Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter referred to as “data”), the purposes for which we process it, and the scope of such processing. This privacy policy applies to all processing of personal data carried out by us, both as part of the services we provide and particularly on our websites, in mobile applications, and within external online presences such as our social media profiles (hereinafter collectively referred to as the “online offering”).

The terms used are not gender-specific.

Last updated: July 11, 2025

Table of Contents

• Preamble
• Controller
• Overview of Processing
• Applicable Legal Bases
• Security Measures
• Transfer of Personal Data
• International Data Transfers
• General Information on Data Storage and Deletion
• Rights of Data Subjects:
• Business Services
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Blogs and Publishing Media
• Contact and Inquiry Management
• Newsletters and Electronic Notifications
• Promotional Communication via Email, Mail, Fax or Telephone
• Web Analytics, Monitoring and Optimization
• Presence on Social Networks
• Plugins and Embedded Functions and Content

Controller

Jeffery Reich
Jeffery Reich, acting under the name Reich
Rosenheimer Strasse 36
10781 Berlin
Germany

Authorized representative: Jeffery Reich

Email address: admin@reich-advisory.com

Imprint: imprint.reich-advisory.com

Overview of Processing

The following overview summarizes the types of data processed and the purposes of processing, as well as the categories of Data Subjects:.

Types of Data Processed

• Inventory data
• Payment data
• Contact data
• Content data
• Contract data
• Usage data
• Meta, communication, and procedural data
• Log data

Categories of Data Subjects:

• Service recipients and clients
• Interested parties
• Communication partners
• Users
• Business and contractual partners

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations
• Communication
• Security measures
• Direct marketing
• Reach measurement
• Office and organizational procedures
• Organizational and administrative procedures
• Feedback
• Marketing
• Profiling with user-related information
• Provision of our online offering and user-friendliness
• Information technology infrastructure
• Public relations
• Sales promotion
• Business processes and economic procedures

Applicable Legal Bases

Legal bases under the GDPR:
Below is an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation (Art. 6(1)(c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Germany:
In addition to the data protection regulations of the GDPR, national regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (BDSG), which contains special provisions on access rights, the right to erasure, the right to object, processing of special categories of personal data, processing for other purposes, and data transfers and automated decision-making including profiling. State data protection laws may also apply.

Note on applicability of GDPR and Swiss FADP:
This privacy notice serves both to fulfill our information obligations under the Swiss Federal Act on Data Protection (FADP) and the GDPR. Therefore, for clarity and broader applicability, the terminology of the GDPR is used. For example, instead of the FADP term “processing of personal data,” we use “processing of personal data” and “legitimate interest” rather than “overriding interest.” The legal meaning under Swiss law remains unchanged.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, nature, scope, and context of the processing, and the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, availability, and separation of data. We also have procedures in place to ensure the exercise of data subject rights, deletion of data, and response to data threats. Furthermore, we consider data protection principles in the development and selection of hardware, software, and procedures, according to the principle of data protection by design and by default.

Securing online connections via TLS/SSL encryption (HTTPS): To protect the data of users transmitted via our online services, we use TLS/SSL encryption technology. SSL and TLS are foundational for secure data transmission on the internet. These technologies encrypt information exchanged between the website or app and the user’s browser (or between two servers), protecting it from unauthorized access. TLS, being the more advanced version, ensures data transfers meet high security standards. When a website is secured via SSL/TLS, the URL begins with “HTTPS,” indicating a secure and encrypted connection.

Transfer of Personal Data

As part of our processing of personal data, it may happen that data is transferred to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. These recipients may include, for example, service providers tasked with IT responsibilities or providers of services and content integrated into a website. In such cases, we comply with legal requirements and enter into appropriate agreements or contracts that serve to protect your data with the recipients.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of using services from third parties or disclosing/transferring data to other persons or companies (recognizable by the provider’s address or where explicitly indicated in this privacy policy), we only do so in accordance with legal requirements.

Transfers to the USA: For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized by the EU Commission as a secure framework under an adequacy decision dated July 10, 2023. Additionally, we have concluded standard contractual clauses with service providers, establishing contractual obligations to protect your data according to EU standards.

This two-layer approach ensures robust protection: the DPF provides a primary safeguard, while standard contractual clauses serve as a fallback. If changes affect the DPF, these clauses remain in place to uphold data protection.

For each individual service provider, we inform you whether they are certified under the DPF and whether standard contractual clauses are in place. Further information about the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/.

Transfers to other third countries: For other third countries, we apply equivalent safeguards, including standard contractual clauses, explicit consent, or statutory requirements. More information is available via the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements once the consent is revoked or no other legal basis exists for continued processing. This includes when the purpose of the processing is fulfilled or the data is no longer necessary. Exceptions apply if legal obligations or special interests require longer storage.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons, must be appropriately archived.

We include additional information about retention and deletion periods in sections specific to certain processing operations.

Where multiple retention periods apply, the longest duration governs. Data that is no longer needed for its original purpose but must be retained for other reasons is processed solely for those retention purposes.

Retention and Deletion of Data: The following general time periods apply to retention and archiving under German law:

• 10 years – e.g., financial statements, ledgers, opening balance sheets, and necessary supporting documents (per § 147 AO, § 14b UStG, § 257 HGB)
• 8 years – e.g., accounting receipts like invoices or cost documents (per § 147 AO and § 257 HGB)
• 6 years – e.g., business correspondence, payroll records, calculation notes (per § 147 AO and § 257 HGB)
• 3 years – e.g., data related to warranties, compensation claims, and inquiries, based on statutory limitation periods (per §§ 195, 199 BGB)

Rights of Data Subjects:

According to the GDPR, you have the following rights as a data subject (Articles 15 to 21 GDPR):

• Widerspruchsrecht: You have the right to object, at any time and on grounds relating to your particular situation, to the processing of your personal data which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on those provisions. If your personal data is used for direct marketing, you can object to this at any time.
• Right to withdraw consent: You have the right to withdraw your consent at any time.
• Right of access: You have the right to request confirmation as to whether personal data concerning you is being processed and, where that is the case, access to the data and further information.
• Right to rectification: You have the right to request the rectification of inaccurate or incomplete data concerning you.
• Right to erasure and restriction: You have the right to request the immediate deletion of data concerning you, or alternatively restriction of processing if legal conditions are met.
• Right to data portability: You have the right to receive personal data you have provided in a structured, commonly used, and machine-readable format and to transmit those data to another controller.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence, workplace, or place of the alleged infringement, if you believe the processing of your personal data violates the GDPR.

Business Services

We process data of our clients, customers, and business partners (collectively “contractual partners”) in the context of contractual or comparable legal relationships, including communication and pre-contractual inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies in the event of warranty or other performance issues. In addition, we use the data to protect our rights and for the administrative tasks associated with these obligations as well as for corporate organization. We also process the data on the basis of our legitimate interests in proper and economically efficient business operations and in security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., by involving telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the scope of applicable law, we only share contract partner data with third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about any additional forms of processing, such as for marketing purposes, within this privacy policy.

We inform contractual partners which data is required for the aforementioned purposes before or during the data collection process—for example, in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks or similar), or in person.

We delete the data after the expiration of statutory warranty and similar obligations, i.e., generally after four years, unless the data is stored in a customer account—for example, as long as it must be retained for legal archiving purposes (typically ten years for tax reasons). Data that has been disclosed to us by the contractual partner in the context of an order is deleted in accordance with the contractual requirements and generally upon completion of the order.

• Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses or phone numbers); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved individuals). Leistungsempfänger und Auftraggeber; Interessenten. Geschäfts- und Vertragspartner.
• Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative processes; business processes and economic procedures.
• Retention and Deletion: Deletion in accordance with the details provided in the section “General Information on Data Storage and Deletion.”
• Legal Bases:Fulfillment of contract and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR); Legal obligation (Art. 6(1)(1)(c) GDPR); Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional Information on Processing Activities, Procedures, and Services:

• Online Shop, Order Forms, E-Commerce, and Service Fulfillment: We process our customers’ data to enable them to select, purchase, or order the chosen products, goods, and associated services, as well as to facilitate payment and provision, delivery, or execution. Where necessary for fulfilling an order, we engage service providers—particularly postal, freight, and shipping companies—to carry out the delivery or execution for our customers. For handling payment transactions, we use the services of banks and payment providers. The required information is marked as such during the ordering or comparable acquisition process and includes the details needed for delivery or provision and billing, as well as contact information in case follow-up communication is necessary.
• Legal Bases: Fulfillment of contract and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR).

Provision of the Online Offer and Web Hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

• Types of Data Processed: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved individuals); Log data (e.g., log files related to logins, data access, or access times).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment such as computers, servers, etc.); Security measures.
• Retention and Deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.”.
• Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional Information on Processing Activities, Procedures, and Services:

• Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called “server log files.” These server log files may include the address and name of the accessed web pages and files, the date and time of access, the volume of data transferred, confirmation of successful access, browser type and version, the user’s operating system, the referrer URL (the previously visited page), and typically IP addresses and the requesting provider. Server log files may be used for security purposes—for example, to prevent server overload (especially in the case of abusive attacks, such as DDoS attacks)—as well as to ensure the server’s performance and stability.
• Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).
• Deletion of Data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes is excluded from deletion until the respective incident has been fully resolved.

Use of Cookies

The term “cookies” refers to functions that store information on users’ devices and retrieve it from them. Cookies can serve various purposes, such as ensuring the functionality, security, and user-friendliness of online services, as well as analyzing visitor traffic. We use cookies in accordance with legal requirements. Where necessary, we obtain users’ prior consent. If consent is not required, we rely on our legitimate interests—this applies when storing and retrieving information is essential for providing explicitly requested content and functions. This includes, for example, saving preferences and ensuring the functionality and security of our online services. Consent can be revoked at any time. We provide clear information about the scope of usage and which cookies are employed.

Information on Data Protection Legal Bases: Whether we process personal data using cookies depends on user consent. If consent has been given, it serves as the legal basis. In the absence of consent, we rely on our legitimate interests, as described above in this section and in the context of the respective services and procedures.

Storage Duration: With regard to storage duration, the following types of cookies are distinguished:

• Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application). Temporary cookies are deleted at the latest after a user has left an online offering and closed their device (e.g., browser or mobile application).
• Permanent Cookies: Permanent cookies remain stored even after the user closes their device. For example, the login status can be saved, and preferred content can be displayed directly when the user revisits a website. Similarly, usage data collected via cookies can be used for reach measurement. Unless we explicitly inform users about the type and storage duration of cookies (e.g., when obtaining consent), they should assume that the cookies are permanent and may be stored for up to two years.

General Information on Withdrawal and Objection (Opt-Out): Users can withdraw their consent at any time and may also object to the processing in accordance with legal requirements, including through the privacy settings of their browser.

• Types of Data Processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved individuals).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); Consent (Art. 6(1)(1)(a) GDPR).

Additional Information on Processing Activities, Procedures, and Services:

• Processing of Cookie Data Based on Consent: We use a consent management solution to obtain users’ consent for the use of cookies or for the procedures and providers specified within the consent management system. This process serves to collect, log, manage, and revoke consents—particularly regarding the use of cookies and similar technologies used to store, read, and process information on users’ devices. As part of this process, users’ consents for the use of cookies and the related data processing activities—including specific processes and providers named in the consent management procedure—are obtained. Users are also given the ability to manage and revoke their consents. Consent declarations are stored in order to avoid repeated prompts and to be able to prove consent in accordance with legal requirements. Storage takes place server-side and/or in a cookie (known as an opt-in cookie), or through comparable technologies, to associate the consent with a specific user or device. Unless specific details about the providers of the consent management service are provided, the following general notes apply: the consent is stored for up to two years. A pseudonymous user identifier is generated, which is stored along with the time of consent, information on the scope of consent (e.g., categories of cookies and/or service providers affected), and details about the browser, system, and device used.
• Legal Bases: Consent (Art. 6(1)(1)(a) GDPR).

Blogs and Publishing Media

We use blogs or comparable forms of online communication and publication (hereinafter referred to as “publishing medium”). The data of readers is processed for the purposes of the publishing medium only to the extent necessary for its presentation, for communication between authors and readers, or for security reasons. For all other matters, we refer to the information provided in this privacy notice regarding the processing of visitors to our publishing medium.

• Types of Data Processed Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., written or visual messages and contributions, as well as related information such as authorship details or time of creation); Usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved individuals).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness; Security measures; Organizational and administrative procedures.
• Retention and Deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
• Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional Information on Processing Activities, Procedures, and Services:

• Comments and Contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone posts unlawful content in comments or contributions (e.g., insults, prohibited political propaganda, etc.). In such cases, we may be held legally responsible for the comment or contribution and therefore have a legitimate interest in the identity of the author.Furthermore, we reserve the right to process users’ information for the purpose of spam detection based on our legitimate interests. On the same legal basis, we also reserve the right to store users’ IP addresses for the duration of surveys and to use cookies in order to prevent multiple voting. The personal information provided as part of comments and contributions—such as contact and website details, as well as the content itself—is stored by us permanently, unless and until the user objects.
  
  Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, telephone, or via social media) and in the context of existing user and business relationships, the information provided by the inquiring individuals is processed to the extent necessary to respond to the contact inquiries and any requested actions.

• Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or time of creation); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved individuals).
• Data Subjects: Communication partners.
• Purposes of Processing: Communication; Organizational and administrative procedures; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness.
• Retention and Deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
• Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); Performance of a contract and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR).

Additional Information on Processing Activities, Procedures, and Services:

• Contact Form: When contacting us via our contact form, email, or other communication channels, we process the personal data provided to us in order to respond to and handle the respective inquiry. This typically includes information such as name, contact details, and, if applicable, other information shared with us that is necessary for appropriate processing. We use this data solely for the stated purpose of contact and communication.
• Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR); Legitimate interests (Art. 6(1)(1)(f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletter”) only with the recipients’ consent or based on a legal basis. If the contents of the newsletter are specified during the subscription process, these contents are decisive for the user’s consent. Typically, providing your email address is sufficient to subscribe to our newsletter. However, to offer you a more personalized service, we may ask for your name for personal salutation or other information necessary for the specific purpose of the newsletter.

We may retain unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove that consent was previously given. The processing of this data is restricted to the purpose of potentially defending against legal claims. An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed. In the event of a legal obligation to permanently honor objections, we reserve the right to store the email address solely for this purpose in a suppression list (so-called “blacklist”).

The logging of the subscription process is carried out on the basis of our legitimate interests for the purpose of documenting its proper execution. If we engage a service provider to send emails, this is done on the basis of our legitimate interest in having an efficient and secure delivery system.

Information about us, our services, promotions, and offers.

• Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved individuals); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features).
• Data Subjects: Communication partners.
• Purposes of Processing: Direct marketing (e.g., via email or postal mail).
• Legal Bases: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO).
• Right to object (opt-out):You can unsubscribe from receiving our newsletter at any time, i.e., withdraw your consent or object to receiving future communications. You can find a link to unsubscribe at the end of each newsletter, or alternatively, you can use one of the contact methods provided above, preferably email.

Further information on processing activities, procedures, and services:

• Measurement of opening and click rates:The newsletters contain what is known as a “web beacon,” a pixel-sized file retrieved from our server or the server of our email service provider, if we use one, upon opening the newsletter. As part of this retrieval, technical information such as your browser and system details, as well as your IP address and the time of access, are initially collected. This information is used for the technical improvement of our newsletter based on technical data or target groups and their reading behavior according to their locations (which can be identified using the IP address) or access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The information is attributed to individual newsletter recipients and stored in their profiles until deleted. The evaluations serve to understand the reading habits of our users and adapt our content to them or to send different content according to the interests of our users. The measurement of opening and click rates and the storage of these measurement results in users’ profiles.
• Legal Bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR).

Promotional communication via email, postal mail, fax, or telephone

We process personal data for the purposes of promotional communication, which may be carried out through various channels, such as email, telephone, postal mail, or fax, in accordance with applicable legal regulations.

Recipients have the right to withdraw their consent at any time or to object to promotional communication at any time.

After a withdrawal or objection, we store the data required to prove the previous authorization for contacting or sending communications for up to three years after the end of the year in which the withdrawal or objection was made, based on our legitimate interests. The processing of this data is limited to the purpose of potentially defending against claims. Based on the legitimate interest of permanently respecting the user’s withdrawal or objection, we also store the data necessary to prevent further contact attempts (e.g., depending on the communication channel, the email address, phone number, or name).

• Types of Data Processed: Master data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers). Content data (e.g., textual or visual messages and posts as well as related information such as authorship details or creation date).
• Data Subjects: Communication partners.
• Types of Data Processed: Direct marketing (e.g., via email or postal mail); marketing; sales promotion.
• Retention and Deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
• Legal Bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Web analysis, monitoring, and optimization

Web analysis (also referred to as “reach measurement”) serves to evaluate the visitor flows of our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous data. Using reach analysis, we can, for example, determine at what times our online offering or its functions or content are most frequently used or invite users to revisit. It also enables us to identify which areas require optimization.

In addition to web analysis, we may also use testing methods to, for example, test and optimize different versions of our online offering or its components.

Unless otherwise specified below, profiles—that is, data compiled from a usage session—may be created for these purposes, and information may be stored in and retrieved from a browser or device. The collected data includes, in particular, visited websites and the elements used there, as well as technical details such as the browser used, the computer system, and usage times. If users have consented to the collection of their location data either with us or with the providers of the services we use, processing of location data is also possible.

In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear personal data of users (such as email addresses or names) is stored in the course of web analysis, A/B testing, and optimization, but only pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the data stored in their profiles for the purposes of the respective processes.

Information on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

• Types of data processed: Usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions). Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.
• Retention and Deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.” Storage of cookies for up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on users’ devices for a period of two years).
• Security measures: IP masking (pseudonymization of the IP address).
• Legal bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Additional Information on Processing Activities, Procedures, and Services:

• Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any personally identifiable data such as names or email addresses. It serves to associate analytical information with a device in order to determine which content users have accessed within one or multiple sessions, which search terms they used, revisited, or interacted with on our online offering. The time and duration of use are also recorded, as well as the sources that refer users to our online offering and technical details about their devices and browsers.
  Pseudonymous profiles of users are created using information from the usage of different devices, with cookies possibly being used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (including the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. They are not logged, not accessible, and not used for any further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing.
  Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;
  Legal bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR);
  Website: https://marketingplatform.google.com/intl/de/about/analytics/;
  Security measures: IP masking (pseudonymization of the IP address);
  Privacy Policy: https://policies.google.com/privacy;
  Data processing agreement: https://business.safety.google/adsprocessorterms/;
  Basis for transfers to third countries: Data Privacy Framework (DPF), Standardvertragsklauseln (https://business.safety.google/adsprocessorterms);
  Right to object (opt-out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de
  Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (Types of processing as well as processed data).

Presences on social networks (social media)

We maintain online presences within social networks and, in this context, process user data to communicate with active users there or to provide information about us.

We point out that user data may be processed outside the European Union in this context. This may pose risks for users, for example, because enforcing users’ rights could become more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created based on users’ behavior and resulting interests. These profiles may then be used to display advertisements within and outside the networks that presumably match users’ interests. Therefore, cookies are typically stored on users’ devices, recording usage behavior and interests. Additionally, data may also be stored in usage profiles independently of the devices used by the users—especially if they are members of the respective platforms and logged in there.

For a detailed description of the respective processing methods and the options to object (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Even in the case of information requests and the assertion of data subject rights, we point out that these can be most effectively exercised directly with the providers. Only they have access to the user data and can take appropriate measures and provide information directly. If you still need assistance, you may contact us.

• Types of Data Processed: Contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and posts, as well as related information such as authorship details or creation date). Usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Communication; feedback (e.g., collecting feedback via online forms). Public relations.
• Retention and Deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
• Legal bases: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Additional Information on Processing Activities, Procedures, and Services:

• LinkedIn: Soziales Social Network – Together with LinkedIn Ireland Unlimited Company, we are jointly responsible for the collection (but not the further processing) of data from visitors that is used to create the “Page Insights” (statistics) of our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as actions they take. Additionally, details about the devices used are collected, such as IP addresses, operating system, browser type, language settings, and cookie data, as well as information from user profiles like job function, country, industry, hierarchy level, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
  We have entered into a specific agreement with LinkedIn Ireland. ("Page Insights Joint Controller Addendum", https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures LinkedIn must observe and in which LinkedIn has committed to respecting the rights of data subjects (i.e., users can, for example, submit requests for information or deletion directly to LinkedIn). The rights of users (especially the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. The joint responsibility is limited to the collection and transmission of data to LinkedIn Ireland Unlimited Company, a company based in the EU. The further processing of the data is exclusively the responsibility of LinkedIn Ireland Unlimited Company, particularly regarding the transfer of data to the parent company LinkedIn Corporation in the USA;
• Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland;
• Legal bases: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR);
• Website: https://www.linkedin.com;
• Privacy Policy: https://www.linkedin.com/legal/privacy-policy;
• Basis for transfers to third countries: Data Privacy Framework (DPF), Standard contractual clauses (https://legal.linkedin.com/dpa).
• Right to object (opt-out) https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Plug-ins and embedded functions as well as content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or maps (hereinafter collectively referred to as “content”).

The integration always requires that the third-party providers of this content process the users’ IP address, since they could not deliver the content to their browser without it. The IP address is therefore necessary for displaying such content or functions. We strive to use only content whose providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users’ devices and may include, among other things, technical data about the browser and operating system, referring websites, time of visit, and further details about the use of our online offering. It may also be linked with such information from other sources.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is that consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in providing efficient, economical, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

• Types of Data Processed: Usage data (e.g. page views and time spent, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g. IP addresses, timestamps, identification numbers, involved persons).
• Data Subjects: Users (e.g. website visitors, users of online services).
• Purposes of Processing: Provision of our online offering and user-friendliness.
• Retention and Deletion:Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.” Cookies may be stored for up to 2 years (unless otherwise specified, cookies and similar storage methods can be stored on users’ devices for a period of up to two years).
• Legal bases: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO). Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).

Additional Information on Processing Activities, Procedures, and Services:

• Google Fonts (served from Google servers): Retrieval of fonts (and icons) for the purpose of technically secure, maintenance-free, and efficient use of fonts and icons with regard to up-to-dateness and loading times, their uniform display, and compliance with possible licensing restrictions. The provider of the fonts is informed of the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for the provision of the fonts depending on the devices used and the technical environment. These data may be processed on a server of the font provider in the USA – When visiting our online offering, users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user-agent that describes the browser and operating system versions of the website visitors, as well as the referrer URL (i.e. the web page on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user-agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. For the Google Fonts Web API, the user-agent must adapt the font that is generated for the respective browser type. The user-agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations can be generated based on the number of font requests. According to Google, none of the information collected via Google Fonts is used to create profiles of end users or to serve targeted ads.
• Service provider:
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;
• Legal bases:Legitimate interests (Art. 6(1)(f) GDPR);
• Website: https://fonts.google.com/;
• Datenschutzerklärung: https://policies.google.com/privacy;
• Grundlage Drittlandtransfers: Data Privacy Framework (DPF).
• Weitere Informationen: https://developers.google.com/fonts/faq/privacy?hl=de.

This privacy policy was generated with the assistance of the free tool provided by Dr. Thomas Schwenke at Datenschutz-Generator.de.