Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter referred to as “data”) we process for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, e.g. B. our social media profiles (hereinafter referred to as “online offer”).

The terms used are not gender-specific.

Status: 16. March 2026

Content overview

• Preamble
• Responsible
• Overview of the processing
• Relevant legal bases
• Security measures
• Transfer of personal data
• International data transfers
• General information on data storage and deletion
• Business Services
• Providing the online offer and web hosting
• Use of cookies
• Blogs and Publication Media
• Contact and request management
• Web analysis, monitoring and optimization
• Online marketing
• Management, organization and auxiliary tools

Responsible

Herzog & Partner s.l.u.
Avenida Bulevar de Paguera 12, Local 15
07160 Paguera

Authorized representatives: Finn Herzog

Email address: info@herzog-mallorca.com

Imprint

Overview of the processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Inventory data.
• Payment data.
• Contact details.
• Content data.
• Contract data.
• Usage data.
• Meta-, communication and process data.
• Protocol data.

Categories of affected persons

• Recipients and clients.
• Interested parties.
• Communication partners.
• Users.
• Business and contracting parties.

Purposes of processing

• Provision of contractual services and fulfilment of contractual obligations.
• Communication.
• Security measures.
• Range measurement.
• Tracking.
• Office and Organizational Procedures.
• Conversion measurement.
• Target group formation.
• Organizational and administrative procedures.
• Feedback.
• Marketing.
• Profiles with user-related information.
• Providing our online offer and user-friendliness.
• Information technology infrastructure.
• Business processes and business processes.

Relevant legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or country of residence. Should more special legal bases be decisive in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
• Performance of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that take place at the request of the data subject.
• Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – The processing is necessary for the fulfilment of a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – the processing is necessary to safeguard the legitimate interests of the controller or a third party, provided that the interests, fundamental rights and freedoms of the data subject who demand the protection of personal data do not prevail.

Security measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probability of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing availability and separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the endangerment of the data. Furthermore, we take into account the protection of personal data already during development or Selection of hardware, software and procedures according to the principle of data protection, technology design and data protection-friendly default settings.

Securing online connections with TLS/SSL encryption technology (HTTPS): In order to protect the data of users transferred via our online services from unauthorized access, we rely on TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information that is transmitted between the website or app and the user’s browser (or between two servers), which protects the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signalled by the display of HTTPS in the URL. This serves as an indicator for users that their data is transmitted securely and encrypted.

Transfer of personal data

In the context of our processing of personal data, it happens that they are transmitted to other bodies, companies, legally independent organizational units or persons or disclosed to them. The recipients of this data can be used e.g. B. service providers commissioned with IT tasks belong or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and conclude in particular corresponding contracts or. Agreements that serve to protect your data with the recipients of your data.

International data transfers

Data processing in third countries: Provided that we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this in the context of the use of third-party services or disclosure or disclosure. Transmission of data to other persons, entities or companies (which is recognizable on the basis of the postal address of the respective provider or if the data protection declaration expressly refers to the data transfer to third countries), this is always done in accordance with the legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission of 10.07.2023. In addition, we have concluded standard contractual clauses with the respective providers, which comply with the requirements of the EU Commission and set contractual obligations to protect your data.

This double safeguard ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the standard contractual clauses serve as additional security. Should changes occur within the framework of the DPF, the standard contractual clauses intervene as a reliable relapse option. In this way, we ensure that your data always remains adequately protected even in the event of any political or legal changes.

With the individual service providers, we inform you whether they are certified according to the DPF and whether standard contractual clauses are available. For more information on the DPF and a list of certified companies, visit the U.S. Department of Commerce’s website at https://www.dataprivacyframeframework.gov/.

For data transfers to other third countries, corresponding security measures apply, in particular standard contractual clauses, express consents or legally required transmissions. Information on third-country transfers and applicable adequacy decisions can be found in the information offered by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en? prefLang=de.

General information on data storage and deletion

We delete personal data that we process in accordance with the legal provisions as soon as the underlying consents are revoked or there are no further legal basis for the processing. This applies to cases in which the original processing purpose is eliminated or the data is no longer required. Exceptions to this regulation exist if legal obligations or special interests require a longer storage or archiving of the data.

In particular, data that must be kept for commercial or tax reasons or whose storage is necessary for the prosecution or protection of the rights of other natural or legal persons must be archived accordingly.

Our privacy policy contains additional information on the retention and deletion of data that applies specifically to certain processing processes.

In the case of several information on the retention period or deletion periods of a date, the longest period is always decisive. We process data that is no longer stored for the originally intended purpose, but on the basis of legal requirements or other reasons, exclusively for the reasons that justify their storage.

The start of the period at the end of the year: If a period does not expressly commence on a specific date and is at least one year, it will automatically start at the end of the calendar year in which the time-catching event occurred. In the case of ongoing contractual relationships, in the context of which data are stored, the time-creating event is the time of termination or other termination of the legal relationship.

Business Services

We process personal data of our contractual and business partners, such as customers, clients, interested parties, suppliers and other cooperation partners (collectively, “Contracting Partners”), for the initiation, execution and execution of contractual relationships and comparable legal relationships. This also includes pre-contractual measures that take place on request, as well as communication in connection with the respective contractual relationship.

The processing serves in particular the fulfilment of our main contractual and secondary obligations. These include the provision of the agreed services, any updating and information obligations, the processing of warranty and other service disruptions, the processing of revocations, terminations of permanent obligations, reversals, refunds and the processing of other contract-related declarations and inquiries. Both one-off contracts and ongoing contractual relationships are recorded.

In particular, master data such as name, address and, if applicable, are processed. Company, contact data such as e-mail address and telephone number, contract and service data such as the subject matter of the contract, contract term, order or transaction number, usage and service data, payment and billing data as well as communication content and histories. Where necessary, we also process data that is disclosed or transmitted to us in the course of carrying out an order.

In addition, we process the data to safeguard our rights and to fulfil legal obligations. This includes in particular commercial and tax retention obligations, documentation obligations and, if necessary, proof and accountability obligations. In addition, processing is carried out on the basis of our legitimate interests in proper management, internal administration, risk management and IT security as well as the protection of our business operations and our contractual partners from misuse, endangerment of data, secrets and other legal property. This may also include the involvement of external service providers such as IT and telecommunications providers, transport and logistics companies, payment service providers, banks, tax and legal advisors or other vicarious agents, insofar as this is necessary for the execution of the contract or for the fulfilment of legal obligations.

Personal data is only passed on to third parties insofar as this is necessary for the performance of the contract, for the implementation of pre-contractual measures, for the protection of legitimate interests or for the fulfilment of legal obligations. We inform you about further processing, in particular for marketing purposes, separately within the scope of this data protection declaration.

We inform the contractual partners in the context of data collection, for example in online forms by appropriate labelling or in personal contact, which data are required in individual cases.

The deletion of the data takes place as soon as they are no longer necessary for the aforementioned purposes and no statutory storage obligations are contrary. Statutory retention periods, in particular under commercial and tax law, may require longer storage. Data transmitted in the context of a specific order, we delete after completion of the order and expiration of any retention periods, unless there are any further legal or contractual obligations to store.

The legal basis for processing is Art. 6 (1) (b) GDPR for the implementation of pre-contractual measures and for the fulfilment of the respective contractual relationship as well as Art. 6 (1) (c) GDPR for compliance with legal obligations. If the processing is based on legitimate interests, it is carried out on the basis of Art. 6 (1) lit. f GDPR. So far the processing on Art. 6 (1) (f) GDPR is supported, it is carried out to safeguard our legitimate interests in a proper and efficient business organization, internal management and documentation of business transactions, the enforcement and defense of legal claims, the safeguarding of IT and data security, the prevention of misuse and fraud as well as the economic management and further development of our business operations. These interests consist in particular in ensuring a secure and legally secure business operation as well as in the preservation of our entrepreneurial capacity to act.

• Processed data types: Inventory data (e.g. B. the full name, home address, contact information, customer number, etc.); payment details (e.g. B. Bank details, invoices, payment history); contact details (e.g. B. Postal and email addresses or phone numbers). Contract data (e.g. B. Contractual subject, term, customer category).
• Persons concerned: recipients and clients; interested parties. Business and contracting parties.
• Purposes of processing and legitimate interests: provision of contractual services and fulfilment of contractual obligations; communication; office and organizational procedures; organizational and administrative procedures. Business processes and business processes.
• Retention and deletion: deletion according to information in the section “General information on data storage and deletion”.
• Legal basis: performance of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Agency services: We process the data of our customers within the scope of our contractual services, e.g. conceptual and strategic consulting, campaign planning, software and design development/advising or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/ consulting services and training services may belong; legal bases: contract fulfilment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Providing the online offer and web hosting

We process the data of the users in order to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the browser or terminal device of the users.

• Processed data types: Usage data (e.g. B. Page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and method data (e.g. B. IP addresses, time indications, identification numbers, people involved). Protocol data (e.g. B. log files concerning logins or the retrieval of data or access times.).
• Persons concerned: Users (e.g. B. Website visitors, users of online services).
• Purposes of processing and legitimate interests: provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
• Retention and deletion: deletion according to information in the section “General information on data storage and deletion”.
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software, which we rent or otherwise obtain from a corresponding server provider (also called “web hoster”); legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Collection of access data and log files: Access to our online offer is logged in the form of so-called “server log files”. The server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, amounts of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and usually IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. for example, to avoid overloading the servers (in particular in the case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure the utilization of the servers and their stability; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidentiary purposes are exempt from deletion until the respective incident is finally clarified.

Use of cookies

The term “cookies” is understood to mean functions that store and read information on users’ devices. Cookies can also be used in relation to various concerns, for example for the purposes of functionality, the security and convenience of online offers and the preparation of analyses of visitor flows. We use cookies in accordance with the legal regulations. If necessary, we obtain the consent of the users in advance. If consent is not necessary, we rely on our legitimate interests. This applies if the storage and reading of information is essential in order to be able to provide expressly requested content and functions. These include, for example, the storage of settings and ensuring the functionality and security of our online offer. The consent can be revoked at any time. We clearly inform you about their scope and which cookies are used.

Information on data protection legal basis: Whether we process personal data using cookies depends on consent. If consent is available, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage period: In terms of storage duration, the following types of cookies are distinguished:

• Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and his terminal device (e.g. B. Browser or mobile application) is closed.
• Permanent cookies: Permanent cookies remain stored even after the terminal device is closed. For example, the log-in status can be stored and preferred content can be displayed directly when the user visits a website again. Likewise, the user data collected with the help of cookies can be used for range measurement. Unless we provide users with explicit information on the type and storage period of cookies (e.g. in the context of obtaining consent), they should assume that they are permanent and the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke the consents they have given at any time and also declare an objection to the processing in accordance with the legal requirements, also by means of the privacy settings of their browser.

• Processed data types: Meta, communication and method data (e.g. B. IP addresses, time indications, identification numbers, people involved).
• Persons concerned: Users (e.g. B. Website visitors, users of online services).
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing processes, procedures and services:

• Processing of cookie data on the basis of consent: We use a consent management solution in which the consent of the users to the use of cookies or to the procedures and providers mentioned in the context of the consent management solution is obtained. This method is used for obtaining, logging, managing and revoking consents, in particular with regard to the use of cookies and comparable technologies used for storing, reading out and processing information on the user’s end devices. This procedure obtains users’ consents to the use of cookies and the associated processing of information, including the specific processing and providers specified in the consent management procedure. Users also have the option to manage and revoke their consent. The declarations of consent are stored in order to avoid a new query and to be able to provide proof of consent in accordance with the legal requirements. The storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies in order to be able to assign the consent to a specific user or his device. Unless there is specific information on the providers of consent management services, the following general information applies: The duration of the storage of consent is up to two years. A pseudonymous user identifier is created, which, together with the time of consent, provides information on the scope of consent (e.g. B. categories of cookies and/or service providers) as well as information about the browser, the system and the terminal device used are stored; legal bases: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
• Compliance: Storage and management of consents (consent to cookies and data processing), logging of user decisions, displaying notices on data protection and cookies, enabling the withdrawal or adaptation of consents by users; service provider: execution on servers and/or computers under own data protection responsibility; website: https://complianz.io/ ; privacy policy: https://complianz.io/. Further information: An individual user ID, language, as well as types of consent and the time of their submission on the server side and in the cookie on the user’s device are stored.

Blogs and Publication Media

We use blogs or similar means of online communication and publication (hereinafter referred to as “publication medium”). The data of the readers will only be processed for the purposes of the publication medium to the extent that it is necessary for its presentation and communication between authors and readers or for security reasons. In addition, we refer to the information on the processing of visitors to our publication medium within the scope of this data protection information.

• Processed data types: Inventory data (e.g. the full name, home address, contact information, customer number, etc.); contact details (e.g. B. Postal and email addresses or telephone numbers); content data (e.g. textual or pictorial messages and contributions, as well as the information concerning them, e.g. B. Information on authorship or time of creation); usage data (e.g. B. Page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication and method data (e.g. B. IP addresses, time indications, identification numbers, people involved).
• Persons concerned: Users (e.g. B. Website visitors, users of online services).
• Purposes of processing and legitimate interests: Feedback (e.g. B. Collecting feedback via online form). Providing our online offer and user-friendliness.
• Retention and deletion: deletion according to information in the section “General information on data storage and deletion”.
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Contact and request management

When contacting us (e.g. The information of the persons inquiring will be processed by post, contact form, e-mail, telephone or social media) as well as in the context of existing user and business relationships, insofar as this is necessary to answer the contact requests and any requested measures.

• Processed data types: Contact details (e.g. B. Postal and email addresses or telephone numbers); content data (e.g. textual or pictorial messages and contributions, as well as the information concerning them, e.g. B. Information on authorship or time of creation). Meta-, communication and method data (e.g. B. IP addresses, time indications, identification numbers, people involved).
• Affected persons: Communication partners.
• Purposes of processing and legitimate interests: communication; organizational and administrative procedures; feedback (e.g. B. Collecting feedback via online form). Providing our online offer and user-friendliness.
• Retention and deletion: deletion according to information in the section “General information on data storage and deletion”.
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Performance of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing processes, procedures and services:

• Contact form: When contacting us via our contact form, by e-mail or other communication channels, we process the personal data transmitted to us to answer and process the respective request. This usually includes information such as name, contact information and, where applicable, further information that is communicated to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of establishing contact and communication; legal bases: fulfilment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Web analysis, monitoring and optimization

The web analysis (also referred to as “range measurement”) serves to evaluate the visitor flows of our online offer and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of the reach analysis, we can, for example, recognize at what time our online offer or its functions or content are used most often, or invite you to reuse. It is also possible for us to understand which areas require optimization.

In addition to web analysis, we can also use test procedures to test and optimize various versions of our online offer or its components.

Unless otherwise stated below, profiles, i.e. data combined for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and then read out. The information collected includes, in particular, visited websites and elements used there, as well as technical information, such as the browser used, the computer system used and information on usage times. If users have agreed to us in the collection of their location data or to the providers of the services we use, the processing of location data is also possible.

In addition, the IP addresses of the users are stored. However, we use an IP masking method (i.e. Pseudonymization by shortening the IP address) to protect users. In general, the users’ clear data (such as e.g. B. Email addresses or names) stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Information on legal bases: If we ask users to consent to the use of the third-party providers, the legal basis of the data processing constitutes the consent. Otherwise, the user data will be based on our legitimate interests (i.e. Interest in efficient, economic and recipient-friendly services) processed. In this context, we would also like to inform you about the information on the use of cookies in this privacy policy.

• Processed data types: Usage data (e.g. B. Page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication and method data (e.g. B. IP addresses, time indications, identification numbers, people involved).
• Persons concerned: Users (e.g. B. Website visitors, users of online services).
• Purposes of processing and legitimate interests: range measurement (e.g. B. Access statistics, recognition of returning visitors); profiles with user-related information (creating user profiles). Providing our online offer and user-friendliness.
• Retention and deletion: deletion according to information in the section “General information on data storage and deletion”. Storage of cookies of up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on the users’ devices for a period of two years.).
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Google Analytics: We use Google Analytics to measure and analyze the use of our online offer on the basis of a pseudonymous user identification number. This identification number does not contain any unique data, such as name or email addresses. It serves to assign analysis information to a terminal device in order to recognize which content users have accessed within one or different usage processes, which search terms they have used, have called them again or have interacted with our online offer. Likewise, the time of use and its duration are stored, as well as the sources of the users who refer to our online offer and technical aspects of their devices and browsers.
  In the process, pseudonymous profiles of users with information from the use of different devices are created, whereby cookies can be used. Google Analytics does not log and store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and the city’s derived latitude and longitude), continent, country, region, subcontinent (and ID-based counterparts). In EU traffic, the IP address data is used exclusively for this derivation of geolocation data before it is immediately deleted. They are not logged, are not accessible and are not used for further purposes. When Google Analytics collects measurement data, all IP queries are carried out on EU-based servers before traffic is forwarded to Analytics servers for processing; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); website: https://marketingplatform.google.com/intl/de/about/analytics/ ; security measures: IP masking (pseudonymization of the IP address); privacy policy: https://policies.google.com/privacy ; order processing agreement: https://business.safety.Grundlage Drittlandtransfers:https://business.safety.google/adsprocessortermsWiderspruchsmöglichkeit (Opt-Out):google/adsprocessorterms hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and processed data).
• Google Tag Manager: We use Google Tag Manager, a software from Google that allows us to centrally manage so-called website tags via a user interface. Tags are small code elements on our website that serve to record and analyze visitor activities. This technology helps us to improve our website and the content offered on it. The Google Tag Manager itself does not create user profiles, does not store cookies with user profiles and does not carry out any independent analyses. Its function is limited to simplifying and making it more efficient to integrate and manage the tools and services we use on our website. Nevertheless, when using the Google Tag Manager, the IP address of the users is transmitted to Google, which is necessary for technical reasons to implement the services we use. Cookies can also be set. However, this data processing only takes place if services are integrated via the Tag Manager. For more detailed information about these services and their data processing, please refer to the further sections of this Privacy Policy; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); website: https://marketingplatform.google.com ; Privacy policy: https://policies.google.com/privacy ; order processing contract:
  https://business.safety.google/adsprocessorterms. Basis Third country transfers: Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms).

Online marketing

We process personal data for the purpose of online marketing, which in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as “content”) can be used on the basis of potential interests of the users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called “cookie”) or similar methods are used, by means of which the information about the user relevant for the display of the aforementioned content is stored. This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used, and information on usage times and functions used. If users have consented to the collection of their location data, they can also be processed.

In addition, the IP addresses of the users are stored. However, we use available IP masking methods (i.e. Pseudonymization by shortening the IP address) to user protection. In general, no clear data of the users (e.g. B. Email addresses or names) stored, but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual user identity, but only the information stored in their profiles.

The statements in the profiles are usually stored in the cookies or by means of similar methods. These cookies can later also be read out on other websites that use the same online marketing procedure and are analyzed for the purpose of displaying content, as well as supplemented with further data and stored on the server of the online marketing process provider.

Exceptionally, it is possible to assign clear data to the profiles, especially if the users are, for example, members of a social network, whose online marketing procedure we use and the network connects the user profiles to the aforementioned information. We ask you to note that users can make additional agreements with the providers, for example by consent in the context of registration.

In principle, we only gain access to aggregated information about the success of our advertisements. However, we can check within the scope of so-called conversion measurements, which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract conclusion with us. Conversion measurement is used solely to analyze our marketing measures.

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

Information on legal bases: If we ask users to consent to the use of the third-party providers, the legal basis of the data processing constitutes permission. Otherwise, the data of the users will be based on our legitimate interests (i.e. Interest in efficient, economic and recipient-friendly services) processed. In this context, we would also like to inform you about the information on the use of cookies in this privacy policy.

Information on revocation and opposition:

We refer to the data protection information of the respective providers and the objection options indicated to the providers (so-called “Opt-out”). If no explicit opt-out option has been specified, it is possible that you can disable cookies in the settings of your browser. However, this can restrict the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary to respective areas:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://youradchoices.ca/.

c) USA: https://optout.aboutads.info/.

d) Cross-terrain: https://optout.aboutads.info.

• Processed data types: Usage data (e.g. B. Page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication and method data (e.g. B. IP addresses, time indications, identification numbers, people involved).
• Persons concerned: Users (e.g. B. Website visitors, users of online services).
• Purposes of processing and legitimate interests: range measurement (e.g. B. Access statistics, recognition of returning visitors); tracking (e.g. Interest/behaviour-related profiling, use of cookies); target group formation; marketing; profiles with user-related information (creating user profiles). Conversion measurement (measurement of the effectiveness of marketing measures).
• Retention and deletion: deletion according to information in the section “General information on data storage and deletion”. Storage of cookies of up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on the users’ devices for a period of two years.).
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Google Ads and Conversion Measurement: Online marketing procedures for the purpose of placing content and ads within the service provider’s advertising network (e.g. in search results, in videos, on websites, etc.) so they are shown to users who have a presumed interest in the ads. In addition, we measure the conversion of the advertisements, i.e. whether users have taken them as an opportunity to interact with the advertisements and use the advertised offers (so-called Conversions). However, we only receive anonymous information and no personal information about individual users; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website: https://marketingplatform.google.com ; privacy policy: https://policies.google.com/privacy ; basis third-country transfers: Data Privacy Framework (DPF); More information: types of processing as well as the processed data: https://business.safety.google/adsservices/. Data processing conditions between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms.

Management, organization and auxiliary tools

We use services, platforms and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organization, administration, planning and provision of our services. When selecting the third-party providers and their services, we observe the legal requirements.

In this context, personal data may be processed and stored on the servers of the third-party providers. This may affect various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact data of the users, data on processes, contracts, other processes and their contents.

If users are referred to the third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, for service optimization or for marketing purposes. We therefore ask that you observe the privacy policy of the respective third-party providers.

• Processed data types: Content data (e.g. textual or pictorial messages and contributions, as well as the information concerning them, e.g. B. Information on authorship or time of creation); usage data (e.g. B. Page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication and method data (e.g. B. IP addresses, time indications, identification numbers, people involved).
• Affected persons: Communication partners. User (e.g. B. Website visitors, users of online services).
• Purposes of processing and legitimate interests: provision of contractual services and fulfilment of contractual obligations. Office and Organizational Procedures.
• Retention and deletion: deletion according to information in the section “General information on data storage and deletion”.
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).