Privacy policy

With this data protection declaration, we would like to explain to you what types of personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data by us, both in the course of providing our services and, in particular, on our websites, mobile sites and external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are gender-neutral.

Last update: 07.10.2021

Content overview

Introduction
Responsible
Overview of processing operations
Contact Data Protection Officer
Relevant legal bases
Security measures
Transfer and disclosure of personal data
Data processing in third countries
Use of cookies
Business and professional services
Payment service providers
Credit check
Provision of the online offer and web hosting
Making contact
Use of Whatsapp
Newsletter and electronic notifications
Web analysis, monitoring and optimisation
Online marketing
Presence on social networks (social media)
Plugins and integrated functions as well as content
Deletion of data
Changes and updates to the privacy statement
Rights of the persons concerned
Definition of terms
Responsible

The Couple Challenge Book
Kaethe Kollwitz Ufer 39
01307 Dresden
Germany

Owner: Inderjit Kaur

E-mail address: office@thecouplechallengebook.com

Legal notice: thecouplechallengebook.com/policies/legal-notice

Overview of processingThe following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed :

Inventory data (e.g. names, addresses).
Content data (e.g. entries in online forms).
Contact data (e.g. e-mail, telephone numbers).
Metadata/communication data (e.g. device information, IP addresses).
Usage data (e.g. web pages visited, interest in content, access time).
Location data (information on the geographical position of a device or person).
Contractual data (e.g. purpose of the contract, duration, customer category).
Payment data (e.g. bank details, invoices, payment history).
Categories of data subjects:

Business and contractual partners.
Interested parties.
Communication partners.
Customers.
Users (e.g. website visitors, users of online services).
Purposes of processing:

Creditworthiness and credit assessment.
Provision of our online offer and usability.
Evaluation of visiting actions.
Office and organisational procedures.
Cross-device tracking (processing of user data on multiple devices for marketing purposes).
Direct marketing (e.g. by e-mail or post).
Interest- and behaviour-based marketing.
Contact requests and communication.
Conversion measurement (measuring the effectiveness of marketing measures).
Profiling (creation of user profiles).
Remarketing.
Reach measurement (e.g. access statistics, identification of repeat visitors).
Security measures.
Tracking (e.g. interest/behavioural profiling, use of cookies).
Provision of contractual services and customer service.
Managing and responding to requests.
Targeting (determination of relevant target groups for marketing purposes or other content publishing).
Automated case-by-case decisions:

Credit information (decision based on a credit check).
Relevant legal basesIn the following, we inform you about the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your country or in our country of residence and domicile. Should more specific legal bases be relevant in a particular case, we will inform you of these in the data protection declaration.

Consent (Article 6 (1) sentence 1 a. of the GDPR) - The data subject has given his/her consent to the processing of his/her personal data for one or more specific purposes.
Performance of a contract and pre-contractual requests (Art. 6(1)(1)(b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject.
Legal obligation (Art. 6(1), sent. 1, point c. GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Article 6(1) sentence 1 point f. GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail.
Security measuresWe shall take appropriate technical and organisational measures, in accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the degree of threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to data, as well as the access, capture, disclosure, availability and segregation of data. We also have procedures in place to ensure the exercise of data subjects' rights, data erasure and response to data risks. In addition, we take into account the protection of personal data in the development or selection of hardware, software and procedures in accordance with the data protection principle, through technical design and data protection-friendly default settings.

SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can recognise connections encrypted in this way by the prefix https:// in the address line of your browser.

Transfer and disclosure of personal dataIn the context of our processing of personal data, data may be transferred to or disclosed to other departments, companies, legally independent organisational units or persons. Recipients of this data may be, for example, payment institutions in connection with payment transactions, service providers for IT tasks or providers of services and content integrated into a website. In this case, we comply with the legal provisions and, in particular, conclude the corresponding contracts or agreements with the recipients of your data, which serve to protect your data.

Processing of data in third countriesIf we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place within the framework of the use of third-party services or the disclosure or transmission of data to other persons, services or companies, this is done only in accordance with the legal requirements.

Subject to explicit consent or a transfer required by contract or by law, we only process data or have data processed in third countries with a recognised level of data protection, a contractual obligation through standard protection clauses of the European Commission, in the presence of certifications or binding internal data protection provisions (Art. 44 to 49 GDPR, information page of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Use of cookiesCookies are text files that contain data about the sites or domains visited and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after their visit to an online offering. The information stored may include, for example, language settings on a website, login status, a shopping cart or where a video was watched. We also include in the concept of cookies other technologies that perform the same functions as cookies (e.g. where user data is stored using pseudonymous online identifiers, also called "user IDs").

A distinction is made between the following types of cookies and their functions:

Temporary cookies (also known as session cookies): temporary cookies are deleted at the latest after a user has left an online offer and closed the browser.
Permanent cookies: Permanent cookies remain stored even after the browser is closed. They allow, for example, the log-in status to be saved or preferred content to be displayed directly when the user revisits a website. Similarly, user interests used for reach measurement or marketing purposes can be stored in such a cookie.
First-party cookies: First-party cookies are set by us.
Third-party cookies (also called third-party cookies): Third-party cookies are primarily used by advertisers (called third parties) to process user information.
Necessary cookies (also known as essential or strictly necessary cookies): Cookies may be strictly necessary for the operation of a website (for example, to store user IDs or other data entered by the user or for security reasons).
Statistical, marketing and personalisation cookies: In addition, cookies are generally used for audience measurement and when a user's interests or behaviour (e.g. viewing certain content, using functions, etc.) on individual web pages are recorded in a user profile. Such profiles are used, for example, to display content to users that matches their potential interests. This process is also known as "tracking", i.e. tracking the potential interests of users. If we use cookies or tracking technologies, we will inform you separately in our data protection declaration or as part of the consent form.
Notes on legal basis: The legal basis on which we process your personal data with the help of cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. the commercial exploitation of our online offer and its improvement) or, if the use of cookies is necessary, to fulfil our contractual obligations.

Storage period: As we do not provide you with explicit information about the storage period of permanent cookies (e.g. in the context of an opt-in cookie), please consider that the storage period can be up to two years.

General information on revocation and objection (opt-out): Depending on whether processing is carried out on the basis of consent or legal authorisation, you have the possibility at any time to revoke a given consent or to object to the processing of your data by cookie technologies (collectively referred to as "opt-out"). You can first declare your objection by means of your browser settings, for example by deactivating the use of cookies (which may also limit the functioning of our online offer). An objection to the use of cookies for online marketing purposes can also be declared by means of a large number of services, particularly in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further information on how to object to the use of cookies and service providers.

Processing of cookie data on the basis of consent: Before we process data or have data processed in connection with the use of cookies, we ask users for consent that can be revoked at any time. As long as consent has not been given, we only use cookies that are absolutely necessary for the operation of our online service.

Settings/opt-out option for cookies :

Types of data processed: Usage data (e.g. web pages visited, interest in content, access time), metadata/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. visitors to websites, users of online services).
Legal basis: Consent (Art. 6 para. 1 sentence 1 point a. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f. GDPR).
Commercial and business servicesWe process the data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the scope of contractual and comparable legal relationships as well as related measures and within the scope of communication with contractual partners (or pre-contractual), e.g. in order to respond to requests.

We process this data to fulfil our contractual obligations, to safeguard our rights and for the purposes of data-related administrative tasks and company organisation. We only pass on data of contractual partners to third parties within the scope of the applicable law, insofar as this is necessary for the above-mentioned purposes or for the fulfilment of legal obligations, or with the consent of the persons concerned (e.g. to the telecommunication, transport and other ancillary services involved, as well as to subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners are informed about other forms of processing, for example for marketing purposes, in the context of this data protection declaration.

We inform our contractual partners which data is required for the above-mentioned purposes before or in the course of data collection, for example in online forms, by means of special marking (e.g. colours) or symbols (e.g. asterisks or similar), or personally.

We delete data after the expiry of legal warranty obligations and comparable obligations, i.e. in principle after the expiry of a period of 4 years, unless the data is stored in a customer account, for example, as long as it has to be kept for legal archiving reasons (e.g. for tax purposes, as a rule 10 years). We will delete data disclosed to us by the contractual partner in connection with an order in accordance with the requirements of the order, in principle after the order has been completed.

Insofar as we use third-party suppliers or platforms to provide our services, the general terms and conditions and data protection information of the relevant third-party suppliers or platforms shall apply in the relationship between users and suppliers.

Customer account: Contractual partners may create an account within our online offering (e.g. customer account or user account, in short "customer account"). If the registration of a customer account is necessary, the contractual partners will be informed of this and of the data required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration and subsequent registration and use of the customer account, we record the IP addresses of the customers as well as the access times in order to be able to prove the registration and to prevent possible abuse of the customer account.

When customers terminate their customer account, the account data is deleted, unless it is required to be retained for legal reasons. Customers are responsible for backing up their data when they terminate their account.

Business and market analyses: For business management purposes and in order to be able to identify market trends and the wishes of contractual partners and users, we analyse the data available to us on business transactions, contracts, enquiries, etc. The group of persons concerned may include contractual partners, interested parties, customers, visitors and users of our online offer.

The analyses are carried out for the purposes of economic evaluation, marketing and market research (e.g. to determine customer groups with different characteristics). Within this framework, we may take into account the profiles of registered users, including their data, e.g. the services used. The analyses are only used by us and are not disclosed to third parties, unless they are anonymous analyses with aggregated, and therefore anonymous, values. In addition, we take the privacy of users into account and process data for analysis purposes as pseudonymously as possible and, where possible, anonymously (e.g. as aggregated data).

Payment service providersIn the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the persons concerned efficient and secure payment options and use other payment service providers (collectively "payment service providers") in addition to banks and credit institutions for this purpose.

The data processed by the Payment Service Providers includes inventory data, such as name and address, bank data, such as account or credit card numbers, passwords, TAN numbers and checksums, as well as contract, total and recipient information. This information is required to complete transactions. However, the data entered is only processed by the payment service providers and stored with them. This means that we do not receive account or credit card information, but only information with or without confirmation of payment. Under certain circumstances, data is passed on by payment service providers to credit bureaus. The purpose of this transmission is to check identity and creditworthiness. We refer to the general terms and conditions and the data protection information of the payment service providers in this regard.

Payment transactions are subject to the general terms and conditions and data protection information of the respective payment service providers, which can be found on the respective websites or transaction applications. We also refer to these for further information and to assert the rights of revocation, information and other rights of the persons concerned.

Types of data processed: Basic data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contractual data (e.g. purpose of contract, duration, customer category), usage data (e.g. web pages visited, interest in content, access time), metadata/communication data (e.g. device information, IP addresses).
Data subjects: Customers, interested parties.
Purposes of processing: Provision of contractual services and customer service.
Legal basis: Contractual performance and pre-contractual requests (Art. 6 para. 1 sentence 1 point b. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f. GDPR).
Services and service providers used:

PayPal: payment services and solutions (e.g. PayPal, PayPal Plus, Braintree); service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; website: https://www.paypal.com/de; privacy statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Insofar as we act in advance or take comparable economic risks (e.g. in the case of orders against invoice), we reserve the right, in order to safeguard our legitimate interests, to request information on identity and creditworthiness from service companies specialising in this area (credit bureaus) in order to assess the credit risk on the basis of mathematical and statistical procedures.

We process the information received from the credit bureaus on the statistical probability of default in an appropriate discretionary decision regarding the establishment, performance and termination of the contractual relationship. In the event of a negative credit check, we reserve the right to refuse payment on account or other advance payments.

The decision as to whether or not to provide an advance payment is taken, in accordance with Article 22 of the GDPR, solely on the basis of a case-by-case automated decision made by our software on the basis of the information provided by the credit bureau.

Insofar as we request explicit consent from contractual partners, the legal basis for credit information and the transmission of customer data to intelligence agencies is consent. If no consent is requested, the credit information is based on our legitimate interests in the security of our payment claims.

Types of data processed: Basic data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. purpose of contract, duration, customer category).
Data subjects: Customers, interested parties.
Purposes of processing: Assessment of creditworthiness and credit.
Legal basis: Consent (Art. 6 para. 1 sentence 1 point a. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f. GDPR).
Automated decisions in individual cases: information on creditworthiness (decision based on a credit check).
Services used and service providers:

Union of Creditreform e.V. associations: credit assessment agency; service provider: Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss, Germany; website: https://www.creditreform.de/; data protection declaration: https://www.creditreform.de/datenschutz.
Provision of the online offer and web hostingIn order to be able to provide our online offer in a secure and efficient manner, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security and technical maintenance services.

The data processed in the context of the provision of the hosting service may include all data relating to the users of our online service that is generated in the course of use and communication. This regularly includes the IP address, which is required to deliver the contents of the online services to browsers, and all entries made within our online services or web pages.

Sending and hosting e-mails: The hosting services we use also include the sending, receiving and storing of e-mails. For these purposes, we process the addresses of the recipients and senders as well as other information regarding the sending of e-mails (e.g. the relevant service providers) and the content of each e-mail. The above-mentioned data may also be processed for the purpose of detecting SPAM. Please note that e-mails sent over the Internet are not encrypted in principle. As a rule, e-mails are encrypted during transport, but not on the servers from which they are sent and received (insofar as no end-to-end encryption method is used). We cannot therefore assume responsibility for the transmission path of e-mails between the sender and the receiver on our server.

Collection of access data and log files: We (or our web hosting provider) collect data about each access to the server (called server log files). Server log files may include the address and name of web pages and files accessed, the date and time of the access, the amount of data transmitted, notification of successful access, browser type and version, the user's operating system, the referring URL (the page previously visited), and generally IP addresses and the access provider.

Server log files can be used for security purposes, for example to prevent server overload (e.g. in the event of abusive attacks, so-called DDoS attacks) and to ensure server load and stability.

Types of data processed : Content data (e.g. entries in online forms), usage data (e.g. web pages visited, interest in content, access time), metadata/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. visitors to websites, users of online services).
Legal basis: Legitimate interests (Art. 6, para. 1, sentence 1, point f. GDPR).
Contacting usWhen you contact us (e.g. via a contact form, e-mail, telephone or via social media), we process the data of the persons contacting us to the extent necessary to respond to the contact requests and possible actions requested.

Responding to contact requests in the context of contractual or pre-contractual relationships takes place in order to fulfil our contractual obligations or to respond to (pre-)contractual requests and, furthermore, on the basis of legitimate interests in responding to the requests.

Types of data processed: master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. web pages visited, interest in content, access time), metadata/communication data (e.g. device information, IP addresses).
Data subjects: Communication partners, interested persons.
Purposes of processing: contact and communication requests, management and response to requests.
Legal basis: performance of a contract and pre-contractual requests (Art. 6 para 1 sentence 1 point b. GDPR), legitimate interests (Art. 6 para 1 sentence 1 point f. GDPR).
Use of WhatsAppWhatsApp is a messaging service of Facebook. The company's registered office is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. WhastApp is a member of the US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG&status=Active and can therefore, in accordance with Article 45 of the GDPR, process personal data in the US. We answer your questions through our WhatsApp support. If you wish to receive support, we require a valid mobile phone number and information that allows us to verify that you are the owner of the specified mobile phone number or that the owner of the mobile phone agrees to receive the service. When you register for support, we will record your first name, last name, mobile phone number and the date you registered for support as stored in your WhatsApp account. This registration serves to prove your registration, to implement the support and to exclude possible abuse by third parties. No other data is collected. The mentioned data will only be used for the mentioned purposes and will not be passed on to third parties. You can revoke your consent to the storage of the data and the mobile phone number at any time. The revocation can be made by WhatsApp message or by e-mail to the contact details given in the imprint. https://www.whatsapp.com/legal/#privacy-policy

Newsletter and electronic notificationsWe send newsletters, e-mails and other electronic notifications (hereinafter referred to as "newsletter") only with the consent of the recipients or with legal authorization. Insofar as the content of the newsletter is specifically described in the context of a subscription, this is decisive for the consent of the users. In addition, our newsletters contain information about our services and about us.

In order to subscribe to our newsletters, it is usually sufficient to enter your e-mail address. However, we may ask you to provide a name in order to address you personally in the newsletter, or other information if this is necessary for the purpose of the newsletter.

Double opt-in procedure: Subscription to our newsletter is in principle a double opt-in procedure. This means that after you have registered, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to ensure that no one can register with foreign e-mail addresses. Newsletter registrations are recorded in order to be able to prove the registration process in accordance with legal requirements. This includes recording the time of registration and confirmation as well as the IP address. Changes to your data stored with the sending service provider are also recorded.

Deletion and limitation of processing: We may retain unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests, before deleting them to prove previously given consent. The processing of such data will be limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the existence of a previous consent is confirmed. In the event of a permanent obligation to comply with objections, we reserve the right to store the e-mail address in a blocking list (so-called "black list") solely for this purpose.

The registration process is recorded on the basis of our legitimate interests for the purpose of proving that the registration process has been carried out correctly. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure delivery system.

Notes on the legal basis: The sending of newsletters is carried out on the basis of the consent of the recipients or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and insofar as this is permitted by law, for example in the case of prospecting existing customers. If we commission a service provider to send e-mails, we do so on the basis of our legitimate interests. The registration procedure is recorded on the basis of our legitimate interests in order to prove that it was carried out in accordance with the law.

Content: Information about us, our services, our actions and our offers.

Analysis and measurement of success: The newsletters contain a so-called "web beacon", i.e. a pixel-sized file which is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from the server of the latter. As part of this call, technical information, such as browser and system information, as well as your IP address and the time of the call, is first collected.

This information is used for the technical improvement of our newsletter with the help of technical data or target groups and their reading behaviour on the basis of their location (which can be determined with the help of the IP address) or access times. This analysis also includes determining whether and when newsletters were opened and which links were clicked. For technical reasons, this information can be allocated to individual newsletter recipients. However, neither we nor, if we use it, the sending service provider, intend to observe individual users. Instead, we use the evaluations to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The evaluation of the newsletter and the measurement of success are carried out, subject to the explicit consent of the user, on the basis of our legitimate interests in using a user-friendly and secure newsletter system that serves our business interests and at the same time meets the expectations of the users.

A separate revocation of the success measure is unfortunately not possible, in which case the entire newsletter subscription must be terminated or revoked.

Types of data processed: master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), metadata/communication data (e.g. device information, IP addresses), usage data (e.g. web pages visited, interest in content, access time).
Data subjects: Communication partners.
Purposes of processing: Direct marketing (e.g. by e-mail or post).
Legal basis: consent (Art. 6 para. 1 sentence 1 point a. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f. GDPR).
Opt-out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter at the end of each newsletter or you can use one of the contact options listed above, preferably by e-mail.
Services used and service providers :

Activecampaign: email marketing platform; service provider: Activecampaign,
1 North Dearborn Street, 5th floor. Chicago, Illinois (USA) 60602; Website: https://www.activecampaign.com Privacy Statement: https://www.activecampaign.com/de/legal/privacy-policy
Online MarketingWe process personal data for online marketing purposes, which may include, but are not limited to, the marketing of advertising space or the presentation of advertising and other content (collectively, "content") based on the potential interests of users and the measurement of its effectiveness.

For these purposes, user profiles are created and stored in a file (referred to as a "cookie") or similar procedures are used, by means of which relevant user data is stored for the presentation of the aforementioned content. This data may include, for example, the content accessed, the web pages visited, the online networks used, but also the communication partners and technical data, such as the browser and computer system used, as well as data relating to the times of use. If users have consented to the collection of their location data, this may also be processed.

Users' IP addresses are also recorded. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. In general, clear user data (such as e-mail addresses or names) are not stored as part of the online marketing process, but pseudonyms. This means that we and the providers of the online marketing procedures do not know the real identity of the users, but only the data stored in their profiles.

The information contained in the profiles is usually stored in cookies or similar processes. These cookies can be read later on by other websites that use the same online marketing process and can be analysed for content presentation purposes and supplemented with other data and stored on the server of the online marketing process provider.

In exceptional cases, clear data can be assigned to profiles. This is the case, for example, when users are members of a social network whose online marketing procedure we use and the network associates the user profiles with the above-mentioned data. Please note that users can make additional agreements with providers, for example by giving their consent as part of the registration process.

In principle, we only have access to aggregated information about the success of our advertisements. However, within the framework of so-called conversion measures, we can check which of our online marketing procedures have led to a conversion, i.e., for example, to the conclusion of a contract with us. The conversion measure is used solely to analyse the success of our marketing measures.

Unless otherwise stated, we ask you to assume that the cookies used are stored for a period of two years.

Notes on legal basis: If we ask users to consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. the interest in providing efficient, cost-effective and appropriate services to the recipients). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy statement.

Facebook pixel: With the help of the Facebook pixel, Facebook is able to identify visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook Pixel to display the Facebook Ads we have placed only to users of Facebook and the services of partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offer or who have certain characteristics (e.g. an interest in certain topics or products, which are visible on the basis of the web pages visited) that we pass on to Facebook (so-called "Custom Audiences"). With the help of the Facebook Pixel, we also want to make sure that our Facebook Ads match the potential interest of the users and are not harassing. The Facebook Pixel also allows us to track the effectiveness of Facebook Ads for statistical and market research purposes, by seeing whether users have been redirected to our website after clicking on a Facebook Ad (so-called "conversion measurement").

Types of data processed: Usage data (e.g. web pages visited, interest in content, access time), metadata/communication data (e.g. device information, IP addresses), location data (information about the geographical position of a device or person).
Data subjects: Users (e.g. website visitors, users of online services), interested parties.
Purposes of processing: Tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, evaluation of visiting actions, interest and behavioural marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (e.g. access statistics, identification of visitors). Reach measurement (e.g. access statistics, identification of repeat visitors), target group creation (determination of relevant target groups for marketing purposes or other content editing), cross-device tracking (processing of user data on multiple devices for marketing purposes).
Security measures: IP masking (pseudonymisation of the IP address).
Legal basis: Consent (Art. 6(1) sentence 1(a) GDPR), legitimate interests (Art. 6(1) sentence 1(f) GDPR).
Opt-out possibilities: We refer to the data protection information of the respective providers and the indicated opt-out possibilities for the providers (so-called "opt-out"). If no explicit opt-out options are given, you have the option of deactivating cookies in your browser settings. However, this may limit the functions of our online offer. Therefore, we also recommend the following opt-out options, which are summarised for the respective territories:a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) United States: https://www.aboutads.info/choices.

d) For all territories: https://optout.aboutads.info.
Services and service providers used :

Google Tag Manager: Google Tag Manager is a solution that allows us to manage website tags via an interface and thus integrate other services into our online offering. The tag manager itself (which implements the tags) does not process the personal data of users. With regard to the processing of users' personal data, we refer to the following information on Google services. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; privacy statement: https://policies.google.com/privacy.
Google Analytics: online marketing and web analytics; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com/intl/de/about/analytics/; privacy statement: https://policies.google.com/privacy; opt-out possibility: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, ad display settings: https://adssettings.google.com/authenticated.
Google Ads and conversion measurement: We use the online marketing process "Google Ads" to place ads on the Google advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in those ads. We also measure the conversion of ads. However, we only know the total anonymous number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not receive any personally identifiable information. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; privacy statement: https://policies.google.com/privacy.
Google Ad Manager: We use the "Google Marketing Platform" (and services such as "Google Ad Manager") to place ads on Google's advertising network (e.g., in search results, in videos, on web pages, etc.). A feature of the Google Marketing Platform is that ads are displayed in real time based on users' presumed interests. This allows us to display ads for and within our online offering in a more targeted manner, so that users are only shown ads that potentially match their interests. If, for example, a user is shown ads for products that they were interested in on other online offerings, this is known as "remarketing". Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; privacy statement: https://policies.google.com/privacy.
Facebook Pixel: Service provider: https://www.facebook.com, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; data protection statement: https://www.facebook.com/about/privacy; opt-out possibility: https://www.facebook.com/settings?tab=ads.
We maintain online presences in social networks and process user data in order to communicate with users active on these networks or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users, for example because the enforcement of users' rights may be made more difficult.

In addition, user data from social networks are generally processed for market research and advertising purposes. Thus, usage profiles can be created on the basis of usage behaviour and the resulting interests of users. The usage profiles can in turn be used, for example, to serve advertisements inside and outside the networks, which are supposed to match the interests of the users. For these purposes, cookies are usually stored on users' computers, in which the usage behaviour and interests of users are recorded. In addition, data may also be stored in usage profiles regardless of the devices used by the users (in particular when users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the possibilities of opposition (opt-out), we refer to the data protection declarations and information of the operators of the respective networks.

We would also like to point out that enquiries and the exercise of rights of the data subjects can be made most effectively with the providers. Only the providers have access to user data and can take appropriate action and provide information directly. If you nevertheless need help, you can contact us.

Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. web pages visited, interest in content, access time), metadata/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, audience measurement (e.g. access statistics, identification of repeat visitors).
Legal basis: Legitimate interests (Art. 6, para. 1, sentence 1, point f. GDPR).
Services used and service providers:

Instagram: social network; service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; website: https://www.instagram.com; privacy statement: https://instagram.com/about/legal/privacy.
Facebook: social network; service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; privacy statement: https://www.facebook.com/about/privacy; opt-out possibility: settings for advertisements: https://www.facebook.com/settings?tab=ads; additional data protection information: agreement on joint processing of personal data on Facebook pages:

https://www.facebook.com/legal/terms/page_controller_addendum; Data protection information for Facebook pages:

https://www.facebook.com/legal/terms/information_about_page_insights_data.
LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; privacy statement: https://www.linkedin.com/legal/privacy-policy; opt-out possibility: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Twitter: social network; service provider: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; privacy statement: https://twitter.com/de/privacy, (settings) https://twitter.com/personalization.
YouTube: Social Network; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Statement:

https://policies.google.com/privacy; opt-out facility:

https://adssettings.google.com/authenticated.
Xing: social network; service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; website: https://www.xing.de; privacy statement: https://privacy.xing.com/de/datenschutzerklaerung.
Plugins and integrated functions and contentWe integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may include, for example, graphics, videos or social media buttons as well as contributions (hereinafter referred to generically as "content").

The integration always assumes that the third-party providers of such content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the presentation of these contents or functions. We endeavour to use only content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use "pixel tags" (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags make it possible to evaluate information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring web pages, the time of the visit and other information about the use of our online offer, but may also be linked to such information from other sources.

Notes on legal basis: Insofar as we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. the interest in providing efficient, cost-effective and appropriate services to the recipients). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy statement.

Types of data processed : Usage data (e.g. web pages visited, interest in content, access time), metadata/communication data (e.g. device information, IP addresses), location data (indications of the geographical position of a device or person), content data (e.g. entries in online forms), master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers).
Data subjects: Users (e.g. website visitors, users of online services), communication partners.
Purposes of processing: Provision of our online offer and user-friendliness, provision of contractual services and customer service, contact requests and communication, monitoring (e.g. interest/behavioural profiling, use of cookies), interest and behavioural marketing, profiling (creation of user profiles), security measures, administration and answering requests.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 point f. GDPR), consent (Art. 6 para. 1 sentence 1 point a. GDPR), performance of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 point b. GDPR).
Services used and service providers:

Facebook plugins and content: Facebook social plugins and content - This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Facebook. The list and appearance of Facebook's social plugins can be found here: https://developers.facebook.com/docs/plugins/; service provider: https://www.facebook.com, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; privacy statement: https://www.facebook.com/about/privacy; opt-out possibility: settings for ads: https://www.facebook.com/settings?tab=ads.
Google Fonts: We integrate fonts ("Google Fonts") from the Google provider, whereby user data is used solely for the purpose of displaying the fonts in the user's browser. The integration is carried out on the basis of our legitimate interests in the technically secure, maintenance-free and efficient use of the fonts, in their uniform representation and in consideration of any licensing restrictions for their integration. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://fonts.google.com/; privacy statement: https://policies.google.com/privacy.
ReCaptcha: We integrate the "ReCaptcha" function to recognise robots, e.g. when entering online forms. User behavioural data (e.g. mouse movements or queries) is evaluated in order to distinguish between people and bots. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.google.com/recaptcha/; data protection declaration: https://policies.google.com/privacy; opt-out possibility: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, ad display settings: https://adssettings.google.com/authenticated.
YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.youtube.com; data protection statement: https://policies.google.com/privacy; opt-out possibility: opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, advertising settings: https://adssettings.google.com/authenticated.
Wordfence: We have integrated Wordfence on this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter Wordfence). Wordfence is used to protect our website against unwanted access or malicious cyber attacks. For this purpose, our website establishes a permanent connection with Wordfence's servers so that Wordfence can compare its databases with the accesses to our website and block them if necessary. The use of Wordfence is based on Article 6, paragraph 1, point f of the GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyber attacks. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; the consent can be revoked at any time. The transfer of data to the US is based on the European Commission's standard contractual clauses. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/. Conclusion of an order processing contract We have concluded an order processing contract with Wordfence. This is a contract prescribed by data protection legislation, which ensures that Wordfence processes the personal data of visitors to our website only in accordance with our instructions and in compliance with the GDPR.
Vimeo: This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages with a Vimeo video, a connection is established with the Vimeo servers. The Vimeo server is then informed of the pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or if you do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the United States. If you are logged into your Vimeo account, you allow Vimeo to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account. To recognize website visitors, Vimeo uses cookies or comparable recognition technologies (e.g., device fingerprinting). The use of Vimeo takes place in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; the consent can be withdrawn at any time. 11 / 14 The transfer of data to the United States is based on the European Commission's standard contractual clauses as well as, according to Vimeo, on "legitimate business interests". Details can be found here: https://vimeo.com/privacy. Further information on the processing of user data can be found in Vimeo's data protection declaration at: https://vimeo.com/privacy.
Calendly: You can book an appointment on our website. For the request and selection of an appointment, we use the online calendar "Calendly". "Calendly" is an offering of Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States. When you click on the corresponding booking button, you are automatically connected to my Calendly appointment account. Once you have chosen your appointment, confirmed it and entered your details and requests, you will receive an e-mail from Calendly confirming your appointment. Your data from the Calendly form, including the data you entered on it, will be stored by me for the purpose of processing the request and for follow-up questions. This data remains with me until you ask us to delete it, revoke your consent to its storage or the purpose of the data storage is no longer valid (e.g. an appointment has been made). Binding legal provisions - in particular storage periods - remain unaffected. In addition, I have concluded a "Data Processing Addendum" with Calendly. This is an agreement by which Calendly undertakes to protect the data of my users, to process it on my behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. For more information on Calendly and data protection at Calendly, please consult: https://calendly.com/pages/privacy .
Deletion of dataThe data we process is deleted in accordance with the legal provisions as soon as the authorisations for processing are revoked or other authorisations are no longer valid (e.g. if the purpose of the processing of this data has ceased or if it is not required for this purpose).

If the data is not deleted because it is necessary for other purposes permitted by law, its processing will be limited to those purposes. In other words, the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal rights or to protect the rights of another natural or legal person.

Further information on the deletion of personal data can also be found in the individual data protection notices in this data protection declaration.

Changes and updates to the data protection declarationWe would like to keep you informed about the content of our data protection declaration. We will amend the data protection declaration as soon as changes in our data processing operations make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Insofar as we provide addresses and contact details of companies and organisations in this data protection declaration, please note that the addresses may change over time and please check the data before contacting us.

Rights of data subjectsAs data subjects, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for such advertising purposes; this also applies to profiling insofar as it is linked to such direct advertising.
Right to revoke consent: You have the right to revoke any consent given at any time.
Right of access: You have the right to request confirmation as to whether or not data relating to you is being processed and to obtain information about such data as well as other information and a copy of the data in accordance with the legal provisions.
Right of rectification: you have the right, in accordance with the legal provisions, to request that data concerning you be completed or that inaccurate data concerning you be rectified.
Right to erasure and restriction of processing: in accordance with the legal provisions, you have the right to demand that your data be immediately erased or, failing that, to request the restriction of data processing in accordance with the legal provisions.
Right to data portability: you have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format, in accordance with the legal provisions, or to request their transmission to another person responsible.
Complaint to the supervisory authority: you also have the right, in accordance with the legal provisions, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
Definitions of termsIn this section you will find an overview of the terms used in this privacy statement. Many terms are taken from the law and defined mainly in Article 4 of the GDPR. The legal definitions are binding. However, the following explanations are intended primarily to facilitate understanding. The terms are listed in alphabetical order.

Conversion tracking: Conversion tracking is a method of determining the effectiveness of marketing measures. To do this, a cookie is usually stored on the user's device within the web pages on which the marketing measures are taken, and is then accessed again on the target web page. For example, this allows us to know whether ads we have placed on other websites have been successful).
Credit information: Automated decisions are based on automatic data processing without human intervention (e.g. automatic rejection of an invoice purchase, an online credit application or an online application procedure without any human intervention). Such automated decisions are only allowed under Article 22 of the GDPR if the data subjects consent, if they are necessary for the performance of a contract or if national law allows such decisions.
Cross-Device Tracking: Cross-device tracking is a form of tracking in which information about users' behaviour and interests is captured across all devices in so-called profiles, by assigning users an online ID. In this way, user information can be analysed for marketing purposes, irrespective of the browser or device used (e.g. mobile phone or desktop computer). With most providers, the online ID is not associated with clear data such as name, postal address or e-mail address.
IP masking: IP masking is a method of removing the last byte, i.e. the last two digits of an IP address, so that the IP address can no longer be used to uniquely identify a person. Therefore, IP masking is a way of pseudonymising processing procedures, especially in online marketing.
Interest- and behaviour-based marketing: Interest- and/or behaviour-based marketing is when the potential interests of users for advertisements and other content are predefined as precisely as possible. This is done by means of information about their previous behaviour (e.g. visiting and staying on certain websites, purchasing behaviour or interaction with other users), which is stored in a profile. Cookies are usually used for this purpose.
Conversion measurement: Conversion measurement is a procedure for determining the effectiveness of marketing measures. To do this, a cookie is usually stored on the user's device within the web pages on which the marketing measures are taken, and then it is accessed again on the target web page. For example, this allows us to know whether ads we have placed on other websites have been successful.
Personal data: Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more specific characteristics relating to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Profiling : Profiling is any type of automated processing of personal data that consists of using such personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include information on age, gender, location and movement data, interaction with websites and their content, shopping habits, social interactions with other people) (e.g. interest in certain content or products, clicking behaviour on a website or place of residence). Cookies and web beacons are often used for profiling purposes.
Audience measurement: audience measurement (also called web analytics) is used to evaluate the flow of visitors to an online offer and may include the behaviour or interests of visitors for certain information, such as the content of web pages. Through reach analysis, website owners can, for example, find out when visitors visit their website and what content interests them. This allows them, for example, to better tailor the content of the website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis purposes, in order to recognise repeat visitors and thus obtain more precise analyses of the use of an online offer.
Remarketing: "Remarketing" or "retargeting" is when, for example for advertising purposes, products in which a user has shown interest on a website are noted in order to remind the user of these products on other websites, for example in advertisements.
Location data: Location data is generated when a mobile device (or other device with technical location requirements) connects to a radio cell, wireless local area network or similar technical means and functions for location. The location data is used to indicate the geographical location of the device concerned. Location data can, for example, be used to display map functions or other location-dependent information.
Tracking: Tracking is used when it is possible to follow the behaviour of users on several online offers. As a rule, for the online offers used, information about behaviour and interests is stored in cookies or on the servers of the providers of the tracking technologies (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to match their interests.
Controller: the term 'controller' means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Processing: 'Processing' means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any processing of data, whether collection, analysis, recording, transmission or erasure.
Targeting: Targeting (or "Custom Audiences") occurs when target groups are determined for advertising purposes, e.g. for the display of advertisements. For example, a user's interest in certain products or topics on the Internet leads to the conclusion that this user is interested in advertisements for similar products or in the online shop where he or she has viewed the products. Again, "Lookalike Audiences" (or similar target groups) are used when content deemed appropriate is displayed to users whose profiles or interests are assumed to match those of the users for whom the profiles were created. Cookies and web beacons are generally used for the creation of personalised audiences and similar audiences.