top of page

Privacy Policy

Datenschutz

Introduction

With the following privacy policy, we would like to inform you about the types of personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data we carry out, both in the course of providing our services and, in particular, on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Effective date: March 15, 2025

Table of Contents

  1. Introduction

  2. Data Controller

  3. Overview of Data Processing

  4. Relevant Legal Bases

  5. Security Measures

  6. Transmission of Personal Data

  7. Data Processing in Third Countries

  8. Data Deletion

  9. Use of Cookies

  10. Business Services

  11. Payment Methods

  12. Provision of the Online Offer and Web Hosting

  13. Registration, Sign-up, and User Account

  14. Contact and Inquiry Management

  15. Newsletter and Electronic Notifications

  16. Promotional Communication via Email, Mail, Fax, or Phone

  17. Sweepstakes and Contests

  18. Web Analysis, Monitoring, and Optimization

  19. Online Marketing

  20. Customer Reviews and Rating Procedures

  21. Social Media Presence

  22. Plugins and Embedded Functions and Content

  23. Changes and Updates to the Privacy Policy

  24. Rights of Affected Persons

  25. Definitions

Data Controller

QUATTUOR LLC
1621 Central Ave
#82001 Cheyenne, WY
United States

Contact:

Email: service@redox-now.com
Mobile: +49.(0)172.4330422

Overview of Data Processing

The following overview summarizes the types of data processed, the purposes of processing, and the affected persons.

Types of Processed Data

  • Master data

  • Payment data

  • Location data

  • Contact data

  • Content data

  • Contract data

  • Usage data

  • Meta/communication data

  • Event data (Facebook)

Special Categories of Data

  • Health data

Categories of Affected Persons

  • Customers

  • Prospects

  • Communication partners

  • Users

  • Contest and competition participants

  • Business and contract partners

  • Patients

Purposes of Processing

  • Provision of contractual services and customer support

  • Contact inquiries and communication

  • Security measures

  • Direct marketing

  • Reach measurement

  • Tracking

  • Office and organizational procedures

  • Administration and response to inquiries

  • Conducting contests and competitions

  • Feedback

  • Marketing

  • Profiles with user-related information

  • Provision of our online offer and user-friendliness

  • Information technology infrastructure

Legal Bases for Processing

Below is an overview of the legal bases under the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or location. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a GDPR): The data subject has given their consent to the processing of their personal data for one or more specific purposes.

  • Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR): The processing is necessary for the performance of a contract to which the data subject is a party, or for the performance of pre-contractual measures taken at the request of the data subject.

  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR): The processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR): The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh those interests.

In addition to the GDPR, national regulations on data protection in Germany also apply. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains specific regulations regarding the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making, including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), particularly concerning the establishment, performance, or termination of employment relationships and employee consent. State data protection laws in individual federal states may also apply.

Security Measures

We implement technical and organizational measures in accordance with legal requirements, considering the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the likelihood and severity of the threat to the rights and freedoms of individuals, to ensure an adequate level of protection for personal data.

These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as their access, input, transmission, security of availability, and separation. Furthermore, we have procedures in place to ensure the exercise of rights of data subjects, data deletion, and responses to data threats. Additionally, we consider data protection when developing or selecting hardware, software, and procedures in accordance with the principle of data protection by design and by default.

Transmission of Personal Data

As part of our data processing, it may occur that data is transmitted to other parties, companies, legally independent organizations, or individuals. Recipients of this data may include service providers assigned with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and enter into contracts or agreements with the recipients of your data to protect your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or if the processing takes place as part of using third-party services or disclosing or transmitting data to other persons, organizations, or companies, this will only occur in accordance with legal requirements.

Subject to explicit consent or contractually or legally required transmission, we process or allow data to be processed only in third countries that offer an adequate level of data protection, either through contractual obligations (e.g., standard contractual clauses of the EU Commission), certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Data Deletion

We delete personal data in accordance with legal requirements as soon as the consent for processing is revoked or other permissions expire (e.g., when the purpose of processing no longer exists or the data is no longer necessary for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. For example, data that must be retained for commercial or tax reasons, or for asserting, exercising, or defending legal claims, or to protect the rights of another individual or legal entity, will be blocked but not processed for other purposes.

Use of Cookies

Cookies are small text files or other storage notes that store and read information on devices, for example, to store login status in a user account, the contents of a shopping cart in an e-shop, visited content, or functions used in an online offer. Cookies can also be used for various purposes, such as for functionality, security, and comfort, as well as for creating analyses of visitor flows.

Business Services

We process data of our contractual and business partners, such as customers and prospects (collectively referred to as "contractual partners") in the context of contractual and similar legal relationships, as well as associated measures and communication with the contractual partners (or pre-contractually), for example, to answer inquiries.

We process this data to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services, any update obligations, and remedies in case of warranty and other performance disruptions. Furthermore, we process the data to safeguard our rights and for administrative tasks associated with these obligations, as well as for company organization. Additionally, we process the data based on our legitimate interests in proper and business-like management and security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). In accordance with applicable law, we only share the data of contractual partners with third parties insofar as this is necessary for the aforementioned purposes or to fulfill legal obligations. Further forms of processing, e.g., for marketing purposes, will be communicated to the contractual partners within the framework of this privacy policy.

We inform our contractual partners about which data is necessary for the aforementioned purposes before or during data collection, e.g., in online forms, by special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiration of statutory warranty and similar obligations, i.e., generally after 4 years, unless the data is stored in a customer account, for example, as long as it must be archived for legal reasons. The statutory retention period for tax-relevant documents, as well as for commercial books, inventories, opening balance sheets, annual financial statements, and the related necessary work instructions and other organizational documents and accounting records, is ten years. For received commercial and business letters and copies of sent commercial and business letters, the retention period is six years. The retention period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statement or the management report was prepared, the commercial or business letter was received or sent, or the accounting document was created, or the recording was made, or the other documents were created.

If we use third-party services or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply in the relationship between users and providers.

Types of Processed Data:

  • Basic data (e.g., names, addresses)

  • Payment data (e.g., bank details, invoices, payment history)

  • Contact data (e.g., email, phone numbers)

  • Contract data (e.g., subject of contract, duration, customer category)

  • Usage data (e.g., visited websites, interest in content, access times)

  • Meta/Communication data (e.g., device information, IP addresses)

Special Categories of Personal Data: Health data (Art. 9(1) GDPR)

Affected Persons:

  • Customers

  • Prospects

  • Business and contractual partners

  • Patients

Purposes of Processing:

  • Providing contractual services and customer service

  • Security measures

  • Contact inquiries and communication

  • Office and organizational processes

  • Administration and answering inquiries

Legal Bases:

  • Fulfillment of the contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR)

  • Legal obligation (Art. 6(1) sentence 1 lit. c) GDPR)

  • Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR)

Further Notes on Processing Processes, Procedures, and Services:

Customer Account: Contractual partners can create an account within our online offer (e.g., customer or user account, hereinafter "customer account"). If the creation of a customer account is required, the contractual partners will be informed of this as well as the necessary information for registration. The customer accounts are not publicly accessible and cannot be indexed by search engines. In the context of registration, as well as subsequent logins and use of the customer account, we store the IP addresses of customers along with access times to prove the registration and prevent any misuse of the customer account. If customers cancel their customer account, the data related to the customer account will be deleted, unless its retention is required by law. It is the responsibility of customers to secure their data after the cancellation of the customer account.

Shop and E-Commerce: We process the data of our customers to enable them to select, purchase, or order the chosen products, goods, and associated services, as well as their payment and delivery or execution. If necessary, we use service providers, especially postal, shipping, and courier companies, to execute the delivery or provision of the services. For payment processing, we rely on banks and payment service providers. The necessary details are marked as required in the order process and include the information needed for delivery, provision, and billing, as well as contact information for any follow-up communication.

Medical Services: We process the data of our patients to provide them with treatment services and to bill them. The processed data, the type, scope, purpose, and necessity of their processing depend on the underlying contractual and patient relationship and will be communicated to the patients in due time. In the context of our activity, we may also process special categories of data, particularly health-related information, possibly with reference to sexual life or sexual orientation, as well as data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. We obtain explicit consent from the patients for processing these special categories of data where necessary, or process such data for health care purposes or to protect vital interests. If necessary for our contractual obligations, to protect vital interests, or if required by law (e.g., to fulfill social security obligations), we may disclose or transmit patient data to third parties or appointed contractors, such as authorities, medical institutions, laboratories, billing offices, or IT, office, or comparable services.

Therapeutic Services: We process the data of our clients, as well as prospects and other contracting parties or contractual partners (collectively referred to as "clients") to provide them with our services. The processed data, the type, scope, purpose, and necessity of their processing depend on the underlying contract and client relationship. We may also process special categories of data, particularly health-related information, possibly with reference to sexual life or sexual orientation, as well as data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. We obtain explicit consent from clients for processing these special categories of data where necessary, or process such data if it serves the health of the clients, is public, or other legal permissions apply.

Payment Methods

As part of contractual and other legal relationships, based on legal obligations or otherwise on the basis of our legitimate interests, we offer affected individuals efficient and secure payment options and use, in addition to banks and credit institutions, further service providers (collectively "payment service providers").

Data processed by the payment service providers include basic data such as names and addresses, bank data such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, amount, and recipient-related details. The data entered is processed only by the payment service providers and stored by them. We do not receive account or credit card-related information but only confirmation or negative feedback about the payment. If necessary, the data may be transmitted by the payment service providers to credit agencies for identity and creditworthiness checks.

For payment transactions, the terms and conditions and privacy policies of the respective payment service providers apply, which are available on their websites or transaction applications. We refer to these for further information and to exercise rights such as withdrawal, access, and other rights of the data subjects.

Provision of Online Services and Web Hosting

We process user data in order to provide our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

Types of Processed Data: Usage data (e.g., visited websites, interest in content, access times); Meta/Communication data (e.g., device information, IP addresses); Content data (e.g., entries in online forms).

Affected Persons: Users (e.g., website visitors, users of online services).

Purposes of Processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); security measures.

Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

Provision of Online Services on Rented Storage Space: For the provision of our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a server provider (also referred to as "web hosting provider"); Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Collection of Access Data and Log Files: Access to our online services is logged in the form of so-called "server log files." These server log files may include the address and name of the retrieved websites and files, the date and time of retrieval, data volume transferred, successful retrieval messages, browser type and version, the user’s operating system, referrer URL (previously visited page), and typically IP addresses and the requesting provider. The server log files can be used for security purposes, such as avoiding server overload (especially in the case of abusive attacks, known as DDoS attacks), and to ensure server load and stability; Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR); Data Deletion: Log file information is stored for a maximum of 30 days and is then deleted or anonymized. Data that must be retained for evidence purposes are excluded from deletion until the final clarification of the respective incident.

Wix: Hosting and software for creating, providing, and operating websites, blogs, and other online services; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR); Website: https://de.wix.com/; Privacy Policy: https://de.wix.com/about/privacy; Data Processing Agreement: https://www.wix.com/about/privacy-dpa-users; Further Information: In the context of Wix's services, data may also be transferred to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA, based on standard contractual clauses or an equivalent data protection guarantee for further processing on behalf of Wix.

Registration, Login, and User Account

Users can create a user account. During registration, users will be informed of the required mandatory details, and these are processed for the purpose of providing the user account based on contractual obligation fulfillment. The processed data primarily includes login information (username, password, and email address).

In the course of using our registration and login features, as well as using the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users to protect against misuse and unauthorized use. These data will not be shared with third parties, unless required to assert our claims or if there is a legal obligation to do so.

Users can be informed via email about actions relevant to their user account, such as technical changes.

Types of Processed Data: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Meta/Communication data (e.g., device information, IP addresses).

Affected Persons: Users (e.g., website visitors, users of online services).

Purposes of Processing: Providing contractual services and customer service; Security measures; Managing and responding to inquiries; Providing our online services and user-friendliness.

Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

Registration with Real Names: Due to the nature of our community, we request that users only use their real names when using our services. The use of pseudonyms is not allowed; Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR).

Deletion of Data after Termination: When users cancel their user accounts, their data related to the user account will be deleted, subject to legal permission, obligation, or user consent; Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR).

No Retention Obligation for Data: It is the users' responsibility to secure their data before contract termination. We are entitled to irrevocably delete any data stored during the contract period; Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR).

Contact and Inquiry Management

When users contact us (e.g., via contact forms, email, phone, or social media) or in the course of existing user and business relationships, the details provided by the inquiring persons are processed to respond to the contact inquiries and any requested measures.

Types of Processed Data: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/Communication data (e.g., device information, IP addresses).

Affected Persons: Communication partners.

Purposes of Processing: Contact inquiries and communication; Managing and responding to inquiries; Feedback (e.g., collecting feedback via online forms); Providing our online services and user-friendliness.

Legal Bases: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR); Contract fulfillment and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data provided to handle the inquiry; Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletters") only with the consent of the recipients or based on legal authorization. If the content of the newsletter is specifically described during registration, it is relevant for the users' consent. Otherwise, our newsletters contain information about our services and us.

To sign up for our newsletters, it is generally sufficient to provide your email address. However, we may ask you for a name to personalize the newsletter or for additional details if these are necessary for the purposes of the newsletter.

Double-Opt-In Procedure: Registration for our newsletter generally follows a double-opt-in procedure. This means that after registration, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can register with another person’s email address. The registrations for the newsletter are logged to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation time as well as the IP address. Changes to the data stored with the mail service provider are also logged.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, to demonstrate prior consent. The processing of this data is restricted to the purpose of potentially defending claims. An individual deletion request is always possible, provided that the prior existence of consent is confirmed. In cases where we are required to permanently observe objections, we reserve the right to store the email address only for this purpose in a block list (so-called "blocklist").

The logging of the registration process is done based on our legitimate interests to prove its proper execution. If we commission a service provider to send emails, this is done based on our legitimate interests in an efficient and secure mailing system.

Content: Information about us, our services, promotions, and offers.

Types of Processed Data: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Meta/Communication data (e.g., device information, IP addresses); Usage data (e.g., visited websites, interest in content, access times).

Affected Persons: Communication partners.

Purposes of Processing: Direct marketing (e.g., via email or post).

Legal Bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR).

Right to Object (Opt-Out): You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe from the newsletter is provided at the end of each newsletter or you can use any of the above-mentioned contact methods, preferably email, for this purpose.

Further Notes on Processing Processes, Procedures, and Services:

Measurement of Open and Click Rates: Newsletters contain a "web beacon," i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened, or if we use a mailing service provider, from their server. During this retrieval, technical information such as information about the browser and system, as well as your IP address and the time of retrieval, is collected. This information is used to technically improve our newsletter based on technical data or the target audience and their reading behavior, such as their retrieval locations (which can be determined using the IP address) or access times. This analysis also determines whether the newsletters are opened and when they are opened; Legal Basis: Consent (Art. 6 (1) sentence 1 lit. a) GDPR).

Advertising Communication via Email, Post, Fax, or Phone

We process personal data for the purposes of advertising communication, which may occur through various channels, such as email, phone, post, or fax, in accordance with legal requirements.

Recipients have the right to withdraw consent given at any time or to object to advertising communication at any time.

After withdrawal or objection, we will store the data necessary to prove the previous authorization for contact or sending until three years after the end of the year in which the withdrawal or objection occurred, based on our legitimate interests. The processing of this data is limited to the purpose of possibly defending against claims. Based on the legitimate interest of permanently respecting the withdrawal or objection of the users, we will also store the data required to prevent further contact (e.g., depending on the communication channel, the email address, phone number, name).

Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers).

Affected individuals: Communication partners.

Purposes of processing: Direct marketing (e.g., via email or post).

Legal basis: Consent (Art. 6 (1) Sentence 1 lit. a GDPR); Legitimate interests (Art. 6 (1) Sentence 1 lit. f GDPR).

Contests and Competitions

We process personal data of participants in contests and competitions only in compliance with the relevant data protection regulations, as far as the processing is necessary for the provision, execution, and processing of the contest, the participants have consented to the processing, or the processing serves our legitimate interests (e.g., in ensuring the security of the contest or protecting our interests against abuse, such as the potential collection of IP addresses when submitting contest entries).

If, as part of the contests, the participants' entries are published (e.g., as part of a vote or presentation of contest entries or the winners, or reporting on the contest), we will inform them that their names may be published in this context. Participants can object to this at any time.

If the contest takes place within an online platform or a social network (e.g., Facebook or Instagram, hereinafter referred to as "Online Platform"), the usage and privacy policies of the respective platforms also apply. In such cases, we point out that we are responsible for the data provided in the context of the contest, and inquiries regarding the contest should be directed to us.

The data of the participants will be deleted once the contest or competition has ended and the data is no longer required to inform the winners or because there are no further inquiries expected about the contest. In general, participant data will be deleted no later than 6 months after the contest ends. Data of winners may be kept longer, for example, to respond to inquiries regarding the prizes or to fulfill the prize obligations; in such cases, the retention period depends on the nature of the prize, e.g., up to three years in the case of items or services, to handle warranty issues. Furthermore, participants' data may be stored longer, e.g., in the form of reporting on the contest in online and offline media.

If data was also collected for other purposes in the context of the contest, the processing and retention period of such data is governed by the privacy policy for that use (e.g., in the case of signing up for a newsletter during the contest).

Processed data types: Inventory data (e.g., names, addresses); Content data (e.g., entries in online forms); Meta/communication data (e.g., device information, IP addresses).

Affected individuals: Contest and competition participants.

Purposes of processing: Conducting contests and competitions.

Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) Sentence 1 lit. b GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as "reach measurement") is used to evaluate the traffic on our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. Through reach analysis, we can determine, for example, when our online offering or its features or content is most frequently used or invites repeated use. We can also track which areas need improvement.

In addition to web analysis, we may use test procedures to test and optimize different versions of our online offering or its components.

Unless otherwise indicated below, profiles, i.e., data collected about a user’s actions, are created for these purposes, and information is stored in a browser or device and read from it. The collected data includes, in particular, visited web pages and the elements used there, as well as technical information such as the browser used, the computer system used, and details about the times of use. If users have consented to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, the data collected in the course of web analysis, A/B testing, and optimization does not include personal data (e.g., email addresses or names), but pseudonyms. This means that both we and the providers of the software used do not know the true identity of users but only the information stored in their profiles for the purposes of the respective procedures.

Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

Affected individuals: Users (e.g., website visitors, users of online services).

Purposes of processing: Reach measurement (e.g., access statistics, identification of recurring visitors); Profile creation with user-related information (e.g., behavior-based profiling, use of cookies); Providing our online offering and improving user experience.

Security measures: IP masking (pseudonymization of IP addresses).

Legal basis: Consent (Art. 6 (1) Sentence 1 lit. a GDPR).

Online Marketing

We process personal data for online marketing purposes, which includes, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on users' potential interests, as well as measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (called a "cookie"), or similar procedures are used, which store relevant information about the user for the display of the aforementioned content. These data may include, for example, viewed content, visited websites, used online networks, as well as communication partners and technical data, such as the browser used, the computer system used, and information about times of use and features used. If users have consented to the collection of their location data, this may also be processed.

IP addresses of users are also stored. However, we use IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, personal data (e.g., email addresses or names) are not stored within online marketing procedures, only pseudonyms. This means that both we and the providers of online marketing procedures do not know the true identity of the users, but only the information stored in their profiles.

The information in the profiles is typically stored in cookies or similar methods. These cookies can later be read on other websites that use the same online marketing procedure and used for analyzing the display of content as well as supplemented with other data and stored on the server of the online marketing provider.

Exceptionally, personal data can be assigned to the profiles. This happens if users are members of a social network whose online marketing procedure we use and the network associates users' profiles with the aforementioned data. Users should note that they can enter into additional agreements with the providers, e.g., by consenting to the registration process.

Generally, we only have access to aggregated information about the success of our ads. However, through so-called conversion measurement, we can check which of our online marketing procedures led to a "conversion," i.e., e.g., to a contract conclusion with us. Conversion measurement is used solely to analyze the success of our marketing activities.

Unless otherwise specified, please assume that cookies used are stored for a period of two years.

Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

Affected individuals: Users (e.g., website visitors, users of online services).

Purposes of processing: Reach measurement (e.g., access statistics, identification of recurring visitors); Tracking (e.g., behavior-based profiling, use of cookies); Marketing; Profile creation with user-related information (e.g., user profiles).

Security measures: IP masking (pseudonymization of the IP address).

Opt-Out: We refer to the privacy policies of the respective providers and the opt-out options provided by these providers ("Opt-Out"). If no explicit opt-out option is provided, users can disable cookies in their browser settings. However, this may limit the functionality of our online offering. Therefore, we also recommend the following opt-out options, which are offered for specific regions: a) Europe: https://www.youronlinechoices.eu; b) Canada: https://www.youradchoices.ca/choices; c) USA: https://www.aboutads.info/choices; d) Cross-region: https://optout.aboutads.info.

Customer Reviews and Rating Procedures

We participate in review and rating procedures to evaluate, optimize, and advertise our services. If users rate us via the participating review platforms or procedures or provide feedback in other ways, the general terms and conditions and privacy policies of the providers apply. In most cases, ratings also require registration with the respective providers.

To ensure that the reviewers have actually used our services, we transmit the required data regarding the customer and the service provided to the respective review platform (including name, email address, and order number or item number), with the customer's consent. This data is used solely to verify the authenticity of the user.

Processed data types: Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

Affected individuals: Customers; Users (e.g., website visitors, users of online services).

Purposes of processing: Feedback (e.g., collecting feedback via online form); Marketing.

Legal basis: Legitimate interests (Art. 6 (1) Sentence 1 lit. f GDPR).

Presence in Social Networks (Social Media)

We maintain online presences in social networks and process data from users in this context to communicate with users active there or to provide information about us.

We point out that user data may be processed outside the European Union. This may pose risks to users, as the enforcement of their rights could be more difficult.

Additionally, user data within social networks is generally processed for market research and advertising purposes. For example, based on user behavior and resulting interests, usage profiles can be created. These profiles can be used to display advertisements within and outside the networks that likely match users' interests.

Plugins and Embedded Functions as well as Content

We integrate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or maps (hereinafter collectively referred to as "content").

The integration always requires that the third-party providers of these contents process the users' IP addresses because, without the IP address, they would not be able to send the content to the users' browsers. Therefore, the IP address is necessary for the display of this content or functions. We strive to only use content where the respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" allow the collection of information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and can contain, among other things, technical information about the browser and operating system, referring websites, visit times, and other usage details of our online offering, which may also be combined with information from other sources.

Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta/Communication data (e.g., device information, IP addresses); Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Location data (information about the geographical position of a device or person); Event data (Facebook) ("Event data" refers to data that, for example, via Facebook Pixel (via apps or other methods) can be transmitted by us to Facebook and relates to individuals or their actions; these data include, for example, information about visits to websites, interactions with content, features, app installations, product purchases, etc.; event data is processed to form target groups for content and advertising information (Custom Audiences); event data does not include the actual content (e.g., comments made), no login information, and no contact information (i.e., no names, email addresses, or phone numbers). Event data will be deleted by Facebook after a maximum of two years, with the deletion of our Facebook account resulting in the deletion of the target groups formed from them).

Affected Individuals: Users (e.g., website visitors, users of online services).

Purposes of Processing: Provision of our online offerings and user-friendliness; user profiles (creating user profiles); marketing.

Legal Grounds: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR); Consent (Art. 6 (1) Sentence 1 lit. a) GDPR).

Further Information on Processing Procedures, Services, and Providers:

Facebook Plugins and Content: Facebook Social Plugins and Content – These can include content such as images, videos, texts, and buttons that allow users to share content from this online offering within Facebook. The list and appearance of the Facebook Social Plugins can be viewed here: Facebook Developer Plugins. We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt of "Event Data" transmitted by Facebook via the Facebook Social Plugins (and embedding functions for content) executed on our online offering, but not for its further processing, for the following purposes: a) Displaying content and advertising information that matches users' presumed interests; b) Sending commercial and transactional messages (e.g., user contact via Facebook Messenger); c) Improving ad delivery and personalizing features and content (e.g., improving recognition of which content or advertising information is presumed to match users' interests). We have concluded a special agreement with Facebook ("Controller Addendum", Facebook Controller Addendum) that outlines, in particular, the security measures Facebook must adhere to (Facebook Data Security Terms) and in which Facebook agrees to fulfill the rights of affected individuals (i.e., users can request information or deletion directly from Facebook). Note: If Facebook provides us with metrics, analyses, and reports (which are aggregated, meaning no information on individual users and are anonymized for us), this processing is not part of joint responsibility but is based on a data processing agreement ("Data Processing Terms", Facebook Data Processing), the "Data Security Terms" (Facebook Data Security), and with respect to processing in the USA, based on standard contractual clauses (Facebook EU Data Transfer Addendum). Users' rights (especially the right to information, deletion, objection, and complaints to the competent supervisory authority) are not restricted by the agreements with Facebook. Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Grounds: Consent (Art. 6 (1) Sentence 1 lit. a) GDPR); Website: Facebook; Privacy Policy: Facebook Privacy Policy.

Google Fonts (Provided on Own Server): Fonts ("Google Fonts") for user-friendly display of our online offering; Service Provider: The Google Fonts are hosted on our server, and no data is transmitted to Google; Legal Grounds: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).

Google Fonts (From Google Server): Fonts (and symbols) sourced for technically secure, maintenance-free, and efficient use regarding updates and load times, uniform presentation, and compliance with possible licensing restrictions. The provider of the fonts will receive the user's IP address so the fonts can be delivered to the user's browser. Additionally, technical data (language settings, screen resolution, operating system, used hardware) will be transmitted, which are necessary for providing the fonts depending on the devices used and technical environment. This data may be processed on a server of the font provider in the USA; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Grounds: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR); Website: Google Fonts; Privacy Policy: Google Privacy Policy.

Google Maps: We embed maps from the "Google Maps" service provided by Google. The data processed may include, in particular, users' IP addresses and location data; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Grounds: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR); Website: Google Maps Platform; Privacy Policy: Google Privacy Policy.

Instagram Plugins and Content: Instagram Plugins and Content – These can include content like images, videos, texts, and buttons that allow users to share content from this online offering within Instagram. We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt of "Event Data" transmitted via Instagram's features (e.g., embedding content) executed on our online offering but not for its further processing, for the following purposes: a) Displaying content and advertising information matching users' presumed interests; b) Sending commercial and transactional messages (e.g., user contact via Facebook Messenger); c) Improving ad delivery and personalizing features and content. We have concluded a special agreement with Facebook ("Controller Addendum", Facebook Controller Addendum) regarding security measures and users' rights to data requests. Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Grounds: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR); Website: Instagram; Privacy Policy: Instagram Privacy Policy.

Changes and Updates to the Privacy Policy

Please check the contents of our privacy policy regularly. We will adjust the privacy policy when changes to the data processing we carry out make this necessary. We will inform you whenever changes require your action (e.g., consent) or other individual notification.

Rights of Affected Individuals

As affected individuals, you have various rights under the GDPR, particularly from Articles 15 to 21:

  • Right to Object: You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data based on Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions.

  • Right to Withdraw Consent: You have the right to withdraw any consent given at any time.

  • Right to Information: You have the right to request confirmation as to whether relevant data is being processed and to obtain information about this data, including a copy, according to the legal requirements.

  • Right to Rectification: You have the right to request the correction of inaccurate data or the completion of incomplete data.

  • Right to Deletion and Restriction of Processing: You have the right to request the immediate deletion of data or, alternatively, the restriction of processing according to legal requirements.

  • Right to Data Portability: You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another responsible party.

  • Complaint to Supervisory Authority: You have the right to file a complaint with a supervisory authority, especially in the EU member state of your usual residence, place of work, or the place of the alleged infringement.

Definitions of Terms

This section provides an overview of the terms used in this privacy policy. Many of these terms are taken from the law, specifically Art. 4 of the GDPR. The legal definitions are binding, and the explanations below are for better understanding. The terms are listed alphabetically.

  • Personal Data: "Personal data" refers to any information that relates to an identified or identifiable natural person (the "data subject"). A person is considered identifiable if they can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

  • User Profiles: The processing of "user profiles" involves any automated processing of personal data to evaluate, analyze, or predict certain personal aspects of a natural person (e.g., interests, behaviors, or interactions with content).

  • Reach Measurement: "Reach measurement" (also known as web analytics) refers to the analysis of user traffic on an online offering to understand visitor behavior or interests in particular content, allowing website owners to adjust content to meet visitor needs.

bottom of page