Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you personally. Detailed information on the subject of data protection can be found in the full Privacy Policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the section “Notice Concerning the Controller” in this Privacy Policy.

How do we collect your data?

Some data is collected when you provide it to us. This may, for example, be data you enter into a contact form.

Other data is collected automatically or after your consent when you visit the website, by our IT systems. This includes primarily technical data (e.g. browser type, operating system, or time of the page request). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour. Where contracts can be concluded or initiated via the website, the data transmitted will also be processed for contract offers, orders, or other service enquiries.

What rights do you have regarding your data?

You have the right at any time to obtain free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request rectification or erasure of this data. If you have given your consent to data processing, you may withdraw it at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to request restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time about this and with other questions regarding data protection.

Analytics tools and third-party tools

When visiting this website, your browsing behaviour may be statistically evaluated. This is done mainly with so-called analysis programs.

Detailed information about these analysis programs can be found in the Privacy Policy below.

2. Hosting and Content Delivery Networks (CDN)

Google Cloud CDN

We use the Google Cloud CDN content delivery network. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google offers a globally distributed content delivery network. Technically, the transfer of information between your browser and our website is routed via Google’s network. This enables us to increase the global availability and performance of our website.

The use of Google Cloud CDN is based on our legitimate interest in the most error-free and secure provision of our website (Art. 6 (1)(f) GDPR).

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://cloud.google.com/terms/eu-model-contract-clause.

More information about Google Cloud CDN can be found here: https://cloud.google.com/cdn/docs/overview?hl=en.

The company is certified under the EU–US Data Privacy Framework (“DPF”). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider here: https://www.dataprivacyframework.gov/participant/5780.

Processor Agreement

We have concluded a data processing agreement (DPA) for the use of the service mentioned above. This is a contract required under data protection law to ensure that personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.

3. General Notes and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as this Privacy Policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that data transmission over the internet (e.g. communication by e-mail) can have security gaps. Complete protection of data from access by third parties is not possible.

Notice Concerning the Controller

The controller responsible for data processing on this website is:

Dr Markus Zimmermann, Theodor-Weber-Reihe 5, 22111 Hamburg, Germany

Tel.: +49 151 40377511
E-mail: ahoi@manateeacademy.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Storage Duration

Unless a more specific storage period is stated in this Privacy Policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will occur after these grounds cease to apply.

General Information on the Legal Bases for Processing

If you have consented to the processing of your personal data, we process your personal data on the basis of Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR, where special categories of data are processed pursuant to Art. 9 (1) GDPR. In the case of express consent to the transfer of personal data to third countries, processing is also based on Art. 49 (1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), processing is also based on Section 25 (1) TDDDG (German Telecommunications–Telemedia Data Protection Act). Consent may be revoked at any time. If your data is necessary for performance of a contract or for pre-contractual measures, we process it on the basis of Art. 6 (1)(b) GDPR. Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6 (1)(c) GDPR. Processing may also be based on our legitimate interest pursuant to Art. 6 (1)(f) GDPR. The specific legal basis applicable in each case is explained in the following sections of this Privacy Policy.

Data Protection Officer

We have appointed a data protection officer.

Dr Markus Zimmermann, Theodor-Weber-Reihe 5, 22111 Hamburg, Germany

Tel.: +49 151 40377511
E-mail: ahoi@manateeacademy.com

Recipients of Personal Data

In the course of our business activities, we work with various external parties. This sometimes requires the transfer of personal data to these external recipients. We only share personal data with third parties if it is necessary for the fulfilment of a contract, if we are legally obliged to do so (e.g. transfer of data to tax authorities), if we have a legitimate interest pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the data transfer. When using processors, we transfer personal data of our customers only on the basis of a valid Data Processing Agreement (DPA). In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of Your Consent to Data Processing

Many data processing operations are possible only with your express consent. You may withdraw consent you have already given at any time. The lawfulness of data processing carried out before withdrawal remains unaffected by the withdrawal.

Right to Object to Processing in Special Cases and to Direct Marketing (Art. 21 GDPR)

If processing of your personal data is based on Art. 6(1)(e) or (f) GDPR, you have the right at any time, on grounds relating to your particular situation, to object to the processing of your personal data, including profiling based on those provisions. The respective legal basis on which processing is based can be found in this Privacy Policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims (objection under Art. 21(1) GDPR).

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection under Art. 21(2) GDPR).

Right to Lodge a Complaint with the Supervisory Authority

In the event of violations of the GDPR, data subjects have a right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data which we process automatically on the basis of your consent or in fulfilment of a contract, in a commonly used, machine-readable format, and to transmit those data to a third party. Where you request the direct transfer of the data to another controller, this will only be done if technically feasible.

Access, Rectification, and Erasure

Within the framework of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin, recipients, and the purpose of data processing and, if applicable, a right to rectification or erasure of this data. You can contact us at any time regarding this and any other questions concerning personal data.

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data. You can contact us at any time to exercise this right. The right to restriction of processing applies in the following cases:

• If you contest the accuracy of your personal data stored by us, we will usually need time to verify this. For the duration of the verification, you have the right to request restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you may request restriction of processing instead of erasure.
• If we no longer need your personal data but you require it for the establishment, exercise, or defence of legal claims, you have the right to request restriction instead of erasure.
• If you have objected under Art. 21(1) GDPR, a balance must be struck between your interests and ours. Until it is determined whose interests prevail, you have the right to request restriction of processing.

If you have restricted the processing of your personal data, such data — apart from storage — may be processed only with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries you send to us as the site operator, this site uses SSL/TLS encryption. An encrypted connection can be recognised by the fact that the browser’s address line changes from “http://” to “https://” and by the padlock icon in your browser line.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on This Website

If, after concluding a fee-based contract, you are obliged to provide us with your payment details (e.g. account number in case of direct debit authorisation), these details are required for processing the payment.

Payment transactions using the usual means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL/TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser address bar.

With encrypted communication, your payment details that you transmit to us cannot be read by third parties.

Objection to Marketing E-Mails

We hereby object to the use of contact data published in the context of the legal notice obligation for sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of promotional information, for example via spam e-mails.

4. Data Collection on This Website

Cookies

Our websites use so-called “cookies”. Cookies are small data packages that do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

Cookies can be set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or video display). Other cookies can be used to analyse user behaviour or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions requested by you (e.g. the shopping cart function), or to optimise the website (e.g. cookies to measure web audience) are stored on the basis of Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. If consent to store cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG); consent can be withdrawn at any time.

You can configure your browser to inform you when cookies are set and to allow cookies only in individual cases, to refuse cookies in certain cases or in general, and to activate automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Information on which cookies and services are used on this website can be found in this Privacy Policy.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:

• Browser type and version
• operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

This data will not be merged with other data sources.

The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimisation of its website — for this purpose, server log files must be collected.

Enquiry by E-mail, Telephone, or Fax

If you contact us by e-mail, telephone, or fax, your enquiry, including all resulting personal data (name, enquiry), will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, if your enquiry is related to the performance of a contract or necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if requested; consent can be withdrawn at any time.

The data you send to us via contact enquiries will remain with us until you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions — in particular statutory retention periods — remain unaffected.

Communication via WhatsApp

For communication with our customers and other third parties, we use, among other channels, the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication is end-to-end encrypted (peer-to-peer), which prevents WhatsApp or third parties from gaining access to the content of communications. WhatsApp does, however, receive metadata generated during the communication process (e.g. sender, recipient, and time). We also point out that WhatsApp, according to its own statement, shares personal data of its users with its US-based parent company Meta. For more details on data processing, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in the fastest and most effective communication possible with customers, prospective customers, and other business and contractual partners (Art. 6(1)(f) GDPR). Where consent has been requested, processing will be carried out exclusively on the basis of consent; consent can be withdrawn at any time with future effect.

The communication content exchanged between you and us on WhatsApp will remain with us until you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular retention periods — remain unaffected.

The company is certified under the EU–US Data Privacy Framework (DPF). More information: https://www.dataprivacyframework.gov/participant/7735.

We use the “WhatsApp Business” version.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://www.whatsapp.com/legal/business-data-transfer-addendum.

We have configured our WhatsApp accounts to prevent automatic data synchronisation with the address books on the smartphones in use.

We have concluded a Data Processing Agreement (DPA) with the provider named above.

Google Forms

We have integrated Google Forms on this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Forms allows us to create online forms in order to capture messages, enquiries, and other inputs from our website visitors in a structured way. All entries you make are processed on Google’s servers. Google Forms stores a cookie in your browser containing a unique ID (NID cookie). This cookie stores various information, such as your language settings.

The use of Google Forms is based on our legitimate interest in the most user-friendly possible capture of your request (Art. 6(1)(f) GDPR). Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG (German Telecommunications–Telemedia Data Protection Act), to the extent the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

The data you enter in the form will remain with us until you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions — in particular retention periods — remain unaffected.

More information can be found in Google’s Privacy Policy: https://policies.google.com/.

The company is certified under the EU–US Data Privacy Framework (“DPF”). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider here: https://www.dataprivacyframework.gov/participant/5780.

Processor Agreement

We have concluded a data processing agreement (DPA) for the use of the service mentioned above. This is a contract required under data protection law to ensure that personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.

Google Calendar

Our website offers the option of scheduling appointments with us. We use Google Calendar for scheduling. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

For booking an appointment, you enter the requested data and your desired date in the designated form. The entered data is used for planning, carrying out, and, if necessary, following up on the appointment. The appointment data is stored on Google Calendar’s servers. Google’s Privacy Policy can be found here: https://policies.google.com/privacy.

The data you enter will remain with us until you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies. Mandatory statutory provisions — in particular retention periods — remain unaffected.

The legal basis for processing is Art. 6(1)(f) GDPR. The website operator has a legitimate interest in enabling an uncomplicated appointment booking process with interested parties and customers. Where consent has been requested, processing will be carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, to the extent the consent covers the storage of cookies or access to information on the user’s device. Consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://workspace.google.com/terms/dpa_terms.html and https://cloud.google.com/terms/sccs.

The company is certified under the EU–US Data Privacy Framework (“DPF”). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider here: https://www.dataprivacyframework.gov/participant/5780.

Processor Agreement

We have concluded a data processing agreement (DPA) for the use of the service mentioned above. This is a contract required under data protection law to ensure that personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.

Registration on This Website

You can register on this website to use additional functions offered. The data entered will be used solely for the purpose of using the respective offer or service for which you have registered. All mandatory fields requested during registration must be completed in full; otherwise, registration will be refused.

For important changes — such as to the scope of the offering or for technically necessary changes — we use the e-mail address provided during registration to inform you via this method.

The processing of data entered during registration is necessary for the performance of the usage relationship established by the registration and, if applicable, for initiating further contracts (Art. 6(1)(b) GDPR).

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention obligations remain unaffected.

Registration with Google

Instead of registering directly on this website, you may also register using your Google account. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To register with Google, you need only enter your Google name and password. Google will verify your identity and confirm it to our website.

If you log in with Google, we may be able to use certain information from your Google account to complete your profile. You can decide which information is shared in your Google security settings: https://myaccount.google.com/security and https://myaccount.google.com/permissions.

The data processing associated with Google registration is based on our legitimate interest in offering our users the simplest possible registration process (Art. 6(1)(f) GDPR). As the use of the registration function is voluntary and users can decide which access rights to grant, there are no overriding rights of data subjects to the contrary.

The company is certified under the EU–US Data Privacy Framework (“DPF”). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider here: https://www.dataprivacyframework.gov/participant/5780.

5. Social Media

Instagram

This website includes functions of the Instagram service, provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information that you have visited this website.

If you are logged into your Instagram account, clicking the Instagram button will link the content of this website to your Instagram profile. This allows Instagram to associate your visit to this website with your user account. Please note that we, as the provider of this site, have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG). Consent can be withdrawn at any time.

Where personal data is collected on our website using this tool and forwarded to Facebook/Instagram, we and Meta Platforms Ireland Limited are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited solely to the collection of the data and its transfer to Facebook/Instagram. Any processing by Facebook/Instagram after the transfer is not part of the joint responsibility. Our mutual obligations are set out in a joint processing agreement, the text of which can be viewed here: https://www.facebook.com/legal/controller_addendum Under this agreement, we are responsible for providing privacy information when using the Facebook/Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the security of Facebook/Instagram products. Data subject rights (e.g. access requests) concerning data processed by Facebook/Instagram can be exercised directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381.

More information: https://privacycenter.instagram.com/policy/.

The company is certified under the EU–US Data Privacy Framework (DPF). More information: https://www.dataprivacyframework.gov/participant/4452.

6. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or carry out independent analyses. It merely facilitates the management and deployment of the tools integrated via it. Google Tag Manager does, however, record your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. Where consent has been requested, processing will be carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG (German Telecommunications–Telemedia Data Protection Act), to the extent the consent covers the storage of cookies or access to information on the user’s device. Consent can be withdrawn at any time.

The company is certified under the EU–US Data Privacy Framework (“DPF”). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider here: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. The operator receives various usage data, such as page views, time spent on pages, operating systems used, and the origin of the user. These data may be aggregated by Google into a profile that is assigned to the respective user device.

In addition, we can use Google Analytics to record your mouse and scroll movements as well as clicks. Furthermore, Google Analytics employs various modelling approaches to supplement the collected datasets and uses machine-learning technologies in data analysis.

Google Analytics verwendet Technologien, die die Wiedererkennung des Nutzers zum Zwecke der Analyse des Nutzerverhaltens ermöglichen (z. B. Cookies oder Device-Fingerprinting). Die von Google erfassten Informationen über die Benutzung dieser Website werden in der Regel an einen Server von Google in den USA übertragen und dort gespeichert.

The use of this service is based on your consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG). Consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the EU–US Data Privacy Framework (“DPF”). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider here: https://www.dataprivacyframework.gov/participant/5780.

IP Anonymisation

We have activated IP anonymisation on this website. This means that your IP address will be truncated by Google within the Member States of the European Union or in other states party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

More information on how Google Analytics handles user data can be found in Google’s Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, and YouTube history, as well as demographic data (visitor data). These data may be used for personalised advertising via Google Signals. If you have a Google account, Google Signals links the collected visitor data to your Google account and uses them for personalised advertising messages. The data is also used to compile anonymised statistics on the behaviour of our users.

Processor Agreement

We have concluded a Data Processing Agreement (DPA) with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-Commerce Tracking

This website uses the “E-Commerce Tracking” feature of Google Analytics. Using E-Commerce Tracking, the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing to purchase is collected. These data can be aggregated by Google under a transaction ID that is assigned to the respective user or device.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms (keyword targeting). Targeted advertisements can also be displayed based on the user data available to Google (e.g. location data and interests) (audience targeting). As the website operator, we can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

The use of this service is based on your consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG). Consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified under the EU–US Data Privacy Framework (“DPF”). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider here: https://www.dataprivacyframework.gov/participant/5780.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can recognise whether the user has performed certain actions. For example, we can analyse which buttons on our website are clicked most often and which products are viewed or purchased most frequently. This information is used to create conversion statistics. We learn the total number of users who have clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG). Consent can be withdrawn at any time.

More information about Google Conversion Tracking can be found in Google’s Privacy Policy: https://policies.google.com/privacy?hl=en.

The company is certified under the EU–US Data Privacy Framework (“DPF”). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider here: https://www.dataprivacyframework.gov/participant/5780.

7. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the provided e-mail address and that you agree to receive the newsletter. No additional data is collected, or only on a voluntary basis. We use these data exclusively for sending the requested information and do not pass them on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You can withdraw the consent granted for storing the data, the e-mail address, and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing already carried out remains unaffected by the withdrawal.

The data you provide to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe or when the purpose for storing the data no longer applies. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Data stored by us for other purposes remains unaffected.

After you have unsubscribed from the newsletter distribution list, your e-mail address may be stored in a blacklist by us or the newsletter service provider if this is necessary to prevent future mailings. The data from the blacklist will be used only for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with statutory requirements for newsletter sending (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

8. Plugins and Tools

YouTube

This website embeds videos from YouTube. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a page on our site that has YouTube embedded, a connection is made to YouTube’s servers. The YouTube server is informed which of our pages you have visited.

YouTube may also store various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting). This enables YouTube to obtain information about visitors to this website. Such information is used, among other things, to compile video statistics, improve usability, and prevent fraud attempts. The data collected may also be linked to your Google account if you are logged in.

If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of providing an attractive presentation of our online offerings, which constitutes a legitimate interest under Art. 6(1)(f) GDPR. Where consent has been requested, processing will be carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, to the extent the consent covers the storage of cookies or access to information on the user’s device. Consent can be withdrawn at any time.

More information on how user data is handled can be found in YouTube’s Privacy Policy: https://policies.google.com/privacy?hl=en.

The company is certified under the EU–US Data Privacy Framework (“DPF”). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider here: https://www.dataprivacyframework.gov/participant/5780.

Google Fonts (Local Hosting)

This site uses so-called Google Fonts provided by Google for uniform font representation. The Google Fonts are installed locally, so no connection to Google servers takes place.

More information on Google Fonts can be found here: https://developers.google.com/fonts/faq and in Google’s Privacy Policy: https://policies.google.com/privacy?hl=en.

Font Awesome (Local Hosting)

This site uses Font Awesome for uniform font representation. Font Awesome is installed locally, so no connection to Fonticons, Inc. servers takes place.

More information on Font Awesome can be found in Font Awesome’s Privacy Policy: https://fontawesome.com/privacy.

Google Maps

This site uses the Google Maps mapping service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps enables us to embed maps directly into the website.

To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transferred to a Google server in the USA and stored there. We have no influence over this data transmission. When Google Maps is activated, Google may also use Google Fonts for uniform font display, which means your browser will load the necessary web fonts into its cache.

The use of Google Maps is in the interest of making our online offerings visually appealing and to ensure easy location of the places indicated on our website, which constitutes a legitimate interest under Art. 6(1)(f) GDPR. Where consent has been requested, processing is based solely on Art. 6(1)(a) GDPR and Section 25(1) TDDDG, to the extent the consent covers the storage of cookies or access to information on the user’s device. Consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on how user data is handled can be found in Google’s Privacy Policy: https://policies.google.com/privacy?hl=en.

The company is certified under the EU–US Data Privacy Framework (“DPF”). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider here: https://www.dataprivacyframework.gov/participant/5780.

9. eCommerce and Payment Providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data to establish, structure, and modify our contractual relationships. We collect, process, and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to utilise the service or to bill for it. The legal basis for this is Art. 6(1)(b) GDPR.

The collected customer data will be deleted after completion of the order or termination of the business relationship and after expiry of any applicable statutory retention periods. Statutory retention obligations remain unaffected.

Data Transmission upon Conclusion of a Contract for Services and Digital Content

We transfer personal data to third parties only where this is necessary for contract execution, for example to the financial institution handling payment.

No further transfer of data takes place unless you have expressly consented to it. Your data will not be passed on to third parties for advertising purposes without your explicit consent.

The basis for data processing is Art. 6(1)(b) GDPR, which permits data processing for the performance of a contract or pre-contractual measures.

Payment Services

We integrate payment services from third-party companies on our website. When you make a purchase with us, your payment data (e.g. name, amount, bank details, credit card number) is processed by the payment service provider for the purpose of handling the payment transaction. The respective contractual and privacy provisions of the providers apply to these transactions. The use of payment service providers is based on Art. 6(1)(b) GDPR (contract performance) and in the interest of a smooth, convenient, and secure payment process (Art. 6(1)(f) GDPR). If your consent is requested for certain actions, Art. 6(1)(a) GDPR applies; consent can be withdrawn at any time with future effect.

We use the following payment service providers:

PayPal

The provider is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.

Privacy Policy: https://stripe.com/privacy.

10. Audio and Video Conferencing

Data Processing

We use online conferencing tools, among others, to communicate with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conferencing over the internet, your personal data will be collected and processed by both us and the provider of the respective conferencing tool.

The conferencing tools collect all the data you provide/input when using the tools (e.g. your e-mail address and/or telephone number). In addition, the conferencing tools process the duration of the conference, start and end times (and times of participation), number of participants, and other “context information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required to facilitate the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and the type of connection.

If content is exchanged, uploaded, or otherwise made available within the tool, it will also be stored on the servers of the tool provider. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Please note that we do not have full influence over the data processing operations of the tools used. Our options depend largely on the corporate policy of the respective provider. Further information on data processing by the conferencing tools can be found in the privacy policies of the respective providers (see below).

Purpose and Legal Basis

The conferencing tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Additionally, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest under Art. 6(1)(f) GDPR). Where consent has been requested, the use of the respective tools is based solely on this consent (Art. 6(1)(a) GDPR); consent can be withdrawn at any time with effect for the future.

Storage Duration

The data directly collected by us via the video and conferencing tools will be deleted from our systems as soon as you request deletion, withdraw your consent to storage, or the purpose for the data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of the conferencing tools for their own purposes. For details, please refer directly to the privacy policies of the operators of the conferencing tools.

Conferencing Tools Used

We use the following conferencing tools:

Google Meet

We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy: https://policies.google.com/privacy?hl=en.

The company is certified under the EU–US Data Privacy Framework (“DPF”). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider here: https://www.dataprivacyframework.gov/participant/5780.

Processor Agreement

We have concluded a data processing agreement (DPA) for the use of the service mentioned above. This is a contract required under data protection law to ensure that personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.