IMPORTANT: ONLY THE GERMAN VERSION IS LEGALLY BINDING!
Automatic data storage
Nowadays if you visit a website, certain information will be automatically generated and stored; the same applies to this website.
When you use our website – just like you are doing now – our web server (the Computer on which this website is stored) automatically saves data such as:
- the address (URL) of the called website
- browser and browser version
- the operation system used
- the address (URL) of the previously visited site (referrer URL)
- the host name and the IP-address of the device from which the website is accessed
- date and time
- web server log files
The web server log files are normally saved for 2 weeks and afterwards are deleted automatically. We do not pass this data on, yet we cannot exclude that these data can be reviewed upon existence of unlawful behaviour. The legal basis under Art. 6 Paragraph 1 f GDPR (Regularity of treatment) specifies that authorized interest consists of enabling the faultless operation of this website through the entry recording of web server log files.
Our Website uses HTTP-Cookies in order to save user-specific data. Below we explain what Cookies are and why they are used, such that you can understand the following Data Policy better.
What are Cookies?
Whenever you are surfing the Internet, you are using a browser. Well-known browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites save small text data in your Browser. These data are called Cookies.
One thing should be mentioned: Cookies are really useful helpers. Almost all websites are using Cookies. More precisely, they are using HTTP-Cookies, since there exist also other Cookies for other uses. HTTP-Cookies are small data which our website saves on your computer. These Cookie-data are placed automatically in the Cookie-folder, the “brain” of your browser. A Cookie consists of a name and a value. In order to define a cookie one must specify one or more further attributes.
Cookies are recording certain user data from you, for example language or personal page settings. When you load our web page again, your browser transmits the user-related information back to our website. Thanks to Cookies, our website knows who you are and offers you your usual standard settings. In some browsers, every cookie has its own datum, in others such as Firefox, all Cookies are saved in a single datum.
There are First Party Cookies, as well as Third-Party Cookies. First-Party Cookies are generated directly by us, while Third-Party Cookies are generated by partner-websites (for example Google Analytics). Every Cookie is to be assessed individually, because every Cookie saves different data. The elapsed time of a Cookies also varies from a couple of minutes to a couple of years. Cookies are not software programs and do not contain viruses, Trojan horses or other “pest”. Cookies cannot get access to the information of your PC.
For example, this is what Cookie-data could look like:
- Name: _ga
- Elapsed time: 2 years
- Use: Distinction between the website visitors
- Exemplary value: GA1.2.1326744211.152311108835
A browser should support the following minimum capacities:
- A Cookie should be able to contain at least 4096 Bytes
- It should be possible to store at least 50 Cookies for each domain
- In total there should be enough capacity for at least 3000 Cookies
What kind of Cookies exist?
One can distinguish between 4 types of Cookies:
These Cookies are necessary in order to ensure basic functions of the website. For example, these cookies are needed when a user places a product in the shopping cart, and surfs other sites before coming back to the check-out and finishing the payment. Through these Cookies, the shopping cart is not deleted, even if the user closes the browser window.
These Cookies collect information about the user behaviour and whether the user receives possible error messages. In addition, the load time and behaviour of the website is measured in several browsers through these cookies.
These Cookies provide for a better user friendly experience. For example entered location, fonts or form data are stored.
These Cookies are also called Targeting-Cookies. They serve to provide the user with individually adjusted ads. This can be very practical, but also very annoying.
When you first visit a website you are usually asked which of these types of Cookies you want to allow. This choice will also be saved in a Cookie.
How can I delete Cookies?
If you want to determine which Cookies have been stored in your browser or if you want to change or delete Cookie settings, you can find these options in your browser settings:
- Chrome: delete, activate and manage Cookies in Chrome
- Safari: manage Cookies and website data with Safari
- Firefox: delete Cookies in order to eliminate data that the websites have discarded on your computer
- Internet Explorer: delete and manage Cookies
- Microsoft Edge: delete and manage Cookies
If you generally do not wish to have Cookies you can set up your browser to always inform you when a Cookie is to be set. This way you can decide whether to allow each individual Cookie or not. The approach is different depending on each browser. If you are not sure, it is best to search via Google for instructions, using for instance the search terms “delete Cookies Chrome” or “deactivate Cookies Chrome” in case of the Chrome Browser. You can, of course, change the word “Chrome” with the name of your browser, for example Edge, Firefox, Safari etc.
What about my privacy?
The so-called “Cookie-Guidelines” exist since 2009. Therein is held that the storage of Cookies requires a consent from the web user (so from you). However, in the EU-countries there are further several reactions on these guidelines. In Germany, the Cookie-Guidelines were not implemented as a national right. Instead, the implementation of this guideline succeeded in Art. 15 Paragraph 3 of the Television-Media Law (Telemediengesetz – TMG).
If you want to know more about Cookies, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF), namely “HTTP State Management Mechanism”.
Storage of personal data
Personal data that you electronically submit to us through this website – such as name, e-mail address, address or other personal information in the course of submitting a form or comments in the blog section – along with the time and the IP address will be used by us only for the specified purpose, kept safe and not disclosed to third parties.
We only use your personal data for communication with visitors who explicitly request contact and for the processing of the services and products offered on this website. We will not disclose your personal information without consent, but we cannot rule out that it will be seen in the event of unlawful behavior.
If you send us personal data by e-mail – outside of this website – we cannot guarantee secure transmission and protection of your data. We recommend that you never send unencrypted confidential information via email.
The legal basis under Article 6 Paragraph 1 a GDPR (lawfulness of processing) is that you give us consent to the processing of the data you enter. You can revoke this consent at any time – an informal e-mail is sufficient, you will find our contact details in the imprint.
Rights according to the General Data Protection Regulation
According to the provisions of the GDPR you have the following rights in principle:
- Right to rectification (Article 16 GDPR)
- Right to erasure (“Right to be forgotten”) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to notification – Notification obligation regarding rectification or erasure of personal data or restriction of processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right to not be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR)
If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
TLS encryption with https
We use https in order to transmit data securely over the Internet (data protection through technology design Article 25 paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data. You acknowledge the use of this safeguarding of the data transfer at the small lock symbol in the upper left corner of the browser and the use of the scheme https (instead of http) as part of our Internet address.
We use Google Fonts from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) on our website.
You do not need to sign in or have a password in order to use Google Fonts. Furthermore, no cookies are stored in your browser.
The files (CSS, fonts) are requested through the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google Account, you do not need to worry about your Google Account information being sent to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will check in detail what the data storage exactly looks like.
What are Google Fonts?
Google Fonts (formerly Google Web Fonts) is an interactive directory with over 800 fonts that Google LLC provides for free use.
Many of these fonts are published under the SIL Open Font License, while others have been released under the Apache License. Both are free software licenses. Thus, we can use them freely without paying royalties.
Why do we use Google Fonts on our website?
With Google Fonts we can use fonts on our own website and do not have to upload them on our own server. Google Fonts is an important building block in order to keep the quality of our website high. All Google fonts are automatically optimized for the Web, and this saves data volume and is a great advantage especially for mobile device use. When you visit our page, the low file size ensures fast loading time. Furthermore, Google fonts are so-called secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can partially distort texts or entire websites visually. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform issues with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod).
So we use the Google Fonts in order to make our entire online service as beautiful and consistent as possible. According to Article 6 Paragraph 1 f GDPR, this already constitutes a “legitimate interest” in the processing of personal data. In this case, “legitimate interest” means legal as well as economic or ideal interests that are recognized by the legal system.
What data does Google store?
When you visit our website, the fonts will be reloaded via a Google server. This external call sends data to the Google servers. This way, Google also recognizes that you or your IP address is visiting our website. The Google Fonts API is designed to reduce the collection, storage and use of end-user data to what is needed for efficient font delivery. Incidentally, API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software area.
Google Fonts securely stores CSS and font requests on Google and is thus protected. Through the collected usage figures, Google can determine the popularity of the fonts. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites use Google Fonts. This data is published in Google Fonts’ BigQuery database. BigQuery is a Google web service for companies that want to move and analyze large amounts of data.
It should be kept in mind, however, that any Google Font request will also automatically transfer information such as IP address, language settings, browser screen resolution, browser version, and browser name to the Google servers. It is not clear or is not clearly communicated by Google whether this data is also stored.
How long and where are the data stored?
Google stores requests for CSS assets for a day on its servers, which are mainly located outside the EU. This allows us to leverage the fonts using a Google Style Sheet. A Style Sheet is a style that allows you to quickly and easily change the design or font of a web page, for example.
The font files are stored at Google for one year. Google is pursuing the goal of generally improving the load time of websites. If millions of web pages refer to the same fonts, they will be cached after the first visit and immediately appear on all other later visited web pages. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.
How can I delete my data and/or how can I prevent the storage of my data?
Data that Google stores for a day or a year can not simply be deleted. The data is automatically transmitted to Google when the page is viewed. To prematurely delete this information, you must contact Google Support at https://support.google.com/?hl=en&tid=311109277. In this case, you prevent data storage only if you do not visit our site.
Unlike other web fonts, Google allows us unrestricted access to all fonts. So we can access unlimited fonts and get the most out of our website. More about Google Fonts and other questions can be found at https://developers.google.com/fonts/faq?tid=311109277. Although Google addresses privacy issues, it does not include detailed information about data storage. It is relatively difficult (almost impossible) to get really accurate information from Google about stored data.
You can also see what data Google collects and what this data is used for at https://www.google.com/intl/en/policies/privacy/.
We use Google Analytics from Google LLC (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to statistically analyze visitor data. For this purpose Google Analytics uses targeted cookies.
Cookies from Google Analytics
- Expiration time: 2 years
- Use: Differentiation of website visitors
- Exemplary value: GA1.2.1326744211.152311109277
- Expiration time: 24 hours
- Use: Differentiation of website visitors
- Exemplary value: GA1.2.1687193234.152311109277
- _gat_gtag_UA_ <property-id>
- Expiry time: 1 minute
- Use: Used to throttle the request rate. If Google Analytics is provided through Google Tag Manager, this cookie will be named _dc_gtm_ <property-id>.
- Exemplary value: 1
Our concern in the sense of the GDPR is the improvement of our offer and our web appearance. Since the privacy of our users is important to us, the user data is pseudonymized. Data processing is based on the statutory provisions of Art. 6 EU-GDPR Abs. 1 lit. a (consent) and/or f (legitimate interest) of the GDPR.
Deactivation of data collection by Google Analytics
You may prevent Google from collecting and processing your cookie-generated data, as well as that based on your use of the website, by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Google Analytics Demographics and Interests Reports
We have turned on the advertising reporting features in Google Analytics. The Demographics and Interests reports include age, gender, and interests. This allows us – without being able to assign this data to individual persons – to get a better picture of our users. Learn more about advertising features at https://support.google.com/analytics/answer/3450482?hl=en_AT&utm_id=ad.
You can stop using your Google Account’s activities and information under “Advertising settings” at https://adssettings.google.com/authenticated via checkbox.
We use Google Maps from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) on our website.
By using the features of this map, data will be transmitted to Google. To see what data Google collects and what this data is used for, visit https://www.google.com/intl/en/policies/privacy/.
We integrate elements of social media services on our website to display pictures, videos and texts.
By visiting pages representing these elements, data is transferred from your browser to the respective social media service and stored there. We do not have access to this data.
The following links will take you to the pages of the respective social media services where it is explained how they handle your data:
- Facebook Data Policy: https://www.facebook.com/about/privacy
On this website we use features of Facebook, a Social Media Network of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland.
You can read about what features (social plug-ins) Facebook provides on https://developers.facebook.com/docs/plugins/.
By visiting our website information may be transmitted to Facebook. If you have a Facebook account, Facebook can associate that information with your personal account. If you do not want that, please log out of Facebook.
On this website we use the video service YouTube of the company YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
By accessing pages of our website that have integrated YouTube videos, data is transmitted to YouTube, where it is stored and evaluated.
If you have a YouTube account and you’re signed in, this information will be associated with your personal account and the data stored in it.
To see what data Google collects and what this data is used for, visit https://www.google.com/intl/en/policies/privacy/.
On this website we use features of the Social Media Network Instagram, of Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA.
We can display images and videos of instagram content with the embedding function (Embed-Function).
By calling up pages that use such functions, data (IP address, browser data, date, time, cookies) are transmitted to Instagram, where they are stored and evaluated.
If you have an Instagram account and are signed in, this information will be associated with your personal account and the data stored in it.
On our website we use functions of the Social Media Network LinkedIn of the company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
By calling up pages that use such functions, data (IP address, browser data, date and time, cookies) are transmitted to LinkedIn, where they are stored and evaluated.
If you have a LinkedIn account and are signed in, this information will be associated with your personal account and the data stored in it.
On this website we use Facebook Pixel of Facebook, a social media network of the company Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland.
The code implemented on this page can evaluate the behavior of visitors who have come to this website from a Facebook ad. This can be used to improve Facebook ads and this data is collected and stored by Facebook. The collected data is not visible to us but can only be used within the scope of advertisements. By using the Facebook pixel code, cookies are also set.
By using Facebook pixel, visiting this website is communicated to Facebook so that visitors get to see suitable ads on Facebook. If you have a Facebook account and are logged in, the visit to this website will be associated with your Facebook user account.
To find out how Facebook pixel is used for advertising campaigns, visit https://www.facebook.com/business/learn/facebook-ads-pixel.
You can change your ad settings on Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, if you’re signed in to Facebook. At http://www.youronlinechoices.com/preferentialmanagement/ you can manage your preferences regarding usage-based online advertising. You can disable or enable many providers at once or change settings for individual providers.
More information about Facebook’s data policy can be found at https://www.facebook.com/policy.php.
The legal basis for use is Article 6 (1) f (lawfulness of processing), as there is a legitimate interest in protecting this website from bots and spam software.
What is reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome people of flesh and blood on our site. Bots or spam software of various kinds may safely stay at home. For this reason we are working hard to protect ourselves and provide the best possible usability for you. We use Google reCAPTCHA from Google, so we can be sure that we stay a “bot-free” website. Using reCAPTCHA transmits data to Google that Google uses to determine if you are truly human. Thus, reCAPTCHA serves the security of our website and consequently also your safety. For example, without reCAPTCHA, when registering, a bot could register as many email addresses as possible, and then “spam” forums or blogs with unwanted advertisements. With reCAPTCHA we can avoid such bot attacks.
Which data are stored by reCAPTCHA?
ReCAPTCHA collects information identifiable with a person from users in order to determine if the actions on our site are actually human. So, the IP address and other data that Google needs for the reCAPTCHA service can be sent to Google. IP addresses within the member states of the EU or other parties to the Agreement on the European Economic Area are almost always truncated before the data ends up on a server in the United States. The IP address will not be combined with any other Google data unless you are logged in with your Google Account while using reCAPTCHA. First, the reCAPTCHA algorithm checks if your browser already has Google cookies from other Google services (YouTube, Gmail, etc.). Then reCAPTCHA sets an additional cookie in your browser and captures a snapshot of your browser window.
The following list of collected browser and user data is not exhaustive. Rather, they are examples of data that we understand to be processed by Google.
- Referrer URL (the address of the page from which the visitor comes)
- IP address (e.g., 2184.108.40.206)
- Information about the operating system (the software that enables you to operate your computer, known operating systems are Windows, Mac OS X or Linux)
- Cookies (small text files that store data in your browser)
- Mouse and keyboard behavior (any action you perform with the mouse or keyboard is saved)
- Date and language settings (which language or which date you have preset on your PC)
- Screen resolution (shows how many pixels the image is made of)
It is indisputable that Google uses and analyzes this data before you click on the check mark “I am not a robot”. With the Invisible reCAPTCHA version you do not tick the box anymore and the entire recognition process runs in the background. How much and what data Google stores exactly, cannot be learned from Google in detail. The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version of Google at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:
Expiry time: after one year
Utilization: This Cookie is set by the firm DoubleClick (also belongs to Google), in order to register and report the actions of a user in dealing with advertisements on the website.Thus, the advertising effectiveness can be measured and appropriate optimization measures are taken. IDE is stored in browsers under the domain doubleclick.net.
Example value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-311109277
Expiry time: after one month
Utilization: This cookie collects statistics about website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show users relevant ads. Furthermore, the cookie prevents a user from seeing the same ad more than once.
Example value: 2019-5-14-12
Expiry time: after 9 months
Example value: U7j1v3dZa3111092770xgZFmiqWppRWKOr
Expiry time: after 19 years
Utilization: The cookie stores the status of a user’s consent to use different services from Google. CONSENT also serves security purposes by verifying users, preventing credential fraud, and protecting user data from unauthorized attacks.
Example value: YES+AT.de+20150628-20-0
Expiry time: after 6 months
Utilization: NID is used by Google, in order to tailor ads to your Google-search. With the help of cookies, Google “remembers” your most-typed searches or your earlier interaction with ads. This way you always get customized advertisements. The cookie contains a unique ID that Google uses to collect the user’s personal settings for promotional purposes.
Example value: 0WmuWqy311109277zILzqV_nmt3sDXwPeM5Q
Expiry time: after 10 minutes
Utilization: Once you mark the “I’m not a robot” checkbox, this cookie will be enabled. The cookie is used by Google Analytics for personalized advertising. DV collects information in an anonymous form and is further used to make user distinctions.
Example value: gEAABBCjJMXcI0dSAAAANbqc311109277
Note: This list can not claim to be exhaustive, as experience has shown that Google changes the choice of cookies over and over again.
How long and where is the data stored?
By inserting reCAPTCHA your data is transferred to the Google server. Where exactly this data is stored, even Google, after repeated inquiries, does not make clear. Without having received a confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on the European or American Google Servers. The IP address your browser sends to Google will generally not be merged with other Google data from other Google services. However, if you’re signed in to your Google Account while using the reCAPTCHA plug-in, the data will be merged. For this the deviating data protection regulations of the company Google apply.
How can I delete my data or prevent data storage?
If you do not wish data to be transmitted to Google about you and about your behavior, you must log out of Google completely and delete all Google cookies before you visit our website or use the reCAPTCHA software. In principle, the data will be sent to Google automatically as soon as you visit our page. To delete this information, you must contact Google Support at https://support.google.com/?hl=en&tid=311109277.
If you use our website, you agree that Google LLC and its agents automatically collect, process and use information.
If you would like to receive this newsletter, we need your email address and additional information that will allow us to verify that you are the owner of the email address provided and that you agree to receive the newsletter.
We use a double opt-in procedure so your contacts receive only the emails they’ve agreed to get. In order for a potential subscriber to sign up for a newsletter, they have to complete all the steps of this process. This process is complete (and legally watertight!) once a user has clicked on the confirmation link in the double opt-in email. Their email address will be activated in your contact list only once they’ve confirmed their subscription.
We use this data exclusively for sending information and offers you have requested.
Newsletter2Go is the email marketing software used. This means your information is transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and from using it for purposes other than sending email. Newsletter2Go is a certified German email marketing software provider, working in accordance with the European directive 95/46, as well as the German Federal Data Protection Act (BDSG).
When you give a company permission to store your personal information and email address and to send you marketing emails, you can revoke this consent at any time via the unsubscribe link in every mailing.
Data protection measures are always subject to technical innovations. For this reason, we ask you to inform yourself about our data protection measures at regular intervals by consulting our data protection policy.