Privacy Policy

Preamble

With the following Privacy Policy, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process, for which purposes, and to what extent. This Privacy Policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).

The terms used are not gender-specific.

Last updated: 26 December 2025

Table of Contents

• Preamble
• Controller
• Overview of Processing
• Relevant Legal Bases
• Security Measures
• International Data Transfers
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Business Services
• Payment Processing
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Registration, Login, and User Account
• Single Sign-On Login
• Blogs and Publishing Media
• Contact and Request Management
• Newsletters and Electronic Notifications
• Web Analytics, Monitoring, and Optimization
• Online Marketing
• Customer Reviews and Rating Procedures
• Presences on Social Networks (Social Media)
• Plug-ins and Embedded Functions and Content
• Management, Organization, and Supporting Tools
• Changes and Updates
• Definitions

Controller

Neo Maaßen
Schäfflerstr. 2e
86424 Dinkelscherben

Email address: support@testseed.com

Imprint: https://testseed.com/legal/imprint

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of data processed

• Inventory data.
• Payment data.
• Contact data.
• Content data.
• Contract data.
• Usage data.
• Meta, communication, and procedural data.
• Log data.

Categories of data subjects

• Service recipients and clients.
• Interested parties.
• Communication partners.
• Users.
• Business and contractual partners.

Purposes of processing

• Provision of contractual services and fulfillment of contractual obligations.
• Communication.
• Security measures.
• Direct marketing.
• Reach measurement.
• Tracking.
• Office and organizational procedures.
• Conversion measurement.
• Audience building.
• Organizational and administrative procedures.
• Feedback.
• Marketing.
• Profiles with user-related information.
• Login procedures.
• Provision of our online offering and usability.
• Information technology infrastructure.
• Public relations.
• Business processes and economic procedures.

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the GDPR, national data protection requirements may apply in your or our country of residence or establishment. If, in individual cases, more specific legal bases apply, we will inform you of these in this Privacy Policy.

• Consent (Art. 6(1) sentence 1 lit. a GDPR) - The data subject has given consent to the processing of personal data relating to them for one or more specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation (Art. 6(1) sentence 1 lit. c GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject requiring protection of personal data do not override those interests.

National data protection provisions in Germany: In addition to the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). The BDSG contains, in particular, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transfer as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual German federal states may apply.

Security measures

In accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, safeguarding availability, and separation relating to the data. In addition, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to threats to data. Furthermore, we already take the protection of personal data into account when developing or selecting hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect users’ data transmitted via our online services against unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are key technologies for secure data transmission on the internet. These technologies encrypt information transmitted between a website or app and a user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the improved and more secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is transmitted securely and in encrypted form.

International data transfers

Processing in third countries: If we transfer data to a third country (that is, outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transferring data to other persons, entities, or companies (which is apparent from the postal address of the relevant provider or if the Privacy Policy explicitly refers to transfers to third countries), this always takes place in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the European Commission dated 10 July 2023. In addition, we have concluded Standard Contractual Clauses with the respective providers that comply with the requirements of the European Commission and establish contractual obligations to protect your data.

This dual safeguard ensures comprehensive protection of your data. The DPF forms the primary level of protection, while the Standard Contractual Clauses serve as an additional safeguard. If changes occur within the DPF framework, the Standard Contractual Clauses will apply as a reliable fallback option. This ensures that your data remains adequately protected even in the event of political or legal changes.

For individual service providers, we inform you whether they are certified under the DPF and whether Standard Contractual Clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, corresponding safeguards apply, in particular Standard Contractual Clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the information provided by the European Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General information on data storage and deletion

We delete personal data that we process in accordance with statutory provisions as soon as the underlying consents are revoked or no other legal bases for processing apply. This concerns cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions apply if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal enforcement or to protect the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that applies specifically to certain processing operations.

If multiple retention periods or deletion deadlines are specified for a set of data, the longest period always applies. Data that is no longer retained for the originally intended purpose but is retained due to legal requirements or other reasons will be processed solely for the reasons that justify its retention.

Retention and deletion of data: The following general periods apply for retention and archiving under German law:

• 10 years, retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the work instructions and other organizational documents required to understand them (§ 147(1) no. 1 in conjunction with (3) AO, § 14b(1) UStG, § 257(1) no. 1 in conjunction with (4) HGB).
• 8 years, accounting vouchers, such as invoices and expense receipts (§ 147(1) nos. 4 and 4a in conjunction with (3) sentence 1 AO and § 257(1) no. 4 in conjunction with (4) HGB).
• 6 years, other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents insofar as they are relevant for taxation, for example wage slips, operating statements, calculation documents, price labels, as well as payroll documents, insofar as they are not already accounting vouchers, and cash register receipts (§ 147(1) nos. 2, 3, 5 in conjunction with (3) AO, § 257(1) nos. 2 and 3 in conjunction with (4) HGB).
• 3 years, data required to consider potential warranty and damages claims or similar contractual claims and rights and to process related inquiries, based on previous business experience and common industry practices, is stored for the regular statutory limitation period of three years (§§ 195, 199 BGB).

Start of the period at the end of the year: If a period does not expressly begin on a certain date and is at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the date on which the termination becomes effective or another termination of the legal relationship.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, in particular those arising from Articles 15 to 21 GDPR:

• Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is based on Art. 6(1) lit. e or f GDPR. This also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. This also applies to profiling insofar as it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
• Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with statutory provisions.
• Right to rectification: In accordance with statutory provisions, you have the right to request completion of data concerning you or rectification of inaccurate data concerning you.
• Right to erasure and restriction of processing: In accordance with statutory provisions, you have the right to request that data concerning you be deleted without undue delay, or alternatively to request restriction of processing of the data in accordance with statutory provisions.
• Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request transmission to another controller, in accordance with statutory provisions.
• Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Business services

We process data of our contractual and business partners, such as customers and interested parties (collectively referred to as “contractual partners”), in the context of contractual and comparable legal relationships and related measures, and with regard to communication with contractual partners (or pre-contractually), for example to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any update obligations, and remedies for warranty claims and other service disruptions. In addition, we use the data to protect our rights and for the administrative tasks and corporate organization associated with these obligations. We also process the data on the basis of our legitimate interests in proper and economically sound business management, and in security measures to protect our contractual partners and our business operations against misuse, threats to their data, secrets, information, and rights (for example involving telecommunications, transport, and other auxiliary services and subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the framework of applicable law, we only disclose data of contractual partners to third parties to the extent necessary for the purposes mentioned above or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, such as marketing purposes, within this Privacy Policy.

Which data is required for the aforementioned purposes will be communicated to contractual partners before or within the context of data collection, for example in online forms, via special markings (for example colors) or symbols (for example asterisks), or personally.

We delete the data after the expiry of statutory warranty and comparable obligations, that is generally after four years, unless the data is stored in a customer account, for example as long as it must be retained for statutory archiving obligations (for tax purposes, generally ten years). Data disclosed to us by the contractual partner as part of an assignment will be deleted in accordance with the applicable requirements and generally after the end of the assignment.

• Types of data processed: Inventory data (for example full name, residential address, contact information, customer number, etc.); Payment data (for example bank details, invoices, payment history); Contact data (for example postal and email addresses or telephone numbers). Contract data (for example subject matter of the contract, term, customer category).
• Data subjects: Service recipients and clients; Interested parties. Business and contractual partners.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Communication; Office and organizational procedures; Organizational and administrative procedures. Business processes and economic procedures.
• Retention and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); Legal obligation (Art. 6(1) sentence 1 lit. c GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Additional information on processing operations, procedures, and services:

• Project and development services: We process the data of our customers and clients (hereinafter uniformly referred to as “customers”) in order to enable them to select, purchase, or commission the chosen services or works and related activities, as well as payment and provision or execution of those services or works.
  
  The required information is marked as such within the context of placing an order or concluding a comparable contract and includes the information needed to provide the service and for billing, as well as contact information in order to coordinate, if necessary. Insofar as we obtain access to information of end customers, employees, or other persons, we process such information in accordance with legal and contractual requirements; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
• Provision of software and platform services: We process the data of our users, registered users, and any test users (hereinafter uniformly referred to as “users”) in order to provide our contractual services to them and, on the basis of legitimate interests, to ensure the security of our offering and to further develop it. The required information is marked as such within the context of placing an order or concluding a comparable contract and includes the information needed for providing the service and billing, as well as contact information in order to coordinate, if necessary; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Payment processing

In the context of contractual and other legal relationships, due to legal obligations, or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use additional service providers beyond banks and credit institutions (collectively referred to as “payment service providers”). Payment transactions are carried out exclusively via encrypted connections in accordance with the state of the art, so that the entered data is protected from unauthorized access during transmission.

Data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contractual, amount-related, and recipient-related information. This information is required to execute the transactions. However, the entered data is processed and stored only by the payment service providers. This means we do not receive any account or credit card information, but only information with confirmation or negative notification of payment. Under certain circumstances, the payment service providers may transmit the data to credit agencies. This transfer serves the purpose of identity and credit checks. For this, we refer to the terms and conditions and privacy notices of the payment service providers.

The terms and conditions and privacy notices of the respective payment service providers apply to payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for further information and for exercising withdrawal rights, access rights, and other data subject rights.

• Types of data processed: Inventory data (for example full name, residential address, contact information, customer number, etc.); Payment data (for example bank details, invoices, payment history); Contract data (for example subject matter of the contract, term, customer category); Usage data (for example page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (for example IP addresses, time data, identification numbers, involved persons).
• Data subjects: Service recipients and clients; Business and contractual partners. Interested parties.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Business processes and economic procedures.
• Retention and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Additional information on processing operations, procedures, and services:

• Stripe: Payment services (technical integration of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); Website: https://stripe.com; Privacy Policy: https://stripe.com/de/privacy. Third-country transfer basis: Data Privacy Framework (DPF).

Provision of the online offering and web hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

• Types of data processed: Usage data (for example page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (for example IP addresses, time data, identification numbers, involved persons); Log data (for example log files relating to logins or retrieval of data or access times). Content data (for example textual or visual messages and posts and related information, such as authorship or creation time).
• Data subjects: Users (for example website visitors, users of online services).
• Purposes of processing: Provision of our online offering and usability; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
• Retention and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
• Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Additional information on processing operations, procedures, and services:

• Provision of the online offering on rented storage: To provide our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a “web host”); Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
• Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. Server log files may include the address and name of the accessed web pages and files, date and time of access, transmitted data volume, message about successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. Server log files may be used for security purposes, for example to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure server utilization and stability; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes is exempt from deletion until the incident has been conclusively clarified.
• Email sending and hosting: The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the recipients’ and senders’ addresses, as well as other information related to email sending (for example the involved providers) and the content of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails are generally not sent end-to-end encrypted on the internet. As a rule, emails are encrypted during transport, but not on the servers from which they are sent and received (unless an end-to-end encryption method is used). We therefore cannot assume responsibility for the transmission path of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
• Content Delivery Network: We use a “Content Delivery Network” (CDN). A CDN is a service that helps deliver content of an online offering, especially large media files such as graphics or program scripts, faster and more securely using regionally distributed servers connected via the internet; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Use of cookies

The term “cookies” refers to functions that store information on users’ devices and read it from them. Cookies may also be used for various purposes, such as ensuring functionality, security, and convenience of online offerings and creating analyses of visitor flows. We use cookies in accordance with legal requirements. Where necessary, we obtain users’ prior consent. If consent is not required, we rely on our legitimate interests. This applies when storing and reading information is essential to provide expressly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online offering. Consent can be withdrawn at any time. We clearly inform you about its scope and which cookies are used.

Notes on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent has been given, it is the legal basis. Without consent, we rely on our legitimate interests, as explained above in this section and in the context of the respective services and procedures.

Storage period: With regard to storage period, the following types of cookies are distinguished:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (for example browser or mobile app).
• Persistent cookies: Persistent cookies remain stored even after the device is closed. For example, the login status can be saved and preferred content displayed directly when the user revisits a website. Likewise, usage data collected using cookies can be used for reach measurement. If we do not provide users with explicit information about the type and storage period of cookies (for example when obtaining consent), users should assume that they are persistent and that the storage period can be up to two years.

General notes on withdrawal and objection (opt-out): Users can withdraw their consent at any time and also object to processing in accordance with statutory provisions, including via their browser privacy settings.

• Types of data processed: Meta, communication, and procedural data (for example IP addresses, time data, identification numbers, involved persons).
• Data subjects: Users (for example website visitors, users of online services).
• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR). Consent (Art. 6(1) sentence 1 lit. a GDPR).

Additional information on processing operations, procedures, and services:

• Processing of cookie data on the basis of consent: We use a consent management solution in which users’ consent to the use of cookies, or to the procedures and providers mentioned within the consent management solution, is obtained. This procedure serves to obtain, log, manage, and withdraw consent, especially with regard to the use of cookies and comparable technologies used to store, read, and process information on users’ devices. As part of this procedure, users’ consents for the use of cookies and the associated processing of information, including the specific processing operations and providers named in the consent management procedure, are obtained. Users also have the option to manage and withdraw their consents. Consent declarations are stored to avoid repeated requests and to provide proof of consent in accordance with legal requirements. Storage is carried out server-side and/or in a cookie (so-called opt-in cookie) or via comparable technologies, to assign consent to a specific user or device. If no specific information on providers of consent management services is available, the following general information applies: The duration of storage of consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, details about the scope of consent (for example categories of cookies and/or service providers concerned), as well as information about the browser, system, and device used; Legal basis: Consent (Art. 6(1) sentence 1 lit. a GDPR).

Registration, login, and user account

Users can create a user account. As part of registration, users are informed of the required mandatory information and this is processed for the purpose of providing the user account on the basis of fulfilling contractual obligations. The processed data includes, in particular, login information (username, password, and an email address).

When using our registration and login functions and using the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests and those of users in protection against misuse and other unauthorized use. This data is generally not disclosed to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed via email about processes relevant to their user account, such as technical changes.

• Types of data processed: Inventory data (for example full name, residential address, contact information, customer number, etc.); Contact data (for example postal and email addresses or telephone numbers); Content data (for example textual or visual messages and posts and related information, such as authorship or creation time); Usage data (for example page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Log data (for example log files relating to logins or retrieval of data or access times).
• Data subjects: Users (for example website visitors, users of online services).
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Organizational and administrative procedures. Provision of our online offering and usability.
• Retention and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”. Deletion after termination.
• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Additional information on processing operations, procedures, and services:

• Registration with pseudonyms: Users may use pseudonyms instead of real names as usernames; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
• User profiles are not public: User profiles are not publicly visible and not accessible.
• Two-factor authentication: Two-factor authentication provides an additional security layer for your user account and ensures that only you can access your account, even if someone else knows your password. For this purpose, in addition to your password, you must complete another authentication step (for example enter a code sent to a mobile device). We will inform you about the procedure we use; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
• Deletion of data after termination: If users terminate their user account, their data relating to the user account will be deleted, subject to legal permission, obligation, or users’ consent; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
• No retention obligation for data: It is the users’ responsibility to back up their data before the end of the contract if they terminate their account. We are entitled to irretrievably delete all data stored by the user during the term of the contract; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Single Sign-On login

“Single Sign-On” or “Single Sign-On login/authentication” refers to procedures that allow users to log in to our online offering using a user account with a Single Sign-On provider (for example a social network). A prerequisite for Single Sign-On authentication is that users are registered with the respective Single Sign-On provider and enter the required login data in the designated online form, or are already logged in with the Single Sign-On provider and confirm Single Sign-On login via a button.

Authentication takes place directly with the respective Single Sign-On provider. As part of such authentication, we receive a user ID with the information that the user is logged in with the respective Single Sign-On provider under this user ID, and an ID that cannot be used by us for other purposes (so-called “user handle”). Whether additional data is transmitted to us depends solely on the Single Sign-On procedure used, the data releases selected during authentication, and which data users have approved in the privacy or other settings of their user account with the Single Sign-On provider. Depending on the provider and users’ choices, different data may be involved, usually the email address and username. The password entered with the Single Sign-On provider as part of the Single Sign-On procedure is neither visible to us nor stored by us.

Users are asked to note that the information stored with us may be automatically compared with their user account at the Single Sign-On provider. However, this is not always possible or actually occurs. If, for example, users’ email addresses change, they must update them manually in their user account with us.

We may use Single Sign-On login, if agreed with users, as part of or prior to contract performance, provided users have been asked to do so, process it on the basis of consent, and otherwise use it on the basis of our legitimate interests and the interests of users in an effective and secure login system.

If users decide that they no longer want to use the link between their user account with the Single Sign-On provider for Single Sign-On, they must remove this connection within their user account with the Single Sign-On provider. If users want their data deleted with us, they must terminate their registration with us.

• Types of data processed: Inventory data (for example full name, residential address, contact information, customer number, etc.); Contact data (for example postal and email addresses or telephone numbers); Usage data (for example page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (for example IP addresses, time data, identification numbers, involved persons).
• Data subjects: Users (for example website visitors, users of online services).
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Login procedures. Provision of our online offering and usability.
• Retention and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”. Deletion after termination.
• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Additional information on processing operations, procedures, and services:

• Google Single Sign-On: Authentication services for user logins, provision of Single Sign-On functions, management of identity information and application integrations; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.google.de; Privacy Policy: https://policies.google.com/privacy; Third-country transfer basis: Data Privacy Framework (DPF). Opt-out option: Settings for the display of ads: https://myadcenter.google.com/.

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers’ data is processed for the purposes of the publication medium only to the extent necessary for its presentation and for communication between authors and readers, or for reasons of security. Otherwise, we refer to the information on the processing of visitors to our publication medium within the scope of this privacy policy.

• Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts as well as information relating to them, such as details of authorship or time of creation); Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Feedback (e.g. collecting feedback via an online form). Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Contact and inquiry management

When contacting us (e.g. by post, contact form, email, telephone or via social media) as well as within the scope of existing user and business relationships, the information provided by the inquiring persons is processed insofar as this is necessary to answer the contact requests and any requested measures.

• Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts as well as information relating to them, such as details of authorship or time of creation); Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
• Data subjects: Communication partners.
• Purposes of processing: Communication; organisational and administrative procedures; feedback (e.g. collecting feedback via an online form). Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR). Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Further information on processing operations, procedures and services:

• Contact form: When contacting us via our contact form, by email or via other communication channels, we process the personal data transmitted to us in order to respond to and handle the respective request. This usually includes details such as name, contact information and, where applicable, further information that is provided to us and is required for appropriate processing. We use this data exclusively for the stated purpose of contacting and communicating; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Newsletters and electronic notifications

We send newsletters, emails and other electronic notifications (hereinafter "newsletter") only with the recipients’ consent or on the basis of a legal permission. If the content of the newsletter is specified when registering for the newsletter, this content is decisive for the users’ consent. For registration for our newsletter, providing your email address is usually sufficient. However, in order to offer you a personalised service, we may ask you to provide your name for personal addressing in the newsletter or further information, if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove that consent was previously given. The processing of this data is restricted to the purpose of a potential defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a suppression list (so-called "blocklist").

The logging of the registration procedure is carried out on the basis of our legitimate interests for the purpose of proving its proper procedure. If we commission a service provider with sending emails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.

"Information about our software services, updates to Seed-Packs as well as system notifications and invoicing processes."

• Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or telephone numbers). Meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
• Data subjects: Communication partners.
• Purposes of processing: Direct marketing (e.g. by email or post).
• Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR).
• Right to object (opt-out): You can cancel receipt of our newsletter at any time, i.e. withdraw your consent(s) or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the contact options given above, preferably email.

Web analytics, monitoring and optimisation

Web analytics (also referred to as “reach measurement”) is used to evaluate visitor flows of our online offering and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognise at what time our online offering or its functions or content are used most frequently, or invite reuse. Likewise, it enables us to understand which areas require optimisation.

In addition to web analytics, we may also use testing procedures in order to test and optimise, for example, different versions of our online offering or its components.

Unless otherwise stated below, for these purposes profiles (i.e. data combined for a usage process) may be created and information may be stored in a browser or on an end device and then read out. The information collected includes in particular visited websites and elements used there, as well as technical information, such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data vis-à-vis us or vis-à-vis the providers of the services we use, the processing of location data is also possible.

In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored within the scope of web analytics, A/B testing and optimisation, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of users, but only the information stored in their profiles for the purpose of the respective procedures.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

• Types of data processed: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g. access statistics, recognition of recurring visitors); profiles with user-related information (creating user profiles). Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for a period of two years).
• Security measures: IP masking (pseudonymisation of the IP address).
• Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

• Google Analytics: We use Google Analytics to measure and analyse the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to an end device in order to recognise which content users have accessed within one or several usage processes, which search terms they have used, accessed again or how they have interacted with our online offering. In addition, the time of use and its duration, the sources of users that refer to our online offering, and technical aspects of their end devices and browsers are stored.
  Pseudonymous profiles of users are created with information from the use of different devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. Analytics does, however, provide coarse geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU data traffic, the IP address data is used exclusively for this derivation of geolocation data before it is immediately deleted. It is not logged, is not accessible and is not used for any further purposes. When Google Analytics collects measurement data, all IP lookups are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymisation of the IP address); Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying ads: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).
• Google Tag Manager: We use Google Tag Manager, a Google software that allows us to manage so-called website tags centrally via a user interface. Tags are small code elements on our website that are used to record and analyse visitor activities. This technology helps us improve our website and the content offered on it. Google Tag Manager itself does not create user profiles, does not store cookies with user profiles and does not carry out any independent analyses. Its function is limited to simplifying and making more efficient the integration and management of tools and services that we use on our website. Nevertheless, when Google Tag Manager is used, the IP address of users is transmitted to Google, which is technically necessary to implement the services we use. Cookies may also be set in the process. However, this data processing only takes place when services are integrated via the Tag Manager. For more detailed information on these services and their data processing, we refer to the further sections of this privacy policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Data processing agreement:
  https://business.safety.google/adsprocessorterms. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms).

Online marketing

We process personal data for the purpose of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively "content") based on users’ potential interests as well as measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called "cookie") or similar procedures are used by means of which the information relevant to the display of the aforementioned content about the user is stored. This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical details, such as the browser used, the computer system used as well as information on usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

In addition, users’ IP addresses are stored. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored within the scope of the online marketing procedure, but rather pseudonyms. This means that neither we nor the providers of the online marketing procedures know the actual identity of users, but only the information stored in their profiles.

The statements in the profiles are generally stored in cookies or via similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure and analysed for the purpose of displaying content, supplemented with further data and stored on the server of the online marketing procedure provider.

By way of exception, it is possible to assign clear data to the profiles, primarily if users are, for example, members of a social network whose online marketing procedure we use and the network links the user profiles with the aforementioned information. Please note that users can make additional arrangements with providers, e.g. by giving consent within the scope of registration.

As a rule, we only receive access to aggregated information about the success of our advertisements. However, within the scope of so-called conversion measurement, we can check which of our online marketing procedures has led to a so-called conversion, i.e. for example, to a contract being concluded with us. Conversion measurement is used solely for success analysis of our marketing measures.

Unless otherwise stated, please assume that cookies used are stored for a period of two years.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for processing is permission. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Notes on withdrawal and objection:

We refer to the privacy notices of the respective providers and the objection options (so-called "opt-out") specified for the providers. If no explicit opt-out option has been specified, you can deactivate cookies in your browser settings. However, this may restrict functions of our online offering. We therefore additionally recommend the following opt-out options, which are offered in summary for the respective regions:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://youradchoices.ca/.

c) USA: https://optout.aboutads.info/.

d) Cross-region: https://optout.aboutads.info.

• Types of data processed: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g. access statistics, recognition of recurring visitors); tracking (e.g. interest/behaviour-based profiling, use of cookies); audience building; marketing; profiles with user-related information (creating user profiles). Conversion measurement (measuring the effectiveness of marketing measures).
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for a period of two years).
• Security measures: IP masking (pseudonymisation of the IP address).
• Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

• Google Ads and conversion measurement: Online marketing procedure for the purpose of placing content and advertisements within the service provider’s advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the advertisements. In addition, we measure the conversion of the advertisements, i.e. whether users have used them as an occasion to interact with the advertisements and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing terms between controllers and Standard Contractual Clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms.
• Google Adsense with personalised ads: We integrate the Google Adsense service, which makes it possible to place personalised ads within our online offering. Google Adsense analyses user behaviour and uses this data to deliver targeted advertising tailored to the interests of our visitors. We receive financial remuneration for each ad placement or other uses of these ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing conditions between controllers and Standard Contractual Clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms.
• Google Adsense with non-personalised ads: We use the Google Adsense service to display non-personalised ads in our online offering. These ads are not based on individual user behaviour, but are selected based on general characteristics such as the page content or your approximate geographic location. We receive remuneration for the display or other use of these ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing conditions between controllers and Standard Contractual Clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms.
• LinkedIn Insight Tag: Code that is loaded when a user visits our online offering and tracks the user’s behaviour and conversions and stores them in a profile (possible purposes: measuring campaign performance, optimising ad delivery, building custom and similar audiences); Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy, Cookie policy: https://www.linkedin.com/legal/cookie_policy; Data processing agreement: https://www.linkedin.com/legal/l/dpa; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Customer Reviews and Rating Procedures

We participate in review and rating procedures in order to evaluate, optimize and promote our services. If users rate us via the rating platforms or procedures involved or otherwise provide feedback, the general terms and conditions or terms of use and the privacy notices of the respective providers also apply. As a rule, submitting a rating also requires registration with the respective providers.

To ensure that the persons submitting ratings have actually used our services, we transmit, with the customers’ consent, the data required for this purpose relating to the customer and the service used to the respective rating platform (including name, email address and order number or item number). This data is used solely to verify the authenticity of the user.

• Types of data processed: Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
• Data subjects: Service recipients and clients. Users (e.g. website visitors, users of online services).
• Purposes of processing: Feedback (e.g. collecting feedback via online form). Marketing.
• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR). Consent (Art. 6(1) sentence 1 lit. a GDPR).

Further information on processing operations, procedures and services:

• Rating widget: We integrate so-called “rating widgets” into our online offering. A widget is a functional and content element integrated into our online offering that displays changing information. It can, for example, be displayed in the form of a seal or comparable element, sometimes also called a “badge”. While the relevant widget content is displayed within our online offering, it is retrieved at that moment from the servers of the respective widget provider. Only in this way can the content always be displayed up to date, in particular the current rating. For this purpose, a data connection must be established from the website accessed within our online offering to the server of the widget provider and the widget provider receives certain technical data (access data, including IP address) which is necessary so that the widget content can be delivered to the user’s browser. In addition, the widget provider receives information that users have visited our online offering. This information may be stored in a cookie and used by the widget provider to recognize which online offerings participating in the rating procedure have been visited by the user. The information can be stored in a user profile and used for advertising or market research purposes; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
• Trusted Shops (Trustedbadge): Rating platform – Within the framework of the joint controllership existing between us and Trusted Shops, please contact Trusted Shops preferably for data protection questions and to assert your rights, using the contact options stated in their data protection information. However, independently of this, you may always contact the controller of your choice. Your request will then, if necessary, be forwarded to the other controller for answering.
  
  The Trustbadge is provided by a US-based CDN provider (Content Delivery Network). An adequate level of data protection is ensured by Standard Contractual Clauses and additional contractual measures.
  When the Trustbadge is accessed, the web server automatically stores a so-called server log file, which also contains your IP address, the date and time of access, the volume of data transferred, and the requesting provider (access data), and documents the retrieval. The IP address is anonymized immediately after collection so that the stored data cannot be attributed to you personally. The anonymized data is used in particular for statistical purposes and for error analysis.
  
  If you have given your consent, the Trustbadge accesses order information stored in your end device after the order has been completed (order amount, order number, possibly purchased product) as well as the email address, and your email address is hashed using a cryptological one-way function. The hash value is then transmitted together with the order information to Trusted Shops pursuant to Art. 6(1) sentence 1 lit. a GDPR. This serves to check whether you are already registered for Trusted Shops services. If this is the case, further processing takes place in accordance with the contractual agreement concluded between you and Trusted Shops. If you are not yet registered for the services or do not give consent to automatic recognition via the Trustbadge, you will subsequently have the option to register manually for the use of the services or to complete the protection within your possibly existing user contract.
  
  For this purpose, after completion of your order, the Trustbadge accesses the following information stored on the end device you use: order amount, order number and email address. This is necessary so that we can offer you buyer protection. Data is only transmitted to Trusted Shops if you actively decide to conclude buyer protection by clicking the corresponding button in the so-called Trustcard. If you decide to use the services, further processing is based on the contractual agreement with Trusted Shops pursuant to Art. 6(1) lit. b GDPR in order to complete your registration for buyer protection and secure the order, and, if applicable, to send you rating invitations by email afterwards.
  
  Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6(1) lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA through Standard Contractual Clauses and additional contractual measures and in the case of Israel through an adequacy decision.
  ;Service provider: Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany;Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR), Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR);Website: https://www.trustedshops.de.Privacy Policy: https://www.trustedshops.de/impressum-datenschutz/.

Presence in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We point out that user data may be processed outside the European Union. This can result in risks for users because, for example, the enforcement of user rights could be made more difficult.

Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on usage behavior and the resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact us.

• Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., e-mail, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Communication; Marketing; Information about our services and company.
• Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos, or city maps (hereinafter uniformly referred to as "content").

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the display of this content or function. We strive to use only such content whose respective providers use the IP address only to deliver the content.

• Processed data types: Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Inventory data (e.g., names, addresses); Contact data (e.g., e-mail, telephone numbers); Content data (e.g., entries in online forms).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offer and user-friendliness.
• Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Management, Organization, and Auxiliary Tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of management and organization of our business, our administration, and our collaboration.

• Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., e-mail, telephone numbers); Contract data (e.g., subject matter of contract, term, customer category).
• Data subjects: Customers; Interested parties; Business and contractual partners; Employees (e.g., employees, applicants, former employees).
• Purposes of processing: Office and organizational procedures; Administrative and organizational procedures.
• Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Fulfilment of contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR); Legal obligation (Art. 6 (1) (c) GDPR).

Changes and Updates to the Privacy Policy

We ask you to inform yourself regularly about the content of our data protection declaration. We will adjust the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Definitions of Terms

This section provides an overview of the terms used in this privacy policy. Many of the terms are defined by law, especially in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for understanding.

• Personal Data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more special characteristics.
• Controller: The "controller" is the natural or legal person, authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: "Processing" is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Custom Audiences: "Custom Audiences" (target group formation) refers to the determination of target groups for advertising purposes, e.g., display of advertisements. Based on a user's interest in certain products or topics on the Internet, it can be concluded that this user is interested in advertisements for similar products or the online shop in which they viewed the products.

Created with the free data protection generator by Dr. Thomas Schwenke