generally does not occur unless it is necessary to pursue our legal claims as a legitimate interest or there is a legal obligation to do so.

Deletion takes place after the expiration of statutory warranty and other contractual rights or obligations (e.g., payment claims or performance obligations under contracts with customers), whereby the necessity of data retention is reviewed every three years; in the case of retention due to statutory archiving obligations, deletion occurs after their expiration.

Agency Services

We process the data of our customers in the context of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services, and training services.

In this context, we process inventory data (e.g., customer master data such as names or addresses), contact data (e.g., email, phone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., contract subject, duration), payment data (e.g., bank details, payment history), usage and metadata (e.g., in the context of evaluation and performance measurement of marketing measures). Special categories of personal data are generally not processed, except when they are part of a commissioned processing. The affected persons include our customers, prospects, as well as their customers, users, website visitors, or employees, and third parties. The purpose of processing is the provision of contractual services, billing, and our customer service. The legal bases of processing arise from Art. 6(1)(b) GDPR (contractual services), Art. 6(1)(f) GDPR (analysis, statistics, optimization, security measures). We process data that is necessary for the initiation and fulfillment of contractual services and point out the necessity of its provision. Disclosure to external parties occurs only if required in the context of a contract. In processing the data provided to us as part of a contract, we act according to the instructions of the clients and the statutory requirements of a commissioned processing pursuant to Art. 28 GDPR and do not process the data for any other purposes than the commissioned purposes.

We delete the data after the expiration of statutory warranty and comparable obligations. The necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion occurs after their expiration (6 years, according to § 257(1) HGB, 10 years, according to § 147(1) AO). In the case of data disclosed to us as part of a contract by the client, we delete the data according to the specifications of the contract, generally after the end of the contract.

Therapeutic Services and Coaching

We process the data of our clients, prospects, and other principals or contracting parties (collectively referred to as “clients”) in accordance with Art. 6(1)(b) GDPR in order to provide them with our contractual or pre-contractual services. The type, scope, purpose, and necessity of processing depend on the underlying contractual relationship. The data processed generally includes basic and master data of clients (e.g., name, address), contact information (e.g., email address, telephone), contract data (e.g., services used, fees, names of contact persons), and payment data (e.g., bank details, payment history).

In the context of our services, we may also process special categories of data pursuant to Art. 9(1) GDPR, including information on health, possibly sexual life or sexual orientation, ethnic origin, or religious or philosophical beliefs. Where required, we obtain explicit consent in accordance with Art. 6(1)(a), Art. 7, Art. 9(2)(a) GDPR, or otherwise process these special categories of data for health care purposes based on Art. 9(2)(h) GDPR or § 22(1)(1)(b) BDSG.

Where necessary for contract performance or legally required, we may disclose or transmit client data to other professionals or typically involved third parties, such as billing agencies, if this serves the provision of our services (Art. 6(1)(b) GDPR), is legally required (Art. 6(1)(c) GDPR), serves our legitimate interests or those of our clients in efficient health care (Art. 6(1)(f) GDPR), or is necessary to protect vital interests (Art. 6(1)(d) GDPR).

Data is deleted when it is no longer required to fulfill contractual or legal obligations; the necessity for retention is reviewed every three years, otherwise statutory retention obligations apply.

Contractual Services

We process the data of our contracting parties, prospects, clients, customers, or other principals (collectively referred to as “contracting parties”) in accordance with Art. 6(1)(b) GDPR to provide our contractual or pre-contractual services. The data processed includes master data (e.g., name, address), contact information (e.g., email, phone), contract data (e.g., content, communication, names of contact persons), and payment data (e.g., bank details, payment history).

Special categories of personal data are generally not processed, except as part of an order or contractual processing. Data is disclosed to third parties only if necessary to fulfill the contract. Data provided to us as part of an order is processed in accordance with the client’s instructions and legal requirements.

When using our online services, IP addresses and timestamps of user actions may be stored to prevent misuse, based on our legitimate interests. Data is only shared with third parties if required to assert our claims (Art. 6(1)(f) GDPR) or if legally mandated (Art. 6(1)(c) GDPR).

Data is deleted when it is no longer required for contractual or legal obligations; retention necessity is reviewed every three years, otherwise statutory obligations apply.

External Payment Providers

We use external payment providers (e.g., PayPal, Klarna, Skrill, Giropay, Visa, Mastercard, American Express – see the privacy policies of each provider via their respective links).

The use of payment providers is based on Art. 6(1)(b) GDPR for contract performance or our legitimate interests (Art. 6(1)(f) GDPR) to offer secure payment options.

Data processed by payment providers includes master data (name, address), bank data, contract, payment amount, and recipient information, passwords, TANs, and verification codes. We do not receive account or credit card details, only confirmation or rejection of payments. In some cases, data may be transmitted to credit agencies for identity and creditworthiness verification.

Terms and privacy policies of payment providers are available on their respective websites.

Administration, Accounting, Office Organization, Contact Management

We process data for administrative tasks, office organization, accounting, and compliance with legal obligations, including archiving. This applies to clients, prospects, business partners, and website visitors. Legal bases are Art. 6(1)(c) and (f) GDPR.

The purpose is to maintain business operations, fulfill tasks, and provide services. Data is disclosed to tax authorities, advisors (e.g., accountants, auditors), other fee-collecting entities, and payment providers.

We also store information about suppliers, organizers, and other business partners for later contact. These mostly company-related data are generally stored permanently.

Business Analyses and Market Research

In order to operate our business efficiently and identify market trends, as well as the needs of our contractual partners and users, we analyze the data available to us regarding business transactions, contracts, inquiries, etc. We process master data, communication data, contract data, payment data, usage data, and metadata based on Art. 6(1)(f) GDPR. The affected individuals include contractual partners, prospects, customers, visitors, and users of our online offerings.

The analyses are carried out for the purposes of business evaluation, marketing, and market research. We may consider the profiles of registered users, including information on services they have used. The analyses are intended to improve user-friendliness, optimize our offerings, and enhance business efficiency. The analyses are conducted exclusively for our internal use and are not disclosed externally, except when anonymized and aggregated.

If these analyses or profiles contain personal data, they will be deleted or anonymized upon termination of the user’s account; otherwise, they will be retained for two years from the conclusion of the contract. In general, overall business analyses and trend determinations are performed anonymously wherever possible.

Participation in Affiliate Partner Programs

Within our online offerings, we use standard industry tracking measures based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offerings) in accordance with Art. 6(1)(f) GDPR, to the extent necessary for operating the affiliate system. The technical details are explained to users as follows.

Services offered by our contractual partners may also be advertised and linked on other websites (so-called affiliate links or after-buy systems, e.g., when third-party links or services are offered following a contract). Operators of the respective websites receive a commission if users follow the affiliate links and subsequently use the services.

In summary, it is necessary for our online offering to track whether users interested in affiliate links and/or the offers available on our platform actually use the offers due to the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented with certain values, which may be embedded in the link or stored elsewhere (e.g., in a cookie). These values include the referring website, timestamp, online identifier of the website operator where the affiliate link was placed, online identifier of the respective offer, online identifier of the user, as well as tracking-specific values such as advertising material ID, partner ID, and categorizations.

The online identifiers we use for users are pseudonymous values. That is, the identifiers themselves do not contain personal data such as names or email addresses. They only allow us to determine whether the same user who clicked an affiliate link or showed interest in an offer through our platform actually used the offer, e.g., concluded a contract with the provider. The online identifier is considered personal data only to the extent that the partner company and we have it together with other user data. Only then can the partner company inform us whether the user used the offer, e.g., to pay the associated bonus.

Amazon Partner Program

Based on our legitimate interests (i.e., interest in the economic operation of our online offerings under Art. 6(1)(f) GDPR), we participate in the Amazon EU Partner Program, designed to provide a medium for websites through which advertising fees can be earned by placing ads and links to Amazon.de (so-called affiliate system). As an Amazon partner, we earn on qualifying purchases.

Amazon uses cookies to track the origin of orders. Among other things, Amazon can determine that you clicked the partner link on this website and subsequently purchased a product on Amazon.

More information on Amazon’s data usage and opt-out options can be found in the company’s privacy policy: Amazon Privacy Notice.

Note: Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

Digistore24 Partner Program

Based on our legitimate interests (i.e., interest in the economic operation of our online offerings under Art. 6(1)(f) GDPR), we participate in the partner program of Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany. This program provides a medium for websites through which advertising fees can be earned by placing ads and links to Digistore24 (so-called affiliate system). Digistore24 uses cookies to track the origin of contract conclusions. Among other things, Digistore24 can determine that you clicked the partner link on this website and subsequently concluded a contract with or via Digistore24.

More information on Digistore24’s data usage and opt-out options can be found in the company’s privacy policy: Digistore24 Privacy Policy.

Privacy Information in the Application Process

We process applicant data solely for the purpose and within the scope of the application process, in accordance with legal requirements. Data processing is carried out to fulfill our (pre-)contractual obligations under Art. 6(1)(b) GDPR, or Art. 6(1)(f) GDPR if processing is necessary for legal proceedings (in Germany, also § 26 BDSG applies).

The application process requires applicants to provide their personal data. Required data are indicated in online forms or otherwise derived from the job descriptions and generally include personal details, contact information, and application documents such as cover letters, CVs, and certificates. Applicants may also voluntarily provide additional information.

By submitting an application to us, applicants consent to the processing of their data for the purposes of the application process as described in this privacy notice.

If special categories of personal data under Art. 9(1) GDPR are voluntarily provided (e.g., health data such as disability status or ethnic origin), processing occurs additionally under Art. 9(2)(b) GDPR. If special categories of personal data are requested as part of the application process, processing occurs under Art. 9(2)(a) GDPR (e.g., health data necessary for performing the job).

Applications submitted via our online form are encrypted using current technology. Applicants may also send applications via email; however, since emails are generally not encrypted, applicants must ensure their own encryption. We cannot assume responsibility for the transmission path of applications by email and recommend using the online form or postal submission.

If an application is successful, the provided data will be further processed for employment purposes. Otherwise, if the application is unsuccessful or withdrawn, the data will be deleted. Deletion occurs, subject to the applicant’s legitimate revocation, after six months to allow for follow-up inquiries and to fulfill obligations under the Equal Treatment Act. Receipts for any travel reimbursement will be archived according to tax regulations.

Registration Function

Users can create an account. During registration, the required mandatory information is communicated to the users and processed based on Art. 6(1)(b) GDPR for the purpose of providing the user account. The processed data primarily include login information (name, password, and an email address). The data entered during registration are used for the purposes of using the user account and its functions.

Users may be informed by email about information relevant to their account, such as technical changes. When users terminate their account, their data related to the account will be deleted, subject to any statutory retention obligations. Users are responsible for securing their data before the contract ends. We are entitled to irreversibly delete all user data stored during the contract period.

When using our registration and login functions as well as the user account, we store the IP address and the time of the respective user action. This storage is based on our legitimate interests and the users’ interests in protection against misuse and other unauthorized use. These data are generally not shared with third parties, except when necessary to enforce our claims or when required by law under Art. 6(1)(c) GDPR. IP addresses are anonymized or deleted no later than 7 days after collection.

Contact

When contacting us (e.g., via contact form, email, phone, or social media), the user’s information is processed for handling the inquiry according to Art. 6(1)(b) GDPR (within the framework of contractual or pre-contractual relationships) and Art. 6(1)(f) GDPR (other inquiries). User data may be stored in a Customer Relationship Management system (CRM system) or a comparable inquiry management system.

We delete inquiries when they are no longer required. We review the necessity every two years; statutory archiving obligations also apply.

Newsletter

The following information explains the content of our newsletter, the subscription, sending, and statistical evaluation procedures, as well as your rights to object. By subscribing to our newsletter, you consent to receiving it and to the described procedures.

Newsletter Content: We send newsletters, emails, and other electronic notifications containing advertising information (“newsletter”) only with the consent of the recipients or a legal permission. If the content of the newsletter is specifically described during registration, it is decisive for the user’s consent. Otherwise, our newsletters contain information about our services and our company.

Double-Opt-In and Logging: Registration for our newsletter is done using a double opt-in process. After registration, you receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can subscribe using someone else’s email address. Registrations are logged to comply with legal requirements, including storing the registration and confirmation timestamps and the IP address. Changes to your data stored with the mailing service provider are also logged.

Registration Data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, you may provide your name for personalized addressing in the newsletter.

Newsletter sending and associated success measurement are based on consent under Art. 6(1)(a), Art. 7 GDPR in conjunction with § 7(2) No. 3 UWG, or, if consent is not required, on our legitimate interests in direct marketing under Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG.

Logging the registration process is based on our legitimate interests under Art. 6(1)(f) GDPR to ensure a user-friendly and secure newsletter system that serves both our business interests and user expectations and allows us to demonstrate consent.

Cancellation/Revocation: You can cancel receiving our newsletter at any time, i.e., revoke your consent. A link to unsubscribe is provided at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests to prove previous consent. Data processing is limited to the purpose of potential legal defense. Individual deletion requests are possible at any time if previous consent is confirmed.

Newsletter - Service Provider

The newsletter is sent using the service provider [NAME, ADDRESS, COUNTRY]. Their privacy policy can be viewed here: [LINK TO PRIVACY POLICY]. The service provider is used based on our legitimate interests under Art. 6(1)(f) GDPR and a data processing agreement under Art. 28(3) GDPR.

The provider may use recipient data in pseudonymized form to optimize or improve services, e.g., technical optimization of newsletter delivery or statistical purposes. However, the provider does not use the data to contact recipients themselves or pass it to third parties.

Newsletter - Performance Measurement

Newsletters include a “web beacon,” a pixel-sized file that is retrieved from our server (or the service provider’s server) when the newsletter is opened. This collects technical information such as browser type, system information, IP address, and time of access.

This information is used to improve services based on technical data or to analyze target groups and reading behavior, including access locations (determinable via IP) and access times. Statistical analysis also determines whether newsletters are opened, when, and which links are clicked. These data may technically be linked to individual recipients but are used to understand reading habits and tailor content, not to track individuals. A separate opt-out of performance measurement is not possible; the entire newsletter subscription must be canceled.

Hosting and Email Sending

Hosting services are used to provide infrastructure and platform services, computing power, storage, database services, email sending, security, and technical maintenance.

We and our hosting provider process customer, prospect, and visitor data (including content, contact, contract, usage, meta, and communication data) based on our legitimate interest in efficiently and securely providing the online service (Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR, with a data processing agreement).

Access Data and Log Files

We and our hosting provider collect server log data based on our legitimate interest (Art. 6(1)(f) GDPR), including the name of requested pages, date/time, data volume, success of request, browser type and version, user OS, referrer URL, IP address, and requesting provider.

Logfile data is stored for up to 7 days for security purposes (e.g., to investigate misuse) and then deleted. Data required for legal evidence are exempt from deletion until final resolution.

Google Analytics

We use Google Analytics based on our legitimate interests (Art. 6(1)(f) GDPR) to analyze, optimize, and operate our website. Google Analytics uses cookies. Data generated by cookies about site usage is generally transmitted to Google servers in the USA and stored there.

Google is Privacy Shield certified to ensure compliance with European data protection law. Data is used to evaluate website usage, generate reports, and provide related services. Pseudonymous usage profiles may be created.

We use Google Analytics with IP anonymization, meaning the last part of the IP is truncated within the EU or EEA. Only in exceptional cases is the full IP sent to the USA. Users can prevent cookies via browser settings or opt out using the plugin here: http://tools.google.com/dlpage/gaoptout?hl=de. Data is deleted or anonymized after 14 months.

Google AdSense with Personalized Ads

We use Google AdSense based on our legitimate interests (Art. 6(1)(f) GDPR) to display ads on our website. Data such as clicks and IP addresses (truncated) are processed pseudonymously.

Personalized ads are based on user interests derived from website or app usage. Advertisers can target campaigns based on these interests. Users can manage ad settings here: https://adssettings.google.com/authenticated.

Facebook Pixel, Custom Audiences, and Facebook Conversion

We use the Facebook Pixel on our website for analysis, optimization, and operation. Facebook may determine website visitors as target audiences for ads (Facebook Ads). We use it to show ads only to users interested in our service (Custom Audiences) and to measure ad effectiveness (Conversions).

Facebook processing follows Facebook’s Data Use Policy: https://www.facebook.com/policy. Details on the Pixel: https://www.facebook.com/business/help/651294705016616.

You can opt out of the Facebook Pixel and interest-based ads via Facebook settings: https://www.facebook.com/settings?tab=ads, or via network advertising opt-out: http://optout.networkadvertising.org/, http://www.aboutads.info/choices, https://www.youronlinechoices.com/uk/your-ad-choices/.

Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke