1. General information
Responsible for this website is:
2. Data processing for informational use of ourwebsite
The handling of data on this site encompasses the personal information vital for facilitating an informative experience of our website. Additional personal details are only processed with your explicit consent or if permitted by applicable legal provisions. When you engage with our website strictly for informational insights without registering or providing personal details, we only process the data relayed by your browser to our server. This encompasses:
• internet browser (browser type and browser version),
• operating system used,
• source URL,
• host name of the accessing computer,
• time of the page requested,
• IP address
These specifics are crucial for us to present our website accurately to you, ensuring both stability and security. Thus, their processing is essential on our part. The foundation for such data processing lies in Art. 6 para. 1 p. 1 lit. b) GDPR, owing to our need for the automatically retrieved data to efficiently render our website. Additionally, Art. 6 para. 1 p. 1 lit. f) GDPR also justifies this process, as the retention of this data aligns with our genuine interest in maintaining our website's security and stability. For a comprehensive overview of personal data collection during your site visit, kindly turn to section 4.
3. Data processing when using functions on our website
Technically necessary or required cookies:
These are set when you visit our website and are critical for its proper functioning. Examples include cookies recognizing language choices or noting if you've agreed to other optional cookies. These essential cookies are temporary and get removed when you close your browser. The use of such cookies aligns with Art. 6 para. 1 p. 1 lit. f) GDPR, reflecting our genuine intent to ensure a seamless and efficient website experience.
These are used to gather extra insights about our visitors' preferences and behaviors, helping us refine our website and improve customer interactions. Setting these cookies happens only with your clear approval. The legal grounding for these cookies comes from your explicit consent, as per Art. 6 (1) S.1 lit. a) GDPR.
3.2 Registration on this website
You can register on our website by providing personal data in order to use our Service. The data is entered in an input mask and transmitted to us and stored. Registration is required for the provision of certain content and services on our website.
The following data is collected during the registration process:
• Email address
The following data is also stored at the time of registration:
• Email address
• IP address
• First name
• Last name
• Additional context may include IP, device information, etc.
The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts (Art. 6 para. 1 p. 1 lit. b) GDPR). The data collected during registration will be stored by us as long as you are registered on our website and will then be deleted. Mandatory legal provisions - in particular legal retention periods - remain unaffected.
3.3 Newsletter Signup
We offer a newsletter service through the third-party provider Substack. When you subscribe through the widget on our website, you will be redirected to Substack's website for the completion of the subscription process. The data collected includes:
• Email address
• Any additional information requested by Substack
4. Integrated third party services
To deliver the features of our website, we incorporate services from third parties. We categorize these services into functional and analytical ones in the sections below.
4.1 Functional services
Functional services ensure a seamless experience on our website and are essential for its use.
We use Hotjar for analytics, provided by Hotjar Ltd in Malta. They process user and meta data in the EU. The processing is based on consent per Art. 6 para. 1 p. 1 lit. a DSGVO, which can be revoked anytime. Data is kept until its purpose ends and there's no retention obligation. More details: https://www.hotjar.com/legal/policies/privacy/.
We use Webflow, based in San Francisco, CA, USA, for website creation. They process user and meta data in the USA. Our legitimate interest in maintaining a website is grounded on Art. 6 para. 1 p. 1 lit. f DSGVO. Data transfer outside the EEA relies on standard contractual clauses, ensuring protection per GDPR's Article 46(2)(c). Data is kept until its purpose concludes. More details: https://webflow.com/legal/eu-privacy-policy.
We use Sendgrid by Twilio, Inc, based in San Francisco, CA, USA, for sending emails.They process content and data in the USA. Order confirmations rely on Art. 6 para. 1 b) DSGVO, while consent-based emails use Art. 6 para. 1 lit. a) DSGVO. Data is retained until its purpose concludes. More details: https://www.twilio.com/legal/privacy.
4.2 Analytical services
These services assist us in gaining insights into the usage patterns of our website.
We use Google Analytics, a tool from Google Ireland Limited, to analyze our website's user behavior. It gathers data like pages viewed, time spent, operating systems, and user origins, which Google may organize into specific user profiles. This service uses technologies like cookies and may store data on US-based Google servers. Due to potential data protection differences, there's a risk of data access by authorities in the USA. For enhanced privacy, we employ IP anonymization, truncating IP addresses within the European Union before sending them to the USA. Google processes this data to assess website usage and promises not to merge IP addresses with other data. Users can restrict Google's data collection by installing a specific browser plugin.
The website uses Google Ads from Google Ireland Limited for online advertising. Google Ads displays ads based on user's search terms and user data like location and interests. We can assess the effectiveness of our ads by analyzing which search terms triggered them and the resulting clicks. Using Google Ads requires explicit user consent as per Art. 6 para. 1 p. 1 lit. a) GDPR, which can be withdrawn anytime.
Google Tag Manager
We use Matomo for website analytics, operated by Matomo.org in Wellington, New Zealand. Matomo analyzes user behavior, including site visits and device details, based on Art. 6 para. 1 p. 1 lit. a DSGVO and user consent. Consent can be revoked anytime via our contact details. We store Matomo data on our servers, ensuring enhanced privacy, and anonymize IP addresses. Data is kept until its purpose concludes. More details: https://matomo.org/privacy-policy/.
5. Disclosure of personal data to third parties
5.1 External hosting
Our website is hosted by an external provider. Data, including IP addresses, contact details, and website activity, is stored on their servers. We use this hoster to fulfill contracts with clients and ensure our website is secure and efficient as per Art. 6 para. 1 p. 1 lit. b) and f) GDPR. The hoster processes your data only as required to provide their services.
5.2 Other cases
6. Transfer of personal data to third countries
Your personal data may be processed in third countries, subject to local laws, making them accessible to local entities. To ensure data security during such transfers outside the EU, we adopt measures like EU standard contractual clauses or internal data protection guidelines. If these aren't applicable, transfers are conducted based on Art. 49 GDPR exceptions. Regardless of location, we implement safeguards to maintain data security at EU-equivalent levels.
7. Storage periods
We prioritize minimalistic data processing and only store your personal data as long as necessary for its original purpose or as mandated by legal obligations, such as commercial and tax retention requirements. Typically, data is retained for the duration of our contractual relationship or in line with legal retention periods, like those in the German Commercial Code and Tax Code. For security and technical reasons, IP addresses and server log files are stored for seven days. The duration of storage is also influenced by factors like data relevance, contract status, inquiry status, and relevant legal retention periods for the respective personal data.
8. Your data protection rights
Individuals have the following rights regarding their personal data:
• Right to Information: Request details about your personal data, its use, recipients, and storage duration.
• Right to Rectification or Deletion: Correct, delete, or restrict processing of your data if it's inaccurate, no longer needed, or if consent was revoked.
• Right to Object: Object to processing, especially for direct advertising or if there are specific reasons tied to your situation.
• Right to Data Portability: Receive your data in a structured, machine-readable format, and request transfer to a third party, if technically feasible.
• Automated Decision-Making & Profiling: Not be subjected to decisions based solely on automated processing with significant impact.
• Revocation of Consent: Withdraw consent at any time without affecting prior lawful data processing.
• Complaints: Lodge complaints with a data protection supervisory authority if you believe your data processing violates data protection laws.
For exercising these rights, raising concerns, or filing complaints, contact usas provided in section 2.