Privacy policy

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used. Personal data is individual information about the personal or factual circumstances of a specific or identifiable natural person (data subject), e.g. name, address, email addresses, user behaviour. This is therefore data with which we can identify you. In addition, you will occasionally also find information on data processing processes outside of this website (e.g. video conferences or newsletters).

Person responsible for data processing

Person responsible

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

CHRONEXT AG
Industriestrasse 6
6300 Zug
CH
+41 41 5391 090
info@chronext.com

Data Protection Officer

exkulpa gmbh
Waldfeuchterstr. 266
52525 Heinsberg
Phone: 02452 / 99 33 11
E-Mail: datenschutz@chronext.com

General information

This privacy policy fulfils the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour when visiting a website. Information for which we cannot (or only with disproportionate effort) establish a connection to your person, e.g. through anonymisation, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you of the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and in the event of statutory retention obligations.

Information according to Art. 13 GDPR

This information is intended for customers, interested parties, suppliers and employees. Your personal data will be processed by us for the following purposes:

To fulfil our contractual obligations to you (Art. 6 para. 1 lit. b GDPR).
For the fulfilment of pre-contractual obligations (Art. 6 para. 1 lit. b GDPR).
To respond to enquiries (Art. 6 para. 1 lit. b GDPR).
If you have given us your consent to process your personal data for specific purposes (e.g. to receive our newsletter), the data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR).
To fulfil legal obligations to which our company is subject (Art. 6 para. 1 lit. c GDPR).
Where necessary, we also process your data to safeguard our legitimate interests, in particular to assert legal claims and defend ourselves in legal disputes or to ensure IT security, to consult and exchange data with credit agencies to determine creditworthiness and default risks, for direct advertising and market research unless you have objected to the use of your data for this purpose, for measures for business management and further development of services and products, for measures to optimise products and sales, for risk management measures, for the prevention or investigation of criminal offences (Art. 6 para. 1 lit. f GDPR).

Categories of recipients of the personal data

Within our company, only those employees have access to the data who absolutely need it to fulfil their tasks (need-to-know principle). Individual processes and services are carried out by carefully selected service providers based within the EEA and commissioned in accordance with data protection regulations. If service providers commissioned by us are given access to personal data when carrying out your services, order processing contracts have been concluded with them in accordance with Art. 28 para. 3 GDPR.

Duration of data storage

The data processed by us is stored for the duration of the existence and processing of the contractual relationship and in compliance with statutory retention periods. These are in particular commercial and tax retention obligations under the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular retention and documentation periods are up to ten years. If there is no contractual relationship, we only process the data for as long as required for the specific purpose.

Your rights as a data subject

As a data subject, you have the following rights vis-à-vis us with regard to your personal data:

Right to information about your personal data processed by us.
Right to rectification or erasure if they are incorrect, out of date or unlawfully collected by us.
Right to restriction of processing if complete erasure is not possible, e.g. because we have to comply with statutory retention obligations.
Right to object to the processing if the data processing is based on a balancing of interests (the so-called legitimate interest), as described above under "Purpose of the processing". This is the case if, in particular, the processing is not necessary for the fulfilment of a contract with you. When asserting your right to object, we ask you to explain the reasons why we should not process your data as we have done.

Of course, you can also object to the processing of your personal data for advertising purposes at any time. Please send your objection to our address given in the legal notice or send us an e-mail to the address given in the legal notice.

Right of revocation if you have given us your consent to process your data. You can assert your revocation against our company at any time without giving reasons. To do so, please contact the address given in the legal notice.
In addition, you have the right to complain to a data protection supervisory authority about the processing of your personal data by our company.

If you have any questions about data protection, you are welcome to contact us by e-mail at the address given in the legal notice.

Cookies

Cookies are small text files that are sent by us to the browser of your end device and stored there when you visit our website. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to carry out various analyses so that we are able, for example, to recognise the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programmes or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.

Data processing in detail

Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. Automated decision-making in individual cases, including profiling, does not take place.

Provision of the website

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Website from which the access is made (referrer URL)
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR for the purpose of providing the website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

Contact us

Type and scope of processing

If you send us enquiries (e.g. via contact form, e-mail or telephone), we store all the data that results from this (e.g. name, e-mail address, subject of the enquiry, etc.). We need this data to process your enquiry and to be able to answer any follow-up questions. We will not pass on this data without your consent.

Purpose and legal basis

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if you have previously given it.

Storage duration

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Freshworks CRM

Type and scope of data processing

We process contact data collected via our website in our CRM "Freshsales", offered by Freshworks Inc, 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA (hereinafter: Freshworks). A CRM enables us to manage customer data and contacts and to organise and analyse our sales processes.

Purpose and legal basis

The use of Freshworks is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If you have previously consented to data processing, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of information or access to information in your terminal device within the meaning of the TTDSG. Consent can be revoked at any time. If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

Data transfer to third countries outside the European Union is also based on the standard contractual clauses of the EU Commission. You can find details here: https://www.freshworks.com/data-processing-addendum/

Freshdesk, Freshchat, Freshsurvey

We use other tools from Freshworks, including Freshdesk, Freshchat and Freshsurvey. The Freshdesk system can be used to accept and manage contact requests. Freshchat is used for communication via live chat and Freshsurvey is used to conduct surveys.

By using the aforementioned systems, the data you provide will be transmitted to Freshworks and stored on their servers in the USA. Freshworks transmits this data to external service providers in order to be able to offer its services.

Order processing

In order to ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider.

Amazon Connect

Type and scope of processing

Amazon Connect is a cloud-based contact centre provided by Amazon Web Services. It enables companies to manage their customer interactions via various channels such as telephone and chat. This includes call recordings, contact metadata (e.g. connection time, phone numbers), customer service agent performance data. Call recordings are stored for 30 days. We do not use Voice ID or chat transcripts. These functions are deactivated in our system.

Purpose and legal basis

The data is used for quality assurance, training and service improvement. Amazon Connect offers encryption and access controls to ensure the security of the data. The data is processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR). This consent can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by this.

Applications

Type and scope of processing

You have the opportunity to apply to us on our website (e.g. by e-mail, post or online application form).

Purpose and legal basis

We process the personal data of applicants in accordance with the legal requirements for the purpose of processing the application procedure and for the implementation of pre-contractual measures within the meaning of Art. 6 para. 1 lit. b. GDPR (initiation of an employment relationship) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. GDPR (initiation of an employment relationship) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

Storage duration

Your data will be stored for a period of 6 months after the end of the application process. This is usually done to fulfil legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical analyses (e.g. proportion of women or men in applications, number of applications per period, etc.).

If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

Inclusion in the applicant pool

As part of the application process, we offer applicants the opportunity to be included in our "talent pool" for a period of 12 months on the basis of consent within the meaning of Art. 6 para. 1 lit. a. DS-GVO to be included.

The application documents in the talent pool will only be processed in the context of future job advertisements and the search for employees and will be destroyed after the deadline at the latest. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future.

If you receive an offer of employment with us during the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship.

We offer you our newsletter on this website. If you would like to subscribe to it, we need your e-mail address and other data to prove that it is your e-mail address and that you agree to receive the newsletter. No other personal data is collected unless you provide it voluntarily (e.g. name, telephone number, place of residence, etc.).

When processing the data you provide when registering for the newsletter, we rely exclusively on your consent in accordance with Art. 6 para. 1 lit. a GDPR as the legal basis. You can revoke your consent to the processing and storage of your personal data at any time (e.g. via the "unsubscribe" link in the newsletter) for the future.

We store your personal data that you have provided for the purpose of receiving the newsletter until you unsubscribe from the newsletter with us or the mailing service provider. This does not apply to data that we have stored about you for other purposes.

If you unsubscribe from the newsletter mailing list, your e-mail address will be stored by us or the mailing service provider in a blacklist for an indefinite period of time. This is done to prevent future mailings to you. The data from the blacklist will be used exclusively for this purpose and will not be merged with other data. This is not only in your interest, but also in our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to fulfil our legal obligations when sending newsletters. You can object to the storage if your personal interests outweigh our legitimate interest.

Emarsys

This website uses Emarsys to send newsletters. The provider is Emarsys eMarketing Systems AG, Stralauer Platz 34, 10243 Berlin.

Emarsys is a service that organises and analyses the sending of newsletters. Data that you enter to receive newsletters (e.g. your email address) is stored on the Emarsys servers.

Data analysis by Emarsys

Emarsys offers the possibility to view the performance of our newsletter. We can determine whether a newsletter was opened, which links were clicked on and which other actions were carried out after opening/clicking on the newsletter, e.g. a purchase. This enables us to analyse and evaluate our newsletter campaigns with the help of Emarsys.

In addition, Emarsys offers the possibility to better customise the newsletter to our target groups by dividing the newsletter recipients into different categories, such as age, gender or place of residence. If you do not wish to be analysed by Emarsys, you can unsubscribe from the newsletter using a link. This link is available in every newsletter you receive.

Legal basis

The data is processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR). This consent can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by this.

You can find the Emarsys privacy policy here:
https://emarsys.com/de/datenschutzrichtlinie/.

Storage duration

Data that you provide to us for the purpose of sending the newsletter will be stored by us or the newsletter service provider. This applies until you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

If you unsubscribe from our newsletter, we may save your e-mail address in a blacklist. In this way, we ensure that we do not send newsletters to people who have cancelled their subscription. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves your and our interest (Art. 6 para. 1 lit. f GDPR) with regard to compliance with legal requirements when sending newsletters. The storage of your data in the blacklist is not limited in time. You have the right to object to the storage of the data if your interest outweighs our legitimate interest.

Order processing

In order to ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider.

Registration of a customer account

Processing of customer and contract data

We collect, process and use your personal data only insofar as it is necessary for the establishment, amendment or fulfilment of a legal relationship. This is done for the fulfilment of a contract or pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR.

The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transmission upon conclusion of a contract for online shops, retailers and dispatch of goods

We only transfer personal data if this is necessary in the context of contract processing, for example to shipping service providers or the credit institution commissioned with payment processing. Any further transmission of data will not take place or will only take place if you have expressly consented to the transmission.

The basis for data processing is the fulfilment of a contract or pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.

Credit checks

In the case of a purchase on account or another payment method where we make advance payments, we may carry out a credit check (scoring). For this purpose, we transmit the data you enter (e.g. name, address, age or bank details) to a credit agency. The probability of a payment default is determined on the basis of this data. If the risk of non-payment is too high, we may refuse the payment method in question.

We or the payment service provider may carry out a credit check. The result of the credit check in relation to the statistical probability of non-payment is used by the payment service provider for the purpose of deciding on the provision of the respective payment method. The credit check may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. For example, name, address, age or bank details are included in the calculation of the score values.

The basis for data processing is the fulfilment of a contract or pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR, as well as to avoid payment defaults (legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR). If you have previously given your consent to data processing, your data will be processed solely on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

Payment services

We integrate third-party payment services on our website. If you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing; the respective contractual and data protection provisions of the respective providers apply. The basis for data processing is the fulfilment of a contract or pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR). If you have previously given your consent to data processing, your data will be processed solely on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

The payment processing of the payment methods provided is carried out by the payment service provider Adyen (Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands). In order to ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider.

We transmit your IP address to Adyen for the purpose of fraud prevention and detection. All data is transmitted in encrypted form. Adyen collects and stores the data and only passes it on to the companies involved in the payment process. In addition, we use SIFT SCIENCE, INC., 525 Market St Fl 6, San Francisco, CA 94105-2714, USA, to prevent fraud in our shop.

We offer the following payment methods:

Deutsche Bank

The provider of this payment service is Deutsche Bank AG, Taunusanlage 12, 60235 Frankfurt am Main (hereinafter referred to as "Deutsche Bank").

Details can be found in Deutsche Bank's privacy policy: https://www.deutsche-bank.de/pk/lp/datenschutz.html.

CreditPlus

The provider of this payment service is CreditPlus Bank AG, Augustenstraße 7, 70178 Stuttgart (hereinafter referred to as "CreditPlus").

For details, please refer to the CreditPlus privacy policy: https://www.creditplus.de/datenschutz.

Ratepay

The provider of this payment service is Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin, Germany (hereinafter referred to as "Ratepay").

Ratepay offers various payment options (e.g. instalment purchase). If you decide to pay with Ratepay, your personal data will be passed on to Ratepay for the purpose of invoice processing.

Further information on data processing can be found in Ratepay's privacy policy: https://www.ratepay.com/datenschutz/.

American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter referred to as "American Express").

American Express may transfer data to its parent company in the USA. The data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.

Further information can be found in the American Express privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as "Mastercard").

Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as "VISA").

The UK is considered a safe third country under data protection law. This means that the UK has a level of data protection that corresponds to the level of data protection in the European Union.

VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

Further information can be found in VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Klarna

The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as "Klarna"). Klarna offers various payment options (e.g. instalment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimise the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
Details can be found in Klarna's privacy policy at the following link: https://www.klarna.com/de/datenschutz/.

Presence on social media platforms

Data processing by social networks

We operate publicly accessible profiles on social networks. The individual social networks we use are listed below.

Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour comprehensively. When you visit our social media sites, the following data protection-relevant processing operations are triggered:

If you are logged into your social media account and visit our profile, the operator of this social medium can track this visit. Irrespective of this, the operator may be able to process your data (e.g. IP address) even if you are not logged into your account or do not have an account at all.

The operator summarises this data in user profiles in which your preferences and interests are stored. These profiles are used to display personalised advertising within and outside the respective social media presence. If you have an account with the respective social network, the personalised advertising can be displayed on all devices on which you are logged in or were logged in.

Depending on the platform, further processing operations may be carried out by the operators of the social media portals, over which we have no influence. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the widest possible presence on the Internet within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes carried out by the operators of the social networks may be based on different legal bases, which must be specified by the respective providers.

Data transfer to the USA is based on the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards.

For companies that are not certified under the DPF, the data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Responsible party and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).

Despite the joint responsibility with the social media portal operators, we have no full influence on the data processing procedures of the portals. Our options are largely determined by the corporate policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Mandatory statutory provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of the data collected by the social networks. For details, please contact the operators of the social networks directly (e.g. in their privacy policies, see below).

Facebook page

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data collected is also transferred to the USA and other third countries.

We have concluded an agreement with Facebook on joint processing (Controller Addendum), which specifies which data processing operations we or Facebook are responsible for. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

You can find more information on data processing by Facebook at https://www.facebook.com/about/privacy/.

Instagram page

We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Details on how they handle your personal data can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875.

X

We use the short message service X. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can customise your X privacy settings yourself in your user account. To do this, click on the following link and log in: https://twitter.com/personalization.

Details can be found in the privacy policy of X: https://twitter.com/de/privacy.

LinkedIn page

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Details on how they handle your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

Video conferencing

Data processing

We use online conferencing tools to communicate with our customers. The tools we use in detail are listed below. If you communicate with us via video or audio conference, your personal data will be collected and processed by us and the provider of the respective tool.

The tools collect the data you provide, including your email address and telephone number. They also process the duration of the conference, when you attended the conference, number of participants and other metadata.

In addition, the provider of the tool processes all technical data required to organise the conference. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

If you share content on this service, it will be stored on the provider's servers. This includes cloud recordings, chat messages, voice messages, photos and videos that you have shared while using this service.

Please note that we do not have full control over the data processing operations of the tools used. For more information on data processing by the conference tools, please refer to the privacy policies of the tools used.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If you have previously given your consent to data processing, your data will be processed solely on the basis of Art. 6 para. 1 lit. a GDPR; consent can be withdrawn at any time.

Storage duration

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Twilio

Type and scope of data transmission

Our website uses functions of the communication platform Twilio Inc. Twilio Inc, 375 Beale Street, Suite 300, San Francisco, CA 94105, USA. We use Twilio to generate tokens and to send SMS and voice messages. Twilio is a customer engagement platform that makes communication programmable. The company helps us to integrate communication channels such as voice (phone) and SMS using APIs to create a better customer experience for our customers. Twilio takes over the provisioning of a telephone number, the sending and receiving of SMS as well as additional interfaces (API) with which the sending and receiving of SMS can be controlled. We use these interfaces to control all SMS communication. For this purpose, we transmit your telephone number to Twilio, where it is stored. Twilio stores the content and data, but guarantees that personal data will not be passed on or sold to third parties. In addition, you can request the deletion of personal data at any time, provided that this does not hinder the performance of business functions.

Purpose and legal basis

The legal basis for the use of Twilio is Art. 6 (b) GDPR. Twilio offers the conclusion of standard contractual clauses to legitimise the transfer of data. Further information on data protection can be found in Twilio's privacy policy at https://www.twilio.com/legal/privacy.

Matomo

Type and scope of data transmission

We use services and functions of the open source web analysis service Matomo (formerly Piwik) on this website.

Matomo enables us to analyse the user behaviour of our website visitors and determine, for example, at what times and from which location visitors have viewed a particular page. We also collect and store data such as IP addresses, browsers used and operating systems. This information helps us to understand what you have done on our website (e.g. clicked on certain pages, made purchases, etc.).

Matomo uses technologies (e.g. cookies or fingerprinting systems) to recognise visitors when they return to the website. The information that Matomo collects about how you use this website is stored on our server. Your IP address is anonymised before it is stored.

Purpose and legal basis

When using Matomo, we rely on Art. 6 para. 1 lit. f GDPR as the legal basis for the processing of personal data, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online presence and offers for you. If you have previously given your consent to data processing on this website by Matomo, the processing of your data takes place solely on the legal basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time.

IP anonymisation

When using Matomo on this website, we use a function in which your IP address is shortened before being analysed so that it can no longer be clearly assigned to you.

Hosting

The data is hosted by XAD spoteffects GmbH, Saarstraße 7, D-80797 Munich. To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have concluded a data processing agreement (DPA) with XAD spoteffects.

AWIN

Type and scope of processing

We participate in affiliate partner programmes. The operator of the affiliate network is AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter: "AWIN"). If you click on an advert for our website and then buy something, we receive money from the companies that advertise with us. For this to work, our advertising partners must be able to track that you have clicked on an advert and then purchased the product. They do this with the help of cookies or similar technologies.

Purpose and legal basis

The data is stored and analysed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the correct calculation of its affiliate remuneration. If you have previously given your consent to data processing, your data will be processed solely on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

We are jointly responsible with AWIN and, where applicable, with the advertiser for data processing in connection with the partner programme. We have concluded an agreement on joint processing with the provider, according to which you as the data subject can contact any of the controllers with your concerns. This agreement can be found in AWIN's GTC at the following link: https://s3.amazonaws.com/docs.awin.com/Legal/Publisher+Terms/2020/DE+Publisher+Terms+GDPR+Annex.pdf.

AWS CloudFront

Type and scope of processing

We use AWS CloudFront to properly provide the content of our website. AWS CloudFront is a service of Amazon Web Services, Inc. which acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online offering, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Amazon Web Services, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of AWS CloudFront.

Purpose and legal basis

The Content Delivery Network is used on the basis of our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Amazon Web Services, Inc. Further information can be found in the privacy policy for AWS CloudFront: https://aws.amazon.com/privacy/.

AppNexus

Type and scope of processing

We have integrated AppNexus on our website. AppNexus is a service provided by AppNexus Inc. to display targeted advertising to users. AppNexus uses cookies and other browser technologies to evaluate user behaviour and recognise users.

AppNexus collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Furthermore, AppNexus delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider.

In this case, your data will be passed on to the operator of AppNexus, AppNexus Inc.

Purpose and legal basis

The use of AppNexus is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Bing Ads

Type and scope of processing

We have integrated Bing Ads on our website. Bing Ads is a service provided by Microsoft Corporation to display targeted adverts to users. Bing Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users.

Bing Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Furthermore, Bing Ads delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider.

In this case, your data will be passed on to the operator of Bing Ads, Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, United States.

Purpose and legal basis

The use of Bing Ads is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Further information can be found in the privacy policy for Bing Ads: https://privacy.microsoft.com/de-de/privacystatement

Casale Media

Type and scope of processing

We have integrated Casale Media on our website. Casale Media is a service provided by Casale Media, Inc. that displays targeted adverts to users. Casale Media uses cookies and other browser technologies to evaluate user behaviour and recognise users. Casale Media collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Furthermore, Casale Media delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be forwarded to the operator of Casale Media, Casale Media, Inc, 74 Wingold Avenue Toronto, Ontario M6B1P5 Canada.

Web tracking technologies are used to create pseudonymised user profiles. These profiles cannot be merged with you as a natural person, but are used, for example, for segmentation when displaying adverts.

Purpose and legal basis

The use of Casale Media is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Cloudinary CDN

Type and scope of processing

We use Cloudinary CDN to properly provide the content of our website. Cloudinary CDN is a service provided by Cloudinary Ltd. which acts as a content delivery network (CDN) on our website.

A CDN helps to make the content of our online offering, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Cloudinary Ltd, 38 Chancery Lane, The Cursitor Building, London WC2A 1EN, United Kingdom, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Cloudinary CDN.

Purpose and legal basis

Contentful CDN

Type and scope of processing

We use Contentful CDN to properly provide the content of our website. Contentful CDN is a service provided by Contentful GmbH, which acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Contentful GmbH, Ritterstr. 12-14 10969 Berlin Germany, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Contentful CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Contentful GmbH. Further information can be found in the privacy policy for Contentful CDN: https://www.contentful.com/legal/de/privacy/.

Facebook Pixel

Type and scope of processing

We use the Facebook pixel on this website, which is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

With the help of the Facebook pixel, we can analyse the behaviour of our website visitors when they are redirected to our website by clicking on a Facebook ad. We use the user data to measure the success of our ads on Facebook and to optimise the ads. As the website operator, we only receive anonymised data for this purpose so that we cannot identify you as a user.

Facebook, on the other hand, processes the data in such a way that it is assigned to a specific user and used for its own advertising purposes. This allows Facebook to place personalised advertisements on Facebook and other websites. As the website operator, we have no influence on this. You can find more information on data processing in Facebook's privacy policy at https://www.facebook.com/about/privacy/.

You can deactivate this remarketing function "Custom Audiences" from Facebook in your personal account at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screendeaktivieren. If you do not have a Facebook account but would like to deactivate this advertising function, you can do so via the website of the European Interactive Digital Advertising Alliance at http://www.youronlinechoices.com/de/praferenzmanagement/.

Purpose and legal basis

When using Facebook Pixel, we rely on your consent to data processing in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time.

The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

The company is certified according to the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards. You can find more information at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true\&id=a2zt0000000GnywAAC\&status=Active

If this service collects personal data on this website and passes it on to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for the processing of your personal data (Art. 26 GDPR). However, we are only responsible for the collection of your data and its transmission to Facebook, while Facebook is responsible for what happens to the data afterwards. The obligations that we impose on each other in the context of joint responsibility are set out in a joint data processing agreement. You can find the exact text of the agreement at the following link: https://www.facebook.com/legal/controller_addendum. According to this agreement, we must provide you with information on data protection when using the Facebook tool and ensure that the tool is implemented on our website in compliance with data protection regulations.

Facebook itself is responsible for the security of its own products. If you wish to exercise your rights as a data subject and, for example, request information about your data processed by Facebook, you can contact Facebook directly. If you assert your rights as a data subject with us, we are obliged to forward your request to Facebook.

Google APIs

Type and scope of processing

We use Google APIs from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to access additional services and data from Google Ireland Limited. Your IP address will be transmitted to Google Ireland Limited. Please note that there is a separate section in this privacy policy for each additional service we use from Google Ireland Limited.

Purpose and legal basis

The use of Google APIs is based on our legitimate interests, i.e. interest in optimising our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Further information can be found in the privacy policy for Google APIs: https://policies.google.com/privacy

Google Ads

Type and scope of processing

We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users.

Google Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Google Ads also delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider.

If you are registered with a Google Ireland Limited service, Google Ads can assign the visit to your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider will find out and store your IP address and other identification features.

In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose and legal basis

The use of Google Ads is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG

Further information can be found in the privacy policy for Google Ads: https://policies.google.com/privacy

Google Analytics

Type and scope of processing

We use Google Analytics services and functions on this website, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Analytics, we as website operators can determine how our website is used. As part of the analysis, we learn how often our website is accessed, how long visitors stay on the site and which devices or systems they use to access the website. In addition, we may use Google Analytics to track your mouse movements and clicks. This information may be stored and used by Google to create a profile about you. Google Analytics uses machine learning technologies to analyse and supplement your data. Google Analytics also uses technologies to recognise website visitors in order to analyse user behaviour. The data collected is generally processed on Google servers in the USA.

Purpose and legal basis

When using Google Analytics, we rely on Art. 6 para. 1 lit. f GDPR as the legal basis for the storage and analysis of personal data, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online presence and offers for you. If you have previously given your consent to data processing on this website by Google Analytics, the processing of your data takes place solely on the legal basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time.

The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

When using Google Analytics on this website, we use a function in which Google shortens your IP address before it is transmitted to Google servers in the USA. This only happens if you are located in the European Union or in a country of the European Economic Area. Your full IP address will only be transmitted to the USA in exceptional cases and then shortened there. Google Analytics uses this information to track how you use our website. Your IP address will not be merged with other data held by Google.

Browser plugin

You can prevent Google from collecting and processing data about you. To do this, you must download the browser plugin at https://tools.google.com/dlpage/gaoptout and install it in your browser.

You can find more information on the processing of user data in the Google Analytics privacy policy at https://support.google.com/analytics/answer/6004245

Order processing

When using Google Analytics, we comply with the strict regulations of the German data protection authorities, as we have concluded an order processing contract with Google.

Storage duration

Google stores data that is linked to cookies, user IDs or advertising IDs. This data is stored for two months and then anonymised or deleted. You can find more information on the storage period and the deletion of your data at https://support.google.com/analytics/answer/7667196.

Google CDN

Type and scope of processing

We use the content delivery network Google Cloud CDN. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

A CDN enables us to deliver some content quickly, especially large media files. This is done via a network of regionally distributed servers that are connected via the Internet.

Purpose and legal basis

The use of Google Cloud CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://cloud.google.com/terms/eu-model-contract-clause.

You can find more information about Google Cloud CDN here: https://cloud.google.com/cdn/docs/overview.

Order processing

In order to ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider.

Google DoubleClick

Type and scope of processing

We use Google DoubleClick services and functions on this website, which are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google DoubleClick, we can show our users targeted adverts in Google applications connected to DoubleClick that are geared to the interests of the users. In order to show users advertising that is relevant to them, Google DoubleClick must be able to identify the user and associate them with the websites they visit, their clicks and other information about their behaviour. For this purpose, Google DoubleClick uses cookies and technologies to recognise users and creates pseudonymised user profiles based on the data collected.

You can deactivate this personalised advertising in your personal Google account at . You can find more information on this at https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

Purpose and legal basis

When using Google DoubleClick, we rely on Art. 6 para. 1 lit. f GDPR as the legal basis, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online presence and offers for you. If you have previously given your consent to data processing by Google DoubleClick on this website, the processing of your data takes place solely on the legal basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time.

Google Tag Manager

Type and scope of processing

We use Google Tag Manager services and functions on this website, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to use other tools on our website. It does not create user profiles, it does not store cookies and it does not carry out independent analyses. However, your IP address is recorded and may be transmitted to the USA. The Google Tag Manager itself is only used to manage these tools that are integrated via it.

Purpose and legal basis

When using Google Tag Manager on this website, we rely on Art. 6 para. 1 lit. f GDPR as the legal basis, as we have a legitimate interest in implementing and directing tracking tools on this website quickly and easily. If you have previously given your consent to data processing on this website by Google Tag Manager, the processing of your data takes place solely on the legal basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time.

Google reCAPTCHA

Type and scope of processing

This website uses Google reCAPTCHA. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of reCAPTCHA, the data input (e.g. in a contact form) on this website is to be checked. Specifically, whether this is done by a human or by an automated programme. Google reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. The analysis begins automatically as soon as the visitor accesses the website. The data collected during the analysis, such as the IP address, the time spent on the website by the visitor or the mouse movements made, are forwarded to Google.

Visitors to the website are not made aware that an analysis is taking place; it runs completely in the background.

Google's privacy policy and terms of use can be found at the following links: https://policies.google.com/privacy and https://policies.google.com/terms.

Purpose and legal basis

The data is stored and analysed on the basis of our legitimate interest in protecting our website from abusive automated spying and SPAM (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the data will be processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time.

Hotjar Behaviour Analytics

Type and scope of processing

We use Hotjar services and functions on this website, which are offered by Hotjar Limited, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta Europe.

With the help of Hotjar, we as the website operator can determine how our website is used. As part of the analysis, we learn what you do with the mouse, how long you look at something and much more. Hotjar can use this information to create so-called "heat maps". The heat maps show us which parts of our website are accessed most frequently by visitors.

Hotjar also provides us with information about how long you have been on a page, when you left it and when you cancelled your entries in a contact form. Furthermore, as a visitor to our website, you can also provide direct feedback on the website. To analyse the use of our website, Hotjar uses technologies (e.g. cookies or fingerprinting systems) to recognise visitors when they return to the website.

Purpose and legal basis

When using Hotjar, we rely on Art. 6 para. 1 lit. f GDPR as the legal basis for the processing of personal data, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online presence and offers for you. If you have previously given your consent to data processing on this website by Hotjar, the processing of your data takes place solely on the legal basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time.

Deactivating Hotjar

If you do not want your personal data to be processed by Hotjar, you can deactivate tracking. However, this must be deactivated separately for each browser or end device. You can find detailed instructions on how to do this at https://www.hotjar.com/opt-out. You can find more information on the processing of your user data in Hotjar's privacy policy at https://www.hotjar.com/privacy.

Contract for order processing

In order to ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider.

Kameleoon

Type and scope of processing

We use Kameleoon from Kameleoon SAS, 12 rue de la Chaussée d'Antin - 75009 Paris, France, to carry out so-called A/B tests on our online offering. This involves simultaneously publishing different versions of our online offering and measuring which of these versions is more user-friendly.

When testing the versions, data such as the operating system used, the user agent of the browser and the time of the call can be collected in order to measure the success of the version.

Web tracking technologies are used to associate the above data with the version of our online offering being tested.

Purpose and legal basis

The use of Kameleoon is based on our legitimate interests, i.e. interest in optimising our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. If you have given your consent to the transfer of data, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Kameleoon SAS. Further information can be found in the privacy policy for Kameleoon: https://www.kameleoon.com/de/datenschutz

Outbrain

Type and scope of processing

We have integrated Outbrain on our website. Outbrain is a service provided by Outbrain Inc. to display targeted advertising to users. Outbrain uses cookies and other browser technologies to evaluate user behaviour and recognise users.

Outbrain collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Furthermore, Outbrain delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider.

In this case, your data will be passed on to the operator of Outbrain, Outbrain Inc, New York, New York, US.

Purpose and legal basis

The use of Outbrain is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Outbrain Inc. Further information can be found in the privacy policy for Outbrain: https://www.outbrain.com/legal/privacy#privacy-policy.

RTB House Ads

Type and scope of processing

We have integrated RTB House Ads on our website. RTB House Ads is a service provided by RTB House S.A. that displays targeted adverts to users. RTB House Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users. RTB House Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Furthermore, RTB House Ads delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be forwarded to the operator of RTB House Ads, RTB House S.A., Złota 61/101, 00-819 Warszawa, Poland.

Purpose and legal basis

The use of RTB House Ads is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Rubicon Project Pixel

Type and scope of processing

We use Rubicon Project Pixel from Rubicon Project, Inc. to create custom audiences, i.e. to segment groups of visitors to our online offering, determine conversion rates and subsequently optimise them. This happens in particular when you interact with adverts that we have placed with Rubicon Project, Inc.

Purpose and legal basis

The use of Rubicon Project Pixel is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Rubicon Project, Inc. Further information can be found in the privacy policy for Rubicon Project Pixel: https://rubiconproject.com/privacy-policy.

Scarab Research

Type and scope of processing

We have integrated components from Scarab Research on our website. Scarab Research is a service of Emarsys eMarketing Systems AG and offers marketing automation software for marketing services and products, including lead management, email marketing, product recommendations and web analytics.

Scarab Research uses cookies and other browser technologies to evaluate user behaviour, recognise users and personalise the advertising displayed. This information is used, among other things, to compile reports on website activity.

In this case, your data will be passed on to the operator of Scarab Research, Emarsys eMarketing Systems AG, Stralauer Allee 6, 10245 Berlin, Germany.

Purpose and legal basis

The use of Scarab Research is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Emarsys eMarketing Systems AG. Further information can be found in the privacy policy for Scarab Research: https://emarsys.com/de/datenschutzrichtlinie/.

Strata Platform

Type and scope of processing

We use Strata Platform as a supply-side platform for our online offering. Strata Platform is a product of FreeWheel Media Inc, San Mateo, California, US.

A supply-side platform (SSP) is a technology that is used to sell space for adverts.

Purpose and legal basis

The use of Strata Platform is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by FreeWheel Media Inc. Further information can be found in the privacy policy for Strata Platform: http://www.freewheel.tv/privacy-policy.

Ströer Ads

Type and scope of processing

We have integrated Ströer Ads on our website. Ströer Ads is a service provided by Ströer Media Deutschland GmbH that displays targeted adverts to users. Ströer Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users. Ströer Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Furthermore, Ströer Ads delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be forwarded to the operator of Ströer Ads, Ströer Media Deutschland GmbH, Ströer-Allee 1, 50999 Cologne, Germany.

Purpose and legal basis

The use of Ströer Ads is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Ströer Media Deutschland GmbH. Further information can be found in the privacy policy for Ströer Ads: http://stroeer.de/service/datenschutz.html.

Teads Ads

Type and scope of processing

We have integrated Teads Ads on our website. Teads Ads is a service provided by Teads SA that displays targeted adverts to users. Teads Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users. Teads Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Teads Ads also delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be forwarded to the operator of Teads Ads, Teads SA, 5 Rue de la Boucherie1247, Luxembourg, Luxembourg.

Purpose and legal basis

The use of Teads Ads is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Teads SA. Further information can be found in the privacy policy for Teads Ads: http://www.teads.com/teads-website-privacy-policy/.

Triple Lift Ads

Type and scope of processing

We have integrated Triple Lift Ads on our website. Triple Lift Ads is a service provided by Triple Lift, Inc. that displays targeted adverts to users. Triple Lift Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users. Triple Lift Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Furthermore, Triple Lift Ads delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be passed on to the operator of Triple Lift Ads, Triple Lift, Inc, New York, New York, US.

Purpose and legal basis

The use of Triple Lift Ads is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Triple Lift, Inc. Further information can be found in the privacy policy for Triple Lift Ads: https://triplelift.com/privacy/.

Trustpilot Widget

Type and scope of processing

We have integrated Trustpilot Widget components on our website. Trustpilot Widget is a rating service that allows users to rate our services. If you rate our services, data about the service used may be transmitted to Trustpilot, Inc. to verify authenticity. Trustpilot Widget enables us to obtain content such as reviews directly from Trustpilot, Inc. and display it on our website. Your current IP address is usually transmitted to the service for this purpose.

Furthermore, Trustpilot Widget stores information using cookies to find out which online offers have been visited. In this case, your data will be passed on to the operator of Trustpilot Widget, Trustpilot, Inc, 245 5th Avenue, 4th floor, New York, NY 10016, United States.

Purpose and legal basis

The use of Trustpilot Widget is based on Art. 6 para. 1 lit. f. GDPR. GDPR to inform users about the quality of our services. If the user consents to the processing of their data, the legal basis for the processing is Art. 6 para. 1 lit. a. GDPR.

Further information can be found in the privacy policy for Trustpilot Widget: https://legal.trustpilot.com/end-user-privacy-terms.

Vimeo Video

Type and scope of processing

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you start a Vimeo video on this website, a connection to their servers is established. The Vimeo server is informed which of our pages you have visited. Vimeo also obtains your IP address. However, we have made the settings so that Vimeo cannot track your user activities and will not set any cookies.

Purpose and legal basis

The use of Vimeo is based on our legitimate interest in an appealing presentation of our online offers (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the data will be processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find Vimeo's privacy policy here: https://vimeo.com/privacy.

Yieldlab Ads

Type and scope of processing

We have integrated Yieldlab Ads on our website. Yieldlab Ads is a service provided by Yieldlab AG that displays targeted adverts to users. Yieldlab Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users. Yieldlab Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Yieldlab Ads also delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be forwarded to the operator of Yieldlab Ads, Yieldlab AG, Colonnaden 41, 20354 Hamburg, Germany.

Purpose and legal basis

The use of Yieldlab Ads is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Yieldlab AG. Further information can be found in the privacy policy for Yieldlab Ads: http://yieldlab.de/meta-navigation/datenschutzerklaerung/.

imgix CDN

Type and scope of processing

We use imgix CDN for the proper provision of content on our website. imgix CDN is a service provided by Zebrafish Labs Inc. which acts as a content delivery network (CDN) on our website.

A CDN helps to make the content of our online offering, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Zebrafish Labs Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of imgix CDN.

Purpose and legal basis

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Zebrafish Labs Inc. Further information can be found in the privacy policy for imgix CDN: https://www.imgix.com/privacy.

Data processing through our app

Access rights of the app

In order to provide our services through the App, we require the access rights listed below which allow us to access certain features of your Device.

Tracking
Notifications
Camera
Photos

Access to the device functions is necessary to ensure the functionalities of the app. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO, your consent within the meaning of Art. 6 (1) lit. a DSGVO and/or - if a contract has been concluded - the fulfilment of our contractual obligations (Art. 6 (1) lit. b DSGVO).

Collection of personal data in the context of app use

General

When you use our app, we collect the following personal data from you:

First and last name
E-mail address
Usage data
IP address
Unit identifier
Metadata

The processing of this personal data is necessary to ensure the functionalities of the app. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO, your consent within the meaning of Art. 6 (1) lit. a DSGVO and/or - if a contract has been concluded - the fulfilment of our contractual obligations (Art. 6 (1) lit. b DSGVO).

Data analysis

When you access our app, your behaviour may be statistically evaluated using certain analysis tools and analysed for advertising and market research purposes or to improve our offers. When using such tools, we ensure compliance with the statutory data protection provisions. When using external service providers (order processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.

Google Analytics Firebase

We use Google Analytics Firebase (hereinafter Google Firebase) to analyse user behaviour. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Firebase includes various features that allow us to analyse your in-app behaviour. This allows us to analyse, for example, your screen views, button presses, in-app purchases or the effectiveness of advertising efforts. We can also determine which features within our app are used frequently or infrequently. For these purposes, Google Firebase stores, among other things, the number and duration of sessions, operating systems, device models, region and a range of other data. A detailed overview of the data collected by Google Firebase can be found at:

https://support.google.com/firebase/answer/6318039?hl=de

When using Google Firebase, we rely on Art. 6 (1) lit. f DS-GVO as the legal basis for the storage and analysis of personal data, as we have a legitimate interest in analysing the use of our app. This enables us to optimise our online presence and offers for you. If you have previously given your consent to the processing of data on this website by Google Firebase, the processing of your data takes place solely on the legal basis of Art. 6 (1) lit. a DS-GVO. You can revoke your consent at any time. The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at:

https://privacy.google.com/businesses/controllerterms/mccs/.

For more information on Google Firebase, please visit:

https://firebase.google.com/

https://www.firebase.com/terms/privacy-policy.html

Cookies

To improve the user experience on our website and enable you to use its certain features in order to show suitable products or conduct market research, some pages of this website use the so-called cookies. This serves the protection of our legitimate interests in the optimised presentation of our offer according to art. 6 (1) 1 lit a GDPR that are overriding in the process of balancing of interests. A cookie is a small text file which is stored automatically on your end device. Some of the cookies we use are deleted after you close the browser session, i.e. when you close the browser (that’s the so-called session cookies). Other cookies are stored in your end-user device and enable us to recognise your browser when you visit us again (persistent cookies). To check the cookie storage period, you can use the Overview function in the cookie settings of your web browser. You can configure your browser for it to inform you whenever a page uses cookies and decide on a case-by-case basis whether to accept or reject the cookies on a given website or generally. Every browser has a different policy for managing the cookie settings. The browser’s policy is described in the Help menu of every browser and explains how you can change your cookie settings. To find out how to change the settings in your browser, see the links below:

Internet Explorer™: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Safari™: https://support.apple.com/kb/PH21411?locale=de_DE&viewlocale=en_US
Chrome™: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
Firefox™: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Opera™: http://help.opera.com/Windows/10.20/en/cookies.html

Please note that disabling cookies may limit your access to some features of our website.

This website also uses the so-called DoubleClick cookie for the purpose of Google Analytics (see below). The DoubleClick cookie enables the recognition of your browser as you visit other websites. The information generated automatically by the cookie about your visit to this website will be transmitted to and stored on a Google server in the United States. By means of IP anonymisation enabled on this website, the IP address will be shortened before being transmitted within the area of member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address will be sent to a Google server in the USA and shortened there. Google will not join the anonymised IP address, transmitted from your browser through Google Analytics, with any other data held by Google.

Google will use this information to compile reports about your website activities and to provide other services related to the use of the website. This serves the protection of our legitimate interests in the optimal marketing of our website according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. In addition, Google may transfer this information to third parties from time to time if this is required by law or if third parties process such data on behalf of Google.

Google Double Click is offered by Google LLC. (https://www.google.com/).

Google LLC is headquartered in the USA and is certified to the EU-US Privacy Shield. You will see the up-to-date certificate here. Based on this agreement between the USA and the European Commission, the latter has recognised entities certified to the Privacy Shield as those ensuring an adequate level of data protection.

You can disable the DoubleClick cookie via the following link.
http://www.google.com/settings/ads/anonymous?hl=de&sig=ACi0TCgl4UGsZh61Q3WxLmZrwxpLhi5Brsz7n4oppCNx_HUc_H_jSUofKIBlIzSQqHsOOw9rIWpi-60gYxrsLKPSD2V09YE1Q2b3WEVPY6wxNgvNS-cammA

In addition, you can obtain information about the setting of cookies from the Digital Advertising Alliance and accordingly adapt the settings of your browser:
http://www.aboutads.info/

Finally, you can configure your browser for it to inform you about the setting of cookies and decide on a case-by-case basis whether to accept or reject the cookies on a given website or generally. Please note that disabling cookies may limit your access to some features of our website.

Necessary

Provider	Cookie	Lifetime
Adyen	OptanonAlertBoxClosed	9 months	Privacy Policy
Adyen	OptanonConsent	1 year	Privacy Policy
Chronext	userId	1 year	Privacy Policy
Chronext	lastContextLocale	30 days	Privacy Policy
Chronext	CHRONEXT_COOKIE_CONSENT_STATE	1 year	Privacy Policy
Chronext	subscribedForNewsletter	1 year	Privacy Policy
Chronext	sellWatchCheckoutEditClicked	15 seconds	Privacy Policy
Chronext	watchmakingCheckoutEditClicked	15 seconds	Privacy Policy
Chronext	CXT-purchase-S*	1 year	Privacy Policy
Chronext	dontShowDomainRedirectModal	1 year	Privacy Policy
Chronext	sellWatchRequestId	5 minutes	Privacy Policy
Chronext	partExchangeTicketId	5 minutes	Privacy Policy
Chronext	newsletterShown	1 year	Privacy Policy
Chronext	hidePromoBar	1 day	Privacy Policy
Chronext	FCSESSID*	Session	Privacy Policy
Chronext	*_chronextCookieMessageShown	1 year	Privacy Policy
Google reCAPTCHA	_GRECAPTCHA	6 months	Privacy Policy
Google reCAPTCHA	__Secure-3PSIDCC	1 year	Privacy Policy
Ratepay	dis	6 months	Privacy Policy
Sift Science	__ssid	13 months	Privacy Policy

Statistics

Provider	Cookie	Lifetime
Google Analytics	_ga	13 months	Privacy Policy
Google Analytics	_ga_*	13 months	Privacy Policy
Hotjar Behavior Analytics	_hjSessionUser_*	1 year	Privacy Policy
Hotjar Behavior Analytics	_hjSession_*	30 minutes	Privacy Policy
Matomo	_pk_id.*	1 year	Privacy Policy
Matomo	_pk_ses.*	30 minutes	Privacy Policy
Trustpilot	OptanonAlertBoxClosed	9 months	Privacy Policy
Trustpilot	OptanonConsent	1 year	Privacy Policy
Trustpilot	TP.uuid	13 months	Privacy Policy

Preferences

Provider	Cookie	Lifetime
Emarsys	cdv	1 year	Privacy Policy
Emarsys	scarab.visitor	Session	Privacy Policy
Emarsys	s	Session	Privacy Policy
Emarsys	xp	1 year	Privacy Policy
Fresh Chat	_BEAMER_FIRST_VISIT_*	6 months	Privacy Policy
Fresh Chat	_BEAMER_USER_ID_*	6 months	Privacy Policy
Fresh Chat	zarget_user_id*	8 months	Privacy Policy

Marketing

Provider	Cookie	Lifetime
Adform	C	32 months	Privacy Policy
Adform	uid	2 months	Privacy Policy
adnxs	uuid2	3 months	Privacy Policy
adnxs	anj	3 months	Privacy Policy
adnxs	XANDR_PANID	3 months	Privacy Policy
AWIN	19882_lantern	6 months	Privacy Policy
AWIN	lantern	1 year	Privacy Policy
Bing	MSPTC	13 months	Privacy Policy
Bing	MUID	13 months	Privacy Policy
Bing	_uetvid	13 months	Privacy Policy
casalemedia	CMPRO	3 months	Privacy Policy
casalemedia	CMPS	3 months	Privacy Policy
casalemedia	CMID	1 year	Privacy Policy
casalemedia	rum	1 year	Privacy Policy
creativecdn	ts	1 year	Privacy Policy
creativecdn	c	1 year	Privacy Policy
creativecdn	receive-cookie-deprecation	6 months	Privacy Policy
creativecdn	g	1 year	Privacy Policy
creativecdn	n360-rtbhouse	3 months	Privacy Policy
creativecdn	__rtbh.uid	1 year	Privacy Policy
creativecdn	__rtbh.lid	1 year	Privacy Policy
Google DoubleClick	IDE	1 year	Privacy Policy
Google Tag Manager	_gcl_*	3 months	Privacy Policy
Meta Platforms, Inc	_fbp	3 months	Privacy Policy
RTBlab	webeyeuserid	30 days	Privacy Policy
Sonobi	HAPLB8G	Session	Privacy Policy
stickyadstv	UID	1 month	Privacy Policy
udmserve	udmts	1 year	Privacy Policy
udmserve	dt	1 year	Privacy Policy
udmserve	rtbh	3 months	Privacy Policy

Use a magic link

Login with Magic Link

Privacy policy

Person responsible for data processing

Person responsible

Data Protection Officer

General information

Information according to Art. 13 GDPR

Categories of recipients of the personal data

Duration of data storage

Your rights as a data subject

Cookies

Data processing in detail

Provision of the website

Contact us

Type and scope of processing

Purpose and legal basis

Storage duration

Freshworks CRM

Type and scope of data processing

Purpose and legal basis

Freshdesk, Freshchat, Freshsurvey

Order processing

Amazon Connect

Type and scope of processing

Purpose and legal basis

Applications

Type and scope of processing

Purpose and legal basis

Storage duration

Inclusion in the applicant pool

Newsletter

Emarsys

Data analysis by Emarsys

Legal basis

Storage duration

Order processing

Registration of a customer account

Processing of customer and contract data

Data transmission upon conclusion of a contract for online shops, retailers and dispatch of goods

Credit checks

Payment services

Deutsche Bank

CreditPlus

Ratepay

American Express

Mastercard

VISA

Klarna

Presence on social media platforms

Data processing by social networks

Legal basis

Responsible party and assertion of rights

Storage duration

Facebook page

Instagram page

X

LinkedIn page

Video conferencing

Data processing

Purpose and legal basis

Storage duration

Twilio

Type and scope of data transmission

Purpose and legal basis

Matomo

Type and scope of data transmission

Purpose and legal basis

IP anonymisation

Hosting

AWIN

Type and scope of processing

Purpose and legal basis

AWS CloudFront

Type and scope of processing

Purpose and legal basis

Storage duration

AppNexus

Type and scope of processing

Purpose and legal basis