Privacy Policy
General information on the handling of personal data
Below, we provide information about how we process personal data in specific situations.
Personal data is any information relating to an identified or identifiable natural person. This may include your name, address, email address, but also the IP address of the device you use to access the Internet and your user behaviour on our website.
- Controller
The controller responsible for processing your personal data within the meaning of the General Data Protection Regulation (GDPR) is:
TV-Turm Alexanderplatz Gastronomiegesellschaft mbH
Panoramastraße 1A
10178 Berlin
Phone: +49 (0) 30 2475750
Email: [email protected]
- Data protection officer
You can contact our data protection officer by email at [email protected]. We expressly point out that when using this email address, the contents will not be seen exclusively by our data protection officer. If you wish to exchange confidential information with him, we therefore ask you to first contact him directly via this email address.
- Data processing when you visit our website
3.1 Accessing our website / connection data
Every time you use our website, we collect connection data that your browser automatically transmits to enable you to visit the website. This connection data includes the so-called HTTP header information, including the user agent, and in particular:
- IP address of the requesting device,
- Method (e.g. GET, POST), date and time of the request,
- address of the requested website and path of the requested file,
- the previously accessed website/file (HTTP referrer),
- information about the browser and operating system used,
- HTTP protocol version, HTTP status code, size of the delivered file,
- request information such as language, type of content, content encoding, character sets.
The processing of this connection data is strictly necessary to enable you to visit the website, to ensure the permanent functionality and security of our systems, and to perform general administrative tasks related to our website. The connection data is also stored temporarily in internal log files for the purposes described above and limited to the minimum necessary to find the cause and take action in the event of repeated or criminal access that jeopardizes the stability and security of our website.
The legal basis for this processing is Art. 6 (1) (b) GDPR, provided that the page is accessed in the course of the initiation or execution of a contract, and otherwise Art. 6 (1) (f) GDPR based on our legitimate interest in enabling the website to be accessed and in the long-term functionality and security of our systems. The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 7 days at the latest. Further storage is possible if there is a legitimate interest to do so on a case-by-case basis.
3.2 Data processing when you contact us
You have various options for contacting us – via the contact form, email, telephone/fax or post.
The data collected in this process – depending on the type of contact you choose, this includes your email address, your first and last name, your telephone numbers, the date and time of your enquiry, your request and, if applicable, contract data if you send us enquiries in the context of entering into or processing a contract – will be used exclusively for the purpose of communicating with you.
We generally base the processing of your data on Art. 6 (1) (f) GDPR. Our legitimate interest is the effective processing of enquiries addressed to us and, where applicable, the initiation or execution of business relationships. If the purpose of the contact is to conclude a contract, or if the contact is made within the framework of a contract to which you are a party, the legal basis for the processing of personal data is Art. 6 (1) (b) GDPR.
If your data is no longer required for the processing and handling of your enquiry because your request has been dealt with, your request has been clarified and there are no legal retention periods or a legitimate interest in further storage, your data will be routinely deleted by us.
3.3 Applications
You can apply for open positions by email or via our contact form at https://karriere.tv-turm.de. The purpose of data collection is to select applicants for the possible establishment of an employment relationship. We process the following personal data in particular for the receipt and processing of your application (hereinafter referred to as “application data”):
- First name and surname;
- Email address, telephone number;
- Application documents (e.g. references, CV);
- Gender
The legal basis for the processing of your application data is Art. 6 (1) (b) and Art. 88 (1) GDPR in conjunction with § 26 (1) sentence 1 BDSG.
We store your personal data upon receipt of your application. If we accept your application and an employment relationship is established, we will store your application data for as long as it is necessary for the employment relationship and insofar as statutory provisions require us to retain it.
If we reject your application, we will store your application data for a maximum of six months after rejecting your application, unless you give us your consent to store it for longer.
3.4 Data processing for ticket orders
When you order a ticket or voucher, we collect the mandatory information required for contract processing or initiation:
- First name and surname,
- Company name (if applicable)
- Telephone
- Postcode
- Country
- Tax ID
- Language
The purpose of data processing is to process the ticket purchase. The legal basis for processing is Art. 6 (1) (b) GDPR; if you as a person are not a party to the contract, we base the processing on Art. 6 (1) (f) GDPR. Our legitimate interest here is the initiation or execution of business relationships.
We are supported in this data processing by our partner Ventrata Limited, 73 Cornhill, London, EC3V 3 QQ, United Kingdom, which provides us with the booking platform for the tickets.
We have concluded a data processing agreement with Ventrata Limited. In addition, we have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 2) with Ventrata Limited in accordance with Art. 46 (2) (c) GDPR.
Further information can be found in Ventrata Limited’s privacy policy: https://storage.googleapis.com/ventrata-documents/ventrata-terms-and-conditions.pdf.
3.4.1 Payment options and payment service providers
For orders placed in our online ticket shop, we offer the payment methods commonly used in the online sector (e.g. credit card, giropay). We work with various payment service providers from whom we receive your payment data or to whom we transfer your payment data.
Without this payment data and payment service providers, payment and contract processing is not possible. The legal basis for this data processing is Art. 6 (1) (b) GDPR.
Below, we provide information about the service providers we use:
- for payment with Apple Pay:
Apple Inc., Apple Distribution International
Hollyhill Industrial Estate
Hollyhill, Cork, Ireland
(https://www.apple.com/de/legal/privacy/data/de/apple-pay/)
- When paying with Google Pay:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4, Ireland
(https://safety.google/intl/de_de/pay/)
- when paying at the snack and beverage vending machines at the viewing platform:
BS PAYONE GmbH
Lyoner Straße 9
D-60528 Frankfurt/Main
(https://www.payone.com/DE-de/dsgvo)
In addition, we use the services of Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, Netherlands (“Adyen”). Adyen is an external payment service provider whose services we use to accept and process payments made to us on our behalf, to dispute chargebacks, and to prevent and detect fraud. Adyen is used for credit card payments and in the online ticket shop.
The personal data you provide to Adyen usually includes the card type (Mastercard or VISA), the cardholder’s name, card number, verification code and expiry date, IBAN if applicable, BIC, bank name, bank location ID and postcode, as well as payment information, buyer information, fingerprint scan, persistent cookies, buyer email address, IP address, buyer reference number, telephone number, billing address and delivery address, as well as shopping basket information, browser language, delivery method, country of purchase, etc., if applicable.
The legal basis is Art. 6 (1) (b) GDPR to fulfil the payment within the scope of a contract with you, and otherwise Art. 6 (1) (f) GDPR, whereby the use of an external payment service provider is based on our legitimate interest in being able to offer you additional payment options with Adyen.
We have entered into a data processing agreement with Adyen. Your personal data may also be transferred by Adyen N.V., Simon Carmiggeltstraat 6, 1011 DJ, Amsterdam, Netherlands, to Adyen 274 Brannan Street, Suite 600; San Francisco, CA 94107 USA. Adyen N.V. and Adyen USA have entered into standard contractual clauses (Implementing Decision (EU) 2021/914, Module 2) in accordance with Art. 46 (2) (c) GDPR.
Further information can be found in Adyen’s privacy policy:
https://www.adyen.com/de_DE/privacy-policy/efp
Further information on how the payment service providers process your data on their own responsibility can be found in the respective privacy policies of the payment service providers.
3.5 Data processing for existing customer advertising
If you have purchased a ticket online or on site, we will also use your contact details (on site only if provided) to send you further information about our products and services that may be relevant to you by email (“existing customer advertising”). This may include, in particular, news, promotions and offers, our customer feedback and other surveys.
The legal basis for this data processing is Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG (Act against Unfair Competition), according to which data processing is permissible for the pursuit of legitimate interests insofar as this concerns the storage and further use of the data for advertising purposes in order to improve our customer service or identify potential for improvement.
You can object to the use of your data for advertising purposes at any time by clicking on the corresponding link in the emails or by sending an email to [email protected] or a letter to our above address, without incurring any costs other than the transmission costs according to the basic rates.
3.6 Newsletter
You have the option of subscribing to our newsletter, in which we regularly inform you about new products and promotions.
3.6.1 Newsletter subscription
We use the double opt-in procedure to order our newsletter, i.e. we will only send you newsletters by email if you confirm in our notification email by clicking on a link that you are the owner of the email address provided. If you confirm your email address, we will store your email address, the time of registration and the IP address used for registration for the duration of the subscription and then archive them for a limited period after you unsubscribe or withdraw your consent. The storage serves solely to send you the newsletter and to verify your registration. In addition, we measure whether our newsletter can be delivered at all.
We use Brevo, a service provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany (“Brevo”), to send our newsletter. We use Brevo for email marketing in the event of registration for the newsletter on our website and for transactional emails, for example in the event of a white paper download. We have concluded a data processing agreement with Brevo. Your data will be stored by Brevo in Germany or the European Union and transmitted in encrypted form. If Brevo works with sub-processors whose parent company is not based in the European Union, the adequacy decision for the USA applies to US companies certified under the EU-US Data Privacy Framework and/or Brevo and its sub-processors have concluded standard contractual clauses and taken additional measures to protect the data. When using Brevo, anonymized data about the use of the newsletter (e.g. clicks, openings) is used for aggregated statistical analysis.
The legal basis for processing is your consent in accordance with Art. 6 (1) (a) GDPR. You can withdraw this consent at any time with future effect by unsubscribing from the newsletter. A corresponding unsubscribe link is included in every newsletter. Of course, you can also send a message to the contact details provided above or in the newsletter (e.g. by email or letter).
3.6.2 Newsletter tracking
We want to share content that is as relevant as possible to our customers via our newsletter and better understand what they are interested in. For this reason, we use standard technologies in our newsletters to measure interactions with the newsletters (e.g. opening of email, links clicked). We use this data in pseudonymous form for general statistical evaluations and to optimize and further develop our content and customer communication. This is done with the help of small graphics embedded in the newsletters (so-called pixels) that establish a connection to the image server when the email is opened. We also use links that first register a click on the link and only then forward you to the desired target page.
The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR. Access to the information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG. You can withdraw your consent to the analysis of your usage behaviour at any time with future effect by unsubscribing from the newsletter. You can also prevent the measurement of whether an email has been opened by disabling graphics or the display of HTML content in your email programme by default.
3.7 Competitions
You have the opportunity to participate in our competitions.
In the context of competitions, we use your data for the purpose of conducting the competition and notifying the winners. You can find detailed information in the terms and conditions of the respective competition. The legal basis for processing is the competition contract in accordance with Art. 6 (1) (b) GDPR. Data processing for other or further purposes, in particular for advertising, is based on your consent in accordance with Art. 6 (1) (a) GDPR.
We base the sending of the offer to participate in the competition on your consent in accordance with Art. 6 (1) (a) GDPR, if you have given us this consent, and otherwise on Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG, based on our legitimate interest in offering competitions and strengthening customer loyalty.
The legal basis for the public announcement of the name(s) of the winners in connection with the competition or presentation of the participants’ entries by us or by third parties commissioned by us in online and offline media (e.g. on the Facebook page, website or in print) is Art. 6 (1) (a) GDPR, i.e. your consent.
Where applicable, you will find separate information in the competitions, which will then link to this online privacy policy.
In conventional competitions, we process the mandatory information necessary for the execution of the contract:
- Title,
- first and last name,
- Address
- telephone number and email address,
- age or legal age.
Which of these data we require for the execution of the contract depends on the type of competition. Mandatory information is marked as such. For digital competitions, we also collect the IP address, the time and date of participation.
You can object to receiving offers to participate in competitions and to the use of your data for advertising purposes at any time by clicking on the corresponding link in the emails or by notifying us using the contact details above (e.g. by email or letter) with effect for the future, without incurring any costs other than the transmission costs according to the basic rates.
- Use of tools on the website
4.1 Technologies used
This website uses various services and applications (collectively referred to as “tools”) that are either provided by us or by third parties. These include, in particular, tools that use technologies to store information on the end device or to access it:
- Cookies: Information stored on the end device, consisting in particular of a cookie name, a value, the storing domain and an expiry date. So-called session cookies are deleted after the session, while so-called persistent cookies are deleted after the specified expiry date. Cookies can also be removed manually.
- Web storage (local storage/session storage): Information stored on the end device, consisting of a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiry date and remains stored unless a mechanism for deletion has been set up (e.g. storage of local storage with time entry). Information in local and session storage can also be removed manually.
- JavaScript: Programming codes embedded in or called up by the website that, for example, set cookies and web storage or actively collect information from the end device or about the usage behaviour of visitors. JavaScript can be used for “active fingerprinting” and the creation of usage profiles. JavaScript can be blocked by a setting in the browser, but most services will then no longer function.
- Pixels: Tiny graphics automatically loaded by a service that can enable website visitors to be recognized by automatically transmitting the usual connection data (in particular IP address, information about the browser, operating system, language, fonts, address accessed and time of access) and, for example, determine whether an email has been opened or a website visited. Pixels can be used for “passive fingerprinting” and the creation of usage profiles. The use of pixels can be prevented, for example, by blocking images in emails, although this will severely restrict the display.
With the help of these technologies and by simply establishing a connection to a page, so-called “fingerprints” can be created, i.e. usage profiles that do not require the use of cookies or web storage and can still recognize visitors. Fingerprints based on the connection establishment cannot be completely prevented manually.
Most browsers are set by default to accept cookies, execute scripts and display graphics. However, you can usually adjust your browser settings to reject all or certain cookies or to block scripts and graphics. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services will probably not work or will not work properly.
The tools we use are listed below by category, with specific information about the providers of the tools, the storage duration of cookies or information in local storage and session storage, and the transfer of data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can withdraw this consent.
4.2 Legal basis and withdrawal
4.2.1 Legal basis
We use tools necessary for the operation of the website based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR to provide the basic functions of our website. In certain cases, these tools may also be necessary for the performance of a contract or for the implementation of pre-contractual measures, in which case processing is carried out in accordance with Art. 6 (1) (b) GDPR. In these cases, access to and storage of information on the end device is strictly necessary and is carried out based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (2) TDDDG.
We use all other non-essential (optional) tools that provide additional functions based on your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany pursuant to Section 25 (1) TDDDG. Data processing using these tools only takes place if we have obtained your prior consent.
If personal data is transferred to third countries, we refer to section 7 (“Data transfer to third countries”), also regarding the risks that may be associated with this. We will inform you if standard contractual clauses or other guarantees have been concluded for the use of certain tools. If you have given your consent to the use of certain tools, we will transfer the data processed when using the tools (also) based on this consent in accordance with Art. 49 (1) (a) GDPR to third countries.
4.2.2 Obtaining your consent
We use the tool Borlabs GmbH, Hamburger Straße 11, 22083 Hamburg (“Borlabs”) to obtain and manage your consent. This tool generates a banner that informs you about data processing on our website and gives you the option to consent to all, individual or no data processing by optional tools. This banner appears when you first visit our website and when you return to your settings to change them or withdraw your consent. The banner also appears on subsequent visits to our website if you have disabled cookies or if the cookies or information in local storage have been deleted or have expired.
During your visit to our website, your consent or withdrawal, your IP address, information about your browser, your device and the time of your visit are transmitted to Borlabs. In addition, necessary information is stored on your device to document your consent and withdrawal (“borlabs cookie” (1 year)).
Data processing is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis is Art. 6 (1) (f) GDPR, justified by our interest in complying with the legal requirements for consent management. Access to and storage of information on the end device is strictly necessary in these cases and is carried out based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany pursuant to Section 25 (2) TDDDG.
4.2.3 Withdrawal of your consent or change of your selection
You can withdraw your consent for certain tools, i.e. for the storage of and access to information on your end device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future. To do so, click on the following Link. There you can also change the selection of tools you wish to consent to using and find additional information about the tools used. Alternatively, you can withdraw your consent for certain tools directly from the provider.
4.3 Necessary tools
We use certain tools to enable the basic functions of our website (“necessary tools”). Without these tools, we would not be able to provide our service. Therefore, necessary tools are used without consent. The legal basis for necessary tools is the necessity to fulfil our legitimate interests in accordance with Art. 6 (1) (f) GDPR or to fulfil a contract or to carry out pre-contractual measures in accordance with Art. 6 (1) (b) GDPR. Access to and storage of information on the end device is strictly necessary in these cases and is carried out on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (2) TDDDG.
If personal data is transferred to the USA or other third countries, we refer to point 7 (“Data transfer to third countries”) in addition to the information provided below.
4.3.1 Our own tools
We use our own necessary tools that access information on the end device or store information on the end device, in particular to store your language settings.
The following cookies are set:
Cookie name | Function | Domain | Storage |
wp-wpml_current_language | This cookie stores the selected language setting. | tv-turm.de | Session |
wpml_browser_redirect_test | This cookie checks whether cookies can be placed. | tv-turm.de | Session |
_icl_visitor_lang_js | This cookie stores the language that has been redirected to. | tv-turm.de | 3 days |
4.3.2 Google Tag Manager
Our website uses the Google Tag Manager service, which is provided for persons in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other persons by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (collectively “Google”).
Google Tag Manager is used exclusively for the management of website tools through the integration of so-called website tags. A tag is an element that is stored in the source code of our website to execute a tool, for example through scripts. If these are optional tools, they will only be integrated by Google Tag Manager with your consent.
Google Tag Manager sets the following cookie:
- “_dc_gtm” (1 minute): This cookie is set when Google Analytics is embedded via Google Tag Manager to throttle the request rate.
The legal basis is Art. 6 (1) (f) GDPR, based on our legitimate interest in integrating and managing multiple tags on our website in an uncomplicated manner.
For ensuring stability and functionality when using Google Tag Manager, Google collects information about which tags are integrated by our website. However, Google Tag Manager does not store any personal data beyond the mere establishment of the connection, in particular no data about usage behaviour or the pages visited.
We have concluded a data processing agreement with Google Ireland Limited. Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which means that the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 (2) (c) GDPR.
Further information can be found in Google’s information on Tag Manager: https://support.google.com/tagmanager/answer/6102821.
4.3.3 Google reCAPTCHA
Our website uses the Google reCAPTCHA service, which is provided for persons in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).
reCAPTCHA prevents automated software (so-called bots) from performing abusive activities on the website, i.e. it checks whether the entries made are made by a human being. To do this, reCAPTCHA uses JavaScript and stores cookies and information in local storage on your device. In particular, the following data is processed:
- Referrer URL (address of the page from which the visitor came);
- IP address;
- Cookies set by Google;
- Snapshot of the browser window;
- User input behaviour (e.g. answering the reCAPTCHA question, input speed in form fields, order of selection of input fields, number of mouse clicks);
- Technical information: browser type, browser plug-ins, browser size and resolution, date, language settings, display instructions (CSS) and scripts (JavaScript).
The following cookies may be used and read by reCAPTCHA for this purpose:
- “_GRECAPTCHA” (6 months);
- “CONSENT” (2 years).
The following information in local storage and session storage can be set and read by reCAPTCHA:
- “rc::a”;
Google also reads cookies from other Google services such as Gmail, Search and Analytics. If you do not want this information to be associated with your Google account, you must log out of Google before visiting a page where we have integrated Google reCAPTCHA.
The data mentioned is sent to Google in encrypted form. Google’s evaluation determines the form in which the captcha is displayed on the page. The use of reCAPTCHA is statistically evaluated. According to Google, your data will not be used for personalized advertising.
The legal basis is the necessity for the performance of a contract or for the implementation of pre-contractual measures in accordance with Art. 6 (1) (b) GDPR, for example in the context of the use of one of our (contact) forms. In all other respects, the legal basis is our legitimate interest pursuant to Art. 6 (1) (f) GDPR, whereby Google reCAPTCHA serves to protect IT security, ensure the stability of our website and prevent misuse.
Further information can be found at:
- in Google’s privacy policy: https://policies.google.com/privacy;
- in Google’s Terms of Use: https://policies.google.com/terms.
4.4 Analysis tools
To improve our website, we use optional tools for statistical collection and analysis of general usage behaviour based on access data (“analysis tools”). We also use analysis services to evaluate the use of our various marketing channels.
The legal basis for the analysis tools is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG. For information on withdrawing your consent, see 4.2.3: “Withdrawal of your consent or change of your selection”.
If personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). Please refer to section 7 (“Data transfer to third countries”) for the associated risks.
4.4.1 Google Analytics 4
Our website uses Google Analytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for persons in Europe, the Middle East and Africa (EMEA) and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”) for all other persons.
Google Analytics uses JavaScript and pixels to read information on your device and cookies to store information on your device. This is used to analyze your usage behaviour and improve our website. We will process the information obtained to evaluate your use of the website and to compile reports on website activity for the website operators. The data collected in this context may be transferred by Google to a server in the USA for evaluation and stored there.
We have made the following privacy settings in Google Analytics:
- IP anonymization (shortening of the IP address before evaluation);
- Automatic deletion of old logs / limitation of storage duration;
- Deactivated advertising function (including target group remarketing through GA Audience);
- Deactivated Remarketing;
- Deactivated Cross-device and cross-site tracking;
- Deactivated data sharing with other Google products and services, benchmarking, technical support, account managers.
The following data is processed by Google Analytics:
- IP address;
- Referrer URL (previously visited page);
- Pages accessed (date, time, URL, title, duration of visit);
- Downloaded files;
- Links clicked to other websites;
- Achievement of specific goals (conversions);
- Technical information: Operating system; Browser type, version and language; Device type, brand, model and resolution;
- Approximate location (country and, if applicable, city, based on anonymized IP address).
Google Analytics uses the following cookies for the specified purpose with the respective storage period:
- “_ga” (2 years): Recognition and differentiation of visitors through a user ID;
- “_ga_{GA-ID}” (2 years): Retention of information from the current session;
- ‘’_gac_gb_{GA-ID}’’ (90 days): Storage of campaign-related information and, if applicable, linking to Google Ads conversion tracking.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG.
We have concluded a data processing agreement with Google Ireland Limited. Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which means that the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 (2) (c) GDPR.
Further information can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245.
4.4.2 Stape
On our website, we use Stape.io from Stape Europe OÜ, Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia, a cloud service for server-side collection, processing and forwarding of website data. The data is collected via European servers using the automatically transmitted connection data or via third-party tools integrated into the Stape.io servers (e.g. server-side Google Tag Manager) and forwarded to the services of our advertising partners (Google Analytics 4).
We have concluded a data processing agreement (Art. 28 GDPR) with the provider, which ensures that the data is only processed in accordance with our instructions and not for its own purposes. The physical infrastructure is operated in certified European data centers. You can withdraw your consent to the use of this tool at any time. Further information on data protection at Stape can be found at https://stape.io/privacy-notice.
4.5 Marketing tools
We also use optional tools for advertising purposes (“marketing tools”). Some of the access data collected when you use our website is used to create usage profiles that store, in particular, your usage behaviour, the advertisements you have viewed or clicked on, and based on this, your classification into advertising categories, interests and preferences. By analyzing and evaluating this access data, we can display personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites of other providers. To do this, we analyze your usage behaviour to recognize you on other pages and address you in a personalized manner based on your use of our site (retargeting). In addition, we evaluate the effectiveness and success of our advertising campaigns (so-called conversions and leads).
The legal basis for the marketing tools is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany pursuant to Section 25 (1) TDDDG. For information on withdrawing your consent, see 4.2.3: “Withdrawal of your consent or change of your selection”.
If personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). Please refer to section 7 (“Data transfer to third countries”) for the associated risks.
In the following section, we would like to explain the tools and the providers used for this purpose in more detail. The data collected may include, in particular:
- the IP address of the device;
- the information contained in a cookie and in local or session storage;
- the device identifier of mobile devices (e.g. device ID, advertising ID);
- referrer URL (previously visited page);
- Pages accessed (date, time, URL, title, duration of visit);
- Downloaded files;
- Links clicked to other websites;
- Achievement of specific goals (conversions);
- Technical information: Operating system; Browser type, version and language; Device type, brand, model and resolution;
- Approximate location (country and, if applicable, city).
However, the data collected is stored exclusively in pseudonymized form, so that no direct conclusions can be drawn about individuals.
4.5.1 Meta pixels (formerly Facebook pixels)
Our websites use the Meta Pixel service for marketing purposes, which is provided for persons outside the USA and Canada by Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland, and for persons from the USA and Canada by Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA (together “Meta Platforms”).
We use Meta Pixel to analyze the general use of our websites (in particular “Events”) and to track the effectiveness of advertising (“conversion tracking”).
Meta Platforms processes data collected by the service via JavaScript, cookies and other technologies on our websites for this purpose. This includes in particular:
- HTTP header information such as information about the browser used (e.g. user agent, language);
- Information about events such as “page views”, other object properties and buttons clicked by visitors of the website;
- Online identifiers such as IP addresses and, if provided, Facebook business-related identifiers or device IDs (such as advertising IDs for mobile operating systems) as well as information on the status of deactivation/restriction of ad tracking.
The following cookie is set and read by Meta Pixel for the specified purpose with the respective storage period:
- “_fbp” (90 days): usage analysis and retargeting.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to Section 25 (1) TDDDG.
Meta Platforms acts as our processor for comparison, measurement and analysis services, in particular for analyzing the use of our website, comparing user IDs and creating reports on our advertising campaigns. We have therefore concluded a data processing agreement.
In addition, we and Meta Platforms are jointly responsible for the processing of event data for the targeting of advertisements (through the creation and selection of target groups), the delivery of commercial and transaction-related messages, the improvement of ad delivery, and the personalization of features and content in connection with the use of Meta Pixel. The mutual obligations have been set out in a joint controller agreement, which can be accessed at the following address: https://www.facebook.com/legal/controller_addendum.
In addition, Meta Platforms also processes event data for the protection and security of Meta Platforms’ products, for research and development purposes, and to maintain the integrity of the products and improve them.
Your personal data may also be transferred by Meta Platforms Ireland Ltd. to Meta Platforms Inc. in the United States. Meta Platforms Inc. has joined the EU-US Data Privacy Framework, which means that the transfer in this case is based on the adequacy decision for the United States pursuant to Art. 45 GDPR.
If you are a member of Facebook or Instagram and have allowed Meta Platforms to do so in your account privacy settings, Facebook or Instagram may also link the information collected about your visit to our website to your member account and use it for targeted advertising. You can view and change the privacy settings of your Facebook profile at any time: https://www.facebook.com/settings/?tab=ads. You can prevent data collected outside of Instagram from being linked to personalized advertising on Instagram as follows: https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE.
If you have not consented to the use of Meta Pixel, Meta Platforms will only display general advertising that is not selected based on the information collected about you on this website.
Further information, in particular on joint responsibility and contact details, can be found in Meta Platforms’ privacy policy, in particular regarding the social networks Facebook and Instagram: https://www.facebook.com/privacy/policy/.
4.5.2 TikTok Pixel (TikTok Ads)
Our website uses the TikTok Advertiser Tool “TikTok Pixel” from the social network TikTok for marketing purposes, a service provided to users in the European Economic Area and Switzerland by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
We use TikTok Pixel, which is a JavaScript code snippet, to understand and track user activity on our website. Similar to Meta Pixel, TikTok Pixel collects and processes information about website visitors or the devices they use (event data). The event data collected via TikTok Pixel is used to target our advertisements, improve ad delivery and personalize advertising.
For this purpose, the event data collected on our website using the TikTok Pixel is transmitted to TikTok. Some of this event data is information stored on your device. In addition, the TikTok Pixel also uses cookies to store information on your device.
This collection and transmission of event data is carried out by us and TikTok as joint controllers within the meaning of Art. 26 GDPR. We have entered into an agreement with TikTok on joint controllership, which sets out the distribution of data protection obligations between us and TikTok. In this agreement, we and TikTok have agreed, among other things, that we are responsible for providing you with all information pursuant to Articles 13 and 14 of the GDPR regarding the joint processing of personal data and that TikTok is responsible for enabling the rights of data subjects pursuant to Articles 15 to 20 of the GDPR. TikTok is solely responsible for the processing of the transmitted event data following the transfer.
The following cookies are stored and read by TikTok Pixel:
- “_ttp” (390 days): usage analysis, evaluation of advertising campaigns, display of personalized advertising;
- “_tt_enable_cookie” (390 days): storage of the test for creating cookies.
- “ttcsid” (390 days): identifier, usage analysis, storage of first and last access time;
- “ttcsid_*” (390 days): identifier, usage analysis, storage of first and last access time.
The following elements in the session storage are stored and read by TikTok Pixel:
- “tt_appInfo” (session): storage of the type of platform;
- “tt_pixel_session_index” (session): storage of the identifier of the current process in the session;
- “tt_sessionId” (session): storage of the identifier of the current session.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG.
If personal data is transferred by TikTok Technology Limited to TikTok Information Technologies UK Limited or other companies in third countries, either the adequacy decisions for the respective third countries pursuant to Art. 45 GDPR apply or standard contractual clauses pursuant to Art. 46 (2) (c) GDPR have been concluded between the TikTok companies for the transfer of your data.
If you are a member of TikTok and have allowed TikTok to do so via your account privacy settings, TikTok may also link the information collected about your visit to us with your member account and use it for the targeted placement of TikTok advertising. You can view and change the privacy settings of your TikTok profile at any time: https://support.tiktok.com/de/account-and-privacy/personalized-ads-and-data/how-your-ads-are-personalized.
If you have not consented to the use of the TikTok Pixel, TikTok will only display general TikTok advertising that is not selected based on the information collected about you.
For more information, please refer to TikTok’s privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de, as well as the Business Products Data Terms: https://ads.tiktok.com/i18n/official/policy/business-products-terms.
4.5.3 Google Ads conversion tracking and ads remarketing (formerly AdWords)
Our website uses the “Google Ads” service, which is provided for persons in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).
Google Ads uses “Google Ads conversion tracking” to record and analyze customer actions defined by us (such as clicks on an ad, page views, downloads). We use “Google Ads Remarketing” to display personalized advertising messages for our products on Google partner websites. Both services use cookies, JavaScript, pixels and other technologies for this purpose. Google also processes data to improve and further develop its own products and services, for aggregated statistical analysis of conversions and to improve the quality and accuracy of conversions.
The following cookies are set and read by Google:
- ,,FPAU‘‘ (90 days): Analysis and advertising purposes;
- ,,FPGCLAW‘‘ (90 days): Analysis and advertising purposes;
- “Conversion” (90 days): advertising purposes;
- “_gcl_aw” (90 days): Analysis and advertising purposes;
- ,,_gcl_au‘‘ (90 days): Analysis and advertising purposes;
- ,, aboutads_sessNNN‘‘ (30 minutes): security and functionality purposes;
- ,,IDE‘‘ (1 year): Provision of advertising and retargeting;
- ,,ANID‘‘ (2 years): Analysis and advertising purposes;
- ,, FPGCLGB‘‘ (90 days): Analysis and advertising purposes;
- “TAID” (2 weeks): analysis and advertising purposes;
- ,,AID‘‘ (540 days): Analysis and advertising purposes.
The following elements are stored and read by Google in local storage:
- “_gcl_ls”: Storage of timestamps for conversion tracking for clicks on ads.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then carried out based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG.
Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which means that the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 (2) (c) GDPR.
If you use a Google account, Google may link your web and app browsing history to your Google account and use information from your Google account to personalize ads, depending on the settings in your Google account. If you do not want this association with your Google account, you must log out of Google before visiting our website.
If you have not consented to the use of Google Ads, Google will only display general advertising that has not been selected based on the information collected about you on this website. In addition to withdrawing your consent, you also have the option of disabling personalized advertising in Google’s advertising settings.
For more information, please refer to Google’s data use policy and privacy policy.
4.5.4 Google Ad Manager (formerly DoubleClick)
Our website uses Google Ad Manager, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for persons in the European Economic Area and Switzerland, and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively, “Google”).
Google Ad Manager uses cookies, pixels and other technologies to present you with advertisements that are relevant to you. The use of this service enables Google and its partner websites to display advertisements based on previous visits to our or other websites on the Internet. In addition, this service is used to create and evaluate reports on advertising campaigns. Furthermore, the service is used to prevent multiple displays of the same advertisement and to generate commission statements. Google also processes the data to improve and further develop its own products and services, to test algorithms for displaying advertisements, to monitor latency for end users and to ensure the accuracy of the forecasting system.
Google may set and read the following cookies in particular for the specified purpose with the respective storage period:
- “IDE” (1 year): Recognition and differentiation of visitors through a user ID, recording of interaction with advertising, display of personalized advertising;
- “NID” (6 months): settings and personalization for Google services and other functions for advertising purposes, in particular the display of Google advertising in Google services;
- “RUL” (1 year): advertising purposes;
- “pm_sess_NNN” (30 minutes): security and functional purposes;
- “__gads” (13 months): advertising purposes;
- “1P_JAR” (30 days): advertising purposes;
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then carried out based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG.
Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which means that the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
If you have not consented to the use of Google Ad Manager, Google will only display general advertising that has not been selected based on the information collected about you on this website. In addition to withdrawing your consent, you also have the option of disabling personalized advertising in Google’s advertising settings: https://adssettings.google.com/notarget.
Further information can be found in Google’s privacy policy: https://policies.google.com/privacy.
4.5.5 LinkedIn Insight Tag
Our website uses the LinkedIn Insight Tag service provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). This enables us to collect and analyze statistical data about your visit and use of our website. This makes it possible to display interest-based and relevant offers, recommendations and advertising on LinkedIn (retargeting). In addition, the effectiveness of advertisements is analyzed (conversion tracking). LinkedIn uses cookies, pixels and JavaScript for this purpose.
The following cookies are set and read by LinkedIn:
- “lidc” (24 hours): optimization of data center selection;
- “bcookie” (365 days): prevention of misuse;
- “bscookie” (1 year): verification with two-factor authentication;
- “li_gc” (6 months): storage of the user’s consent;
- “AnalyticsSyncHistory” (30 days): storage for synchronizing information about LinkedIn members;
- “UserMathHistory” (30 days): usage analysis, synchronization of IDs with LinkedIn Ads;
- “_guid” (90 days): storage and tracking of a visitor’s identity;
- “li_mc” (6 months): availability of consent information on the customer’s page;
- ,,UID‘‘ (720 days): market research purposes and user research;
- ,,li_sugr‘‘ (90 days): determination of user identity matches;
- “lms_ads” (30 days): identification of logged-out LinkedIn members for LinkedIn advertising;
- “lms_analytics” (30 days): identification of logged-out LinkedIn members; for analytical purposes;
- “li_fat_id” (30 days): conversion tracking, retargeting and analysis;
- ,,BizographicsOptOut’’ (10 years): determination of opt-out status of non-members;
- ,,li_giant‘‘ (7 days): indirect identifier for groups of LinkedIn members used for conversion tracking;
- “oribili_user_guid” (1 year): counting unique visitors to a website;
- “In_or” (1 day): used to determine whether Oribi analyses can be performed for a specific domain.
Further information on cookies can be found at: https://www.linkedin.com/legal/l/cookie-table.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then carried out based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG.
If you are logged into LinkedIn while visiting our website, LinkedIn may link the information collected to your member account and use it for targeted advertising on LinkedIn. You can view your privacy settings on LinkedIn at the following link: https://www.linkedin.com/psettings/enhanced-advertising.
We have entered into a data processing agreement with LinkedIn. Your personal data may also be transferred by LinkedIn Ireland Unlimited Company to LinkedIn Corporation in the USA. LinkedIn Corporation has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA pursuant to Art. 45 GDPR.
For further information, please refer to LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy.
4.6 Functional tools
We also use services to improve the user experience on our website and to offer you more features (“functional tools”). Although these are not strictly necessary for the basic functions of the website, they serve to enhance user-friendliness and provide additional features. This includes the integration of external content such as videos and maps.
The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR, which you give via the consent banner or for the respective tool itself by individually permitting its use via a banner (overlay) displayed above it. In these cases, access to and storage of information on the end device is subject to consent and is based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany pursuant to Section 25 (1) TDDDG.
To withdraw your consent, see 4.2.3: “Withdrawal of your consent or change of your selection”. If personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). Please refer to section 7 (“Data transfer to third countries”) for the associated risks.
4.6.1 YouTube videos
We have integrated videos into our website that are stored on YouTube and can be played from our websites. YouTube is a multimedia service provided by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA (“YouTube”), which is offered to persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and to all other persons by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”). YouTube may store information such as cookies, local storage and session storage on your device and execute JavaScript that accesses information on your device.
The following cookies may be set by YouTube:
- “YSC” (session): prevention of spam, fraud and abuse;
- “NID” (6 months): records interactions with advertisements, personalized advertising, storage of settings and preferences;
- “VISITOR_INFO1_LIVE” (180 days): usage analysis, advertising, personalized recommendations based on videos viewed and search queries, detection and prevention of problems with the video player.
- “VISITOR_INFO1_LIVE__default” (180 days): analysis, advertising and personalized recommendations;
- ,,VISITOR_INFO1_LIVE__k‘‘ (180 days): analysis, advertising and personalized recommendations;
- ,,ACLK_DATA‘‘ (5 minutes): advertising purposes;
- GED_PLAYLIST_ACTIVITY (session): YouTube integration and analysis, as well as advertising purposes.
The following information is stored in local storage:
- “yt-remote-device-id”: storage of the device ID;
- “yt-remote-connected-devices”: storage of connected devices;
- “ytidb::LAST_RESULT_ENTRY_KEY”: storage of the last video searched for.
The following information is stored in session storage:
- “yt-remote-session-app”: storage of the type of end device;
- “yt-remote-session-name”: storage of the type of end device;
- “yt-remote-fast-check-period”: storage of the connection bandwidth check.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG.
Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
When you visit our website, YouTube and Google receive information that you have accessed the corresponding subpage of our website. This occurs regardless of whether you are logged in to YouTube or Google. YouTube and Google also use this data for advertising, market research and the need-based design of their services. If you access YouTube on our website while you are logged into your YouTube or Google profile, YouTube and Google can also link this event to the respective profiles. If you do not want this to happen, you must log out of Google before accessing our website.
In addition to withdrawing your consent, you also have the option of disabling personalized advertising in Google’s advertising settings. In this case, Google will only display non-personalized advertising: https://adssettings.google.com/notarget.
Further information can be found in Google’s privacy policy, which also applies to YouTube: https://policies.google.com/privacy.
4.6.2 Google Maps
Our website uses the Google Maps service, which is provided for persons in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).
For the Google Maps material, we use to be integrated and displayed in your web browser, your web browser must establish a connection to a Google server, which may also be located in the USA, when you visit our website. In addition, JavaScript is used by Google Maps for the functionality of the map service, which accesses information on your end device.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then carried out based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG.
Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
Through the integration of the map material, Google receives the information that a page of our website has been accessed from the IP address of your device. If you access Google Maps service on our website while you are logged into your Google profile, Google may also link this event to your Google profile. If you do not want this information to be associated with your Google profile, you must log out of Google before visiting our contact page. Google stores your data and uses it for advertising, market research and personalized presentation of Google Maps.
Further information can be found in Google’s privacy policy:
- in Google’s privacy policy: https://policies.google.com/privacy;
- the Additional Terms of Use for Google Maps: https://www.google.com/intl/de/help/terms_maps/.
- Online presences on social networks
We maintain online presences on social networks to communicate with customers and interested parties and to provide information about our services, among other things.
5.1 Processing for advertising purposes by social network providers
User data is generally processed by the relevant social networks for market research and advertising purposes. This allows user profiles to be created based on the interests of users. For this purpose, cookies and other identifiers are stored on the computers of the persons concerned. Based on these user profiles, advertisements are then placed within social networks, but also on third-party websites, for example.
The legal basis for data processing carried out by social networks on their own responsibility can be found in the privacy policy of the respective social network. The links below also provide further information on the respective data processing and the options for objection.
5.2 Processing for statistical purposes
In the course of operating our online presence, we may have access to information such as statistics on the use of our online presence provided by social networks. These statistics are aggregated and may include demographic information (e.g. age, gender, region, country) and data on interactions with our online presence (e.g. likes, subscriptions, sharing, viewing images and videos) and the posts and content shared on it. These may also provide information about the interests of users, and which content and topics are particularly relevant to them. We may also use this information to adapt the design and our activities and content on the online presence and to optimize it for our audience. Details and links to the data of the social networks to which we, as the operator of the online presence, have access can be found in the list below. The collection and use of these statistics is generally subject to joint responsibility. Where applicable, the relevant agreement is listed below.
The legal basis for data processing is Art. 6 (1) (f) GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 (1) (b) GDPR, to stay in contact with our customers and inform them, as well as to carry out pre-contractual measures with interested parties.
5.3 Access to publicly available information
If you have an account with the social network, we may be able to see your publicly available information (e.g. your username) and media (e.g. images and videos) when we visit your profile. In addition, the social network may allow us to contact you. This can be done, for example, via direct messages or via posted contributions. The content of communication via the social network and the processing of content data is the responsibility of the social network as the messenger and platform service. For this process, we refer to the privacy policy of the respective social networks.
5.4 Processing of publicly available information
As soon as we transfer personal data from you to our own systems or process it further, we are solely responsible for it. Processing is then carried out for the purpose of implementing pre-contractual measures and fulfilling a contract in accordance with Art. 6 (1) (b) GDPR or to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR to contact customers.
5.5 Data protection rights
We would like to point out that data protection requests can be made most efficiently to the respective social network providers, as only these providers have access to the data and can take appropriate measures directly. You can, of course, also contact us with your request. In this case, we will process your request and forward it to the social network provider.
5.6 Online presences used
Below is a list of information about the social networks on which we maintain online presences:
- Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland)
- Operation of the Facebook fan page in joint responsibility on the basis of an agreement on joint processing of personal data (so-called Page Insights Supplement regarding the controller)
- Information on the processed Page Insights data and on how to contact us in the event of data protection enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
- Privacy policy: https://www.facebook.com/about/privacy/
- Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.
- Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland)
- Instagram Business account based on an agreement on joint processing of personal data (so-called Page Insights Supplement regarding the controller): https://www.facebook.com/legal/terms/page_controller_addendum
- Information on the processed Page Insights data and how to contact us in case of data protection enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
- Privacy policy: https://help.instagram.com/519522125107875
- Opt-out (declaration): https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE
- Threads (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland)
- Supplementary Threads Privacy Policy: https://help.instagram.com/515230437301944
- Opt-out (declaration): https://privacycenter.instagram.com/policies/cookies/
- YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
- Privacy policy: https://policies.google.com/privacy
- Opt-out: https://www.google.com/settings/ads.
- Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland)
- Privacy policy: https://policy.pinterest.com/de/privacy-policy
- Notification settings: https://help.pinterest.com/de/article/edit-notification-settings
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
- Operation of the LinkedIn company page in joint responsibility based on an agreement on the joint processing of personal data (so-called Page Insights Joint Controller Addendum)
- Information on the processed Page Insights data and contact details for data protection enquiries: https://legal.linkedin.com/pages-joint-controller-addendum
- Privacy policy: https://www.linkedin.com/legal/privacy-policy
- Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Xing/Kununu (XING SE, Dammtorstraße 30, 20354 Hamburg)
- Privacy policy/opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
- Transfer of data
The data we collect will only be passed on if there is a legal basis for doing so in a specific case, in particular if:
- You have given your express consent in accordance with Art. 6 (1) (a) GDPR,
- the transfer is necessary pursuant to Art. 6 (1) (f) GDPR to safeguard our interests or to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest in the non-transfer of your data,
- we are legally obliged to disclose your data in accordance with Art. 6 (1) (c) GDPR, in particular if this is necessary due to binding requirements (e.g. in the context of tax audits by the tax authorities), official requests, court orders and legal proceedings for the prosecution or enforcement of legal claims, or
- this is legally permissible and necessary in accordance with Art. 6 (1) (b) GDPR for the performance of contractual relationships with you or for the implementation of pre-contractual measures taken at your request.
Some of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include the following in particular:
- Data centers that store our website and databases;
- Software providers;
- IT service providers who maintain our systems;
- Hosting providers: We host the CMS of our website with ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68 | D-02742 Friedersdorf.
- Agencies, market research companies;
- Group companies;
- Consulting companies.
If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have appropriate technical and organizational measures in place to protect the rights of the persons concerned and are regularly monitored by us. Agreements are always concluded with external consultants and auditors to ensure the confidentiality of the data.
In addition, we may transfer your personal data to other recipients who process your personal data on their own responsibility. These may include, in particular:
- Postal service providers;
- Credit institutions and payment service providers;
- Tax advisors, lawyers or auditors;
- Credit agencies;
- Public authorities such as government agencies and courts.
- Data transfer to third countries
In some cases, we use services whose providers are based in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union.
If an adequacy decision by the European Commission (Art. 45 GDPR) exists for these countries, we base the data transfer on this. This applies, for example, to transfers to the United Kingdom and the United States. In the case of the United States, this only applies if the respective recipient has certified itself under the EU-U.S. Data Privacy Framework (DPF).
If no adequacy decision has been issued for the country in question or the recipient is not certified under the DPF, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among other things, the standard contractual clauses of the European Union or binding corporate rules (Art. 46 GDPR).
Where this is not possible, we base the data transfer on the exceptions in Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the performance of a contract or for the implementation of pre-contractual measures.
If a transfer to a third country is planned and no adequacy decision or suitable safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to record and analyze it, and that the enforceability of your data subject rights cannot be guaranteed. You will also be informed of this when your consent is obtained via the consent banner.
- Storage period
As a matter of principle, we only store personal data for as long as it is necessary to fulfil the purposes for which we collected the data. After this period, we will delete the data immediately, unless we still require the data until the expiry of the statutory limitation period for evidence purposes for civil law claims or due to statutory retention obligations, or if there is another legal basis for the continued processing of your data in a specific individual case.
For evidence purposes, we must retain contract data for three years from the end of the year in which the business relationship with you ends. Any claims shall become statute-barred at the earliest at this point in time in accordance with the statutory limitation period.
Even after this period, we may still need to store some of your data for accounting reasons. We are obliged to do so due to legal documentation obligations arising in particular from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for the retention of documents are two to ten years. Where applicable, we will inform you directly in the following sections regarding individual processing operations about the duration of data storage.
- Data protection rights
9.1 Overview of your rights
You are entitled to the rights of data subjects set out in Art. 7 (3) and Art. 15–22 GDPR at any time, provided that the respective legal requirements are met:
- Right to withdraw your consent (Art. 7 (3) GDPR);
- Right to object to the processing of your personal data (Art. 21 GDPR);
- Right to obtain information about your personal data processed by us (Art. 15 GDPR);
- Right to rectify your personal data stored by us that is incorrect (Art. 16 GDPR);
- Right to erase your personal data (Art. 17 GDPR);
- Right to restrict processing of your personal data (Art. 18 GDPR);
- Right to data portability of your personal data (Art. 20 GDPR);
- Right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, including, where applicable, the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision (Art. 22 GDPR).
To assert your rights described here, you can contact us at any time using the contact details above. This also applies if you would like to receive copies of guarantees to prove an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your data protection request.
Your requests for the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for longer if necessary for the assertion, exercise or defense of legal claims. The legal basis is Art. 6 (1) (f) GDPR, based on our interest in defending ourselves against any civil law claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligation under Art. 5 (2) GDPR.
9.2 Right of withdrawal and objection
Right of withdrawal (Art. 7 (3) GDPR)
You have the right to withdraw your consent at any time in accordance with Art. 6 (1) (a) GDPR. As a result, we will no longer continue the data processing based on this consent for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent until the withdrawal.
Right to object (Art. 21 GDPR)
General objection: If we process your data based on Art. 6 (1) (f) GDPR (legitimate interests) or Art. 6 (1) (e) GDPR, you may object to the processing at any time for reasons arising from your particular situation.
Objection to direct marketing: If we process your data for direct marketing purposes, you can object to the processing at any time without giving reasons.
Exercising your rights
If you wish to exercise your right of withdrawal or objection, simply send an informal message to the contact details above.
9.3 Right to lodge a complaint
Finally, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can exercise this right, for example, with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.
- Obligation to provide your data
There is no obligation to provide your data.
Insofar as the provision of your data is necessary for the conclusion of a contract (e.g. for ticket booking), for the fulfilment of legal obligations (e.g. for registration forms), for establishing contact or for the use of other services and functions (e.g. for subscribing to the newsletter), the corresponding input fields are marked as mandatory (usually with an asterisk (*)). In this case, without the data provided, a contract cannot be concluded, the specific service cannot be provided, or the function cannot be used.
Other information not marked as mandatory is voluntary. The entry of such data is then not necessary for the conclusion of a contract, for the provision of the service or for the use of the function and has no influence on the execution of the contract.
- Automated decision-making
Automated decision-making, including profiling in accordance with Art. 22 GDPR, with legal or similarly significant adverse effects, does not take place.
However, when using technologies to personalize our services, automated decisions may be made about personalized content and advertising that is displayed or sent. These decisions are then based on the usage data previously collected automatically or on the information you have provided yourself, for example in form fields. We use this data to create a profile that helps us select the most appropriate content and advertising. Personalized advertising is only displayed with your prior consent.
- Changes to the privacy policy
We occasionally update this privacy policy, for example when we modify our website or when legal or regulatory requirements change.
Status: August 2025