Privacy
Policy

tl; dr:
Personally, I care about privacy (also yours) and will try to collect as little data, keep it anonymized, and delete it – all as little or soon as possible.

So, you’re one of those people who actually reads these privacy policies?

Me, too.

Sometimes. Before I then become depressed.

Because, don’t you know?

“You have zero privacy anyway. Get over it.”

– Scott McNealy, 1999

The problem with privacy policies, as I see it, is that

  • it’s only partly to inform you, the visitor, about data used;
  • mostly it seems to be about protecting oneself as a provider.
  • And they are also the result of decades of attorneys’ and lobbyists’ work – to secure that they are needed and have (sometimes pervertedly high-paying) jobs – pushed society to fear almost everything. Which means we all suffer, without much benefit. I think.

If printed on standard US letter or DIN A4 paper, this privacy policy here would run to about 16 pages. Sixteen pages! For a basically private website/blog! Since most of the data in question is not any I would want from you nor you would want to provide to me, this is only because of the design of the services used, and the tedious legal definitions which don’t relate to everyday life, but are written in case of a court process.

I believe this is not useful to either you and me.

But because we got told that security is the biggest boon, and that we should never take responsibility for anything – except for securing us ourselves –, this is the world we live in. (Sorry, I tend to rant.)

About much of the data which might be potentially abused, neither you nor I can do much against when privacy is not built into all the systems – except not use this or that service. And I can’t and wouldn’t want to force you to not use services you find convenient but I find problematic when considering my privacy policy, nor make reading this website tedious for you.

Years ago I’ve worked on a concept about the worlds beneath and hidden from us: data streams data streams, infrastructure, electric grids, sweage, letter chute, subways, deep-sea cables. It was all about what we don’t know (or at least aren’t readily aware of), and less about volunteered data, as about observed (without our knowledge or consent) data.

The problem with privacy mostly concerns data observed about us – where we’ve surfed, what we’ve ordered, what we’ve searched. And we should definitely know what’s being collected about us, and by whom. But a privacy notice?

Setting one up, there’s a couple of questions I’ve encountered: Do I want to make it easy to understand, but therefore also easy to attack me when I’ve overlooked something? Or do I want to bury the relevant info in legalese, and just to be safe include stuff that might not even apply, to protect myself? But if a reader doesn’t understand it, then a privacy policy kind of subverts itself.

So what shall one do? I don’t know. I’ve tried to strike for a balance: make it exhaustive, but structure it at least somewhat understandable. I’m probably still open to various legal attacks, because maybe I am using a plugin on this CMS that transmits some data somewhere I didn’t catch. But it still is a lot of text, and a lot of it legalese, and therefore neither really feasible nor fun to read and understand it all, if internet privacy is not your inherent interest.

So, without any more ado:

Preamble

With this data protection declaration we [this is a pluralis majestatis] want to inform you which types of your personal data (we call them “data” for short) we process, why and to what extent. This declaration applies to all processing of personal data that we carry out—whether as part of our services, on our websites, or on our social media profiles (collectively “online offering”).

Date: September 15, 2024

Overview of contents

Responsible Person

Cinewulf (artist’s name), e-mail address: cinewulf@proton.me

Overview of Processing

Here is an overview of what data we process, why we do it, and who it affects.

[Meaning: only some items concern you as a visitor!]

Types of Data Processed

  • Inventory data
  • Payment details
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta, communication, and procedural data
  • Protocol data

Categories of Affected Persons

  • Service recipients and clients
  • Interested parties
  • Communication partners
  • Users
  • Business and contractual partners
  • Participants

Purposes of Processing

  • Fulfillment of contractual obligations
  • Communication
  • Security measures
  • Direct marketing
  • Office and organizational tasks
  • Feedback
  • Surveys and questionnaires
  • Providing our online offering and improving user-friendliness
  • IT infrastructure
  • Public relations
  • Business processes and operations

Legal bases according to the GDPR: Here is an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that in addition to the GDPR, national data protection laws may also apply. If special legal bases are important in individual cases, we will inform you about them in the data protection declaration.

  • Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) – You have consented to us processing your personal data for a specific purpose.
  • Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) – We process your data because it is necessary for the fulfillment of a contract or to respond to your inquiries prior to contract conclusion.
  • Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR) – We have to process your data because we are legally obliged to do so.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) – We process your data to protect our legitimate interests, as long as your interests or fundamental rights do not override them.

National data protection regulations in Germany: In addition to the GDPR, additional data protection laws apply in Germany, for example, the Federal Data Protection Act (BDSG). The BDSG contains special regulations on rights to information, deletion, objection, and other topics. Federal state data protection laws may also apply.

Security Measures

We take technical and organizational measures to protect your data. We consider the state of the art, the costs, and the type and extent of processing. We want to ensure an appropriate level of protection.

Our measures ensure the confidentiality, integrity, and availability of the data. We control physical and electronic access to the data, who can see it, inputs, sharing, and availability. We have put in place procedures to implement data subject rights, delete data, and respond to threats. We take data protection into account when developing or selecting hardware and software, according to the principles of “Privacy by Design” and “Privacy by Default”.

IP address truncation: When we process IP addresses and it is not necessary to use the full address, we truncate them (this is called “IP masking“). The last digits are removed or replaced with placeholders. This makes it more difficult to identify you based on your IP address.

Securing online connections through TLS/SSL encryption technology (HTTPS): So that your data that you transmit via our online services are protected from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are important technologies for secure data transmission on the Internet. They encrypt the information between the website or app and your browser (or between two servers) so that the data is protected from unauthorized access. TLS is the advanced and more secure version of SSL and ensures that all data transfers meet the highest security standards. If a website is secured by an SSL/TLS certificate, you will see “HTTPS” in the URL. This shows you that your data is transmitted securely and encrypted.

Information on Data Storage and Deletion

We delete your personal data in accordance with legal regulations as soon as you revoke your consent or there is no other legal basis for processing. This is the case when the original purpose no longer applies or we no longer need the data. Exceptions exist if legal obligations or special interests require longer storage.

In particular, data that must be stored for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of others will be archived accordingly.

Our data protection information contains additional information on the retention and deletion of data that specifically applies to certain processing processes.

If there are several specifications regarding the retention period or deletion periods of data, the longest period always applies.

If a period does not explicitly start on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event occurred. For ongoing contracts under which data is stored, the event is the time of termination or end of the contract.

We only process data that is no longer stored for the original purpose but due to legal requirements or other reasons that justify its retention.

Storage and deletion of data: The following general deadlines apply for storage and archiving under German law:

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the associated documents, accounting vouchers, and invoices (§ 257 HGB, § 147 AO, § 14b UStG).
  • 6 years – Other business documents: commercial or business letters received and sent, documents important for taxation, e.g., hourly wage sheets, calculations, pay slips (§ 257 HGB, § 147 AO).
  • 3 years – Data necessary to consider potential warranty and compensation claims will be stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Your Rights

Rights under the GDPR: You have various rights under the GDPR, especially from Articles 15 to 21 GDPR:

  • Right to object: You can object to the processing of your personal data at any time for reasons arising from your particular situation if this is based on Article 6 Paragraph 1 Letter e or f GDPR; this also applies to profiling based on these provisions. If we process your data for direct advertising, you can object to this at any time; this also applies to profiling in connection with such advertising.
  • Right to revoke consent: You can revoke your consent at any time.
  • Right to information: You have the right to know whether we are processing your data and can request information about this data as well as further information and a copy of the data.
  • Right to rectification: You can request that your data be completed or corrected if it is incorrect or incomplete.
  • Right to deletion and restriction of processing: You can request that we delete your data immediately or restrict processing if legal requirements are met.
  • Right to data portability: You have the right to receive the data you have given us in a structured, commonly used, and machine-readable format or to request that it be transmitted to another controller.
  • Right to lodge a complaint with a supervisory authority: If you believe that the processing of your personal data violates the GDPR, you can lodge a complaint with a supervisory authority, especially in the member state of your habitual residence, place of work, or place of the alleged infringement.

Business Services

We process data from our contractual partners, i.e., customers and interested parties. We do this when we have contracts or similar legal relationships, and also to communicate with the contractual partners, for example, when they send us inquiries.

We use this data to fulfill our contractual obligations. This means we deliver the agreed services, make updates, and help with problems. We also need the data for our administration and organization. We have legitimate interests, such as proper business management and security measures to protect our contractual partners and our business from abuse and threats.

We only pass on the data of our contractual partners to third parties if it is necessary for the stated purposes or due to legal obligations. For example, to telecommunications services, subcontractors, banks, or financial authorities. If we want to use the data for other purposes, such as marketing, we will inform the contractual partners here in the data protection declaration.

We inform the contractual partners in advance which data we need for the stated purposes. We do this, for example, in online forms with special markings or symbols, or we tell you in person.

We delete the data after legal obligations have expired, usually after four years. If the data is stored in a customer account, we keep it longer, for example, for tax purposes, usually ten years. We delete data that a contractual partner has given us as part of an order according to the specifications and usually after the end of the order.

  • Types of Data Processed: Inventory data (e.g., your full name, home address, contact information, customer number); Payment data (such as bank details, invoices, payment history); Contact data (postal and email addresses or telephone numbers); Contract data (e.g., contract subject, term, customer category).
  • Affected Persons: Service recipients and clients; interested parties; business and contractual partners.
  • Purposes of Processing: Fulfillment of our contractual obligations; communication; office and organizational tasks; business processes and operations.
  • Storage and Deletion: We delete the data as described in the “Information on Data Storage and Deletion” section.
  • Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); legal obligations (Art. 6 Para. 1 S. 1 lit. c) GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

  • Agency Services: [We included this because we might sell artworks to third parties which very likely include depictions or performances of performers, and whose personal data (like name or pseudonym) we would include in delivering the artwork to the buyer. We don’t really act as an agency, but safe is better than sorry. The original template text reads like this:] We process our customers’ data to provide our contractual services. This can include conceptual and strategic consulting, campaign planning, software and design development or maintenance, implementation of campaigns and processes, handling, server administration, data analysis, consulting services, and training;
  • Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

Provision of the Online Offering and Web Hosting

We process users’ data so that we can offer them our online services. To do this, we process the user’s IP address to deliver the content and functions of our online services to their browser or device.

  • Types of Data Processed: Usage data (e.g., which pages you visit and for how long, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, times, identification numbers); Protocol data (e.g., log files about logins or data retrievals or access times); Content data (e.g., texts or images that you send us, as well as information like authorship or time of creation).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Providing our online offering and improving user-friendliness; IT infrastructure; security measures.
  • Storage and Deletion: We delete the data as described in the “Information on Data Storage and Deletion” section.
  • Legal Basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

Provision of Online Offering on Rented Storage Space

For our online offering, we use storage space, computing capacity, and software that we rent from a server provider; Legal Basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Collection of Access Data and Log Files

When you access our online offering, our webhosting provider logs this in so-called “server log files.” This may include:

  • address and name of the pages and files accessed,
  • date and time,
  • amount of data transferred,
  • notification of successful retrieval,
  • browser type and version,
  • your operating system,
  • referrer URL (the previously visited page),
  • IP addresses, and
  • your provider.

Our webhosting provider uses the log files to ensure security (e.g., against DDoS attacks) and to ensure the utilization and stability of their servers;

  • Legal Basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • Deletion of Data: Our webhosting provider stores log files for a maximum of 30 days and then delete or anonymize them. Data that they need to keep for evidentiary purposes is excluded from deletion until the incident has been finally clarified.

Email Sending and Hosting

Our web hosting services also include sending, receiving, and storing emails. To do this, we process the addresses of the recipients and senders, as well as other information about sending emails (e.g., involved providers) and the content of the emails. This data can also be processed to detect SPAM. Please note that emails on the Internet are generally not sent encrypted. We cannot assume responsibility for the transmission path of emails between the sender and receipt on our server;

Services in the area of IT infrastructure and related services (e.g., storage space and computing capacities);

  • Service Provider: ALL-INKL.COM – Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany;
  • Legal Basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR);
  • Website: https://all-inkl.com/;
  • Privacy Policy: https://all-inkl.com/datenschutzinformation/.
  • Order Processing Agreement: Provided by the service provider.

Registration, Login, and User Account

You can create a user account. When you register, we will provide you with the required mandatory information. We process this to provide you with the user account. The data primarily includes login information (username, password, and an email address).

If you use our registration and login functions or use your user account, we store the IP address and the time of the respective action. We do this to protect ourselves and you from misuse and unauthorized use. We do not pass on this data to third parties unless it is necessary to pursue our claims or there is a legal obligation.

We can inform you by email about events that are relevant to your user account, for example, technical changes.

  • Types of Data Processed: Inventory data (e.g., your full name, home address, contact information, customer number); Contact data (postal and email addresses or telephone numbers); Content data (e.g., texts or images that you send us, as well as information like authorship or time of creation); Usage data (e.g., which pages you visit and for how long, interactions with content and functions); Protocol data (e.g., log files about logins or data retrievals or access times).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Fulfillment of our contractual obligations; security measures; organizational and administrative tasks; providing our online offering and improving user-friendliness.
  • Storage and Deletion: We delete the data as described in the “Information on Data Storage and Deletion” section. Deletion after termination.
  • Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

  • Registration with Pseudonyms: You may use a pseudonym as your username instead of your real name; Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).
  • User Profiles Are Not Public: The user profiles are not publicly visible or accessible.
  • Deletion of Data After Termination: If you terminate your user account, we will delete your data relating to the user account unless there is a legal permission, obligation, or your consent to retain it; Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).
  • No Obligation to Retain Data: It is up to you to secure your data before the end of the contract if you cancel. We may irretrievably delete all data stored during the term of the contract; Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

Contact and Inquiry Management

If you contact us (for example, by post, contact form, email, telephone, or via social media) or if you are already a user or business partner, we process your information to answer your request and take any necessary measures.

  • Types of Data Processed: Inventory data (e.g., your full name, home address, contact information, customer number); Contact data (postal and email addresses or telephone numbers); Content data (e.g., texts or images that you send us, as well as information like authorship or time of creation); Usage data (e.g., which pages you visit and for how long, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Communication; organizational and administrative tasks; feedback (e.g., collecting feedback via online forms); providing our online offering and improving user-friendliness.
  • Storage and Deletion: We delete the data as described in the “Information on Data Storage and Deletion” section.
  • Legal Basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

Further information on processing processes, procedures, and services:

Contact Form: If you contact us via our contact form, by email, or other communication channels, we process the personal data provided to us to answer and process your request. This usually includes information like name, contact information, and possibly other information that you provide to us. We use this data exclusively for the purpose of contacting and communicating; Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Communication via Messenger

We use messengers for communication and ask you to note the following information on how messengers work, encryption, use of metadata, and your options for objection.

You can also contact us in other ways, for example, by telephone or email. Please use the contact options provided.

If the content is end-to-end encrypted (i.e., the content of your message and attachments), we would like to point out that the communication content is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger provider itself. You should always use a current version of the messenger with encryption activated to ensure security.

Please note that the messenger providers cannot see the content, but they know that and when communication partners communicate with us. They can also process technical information about the device used and, depending on your device settings, location information (so-called metadata).

Notes on Legal Bases: If we ask you for permission before communicating via messenger, the legal basis is your consent. Otherwise, if we do not ask for your consent and you contact us on your own initiative, we use messengers in relation to our contractual partners as well as in the context of contract initiation as a contractual measure and with other interested parties and communication partners on the basis of our legitimate interests in quick and efficient communication. We would like to point out that we will not transmit your contact details to the messenger for the first time without your consent.

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (let’s just call them “newsletters”) only with your consent or if permitted by law. If we mention the content when you register for the newsletter, this is crucial for your consent. Normally, your email address is enough to register. But to provide you with a personalized service, we may ask you for your name for a personal address or for further information if necessary.

Deletion and Restriction of Processing: We can store unsubscribed email addresses for up to three years before deleting them. We do this based on our legitimate interests to be able to prove that you had previously given us consent. We only process this data to be able to defend against possible claims. You can submit an individual request for deletion at any time if you confirm that you had previously given us consent. If we need to permanently consider objections, we store the email address in a blocklist for this purpose alone.

We record the registration process because we need to prove that everything happened correctly. We do this based on our legitimate interests. When we hire a service provider to send the emails, we do so because we want an efficient and secure delivery system.

  • Contents: We inform you about us, our services, promotions, and offers.
  • Types of Data Processed: Inventory data (e.g., your full name, home address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., by email or postal mail).
  • Storage and Deletion: 3 years – Contractual claims (AT). We store data for three years to consider possible warranty and compensation claims or similar contractual claims and to process related inquiries (§§ 1478, 1480 ABGB). 10 years – Contractual claims (CH). We store data for ten years to consider possible claims for damages or similar contractual claims and to process related inquiries. A shorter period of 5 years may apply in certain cases (Art. 127, 130 OR).
  • Legal Basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
  • Opt-Out Option: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to cancel at the end of each newsletter, or you can use one of the contact options listed above, preferably email.

Surveys

We conduct surveys to collect information for the relevant purpose. We evaluate these surveys anonymously. We only process your personal data if it is necessary to provide and technically carry out the surveys (for example, we process the IP address to display the survey in your browser, or use cookies to enable the survey to be resumed).

  • Types of Data Processed: Inventory data (e.g., your full name, home address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., texts or images that you send us, as well as information like authorship or time of creation); Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, devices and operating systems used, interactions with content and functions).
  • Affected Persons: Participants.
  • Purposes of Processing: Feedback (e.g., collecting feedback via online forms); surveys and questionnaires (e.g., surveys with input options, multiple-choice questions).
  • Storage and Deletion: Deletion as described in the “Information on Data Storage and Deletion” section.
  • Legal Basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Presences in Social Networks (Social Media)

We have online presences in social networks and process user data there to communicate with active users or provide information about us.

We would like to point out that user data can be processed outside the European Union. This can pose risks for you because, for example, it could make it more difficult to enforce your rights.

User data is often processed within social networks for market research and advertising purposes. Usage profiles can be created based on your usage behavior and interests. These profiles can be used to display advertisements on and off the networks that are likely to match your interests. That’s why cookies are usually stored on your devices, which record your usage behavior and interests. In addition, data can also be stored in the profiles regardless of the devices you use (especially if you are a member of the respective platform and logged in there).

For more details on the respective forms of processing and your objection options (opt-out), please see the data protection declarations and information of the operators of the respective networks.

If you have requests for information or want to assert your data subject rights, it is best to contact the provider directly. Only they have access to user data and can take direct action and provide information. If you still need help, you can contact us.

  • Types of Data Processed: Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., texts or images that you send us, as well as information like authorship or time of creation); Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Communication; feedback (e.g., collecting feedback via online forms); public relations and information purposes.
  • Storage and Deletion: Deletion as described in the “Information on Data Storage and Deletion” section.
  • Legal Basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

Bluesky

A decentralized social media network—you can create, share, and comment on content and follow other user profiles;

Instagram

Social network, allows sharing of photos and videos, commenting and favoriting posts, sending messages, subscribing to profiles and pages;

Facebook Pages

Profiles within the social network Facebook—we are jointly responsible with Meta Platforms Ireland Limited for the collection (not further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see “Things you and others do and provide” in the Facebook Data Policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy).

As described in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analysis services, so-called “Page Insights,” to site operators so that they can gain insights into how people interact with their pages and the content. We have concluded a special agreement with Facebook (“Information on Page Insights,” https://www.facebook.com/legal/terms/page_controller_addendum), which regulates which security measures Facebook must observe and that Facebook fulfills the rights of those affected. The rights of users are not restricted by the agreements with Facebook. Further information can be found in the “Information about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

The joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, particularly regarding the transmission of the data to the parent company Meta Platforms, Inc. in the USA;

Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online offering that we obtain from the servers of their respective providers (we call them “third-party providers”). This can be, for example, graphics, videos, or city maps (collectively referred to as “content”).

For this content to be displayed, the third-party providers must process the user’s IP address; otherwise, they could not send the content to the browser. We strive to only use content whose providers only use the IP address to deliver the content. Third parties may also use so-called pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes. These pixel tags can be used to evaluate information such as visitor traffic on the pages of our website. The pseudonymous information can be stored in cookies on your device and contain technical information about the browser and operating system, referring websites, visit time, and other information regarding the use of our online offering and may be combined with such information from other sources.

Notes on Legal Bases: If we ask you for your consent to the use of third-party providers, the legal basis is your permission. Otherwise, we process the user data based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Types of Data Processed: Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Providing our online offering and improving user-friendliness.
  • Storage and Deletion: Deletion as described in the “Information on Data Storage and Deletion” section. Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for up to two years).
  • Legal Basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

  • Integration of Third-Party Software, Scripts, or Frameworks (e.g., jQuery): We integrate software into our online offering that we retrieve from servers of other providers (e.g., function libraries that we use to display or improve user-friendliness). The respective providers collect the IP address of the user and can process it to transmit the software to the browser as well as for security purposes and to evaluate and optimize their offer; Legal Basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • Google Fonts (Provided on Our Own Server): Provision of font files for a user-friendly presentation of our online offering; Service Provider: The Google Fonts are hosted on our server; no data is transmitted to Google; Legal Basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Changes and Updates

Please inform yourself regularly about the content of our data protection declaration. We will adapt the declaration as soon as changes in our data processing make it necessary. We will inform you as soon as the changes require your participation (e.g., consent) or individual notification.