dasistweb Privacy Statement

2.3 Server log files

When you visit our website, it is technically necessary for data to be transmitted from your internet browser to our web server. The following data is recorded during an active connection between your internet browser and our web server:

• Date and time of the request
• Name of the requested file
• Page from which the file was requested
• Access status
• Web browser and operating system used
• (Complete) IP address of the requesting computer
• Amount of data transferred
  
  We collect the listed data to ensure a smooth connection to the website and the error-free technical provision of our services. Processing this data is absolutely necessary to provide the website to you. The log files are also used to evaluate system security and stability, as well as for administrative purposes. The legal basis for processing the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 (1) lit. f GDPR.
  
  For technical security reasons, particularly to prevent attacks on our web server, this data is stored by us for a short period. After a maximum of 30 days, the data is anonymized by shortening the IP address at the domain level, making it impossible to link it to an individual user.
  
  In anonymized form, the data may also be processed for statistical purposes. At no point is this data stored together with other personal data of the user, matched with other data sets, or shared with third parties.
  
  

2.4.Cookies

Our website uses "cookies," which are small text files stored on your device, either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your device until you delete them or they are automatically removed by your web browser.

Cookies serve various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., shopping cart functionality or language settings). Other cookies are used to analyze user behavior or display advertising.

The processing of data through the use of essential cookies is based on a legitimate interest in accordance with Art. 6 (1) lit. f GDPR for the technically error-free provision of our services. For details on the purposes of processing and legitimate interests, please refer to the explanations of the specific data processing activities.

The processing of personal data through the use of other cookies is based on your consent in accordance with Art. 6 (1) lit. a GDPR. Consent can be revoked at any time for the future. If cookies are used for analysis and optimization purposes, we will inform you separately within this Privacy Policy and obtain your consent according to Art. 6 (1) lit. a GDPR.

You can configure your browser so that you can:

• Notify you when cookies are set,
• Allow cookies only in individual cases,
• Exclude the acceptance of cookies for specific cases or in general,
• Automatically delete cookies when you close the browser.

The cookie settings can be managed for the respective browsers using the following links:

• Google Chrome
• Mozilla Firefox
• Edge (Microsoft)
• Safari
• Opera
  
  You can also individually manage cookies from many companies and functions used for advertising. For this purpose, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
  
  Most browsers offer a so-called "Do Not Track" function. If this function is enabled, the browser in question will tell advertising networks, websites and applications that you do not want to be “tracked” for advertising based on behaviour and the like.
  
  Depending on the provider of your browser, you can find information and instructions on how to edit this function at the following links:
  
  
• Google Chrome
• Mozilla Firefox
• Edge (Microsoft)
• Safari
• Opera
  
  In addition, you can also prevent the loading of so-called scripts by default. NoScript allows you to run JavaScripts, Java and other plug-ins only on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/). Please note that disabling cookies may limit the functionality of our website.

2.4.1. Changing cookie settings

You can revoke or change your cookie settings at any time. To do this, access the cookie settings again via our integrated settings. You can find this at any time at the bottom right of the website.

2.5. Data Sharing and Recipients

Your personal data will not be transmitted to third parties unless:

• We explicitly mention it in the description of the respective data processing.

• You have given your explicit consent according to Art. 6 (1) sentence 1 lit. a GDPR.

• The transfer is necessary for the establishment, exercise, or defense of legal claims according to Art. 6 (1) sentence 1 lit. f GDPR, and there is no reason to believe that you have an overriding legitimate interest in the non-disclosure of your data.

• There is a legal obligation for the transfer according to Art. 6 (1) sentence 1 lit. c GDPR.

• It is necessary for the execution of contractual relationships with you according to Art. 6 (1) sentence 1 lit. b GDPR.
  
  Additionally, we use external service providers for handling our services, which we have carefully selected, contracted in writing, and, where necessary, entered into data processing agreements in accordance with Art. 28 GDPR. These providers are bound by our instructions and are regularly monitored by us. They include providers for hosting, email dispatch, and maintenance of our IT systems, among others. These service providers will not pass on this data to third parties.

2.6. Individual service providers

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses "cookies."

Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Processing occurs according to Art. 6 (1) lit. a GDPR based on your consent.

We use Google Analytics only with activated IP anonymization. This means your IP address will be shortened by Google before further processing.

We have entered into a data processing agreement with the service provider, obligating them to protect our customers' data and not to disclose it to third parties.

Google Analytics' terms of service and privacy information can be accessed via the following links:

- Google Analytics Terms of Service - Google Privacy Policy

The data will be deleted as soon as it is no longer necessary for the purposes of its collection. Data at the user and event level linked to cookies, user identifiers (e.g., User-ID), and advertising identifiers (e.g., DoubleClick cookies, Android Advertising ID, IDFA [Apple Identifier for Advertisers]) will be deleted no later than 14 months after collection.

You can prevent cookies from being stored by adjusting your browser settings accordingly. However, please note that if you do this, you may not be able to use all the features of this website fully. You can also prevent Google from collecting data generated by the cookie and related to your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.

Google Ads

We use "Google Ads" on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereafter referred to as "Google").

We use Google Ads for marketing and optimization purposes, particularly to display relevant and interesting ads to you. With your consent per Art. 6 (1) sentence 1 lit. a GDPR, we can use Google Ads to highlight our attractive offers on external websites through advertisements. This allows us to assess the effectiveness of individual advertising campaigns.

These ads are delivered by Google via so-called "AdServers." We use AdServer cookies to measure certain parameters for success, such as ad displays or user clicks.

If you reach our website through a Google ad, Google Ads will store a cookie on your PC. These cookies generally expire after 30 days and are not intended to identify you personally. The following information is typically stored in this cookie for analysis: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (indicating that the user does not wish to be addressed again). These cookies allow Google to recognize your web browser. If a user visits certain pages on an Ads customer's website and the cookie stored on their computer has not expired, Google and the customer can see that the user clicked on the ad and was redirected to that page. Each Ads customer is assigned a different cookie, so cookies cannot be tracked across Ads customers' websites. We do not collect or process any personal data in the advertising activities mentioned. We only receive statistical evaluations from Google, which allow us to see which of our advertising campaigns are particularly effective. We do not receive any further data from the use of these advertising materials, particularly data that would allow us to identify users.

Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To our knowledge, Google receives information that you have accessed the relevant part of our website or clicked on one of our ads. If you have a Google account and are logged in, Google may associate your visit with your user account. Even if you are not registered with Google or not logged in, it is possible that Google will obtain and store your IP address.

For more information about how Google uses data, as well as settings and opt-out options, please visit the following Google websites:

- Google Privacy Policy - Google Website Statistics

You can prevent cookies from being installed by deleting existing cookies and disabling the storage of cookies in your web browser settings. However, please note that if you do this, you may not be able to fully use all the functions of our website. You can also prevent the storage of cookies by adjusting your web browser settings to block cookies from the domain "www.googleadservices.com" (https://www.google.de/settings/ads). Please note that this setting will be deleted if you delete your cookies. Additionally, you can deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.

Google Marketing Platform (formerly DoubleClick)

This website uses DoubleClick from the Google Marketing Platform, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland ("Google").

DoubleClick uses cookies to present you with relevant advertisements. A pseudonymous identification number (ID) is assigned to your browser or device to track which ads have been displayed and which ads have been clicked. This helps improve campaign performance and prevents you from seeing the same ad multiple times. Google can also record so-called conversions using cookie IDs, which are related to ad requests. This occurs, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and makes a purchase. According to Google, these cookies do not contain any personal information. If you have given us your consent, data processing occurs according to Art. 6 (1) lit. a GDPR.

Due to the technology used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through this tool and inform you according to our current knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the relevant part of our website or clicked on one of our ads. If you are registered with a Google service, Google can associate your visit with your account. Even if you are not registered with Google or not logged in, it is possible that Google will obtain and store your IP address.

For more information on the Google Marketing Platform, visit https://marketingplatform.google.com/about/, and for general information on Google's privacy practices, visit https://policies.google.com/privacy?hl=en&gl=de

Google Ads Remarketing

Our website utilizes the Google Ads Remarketing features provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you have given your consent as per Art. 6 (1) sentence 1 lit. a GDPR, this function allows us to link Google Ads Remarketing audiences with cross-device functions of Google Ads and Google Marketing Platform. This enables us to display interest-based, personalized ads that are tailored to your previous usage and browsing behavior on one device (e.g., smartphone) to other devices you use (e.g., tablet or PC).

If you have given such consent, Google will link your web and app browsing history with your Google account to show the same personalized ads on all devices where you are logged into your Google account.

To support this function, Google Analytics collects authenticated user IDs, which are temporarily linked with our Google Analytics data to define and create audiences for cross-device advertising.

You can opt-out of cross-device remarketing/targeting permanently by disabling personalized advertising in your Google account settings. To do this, follow this link: https://adssettings.google.com/.

For further information and privacy policies, please refer to Google's privacy policy: https://policies.google.com/technologies/ads?hl=en.

Google Tag Manager

This website uses Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This service allows for the management of website tags via a single interface. Google Tag Manager itself does not use cookies but transmits the IP address of the user for establishing a connection with Google. The Google Tag Manager triggers other tags, which may collect data, but does not access this data itself. If you have deactivated cookies at the domain or cookie level, this deactivation applies to all tracking tags implemented via Google Tag Manager.

We use Google Tag Manager based on our legitimate interest as defined in Art. 6 (1) lit. f GDPR. Our legitimate interest is to enable the technical integration of other website tools.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereafter "reCAPTCHA") on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

reCAPTCHA is used to determine whether data entry on our website (e.g., in a contact form) is done by a human or an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various factors. This analysis starts automatically as soon as the website visitor enters the site. reCAPTCHA evaluates various information such as:

• IP-Adresse
• Time spent by the visitor on the website
• Mouse movements made by the user

The data collected during the analysis is forwarded to Google.

reCAPTCHA analyzes run completely in the background. Website visitors are not informed that an analysis is taking place. Data processing is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in protecting our web offering from abusive automated scraping and unwanted automated submissions (spam).

We do not store personal data from the use of reCAPTCHA. In general, personal data is deleted or blocked as soon as the purpose of storage no longer applies.

For more information on Google reCAPTCHA and Google’s privacy policy, visit: [https://policies.google.com/privacy?hl=en](https://policies.google.com/privacy?hl=en) and [https://www.google.com/recaptcha/intro/v3beta.html](https://www.google.com/recaptcha/intro/v3beta.html).

Google Fonts

We use "Google Fonts" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereafter referred to as "Google"). Google Fonts allows us to use external fonts. When accessing our website, the required Google Fonts are loaded from your web browser into your browser cache. This is necessary for your browser to display our text in an enhanced visual format. If your browser does not support this feature, a standard font from your computer will be used. The integration of Google Fonts involves a server request, usually to a Google server in the USA. This request transmits to the server which page of our website you visited. Additionally, the IP address of the browser of the visitor's device is stored by Google.

We use Google Fonts for optimization purposes, particularly to improve the usability of our website for you and to make its design more user-friendly. The processing is based on Art. 6 (1) lit. a GDPR, according to the consent you have provided. This consent can be withdrawn at any time with effect for the future.

For more information about data protection, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=de Further information about Google Fonts can be found at: https://fonts.google.com/

Google Maps

Our website uses the online map service provider Google Maps via an interface. This allows us to display interactive maps directly on the website and enables you to use the map functionality conveniently. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps, it is necessary to store your IP address.

Google uses cookies to collect information about user behavior. The legal basis for processing your personal data is your consent under Art. 6 (1) lit. a GDPR.

For more information on how Google handles user data, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=de.

Opt-out: https://www.google.com/settings/ads/.

YouTube

We embed videos from "YouTube," a social media platform provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereafter referred to as "Google"), on our website. The legal basis for processing your personal data in this context is your consent under Art. 6 (1) lit. a GDPR.

When the playback of embedded YouTube videos is initiated with your consent, a server request is made, usually to a Google server in the USA. This request transmits to the server which page you visited and your browser's IP address is sent to and stored by Google.

Additionally, "YouTube" uses cookies with your consent to collect information about user behavior. According to YouTube, these cookies are used to gather video statistics, improve user-friendliness, and prevent abusive behavior. If you are logged into Google, your data may also be associated with your account if you click on a video. If you do not wish this association with your YouTube profile, you must log out before activating the button. Google stores this data as usage profiles and uses it for advertising, market research, and/or the needs-based design of its websites. Such analysis is particularly carried out (including for non-logged-in users) to display targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly for this.

For more information on data protection and the use of data by Google, please refer to the following Google website: https://policies.google.com/privacy?hl=en&gl=de

Google Photos

This website uses "Google Photos," a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereafter referred to as "Google"). Google Photos allows us to integrate and display image galleries on our website. The images are loaded through a server request, usually to a Google server in the USA. This request transmits to the server which page of our website you visited. Additionally, the IP address of the browser on the visitor's device is stored by Google.

We use Google Photos for optimization purposes, particularly to improve the usability of our website and to make its design more user-friendly. The processing is based on Art. 6 (1) lit. a GDPR, according to the consent you have provided. This consent can be withdrawn at any time with effect for the future.

For more information about data protection, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=de .

Appropriate guarantees for Google services when transferring data to the USA

We have concluded a data processing agreement with the service provider in which we oblige them to protect the data of our customers and not to pass it on to third parties.

Since the transfer of personal data by Google to affiliated companies and subcontractors in countries outside the EU and EEA is possible, additional protective measures are necessary to ensure that the data protection level of the GDPR is maintained. For the USA, there is an adequacy decision by the European Commission under Article 45(1) GDPR regarding companies certified under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and commits to adhering to adequate data protection standards, which can be reviewed at the following link: EU-U.S. Data Privacy Framework Participant Search.

For potential transfers to other third countries outside the EU and EEA, for which there is no adequacy decision by the European Commission, we have also agreed on Standard Contractual Clauses pursuant to Article 46(2)(c) GDPR with the provider. These clauses require the data recipient in the third country to process the data in accordance with the level of protection in Europe.

CloudFlare

Our website uses the services of Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107 USA, for secure encrypted data transmission over the internet (SSL), to enhance global website performance through the Cloudflare Content Delivery Network (CDN), and to improve security as well as protection against hacker attacks through the Cloudflare Web Application Firewall (WAF). Cloudflare may use its own cookies to provide these services.

In general, Cloudflare only forwards data controlled by website operators. The content is not determined by Cloudflare but by the website operator itself. Additionally, Cloudflare may collect certain information about the use of our website and process data sent by us or instructions received by Cloudflare. In most cases, Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS log data, and performance data for websites derived from browser activities. Log data helps Cloudflare detect new threats and ensure high security for our website.

The processing of personal data in connection with the use of Cloudflare is based on our legitimate interest according to Art. 6 para. 1 lit. f DSGVO, to enhance the security and delivery speed of our website.

For security reasons and to ensure the optimal presentation of our website, Cloudflare uses cookies.

In general, Cloudflare stores data on a user level for domains in the Free, Pro, and Business versions for less than 24 hours. Cloudflare retains data logs only as long as necessary, and in most cases, these data are deleted within 24 hours. Cloudflare also does not store personal data, such as your IP address. However, there is information that Cloudflare stores as part of its permanent logs for an indefinite period to improve the overall performance of Cloudflare resolvers and to detect potential security risks. You can read about which permanent logs are stored at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/. All data collected by Cloudflare (temporary or permanent) is cleared of personal data and thus anonymized.

You can also completely prevent Cloudflare from collecting and processing your data by disabling script code execution in your browser or by using a script blocker.

Since Cloudflare Inc. may transfer personal data to affiliated companies and sub-processors in countries outside the EU and EEA, additional protective measures are required to ensure the GDPR's level of data protection. For the USA, there is an adequacy decision by the EU Commission according to Art. 45 para. 1 DSGVO concerning companies certified under the EU-U.S. Data Privacy Framework. Cloudflare Inc. is certified under the EU-U.S. Data Privacy Framework and is committed to adhering to adequate data protection standards, which can be reviewed at: https://www.dataprivacyframework.gov/s/participant-search.

For potential transfers to other third countries outside the EU and EEA, where there is no adequacy decision by the EU Commission, we have also agreed with the provider on Standard Contractual Clauses according to Art. 46 para. 2 lit. c DSGVO. These clauses require the recipient of the data in the third country to process the data according to the protection level in Europe.

We have concluded a data processing agreement with Cloudflare.

For more detailed information on data protection and Cloudflare, you can refer to: https://www.cloudflare.com/en-gb/trust-hub/gdpr/ and https://www.cloudflare.com/privacypolicy/.

Hotjar

Our website uses the web analytics service Hotjar provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta, Europe ("Hotjar").

Using Hotjar's technology, we gain a better understanding of user experiences (e.g., how much time users spend on which pages, which links they click, etc.). This helps us tailor our services based on user feedback. Hotjar uses cookies and other technologies to collect data about user behavior and their devices, including the IP address of the device (only collected and stored in anonymized form during your use of the website), screen size, device type (Unique Device Identifiers), information about the browser used, location (only country), and preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymized user profile.

We pay special attention to the protection of your personal data when using this tool. We can only track which buttons are clicked, mouse movements, how far users scroll, the screen size of the device, device type, and browser information, geographic location (only the country), and the preferred language for displaying our website. Areas of the website displaying personal data from you or third parties are automatically hidden by Hotjar and are therefore never traceable. The use of Hotjar and the associated processing of personal data are based on your consent according to Art. 6 para. 1 lit. a DSGVO.

Hotjar generally stores customer data within the European Union. However, there may also be a transfer of personal data to third countries outside the EU and the EEA. In these cases, additional protective measures are required to ensure the GDPR level of data protection. To ensure this, we have agreed with the provider on Standard Contractual Clauses according to Art. 46 para. 2 lit. c DSGVO. These clauses require the recipient in the third country to process the data according to the protection level in the EU.

Hotjar offers every user the option to prevent the use of Hotjar by using a “Do Not Track Header”, so that no data about the visit to the website is recorded. This is a setting supported by all common browsers in current versions. To do this, your browser sends a request to Hotjar to deactivate tracking for the user. If you use our websites with different browsers/computers, you need to set the “Do Not Track Header” for each of these browsers/computers separately. Further information about the “Do Not Track Header” and current guides for the most common browsers you can find at the following link: https://www.hotjar.com/policies/do-not-track/


For more information about Hotjar Ltd. and the Hotjar tool, please visit:

https://www.hotjar.com. The privacy policy of Hotjar Ltd. can be found at:

https://www.hotjar.com/privacy.

Spotify

We use the "Spotify Player" on our website, a service provided by Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden ("Spotify"), for playing podcasts and audio content.

When you use the Spotify Player, Spotify sets cookies and processes personal data (such as your IP address and your interactions) to play the desired audio or podcasts, capture your interactions with the player, and display ads related to your interactions.

If you have a Spotify account and are logged in, the visit to our website and playback of the content can be associated with your account. In this case, additional personal data linked to your Spotify account will be processed. The legal basis for processing is Article 6(1)(a) of the GDPR, your consent, which you can withdraw at any time with future effect.

For more information on how Spotify processes your data, please refer to the provider's privacy policy at https://www.spotify.com/de-en/legal/privacy-policy/ and the cookie policy at https://www.spotify.com/de-en/legal/cookies-policy/ .

Podbean

We use "Podbean" on our website, a service provided by Podbean Tech LLC, 135 E 57th St, 14th Floor, New York, NY 10022, USA ("Podbean"), for playing podcasts and audio content.

When you use the Podbean player, Podbean sets cookies and processes personal data (such as your IP address and your interactions) to play the desired audio or podcasts, capture your interactions with the player, and display ads related to your interactions. If you have a Podbean account and are logged in, the visit to our website and playback of the content can be associated with your account. In this case, additional personal data linked to your Podbean account will be processed. The legal basis for processing is Article 6(1)(a) of the GDPR, your consent, which you can withdraw at any time with future effect.

Podbean processes IP addresses and device information to enable podcast downloads/plays and to gather statistical data, such as play counts. This data is anonymized or pseudonymized before being stored in Podbean's database, unless it is necessary for providing the podcasts.

For more information and options to object, please refer to Podbean's privacy policy: https://www.podbean.com/privacy.

Communication regarding application matters via WhatsApp Business API

We use WhatsApp Business API for communication regarding applications, a service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

You can contact us via a button on the website, for example. In this process, your contact details, such as your phone number, as well as meta/communication data (e.g., device information, IP addresses) are processed.

Please note that communication content (i.e., the content of messages and attached images) is end-to-end encrypted. This means that the content of messages is not visible, not even to WhatsApp Ireland Limited itself. You should always use the latest version of the messenger with encryption enabled to ensure the security of message content.

However, please be aware that while the messenger providers cannot view the content, they can determine that and when you communicate with us, and they process technical information about the device used and, depending on your device settings, also location information (so-called metadata).

If we ask for your permission before communicating with you via the messenger, the legal basis for processing your data is your consent according to Art. 6(1)(a) GDPR. You can withdraw this consent at any time with future effect.

If we do not request consent and you, for example, initiate contact with us, we use WhatsApp in relation to our contractual partners and for contract initiation as a contractual measure according to Art. 6(1)(b) GDPR and for other interested parties based on our legitimate interests according to Art. 6(1)(f) GDPR in maintaining fast and efficient communication.

We have entered into a data processing agreement with the service provider, obligating them to protect our customers' data and not disclose it to third parties.

As personal data transmission by WhatsApp to affiliated companies and subcontractors in countries outside the EU and EEA is possible, additional protective measures are required to ensure GDPR compliance. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45(1) GDPR concerning companies certified under the EU-U.S. Data Privacy Framework. WhatsApp LLC is certified under the EU-U.S. Data Privacy Framework and thus commits to complying with adequate data protection standards, which can be viewed at: https://www.dataprivacyframework.gov/s/participant-search.

For potential transfers to other third countries outside the EU and EEA for which no adequacy decision of the EU Commission exists, we have also agreed on standard data protection clauses in accordance with Art. 46(2)(c) GDPR. These require the recipient in the third country to process the data in accordance with the level of protection in Europe.

The terms of use and privacy information of WhatsApp can be accessed via the following links: https://www.whatsapp.com/legal/, https://www.whatsapp.com/privacy, https://www.whatsapp.com/legal/business-data-processing-terms.

You can withdraw your consent at any time and object to communication with us via WhatsApp. In such a case, we will delete the messages according to our general deletion guidelines (e.g., as described above, after the end of contractual relationships, in the context of archiving provisions, etc.) and otherwise, as soon as we can assume that any queries you had have been answered, if no reference to a previous conversation is expected and no legal retention obligations oppose deletion. Finally, we would like to point out that, for your safety reasons, we reserve the right not to respond to requests via WhatsApp if, for example, contract details require special confidentiality or a response via WhatsApp does not meet formal requirements. In such cases, we will refer you to more appropriate communication channels.

2.6. Individual service providers

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses "cookies."

Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Processing occurs according to Art. 6 (1) lit. a GDPR based on your consent.

We use Google Analytics only with activated IP anonymization. This means your IP address will be shortened by Google before further processing.

We have entered into a data processing agreement with the service provider, obligating them to protect our customers' data and not to disclose it to third parties.

Google Analytics' terms of service and privacy information can be accessed via the following links:

- Google Analytics Terms of Service - Google Privacy Policy

The data will be deleted as soon as it is no longer necessary for the purposes of its collection. Data at the user and event level linked to cookies, user identifiers (e.g., User-ID), and advertising identifiers (e.g., DoubleClick cookies, Android Advertising ID, IDFA [Apple Identifier for Advertisers]) will be deleted no later than 14 months after collection.

You can prevent cookies from being stored by adjusting your browser settings accordingly. However, please note that if you do this, you may not be able to use all the features of this website fully. You can also prevent Google from collecting data generated by the cookie and related to your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.

Google Ads

We use "Google Ads" on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereafter referred to as "Google").

We use Google Ads for marketing and optimization purposes, particularly to display relevant and interesting ads to you. With your consent per Art. 6 (1) sentence 1 lit. a GDPR, we can use Google Ads to highlight our attractive offers on external websites through advertisements. This allows us to assess the effectiveness of individual advertising campaigns.

These ads are delivered by Google via so-called "AdServers." We use AdServer cookies to measure certain parameters for success, such as ad displays or user clicks.

If you reach our website through a Google ad, Google Ads will store a cookie on your PC. These cookies generally expire after 30 days and are not intended to identify you personally. The following information is typically stored in this cookie for analysis: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (indicating that the user does not wish to be addressed again). These cookies allow Google to recognize your web browser. If a user visits certain pages on an Ads customer's website and the cookie stored on their computer has not expired, Google and the customer can see that the user clicked on the ad and was redirected to that page. Each Ads customer is assigned a different cookie, so cookies cannot be tracked across Ads customers' websites. We do not collect or process any personal data in the advertising activities mentioned. We only receive statistical evaluations from Google, which allow us to see which of our advertising campaigns are particularly effective. We do not receive any further data from the use of these advertising materials, particularly data that would allow us to identify users.

Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To our knowledge, Google receives information that you have accessed the relevant part of our website or clicked on one of our ads. If you have a Google account and are logged in, Google may associate your visit with your user account. Even if you are not registered with Google or not logged in, it is possible that Google will obtain and store your IP address.

For more information about how Google uses data, as well as settings and opt-out options, please visit the following Google websites:

- Google Privacy Policy - Google Website Statistics

You can prevent cookies from being installed by deleting existing cookies and disabling the storage of cookies in your web browser settings. However, please note that if you do this, you may not be able to fully use all the functions of our website. You can also prevent the storage of cookies by adjusting your web browser settings to block cookies from the domain "www.googleadservices.com" (https://www.google.de/settings/ads). Please note that this setting will be deleted if you delete your cookies. Additionally, you can deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.

Google Marketing Platform (formerly DoubleClick)

This website uses DoubleClick from the Google Marketing Platform, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland ("Google").

DoubleClick uses cookies to present you with relevant advertisements. A pseudonymous identification number (ID) is assigned to your browser or device to track which ads have been displayed and which ads have been clicked. This helps improve campaign performance and prevents you from seeing the same ad multiple times. Google can also record so-called conversions using cookie IDs, which are related to ad requests. This occurs, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and makes a purchase. According to Google, these cookies do not contain any personal information. If you have given us your consent, data processing occurs according to Art. 6 (1) lit. a GDPR.

Due to the technology used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through this tool and inform you according to our current knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the relevant part of our website or clicked on one of our ads. If you are registered with a Google service, Google can associate your visit with your account. Even if you are not registered with Google or not logged in, it is possible that Google will obtain and store your IP address.

For more information on the Google Marketing Platform, visit https://marketingplatform.google.com/about/, and for general information on Google's privacy practices, visit https://policies.google.com/privacy?hl=en&gl=de

Google Ads Remarketing

Our website utilizes the Google Ads Remarketing features provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you have given your consent as per Art. 6 (1) sentence 1 lit. a GDPR, this function allows us to link Google Ads Remarketing audiences with cross-device functions of Google Ads and Google Marketing Platform. This enables us to display interest-based, personalized ads that are tailored to your previous usage and browsing behavior on one device (e.g., smartphone) to other devices you use (e.g., tablet or PC).

If you have given such consent, Google will link your web and app browsing history with your Google account to show the same personalized ads on all devices where you are logged into your Google account.

To support this function, Google Analytics collects authenticated user IDs, which are temporarily linked with our Google Analytics data to define and create audiences for cross-device advertising.

You can opt-out of cross-device remarketing/targeting permanently by disabling personalized advertising in your Google account settings. To do this, follow this link: https://adssettings.google.com/.

For further information and privacy policies, please refer to Google's privacy policy: https://policies.google.com/technologies/ads?hl=en.

Google Tag Manager

This website uses Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This service allows for the management of website tags via a single interface. Google Tag Manager itself does not use cookies but transmits the IP address of the user for establishing a connection with Google. The Google Tag Manager triggers other tags, which may collect data, but does not access this data itself. If you have deactivated cookies at the domain or cookie level, this deactivation applies to all tracking tags implemented via Google Tag Manager.

We use Google Tag Manager based on our legitimate interest as defined in Art. 6 (1) lit. f GDPR. Our legitimate interest is to enable the technical integration of other website tools.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereafter "reCAPTCHA") on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

reCAPTCHA is used to determine whether data entry on our website (e.g., in a contact form) is done by a human or an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various factors. This analysis starts automatically as soon as the website visitor enters the site. reCAPTCHA evaluates various information such as:

• IP-Adresse
• Time spent by the visitor on the website
• Mouse movements made by the user

The data collected during the analysis is forwarded to Google.

reCAPTCHA analyzes run completely in the background. Website visitors are not informed that an analysis is taking place. Data processing is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in protecting our web offering from abusive automated scraping and unwanted automated submissions (spam).

We do not store personal data from the use of reCAPTCHA. In general, personal data is deleted or blocked as soon as the purpose of storage no longer applies.

For more information on Google reCAPTCHA and Google’s privacy policy, visit: [https://policies.google.com/privacy?hl=en](https://policies.google.com/privacy?hl=en) and [https://www.google.com/recaptcha/intro/v3beta.html](https://www.google.com/recaptcha/intro/v3beta.html).

Google Fonts

We use "Google Fonts" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereafter referred to as "Google"). Google Fonts allows us to use external fonts. When accessing our website, the required Google Fonts are loaded from your web browser into your browser cache. This is necessary for your browser to display our text in an enhanced visual format. If your browser does not support this feature, a standard font from your computer will be used. The integration of Google Fonts involves a server request, usually to a Google server in the USA. This request transmits to the server which page of our website you visited. Additionally, the IP address of the browser of the visitor's device is stored by Google.

We use Google Fonts for optimization purposes, particularly to improve the usability of our website for you and to make its design more user-friendly. The processing is based on Art. 6 (1) lit. a GDPR, according to the consent you have provided. This consent can be withdrawn at any time with effect for the future.

For more information about data protection, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=de Further information about Google Fonts can be found at: https://fonts.google.com/

Google Maps

Our website uses the online map service provider Google Maps via an interface. This allows us to display interactive maps directly on the website and enables you to use the map functionality conveniently. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps, it is necessary to store your IP address.

Google uses cookies to collect information about user behavior. The legal basis for processing your personal data is your consent under Art. 6 (1) lit. a GDPR.

For more information on how Google handles user data, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=de.

Opt-out: https://www.google.com/settings/ads/.

YouTube

We embed videos from "YouTube," a social media platform provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereafter referred to as "Google"), on our website. The legal basis for processing your personal data in this context is your consent under Art. 6 (1) lit. a GDPR.

When the playback of embedded YouTube videos is initiated with your consent, a server request is made, usually to a Google server in the USA. This request transmits to the server which page you visited and your browser's IP address is sent to and stored by Google.

Additionally, "YouTube" uses cookies with your consent to collect information about user behavior. According to YouTube, these cookies are used to gather video statistics, improve user-friendliness, and prevent abusive behavior. If you are logged into Google, your data may also be associated with your account if you click on a video. If you do not wish this association with your YouTube profile, you must log out before activating the button. Google stores this data as usage profiles and uses it for advertising, market research, and/or the needs-based design of its websites. Such analysis is particularly carried out (including for non-logged-in users) to display targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly for this.

For more information on data protection and the use of data by Google, please refer to the following Google website: https://policies.google.com/privacy?hl=en&gl=de

Google Photos

This website uses "Google Photos," a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereafter referred to as "Google"). Google Photos allows us to integrate and display image galleries on our website. The images are loaded through a server request, usually to a Google server in the USA. This request transmits to the server which page of our website you visited. Additionally, the IP address of the browser on the visitor's device is stored by Google.

We use Google Photos for optimization purposes, particularly to improve the usability of our website and to make its design more user-friendly. The processing is based on Art. 6 (1) lit. a GDPR, according to the consent you have provided. This consent can be withdrawn at any time with effect for the future.

For more information about data protection, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=de .

Appropriate guarantees for Google services when transferring data to the USA

We have concluded a data processing agreement with the service provider in which we oblige them to protect the data of our customers and not to pass it on to third parties.

Since the transfer of personal data by Google to affiliated companies and subcontractors in countries outside the EU and EEA is possible, additional protective measures are necessary to ensure that the data protection level of the GDPR is maintained. For the USA, there is an adequacy decision by the European Commission under Article 45(1) GDPR regarding companies certified under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and commits to adhering to adequate data protection standards, which can be reviewed at the following link: EU-U.S. Data Privacy Framework Participant Search.

For potential transfers to other third countries outside the EU and EEA, for which there is no adequacy decision by the European Commission, we have also agreed on Standard Contractual Clauses pursuant to Article 46(2)(c) GDPR with the provider. These clauses require the data recipient in the third country to process the data in accordance with the level of protection in Europe.

CloudFlare

Our website uses the services of Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107 USA, for secure encrypted data transmission over the internet (SSL), to enhance global website performance through the Cloudflare Content Delivery Network (CDN), and to improve security as well as protection against hacker attacks through the Cloudflare Web Application Firewall (WAF). Cloudflare may use its own cookies to provide these services.

In general, Cloudflare only forwards data controlled by website operators. The content is not determined by Cloudflare but by the website operator itself. Additionally, Cloudflare may collect certain information about the use of our website and process data sent by us or instructions received by Cloudflare. In most cases, Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS log data, and performance data for websites derived from browser activities. Log data helps Cloudflare detect new threats and ensure high security for our website.

The processing of personal data in connection with the use of Cloudflare is based on our legitimate interest according to Art. 6 para. 1 lit. f DSGVO, to enhance the security and delivery speed of our website.

For security reasons and to ensure the optimal presentation of our website, Cloudflare uses cookies.

In general, Cloudflare stores data on a user level for domains in the Free, Pro, and Business versions for less than 24 hours. Cloudflare retains data logs only as long as necessary, and in most cases, these data are deleted within 24 hours. Cloudflare also does not store personal data, such as your IP address. However, there is information that Cloudflare stores as part of its permanent logs for an indefinite period to improve the overall performance of Cloudflare resolvers and to detect potential security risks. You can read about which permanent logs are stored at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/. All data collected by Cloudflare (temporary or permanent) is cleared of personal data and thus anonymized.

You can also completely prevent Cloudflare from collecting and processing your data by disabling script code execution in your browser or by using a script blocker.

Since Cloudflare Inc. may transfer personal data to affiliated companies and sub-processors in countries outside the EU and EEA, additional protective measures are required to ensure the GDPR's level of data protection. For the USA, there is an adequacy decision by the EU Commission according to Art. 45 para. 1 DSGVO concerning companies certified under the EU-U.S. Data Privacy Framework. Cloudflare Inc. is certified under the EU-U.S. Data Privacy Framework and is committed to adhering to adequate data protection standards, which can be reviewed at: https://www.dataprivacyframework.gov/s/participant-search.

For potential transfers to other third countries outside the EU and EEA, where there is no adequacy decision by the EU Commission, we have also agreed with the provider on Standard Contractual Clauses according to Art. 46 para. 2 lit. c DSGVO. These clauses require the recipient of the data in the third country to process the data according to the protection level in Europe.

We have concluded a data processing agreement with Cloudflare.

For more detailed information on data protection and Cloudflare, you can refer to: https://www.cloudflare.com/en-gb/trust-hub/gdpr/ and https://www.cloudflare.com/privacypolicy/.

Hotjar

Our website uses the web analytics service Hotjar provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta, Europe ("Hotjar").

Using Hotjar's technology, we gain a better understanding of user experiences (e.g., how much time users spend on which pages, which links they click, etc.). This helps us tailor our services based on user feedback. Hotjar uses cookies and other technologies to collect data about user behavior and their devices, including the IP address of the device (only collected and stored in anonymized form during your use of the website), screen size, device type (Unique Device Identifiers), information about the browser used, location (only country), and preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymized user profile.

We pay special attention to the protection of your personal data when using this tool. We can only track which buttons are clicked, mouse movements, how far users scroll, the screen size of the device, device type, and browser information, geographic location (only the country), and the preferred language for displaying our website. Areas of the website displaying personal data from you or third parties are automatically hidden by Hotjar and are therefore never traceable. The use of Hotjar and the associated processing of personal data are based on your consent according to Art. 6 para. 1 lit. a DSGVO.

Hotjar generally stores customer data within the European Union. However, there may also be a transfer of personal data to third countries outside the EU and the EEA. In these cases, additional protective measures are required to ensure the GDPR level of data protection. To ensure this, we have agreed with the provider on Standard Contractual Clauses according to Art. 46 para. 2 lit. c DSGVO. These clauses require the recipient in the third country to process the data according to the protection level in the EU.

Hotjar offers every user the option to prevent the use of Hotjar by using a “Do Not Track Header”, so that no data about the visit to the website is recorded. This is a setting supported by all common browsers in current versions. To do this, your browser sends a request to Hotjar to deactivate tracking for the user. If you use our websites with different browsers/computers, you need to set the “Do Not Track Header” for each of these browsers/computers separately. Further information about the “Do Not Track Header” and current guides for the most common browsers you can find at the following link: https://www.hotjar.com/policies/do-not-track/


For more information about Hotjar Ltd. and the Hotjar tool, please visit:

https://www.hotjar.com. The privacy policy of Hotjar Ltd. can be found at:

https://www.hotjar.com/privacy.

Spotify

We use the "Spotify Player" on our website, a service provided by Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden ("Spotify"), for playing podcasts and audio content.

When you use the Spotify Player, Spotify sets cookies and processes personal data (such as your IP address and your interactions) to play the desired audio or podcasts, capture your interactions with the player, and display ads related to your interactions.

If you have a Spotify account and are logged in, the visit to our website and playback of the content can be associated with your account. In this case, additional personal data linked to your Spotify account will be processed. The legal basis for processing is Article 6(1)(a) of the GDPR, your consent, which you can withdraw at any time with future effect.

For more information on how Spotify processes your data, please refer to the provider's privacy policy at https://www.spotify.com/de-en/legal/privacy-policy/ and the cookie policy at https://www.spotify.com/de-en/legal/cookies-policy/ .

Podbean

We use "Podbean" on our website, a service provided by Podbean Tech LLC, 135 E 57th St, 14th Floor, New York, NY 10022, USA ("Podbean"), for playing podcasts and audio content.

When you use the Podbean player, Podbean sets cookies and processes personal data (such as your IP address and your interactions) to play the desired audio or podcasts, capture your interactions with the player, and display ads related to your interactions. If you have a Podbean account and are logged in, the visit to our website and playback of the content can be associated with your account. In this case, additional personal data linked to your Podbean account will be processed. The legal basis for processing is Article 6(1)(a) of the GDPR, your consent, which you can withdraw at any time with future effect.

Podbean processes IP addresses and device information to enable podcast downloads/plays and to gather statistical data, such as play counts. This data is anonymized or pseudonymized before being stored in Podbean's database, unless it is necessary for providing the podcasts.

For more information and options to object, please refer to Podbean's privacy policy: https://www.podbean.com/privacy.

Communication regarding application matters via WhatsApp Business API

We use WhatsApp Business API for communication regarding applications, a service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

You can contact us via a button on the website, for example. In this process, your contact details, such as your phone number, as well as meta/communication data (e.g., device information, IP addresses) are processed.

Please note that communication content (i.e., the content of messages and attached images) is end-to-end encrypted. This means that the content of messages is not visible, not even to WhatsApp Ireland Limited itself. You should always use the latest version of the messenger with encryption enabled to ensure the security of message content.

However, please be aware that while the messenger providers cannot view the content, they can determine that and when you communicate with us, and they process technical information about the device used and, depending on your device settings, also location information (so-called metadata).

If we ask for your permission before communicating with you via the messenger, the legal basis for processing your data is your consent according to Art. 6(1)(a) GDPR. You can withdraw this consent at any time with future effect.

If we do not request consent and you, for example, initiate contact with us, we use WhatsApp in relation to our contractual partners and for contract initiation as a contractual measure according to Art. 6(1)(b) GDPR and for other interested parties based on our legitimate interests according to Art. 6(1)(f) GDPR in maintaining fast and efficient communication.

We have entered into a data processing agreement with the service provider, obligating them to protect our customers' data and not disclose it to third parties.

As personal data transmission by WhatsApp to affiliated companies and subcontractors in countries outside the EU and EEA is possible, additional protective measures are required to ensure GDPR compliance. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45(1) GDPR concerning companies certified under the EU-U.S. Data Privacy Framework. WhatsApp LLC is certified under the EU-U.S. Data Privacy Framework and thus commits to complying with adequate data protection standards, which can be viewed at: https://www.dataprivacyframework.gov/s/participant-search.

For potential transfers to other third countries outside the EU and EEA for which no adequacy decision of the EU Commission exists, we have also agreed on standard data protection clauses in accordance with Art. 46(2)(c) GDPR. These require the recipient in the third country to process the data in accordance with the level of protection in Europe.

The terms of use and privacy information of WhatsApp can be accessed via the following links: https://www.whatsapp.com/legal/, https://www.whatsapp.com/privacy, https://www.whatsapp.com/legal/business-data-processing-terms.

You can withdraw your consent at any time and object to communication with us via WhatsApp. In such a case, we will delete the messages according to our general deletion guidelines (e.g., as described above, after the end of contractual relationships, in the context of archiving provisions, etc.) and otherwise, as soon as we can assume that any queries you had have been answered, if no reference to a previous conversation is expected and no legal retention obligations oppose deletion. Finally, we would like to point out that, for your safety reasons, we reserve the right not to respond to requests via WhatsApp if, for example, contract details require special confidentiality or a response via WhatsApp does not meet formal requirements. In such cases, we will refer you to more appropriate communication channels.

2.7. Contact

If you send us inquiries via the contact form (via "Your Request" or "Get Advice on Shopware 6!" contact form) or email, your information from the inquiry form or email, including any personal data you provided, will be stored by us for processing the request and in case of follow-up questions. Providing an email address, first name, and last name is required for contact. We will not share this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request according to Art. 6(1)(f) GDPR and, if applicable, Art. 6(1)(b) GDPR if your request is aimed at concluding a contract. Your data will be deleted after the request has been processed, unless there are legal retention obligations. You can object to the processing of your personal data at any time in the case of Art. 6(1)(f) GDPR.

2.8. Newsletter

If you wish to receive the newsletter offered on our website with regular information about our offers and products, we require your email address as a mandatory field. Additional data may be provided to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

We use the so-called double opt-in procedure for sending newsletters. This means that we will only send you our newsletter by email after you have explicitly confirmed that you consent to receiving newsletters. Initially, you will receive an email with a link through which you can confirm that you wish to receive newsletters in the future. By confirming, you give us your consent according to Art. 6(1)(a) GDPR to use your personal data for the purpose of sending the requested newsletter.

When you sign up for the newsletter, we store, in addition to the email address required for sending the newsletter, the IP address through which you signed up for the newsletter, as well as the date and time of the registration and confirmation, to be able to trace any misuse at a later time.

You can unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an email to the responsible party mentioned above. After unsubscribing, your email address will be immediately removed from our newsletter distribution list, unless you have explicitly consented to continued use of the collected data or the continued processing is otherwise legally permissible.

2.9. Submission of applications

If you apply to us via our contact form or by email, we collect personal data. This includes, in particular, your contact details (such as first and last name, phone number, and email address) as well as other information you provide about your career (e.g., resume, qualifications, degrees, and work experience) and about yourself (e.g., cover letter, personal interests). This may also include special categories of personal data (e.g., information about a disability). Your personal data is generally collected directly from you as part of the application process and encrypted during electronic transmission. The primary legal basis for this is Art. 6(1)(b) GDPR in conjunction with § 26(1) BDSG. Additionally, consents according to Art. 6(1)(a), 7 GDPR in conjunction with § 26(2) BDSG can be used as data protection legal bases. If the processing of your data is based on consent, you have the right to withdraw your consent at any time with future effect.

Within our company, only those individuals and departments (e.g., Human Resources) who need your personal data to conduct the application process or to fulfill our legal obligations have access to it. Your applications will be forwarded to the responsible parties for review if necessary. Under no circumstances will your personal data be disclosed to unauthorized third parties.

Your data related to a specific job application will be stored and processed during the ongoing application process. After the application process ends (e.g., in the form of an acceptance or rejection), the application process, including all personal data, will be deleted from the system no later than six months after the end of the application process. The data of selected applicants will be securely stored for up to 2 years, provided that the applicants have given their consent according to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with future effect. A simple email to the contact details of the responsible party mentioned above is sufficient. In the case of a successful application, your application documents will be transferred to your personnel file.

3. Privacy Information for Customers, Prospects, and Other Contractual Partners

3.1. Purposes and legal bases of processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as far as they are necessary for the establishment, execution, and fulfillment of a contract, as well as for carrying out pre-contractual measures. If personal data is required for the initiation or execution of a contractual relationship or for carrying out pre-contractual measures, processing is lawful according to Art. 6 (1) lit. b GDPR.

If you grant us explicit consent to process personal data for specific purposes (e.g., forwarding to third parties, evaluation for marketing purposes, or promotional communication via email), the legality of this processing is based on your consent according to Art. 6 (1) lit. a GDPR. You may withdraw your consent at any time with effect for the future (see Section 9 of this privacy notice).

Where necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfill legal obligations according to Art. 6 (1) lit. c GDPR. Additionally, processing may occur to safeguard our legitimate interests or those of third parties, as well as to defend and assert legal claims according to Art. 6 (1) lit. f GDPR. If required by law, we will inform you separately about the legitimate interest.

3.2. Categories of personal data

We only process data related to the establishment of a contract or pre-contractual measures. This may include general information about you or individuals within your company (e.g., name, address, contact details) as well as any additional data you provide to us during the contract establishment.

3.3. Sources of data

We process personal data that we receive from you in the context of contacting us, establishing a contractual relationship, or during pre-contractual measures, or that you provide via our contact form.

3.4. Recipients of the data

We only pass on your personal data within our company to those areas and persons who need this data in order to fulfil the contractual and legal obligations or to implement our legitimate interest.

Your personal data is processed on our behalf on the basis of data processing agreements pursuant to Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. In this case, the categories of recipients are SaaS – providers of customer management systems and invoice management systems.

Otherwise, data will only be passed on to recipients outside the company insofar as legal provisions permit or require this, if the transfer is necessary for the processing and thus for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information. Under these conditions, recipients of personal data, such as:

• External accountant
• Public bodies and institutions (e.g. public prosecutor’s office, Police, supervisory authorities, tax office) in the event of a legal or official obligation
• Recipients to whom the transfer is directly required for the establishment or performance of the contract, such as banks, hosts, Dropbox
  
  

3.5. Transfer to a third country

Transfer to a third country is not intended.

3.6. Duration of storage

Where necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes the initiation and processing of a contract.
In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Fiscal Code (Abgabenordnung, AO). The retention and documentation periods stipulated therein are two to ten years.
Finally, the storage period also depends on the statutory limitation periods, which according to Sections 195 et seqq. of the German Civil Code (BGB) can generally be three years, but in certain cases up to thirty years.

3.7. Your rights

Detailed information about your rights can be found in Section 5.3 of this privacy notice.

4. Social media presence

Below you will find information on how we handle your data collected through your use of our social media sites on social networks and platforms. Your data is processed in accordance with the statutory regulations.

4.1. Facebook fan page

4.1.1. Responsible body

In the event that the data transmitted to us by you is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the controller for data processing within the meaning of the GDPR, in addition to us or in our place. For this purpose, we have concluded an agreement with Facebook in accordance with Art. 26 GDPR on joint responsibility for the processing of data (Controller Addendum). This agreement defines the data processing operations for which we or Facebook are responsible when you visit our Facebook fan page. You can view this agreement at the following link:https://www.facebook.com/legal/terms/page_controller_addendum.

Since personal data is transferred by Facebook Ltd. to the USA, including to Facebook Inc., further protection mechanisms are required to ensure the level of data protection of the GDPR. For this purpose, the provider shall set out standard data protection clauses in accordance with Art. 46(2) c GDPR. These require the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.

If you would like to exercise your rights as a visitor to the website (information, rectification, erasure, restriction, data portability, complaint to the supervisory authority, objection or withdrawal), you can contact Facebook or us.

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads oder http://www.youronlinechoices.com

For further details, please refer to Facebook’s privacy statement: https://www.facebook.com/about/privacy/

4.1.2. Facebook’s Data Protection Officer

To contact the Facebook Data Protection Officer, you can use the online contact form provided by Facebook at the following link: https://www.facebook.com/help/contact/540977946302970 verwenden.

4.1.3. Data processing for statistical purposes by means of page insights

Facebook provides so-called page insights for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This is aggregated data that provides information on how people interact with our site. Site Insights may be based on personal data collected in connection with a visit or interaction of individuals to or with our site and in connection with content provided. Please be aware of which personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes, even if you are not logged in to Facebook or do not have a Facebook account. For example, user profiles are created from user behaviour and the resulting interests of the user. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies, which are stored on your end device. In addition, the user profiles may also store data that is independent of the devices used by the users; in particular, if the users are members of the respective platforms and are logged into them. The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the optimised presentation of the offer, the effective information and communication with customers and interested parties as well as the targeted placement of advertising. Please note that we have no influence on data collection and further processing by Facebook. As a result, we cannot provide information on the extent to which, where and for how long Facebook stores the data. Furthermore, we cannot make any statements about the extent to which Facebook fulfils existing deletion obligations, which evaluations and links are made with the data by Facebook and to whom the data is passed on by Facebook. If you would like to avoid Facebook processing your personal data, please contact us by other means.

4.2. Other social media providers

4.2.1. Responsible body

If your personal data is processed by a provider listed below, this controller is responsible for data processing within the meaning of the GDPR. For the assertion of your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only these parties have access to the data collected from you. If you still need help, please do not hesitate to contact us.
We have online presences on the social media platforms of the following providers:

• Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland
• Instagram Inc., Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
• YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
• XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany
• Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
  
  

4.2.2. Data Protection Officer

You can find information on contacting the data protection officer of the other social media providers here:

• Twitter Inc.: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp<a/a>
• Instagram Inc.: https://de-de.facebook.com/help/instagram/155833707900388
• LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
• XING SE: datenschutzbeauftragter@xing.com
• YouTube: Um den Datenschutzbeauftragten von YouTube zu kontaktieren, wenden Sie sich bitte an Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
• Pinterest: https://help.pinterest.com/de/data-protection-officer-contact-form

4.3. General information on social media platforms

4.3.1. Responsible body

The controller for data processing within the meaning of the GDPR is the authority named at the beginning of this Privacy Statement, insofar as we process data transmitted by you via one of the social media platforms.

4.3.2. Our Data Protection Officer

If you have any concerns about data processing carried out by us as the controller, you can contact our Data Protection Officer using the contact details provided at the beginning of this Privacy Statement.

4.4. General data processing on social media platforms

4.4.1. Data processing for market research and advertising

As a rule, personal data is processed on the company’s website for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognise you when you visit a website. Usage profiles can be created using the collected data. These are used to place advertisements inside and outside the platform that presumably correspond with your interests. Furthermore, data can also be stored in the usage profiles regardless of the devices you use. This is regularly the case if you are a member of the respective platforms and are logged in to them.

4.4.2. Data processing when making contact

We collect personal data ourselves if, for example, you contact us via a contact form or a messenger service, such as Facebook Messenger. The data collected depends on your details and the contact details you provide or approve. These are stored by us for the purpose of processing the request and in the event of follow-up questions. Under no circumstances will we pass on the data to third parties without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request pursuant to Art. 6(1) point f GDPR and, if applicable, Art. 6(1) point b GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, unless there are statutory retention obligations to the contrary. We assume processing to be concluded if it can be deduced from the circumstances that the matter in question has been finally clarified.

4.4.3. Data processing for contract processing

If your contact via a social network or other platform aims to conclude a contract for the supply of goods or services with us, we process your data for the fulfilment of the contract or for the implementation of pre-contractual measures or the provision of the desired services. In this case, the legal basis for the processing of your data is Art. 6(1) point b GDPR. Your data will be deleted if it is no longer required for the implementation of the contract or if it is established that the pre-contractual measures do not lead to a conclusion of the contract corresponding to the purpose of the contact. Please note, however, that it may also be necessary to store personal data of our contractual partners after conclusion of the contract in order to comply with contractual or legal obligations.

4.4.4. Data processing based on consent

If you are asked by the respective providers of the platforms for consent to processing for a specific purpose, the legal basis for processing is Art. 6(1) point a., Art. 7 GDPR. Assigned consent can be revoked at any time with effect for the future.

4.5. Data transfer and recipient

When visiting and using the platforms listed above, personal data may be transferred to the USA or other third countries outside the EU, which is why further protective mechanisms are required in such cases to ensure the level of data protection in accordance with the GDPR. Please refer to the list below for further information on whether and which suitable warranties the providers can provide.
We have no influence on the processing and handling of your personal data by the provider. We also do not have any information on this. For further information, please check the privacy statement of the respective provider and, if necessary, use the options for opt-out/personalisation with regard to data processing by the provider:

Twitter

• Privacy statement: https://twitter.com/de/privacy
• Opt-out: https://twitter.com/personalization
• According to the privacy statement, Twitter uses standard data protection clauses to ensure an appropriate level of data protection in accordance with the provisions of the GDPR for data transfer to the USA or other third countries outside the EU: https://twitter.com/de/privacy
  
  

LinkedIn

• Privacy statement: https://www.linkedin.com/legal/privacy-policy
• Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
• According to the privacy statement, LinkedIn uses standard data protection clauses to ensure an appropriate level of data protection in accordance with the provisions of the GDPR for data transfer to the USA or other third countries outside the EU: https://www.linkedin.com/legal/privacy-policy und https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de
  
  

XING

• Privacy statement: https://privacy.xing.com/de/datenschutzerklaerung
• Opt-Out: https://nats.xing.com/optout.html?popup=1&locale=de_DE
• According to the privacy statement, XING uses standard data protection clauses to ensure an appropriate level of data protection in accordance with the provisions of the GDPR for data transfer to the USA or other third countries outside the EU: https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person/drittlaender

5. Other provisions

5.1. Data Security

In accordance with Article 32 GDPR, we take into account the current state of technology, implementation costs and the nature, scope, circumstances and purposes of processing as well as the varying probability and severity of the risk to the rights and freedoms of natural persons, suitable technical and organisational measures to ensure a level of protection appropriate to the risk. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

5.2. Duration of storage of personal data

The duration of storage of personal data is determined by the relevant statutory retention periods (e.g. commercial law and tax law). After the respective period has expired, the corresponding data is routinely deleted. If data is required for the fulfilment of the contract or for the initiation of the contract or if we have a legitimate interest in its continued storage, the data will be deleted if it is no longer required for these purposes or if you exercise your right to withdraw or object.

5.3. Your rights

In the following, you will find information about the data subject rights that the applicable data protection law grants you with regard to the controller with regard to the processing of your personal data:

The right, according to Article 15 GDPR, to request information concerning your personal data that we have processed. In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your information has been or will be disclosed, the planned storage duration, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of the data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on the details.

The right, according to Article 16 GDPR, to immediately request the correction of inaccurate data we have about you or the completion of your personal data stored by us.

The right, according to Article 17 GDPR, to request the deletion of your personal data stored with us, provided that the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

The right, according to Art. 18 GDPR, to request restriction of the processing of your personal data if the accuracy of the data is disputed by you or the processing is unlawful, but you reject deletion of the data and we no longer need it; you need the data for the establishment, exercise or defence of legal claims or you have filed an objection against the processing according to Art. 21 GDPR.

The right, according to Art. 20 GDPR, to request the personal information you have provided to us in a structured, standard and machine readable format or request the transmission of such to another controller.

The right, according to Article 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if necessary, your usual place of residence or workplace.

The right to withdraw consent granted pursuant to Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, provided that further processing cannot be based on a legal basis for processing without consent. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent until withdrawal.

5.3.1. Right of objection

If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6(1) point 1 lit. f GDPR, you have, in accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data if this is for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to state a special situation. If you would like to exercise your right of objection, please send an e-mail to: office@dasistweb.de

5.4. Legal obligations

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract or the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide such personal data as is necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

5.5. Automated decision making

There is no automated decision-making or profiling pursuant to Art. 22 GDPR.

5.6. Right of modification

We reserve the right to amend or update this Privacy Statement if necessary in compliance with the applicable data protection regulations. In this way we can adapt it to current legal requirements and take into account changes in our services, e.g. when introducing new services. The most recent version applies to your visit.

Status of this Privacy Statement 05/08/2021