With the following privacy notice, we would like to inform you about how we process your personal data in accordance with the European General Data Protection Regulation (GDPR). The privacy notice applies to all processing of personal data carried out by us when you visit our website: www.flzr.com.

1. Responsible

Responsible within the meaning of the GDPR is

FLZR GmbH
Streustraße 67-68
13086 Berlin

Phone: +49 (0) 30 509 307 500
Fax: +49 (0) 30 509 307 599
E-Mail: contact@flzr.com

2. Data Protection Officer

You can contact our data protection officer as follows:

DataCo GmbH
Sandstrasse 33
80335 Munich, Germany

Phone: +49 (0) 89 7400 458 40
E-mail: datenschutz@dataguard.de

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection and the exercise of your rights.

3. Definition

Personal data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

4. Data for the provision of the website and the creation of log files

When you call up our website in your browser, we collect technically necessary data via server log files, which are automatically transmitted to our server, e.g:

• Date and time of access
• IP address
• Host name of the accessing computer
• Website from which the website was accessed; websites that were accessed via the website
• Visited page on our website; amount of data transferred
• Information about the browser type and version used
• Operating system
• Access status (e.g. whether the website could be accessed without any problems or whether you received an error message)
• Use of website functions
• search terms entered
• Access frequency of the individual website
• Amount of data transferred
• other websites that you visit from this website, either by clicking on a link on this website or by entering the domain directly in the input bar in the same window of your browser

The temporary storage of the data is necessary for the course of a website visit to be able to display our website to you. This processing is technically necessary to ensure the functionality of the website and the security of the information technology systems. The legal basis for the processing is therefore Art. 6(1)(f) GDPR to guarantee the provision, security and stability of our website.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored directly for up to 24 hours and are only accessible to administrators. After that, they are only available indirectly via the reconstruction of backup tapes and are permanently deleted after four weeks.

The legal basis for processing is Art. 6(1)(f) GDPR to guarantee the provision, security and stability of our website.

We use storage space, computing capacity and software that we rent or otherwise obtain from Combell nv, (Skaldenstraat 121, 9042 Ghent Belgium) to provide our online services. We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

5. Technically necessary cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website.

Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity.

On the one hand, the use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period.

6. Registration for my-profiflitzers

You have the option of registering for our login area in order to be able to use the full range of functions on our website. We have highlighted the data you are required to enter (title, name, date of birth, e-mail address) as mandatory fields. Registration is not possible without this data. The legal basis for processing is Art. 6(1)(b) GDPR, as the processing is necessary to provide you with your customer account. The data entered will be forwarded to my-profiflitzer so that a user account is automatically created there. For further data processing, please also refer to the privacy notice of my-profiflitzer.

You can delete your data, including your customer account, in the customer area at any time. If you have terminated your customer account, the data relating to the customer account will be deleted, except for order data, the retention of which is required for legal reasons.

6.1. Details for creating a My-flzr profile

In your login area, you have the option of entering further personal data to create a complete My-flzr profile. The data collected serves the purpose of order placement. In detail, the following data is collected:

• Salutation
• Name
• Date of birth
• E-mail address
• Phone number
• Channel through which you became aware of us

The legal basis for processing is Art. 6(1)(b) GDPR.

You also have the option of uploading informative documents such as a cover letter, your CV and certificates and providing further personal data such as your appearance details, tax number, creditor data, images, address, etc. The legal basis for processing this data is your consent in accordance with Art. 6(1)(a) GDPR.

Creating a complete My-FLZR profile considerably facilitates and promotes the chances of successful order placement.

7. Applications

You have the option to apply via our website. We use Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany, as a cloud-based HR management software to manage applicant and employee data. We collect and process your personal data for the purpose of carrying out the application process and for the implementation of pre-contractual measures.

By applying on our recruiting page, you express your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application. In particular, the following data will be collected:

• Name (first name and surname)
• Gender
• E-mail address
• Place of residence
• Salary expectations
• Availability
• Phone number
• Channel, how you became aware of us

You also have the option of uploading informative documents such as a cover letter, your CV and certificates. These may contain further personal data such as date of birth, address, etc.

Only authorized employees from the HR department or employees involved in the application process have access to your data.

The legal basis for the processing of this data is the initiation of a contract in accordance with Art. 6(1)(b) GDPR, which takes place at your request. If we obtain your consent (e.g. for inclusion in our applicant pool), this constitutes the legal basis for data processing in accordance with Art. 6(1)(a) GDPR. After completion of the application process, the data will be stored for up to six months. Your data will be deleted or anonymized after six months at the latest. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical evaluations (e.g. proportion of women or men in applications, number of applications per period, etc.).

We also offer you the opportunity to be included in our “applicant pool”. You must agree to this in advance. With your consent, we will store your data for inclusion in our applicant pool for six months after the end of the application process to identify any other interesting positions for you. This also applies, for example, to applications for an apprenticeship or internship.

If you receive an offer of employment with us during the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship.  

In the event of a legal obligation, the data will be stored within the framework of the applicable provisions. Longer storage is only possible if we include the personal data in our applicant pool as described after obtaining your consent.

The data is generally processed on servers located within the European Union. Where, in individual cases, a transfer to third countries takes place, Personio ensures appropriate safeguards within the meaning of Articles 44 et seq. GDPR (e.g. EU Standard Contractual Clauses).

Further information on data processing by Personio can be found at: https://www.personio.com/privacy-policy/

7.1. Applications via job boards

We also offer you the opportunity to apply online for vacancies on various job boards.
The personal data that you provide to us via the job exchanges will be processed under the above-mentioned conditions in accordance with Art. 6(1)(b), Art. 88(1) GDPR in conjunction with Section 26(1) BDSG to carry out your application procedure.
Please note that we do not have any data processing agreements with the job boards within the meaning of the GDPR. Therefore, please inform yourself about the data protection guidelines of the job exchange you use.

Indeed [Indeed Ireland Operations Limited, Block B, Capital Dock, 80 Sir John Rogerson’s Quay Grand Canal Dock, Dublin, 2, D02 HE36, Ireland]:
https://hrtechprivacy.com/de/brands/about-indeed#privacypolicy

8. Recruiting campaign

We use a WhatsApp chatbot for the purpose of conducting a recruiting campaign. This can be accessed either via the WhatsApp app or a chat widget on our website. The intelligent WhatsApp chatbot automatically answers your inquiries and provides you with suitable information via the selected communication channel. If you are specifically interested in a position or have any queries, a member of our recruiting team will contact you directly in the chat.

As part of your contact and communication with our WhatsApp chatbot, we process personal data resulting from the text messages or attachments you enter. This concerns, for example, your first and last name, your telephone number, information about your professional career and other application data that you send us.
Depending on the communication channel selected, the following personal data is also processed:

• WhatsApp app: When you use the WhatsApp chatbot via the WhatsApp messenger service, we collect and process your telephone number and user name in addition to the data mentioned above. Furthermore, so-called log files (e.g. information about the operating system used and the WhatsApp version used) are processed.
• Chat widget: If you use the chat widget on our website to communicate with the WhatsApp chatbot, browser log files are also processed. These contain, for example, information about the access time, the IP or DNS address, bytes transferred, browser used, operating system used, etc.
  Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp and our external service provider have access to the metadata generated during the communication (e.g. sender, recipient and time).
  We use the following service providers to provide and process this communication:
• Superchat GmbH, Oranienstraße 6, 10997 Berlin, provides the technical infrastructure for cross-channel communication via WhatsApp and the chat widget.
• To automate internal processes (e.g. forwarding, status checks, workflows for request categorization), we also use the n8n tool from n8n GmbH, Gerichtstraße 47, 13347 Berlin.

Data processing agreements have been concluded with both service providers in accordance with Art. 28 GDPR. The processing of personal data is carried out exclusively in accordance with our instructions and in compliance with data protection requirements.

Insofar as personal data is transferred to third countries as part of the service, we have agreed suitable guarantees with the respective service providers in accordance with Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are the standard contractual clauses (SCCs) issued by the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021.

Legal bases of the processing:

• Section 26(1) BDSG – insofar as the processing is necessary for the decision on the establishment of an employment relationship.
• Art. 6(1)(b) GDPR – for preparatory measures to initiate a contract, provided that no employment relationship under German law is involved (e.g. internships, freelancers).
• Art. 6(1)(f) GDPR – for our legitimate interest in processing applicant inquiries in an efficient and user-friendly manner and optimizing the selection process.
• Art. 6(1)(a) GDPR – if express consent has been obtained (e.g. for further storage in a talent pool); consent can be revoked at any time.

Storage period: The data will remain stored until the purpose of the processing no longer applies, you object to the storage or revoke your consent. Statutory retention periods remain unaffected.

9. Social Media

We maintain publicly accessible profiles on various social networks. Your visit to these profiles triggers a variety of data processing operations. Below we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles.

When you visit our profiles, your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile on the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the operator of the respective social network, please refer to the following explanations.

9.1. Facebook/Instagram

When you visit our Facebook/Instagram page, certain information about you is processed. We can only view the information stored in your public Facebook/Instagram profile (such as your profile picture or information that you share on a Facebook profile or on a public Instagram profile), and only if you have such a profile and are logged into it while you visit our Facebook/Instagram page.
In addition, the operator of the Meta platform, Meta Platforms Ireland Limited, [Serpentine Avenue, Block J, Dublin 4 Ireland; (Meta)] provides us with statistics and insights for our Facebook/Instagram page in anonymized form, which help us gain insights into the types of actions people take on our page (Page Insights). These Page Insights are created on the basis of certain information about people who have visited our page.

The processing of your personal data in connection with the operation of our Facebook / Instagram company profile is based on a balancing of interests in accordance with Art. 6(1)(f) GDPR to offer you a contemporary and supportive information and interaction opportunity with and about us. Furthermore, the processing serves our legitimate interest in evaluating the types of actions taken on our Facebook/Instagram company profile and improving our company profile based on these findings. The legal basis for this processing is therefore Art. 6(1)(f) GDPR. If the contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6(1)(b) GDPR.

Page Insights are processed by Meta and us as joint controllers. We cannot attribute the information obtained via the Page Insights to individual Facebook/Instagram profiles that interact with our Facebook/Instagram page. We have entered into a joint controller agreement with Meta, which sets out the allocation of data protection obligations between us and Meta. Details of the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta can be found here. Regarding this data processing, you have the option of asserting your rights as a data subject (see “Your rights as a data subject”) against Meta. Further information on this can be found in Meta’s Privacy notice. Meta offers the possibility to object to certain data processing; you can find information and opt-out options here in your account.

Please note that user data is also processed in the USA or other third countries in accordance with the meta data protection provisions. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Meta is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:
https://www.dataprivacyframework.gov/s/participant-search

9.2. LinkedIn

When you visit our LinkedIn company profile, certain information about you is processed. In the case of direct messages to us or comments on our LinkedIn company profile or under our posts, we receive the message, the comments and your user name.
In addition, LinkedIn processes LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn) as the operator of personal data when you visit our LinkedIn company profile, follow this page or engage with the page in order to provide us with statistics and insights in anonymized form. This gives us insights into the types of actions that people take on our site (page insights). In particular, LinkedIn processes data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company profile, e.g. whether you are a follower of our LinkedIn company page. With the Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarized Page Insights. It is also not possible for us to draw conclusions about individual members from the information in the Page Insights.

The processing of your personal data in connection with the operation of our LinkedIn company profile is based on a balancing of interests pursuant to Art. 6(1)(f) GDPR to offer you a contemporary and supportive information and interaction opportunity with and about us. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company profile and improving our company profile based on these findings.
This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. We have entered into an agreement with LinkedIn on processing as joint controllers, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available here. The following applies:

LinkedIn and we have agreed that LinkedIn is responsible for exercising your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the privacy notice. You can contact the data protection officer at LinkedIn via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

You can also contact us using the contact details provided to exercise your rights in connection with the processing of personal data in the context of page inserts. In such a case, we will forward your request to LinkedIn.
LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

In addition, LinkedIn processes your data as a user for the provision of services, communication, further development of services and research as well as for advertising, customer support, analysis and security purposes. In principle, LinkedIn is solely responsible for the processing of personal data when you visit our LinkedIn company profile. The categories of personal data that LinkedIn processes are described in LinkedIn’s data policy. Further information on the processing of personal data by LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
Please note that in accordance with the LinkedIn Privacy notice, personal data is also processed by LinkedIn in the USA or other third countries.

9.3. TikTok

When you visit our TikTok company profile of the operators TikTok Technology Limited, (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; hereinafter jointly referred to as TikTok) and TikTok Information Technologies UK Limited, (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; hereinafter jointly referred to as TikTok), certain information about you is processed. We can only view the information stored in your public TikTok company profile (such as your profile picture or information that you share on your profile) if you have such a profile and are logged into it while you visit our site.
TikTok provides us as so-called business users with its TikTok advertising tools (“Advertiser Tools”), such as TikTok Pixel, TikTok Custom Audience, Lead Generation or interfaces (APIs), which are also used to collect personal data of visitors to our TikTok company profile. This so-called event data includes information about your use of the TikTok advertising tools or your devices (including HTTP header information such as user agent, IP address, country, language and information about the web browser or app used), as well as (a) actions that you as a user take in relation to our advertising on the TikTok company profile, and (b) actions that you take outside the TikTok company profile, e.g. on our websites.

websites and apps (or those of third parties), including visits to our websites, installations of our apps and purchases of our products. In addition, event data includes statistical and analytical data as well as measurement and reporting results that help us gain insights into the types of actions people take on our site.

The processing of your personal data in connection with the operation of our TikTok company profile is based on a balancing of interests in accordance with Art. 6(1)(f) GDPR to offer you a contemporary and supportive information and interaction opportunity with and about us. If the contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6(1)(b) GDPR. The processing via the advertiser tools serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings. The legal basis for this processing is Art. 6(1)(f) GDPR.
TikTok processes your data as a user to provide the services. TikTok is generally responsible for the processing of personal data when you visit our TikTok company profile. Personal data is processed in three categories:

Data provided by you
Automatically recorded data
and data from other sources

Detailed information on the specific data processing of these categories and further information on the processing of personal data can be found in TikTok’s privacy notice at: https://www.tiktok.com/legal/page/eea/privacy-policy/de.
This processing of personal data is partly carried out by TikTok and us as joint controllers. In addition, TikTok acts as a processor in some cases. We have entered into an agreement with TikTok for processing as joint controllers, which sets out the distribution of data protection obligations between us and TikTok.

In addition, we have concluded an order processing agreement (DPA) with TikTok if TikTok acts as a processor in these cases. This is a contract prescribed by data protection law that guarantees that it will only process your personal data in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other suitable guarantees with the data recipients within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021.

Details on the processing of personal data for the creation of event data as well as the agreement concluded between us and TikTok and the order processing contract can be found under Jurisdiction Specific Terms and under TikTok Business Products (Data) Terms. With regard to this data processing, you have the option of asserting your data subject rights (see “Your rights and options”) against TikTok.

The personal data is also transferred to the United Kingdom. The European Commission has issued an adequacy decision for the United Kingdom pursuant to Art. 45(3) GDPR. Based on this decision, data transfers to bodies in the United Kingdom are permitted.

TikTok offers the option of objecting to certain data processing; information on this can be found at: https://www.tiktok.com/legal/page/global/right-to-object/en.
Further information on this can be found in TikTok’s privacy notice at: https://www.tiktok.com/legal/page/eea/privacy-policy/de.

10. Third-party tools

10.1. Consent management via the “Complianz” consent management platform

We use the consent management service Complianz, of Complianz B.V., (Kalmarweg 14-5, 9723JG Groningen Netherlands). This enables us to obtain and manage the consent of website users for data processing.
When you visit our website or a sub-website for the first time, you will be shown a “cookie banner”. There you will be informed about the individual cookies that we use. You can find out the name of each individual cookie, the provider, the purpose of processing and the storage period.

Our cookie banner informs you about the specific cookies we use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-essential cookies. The following are processed:

• the IP address of the connection you are using (in anonymized form)
• the description of the web browser and operating system used,
• the language used by your browser and operating system,
• the address of the website on which you give your consent,
• the date and time of consent,
• the country from which you are submitting your request,
• a pseudonym used to distinguish between different users,
• Your consent status with regard to the cookies and similar technologies used by us or with regard to the services used, which serves as proof of your consent

If we use cookies and similar technologies as part of the integration of the service or if data is stored on or read from your end device by the service, this is done in accordance with Section 25(2) TDDDG. Subsequent data processing takes place on the basis of Art. 6(1)(f) GDPR. We have an overriding legitimate interest in using the cookie banner, which enables us to obtain the legally required consent for the use of non-essential cookies and to comply with our duty to provide information regarding cookies.

The cookie banner saves the preferences until you reset or change them. Otherwise, the key and the consent status are stored in the browser for 12 months with the help of the cookie.

This Complianz service is hosted on our own servers, i.e. no data is passed on to Complianz B.V. or to third parties.

10.2. Google Tag Manager

We use Google Tag Manager to control the use of code snippets (“tags”), such as tracking code on our website. In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager enables us to quickly and easily exchange code on our website via a web interface without having to intervene in the source code.

Among other things, we process the following personal data through the Google Tag Manager:

• IP address
• Device data, such as operating system, browser version, screen resolution

The legal basis for the use of Google Tag Manager is your voluntary and revocable consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by making the corresponding changes or adjustments in your cookie settings.

Personal data is anonymized by Google after 14 months, unless there is a legal obligation to retain it.
We have concluded an order processing contract for the use of Google. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other suitable guarantees with the data recipients within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are Standard Contractual Clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when transferring your data. You can find a copy of these standard contractual clauses at
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link
https://www.dataprivacyframework.gov/s/participant-search

Further information and the data protection provisions can be found in Google’s privacy notice at: https://policies.google.com/?hl=de.

10.3. Google Analytics

Our website uses functions of the web analysis service Google Analytics from Google LLC, [1600 Amphitheatre Parkway, Mountain View, California 94043, USA; (Google)]. In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited [Gordon House, Barrow Street, Dublin 4, Ireland; (Google)]. With the help of Google Analytics, we analyze your user behavior to make decisions regarding product and marketing optimization based on the results. Among other things, we process the following personal data through Google Analytics:

• Time of the request
• IP addresses
• Online labeling
• Device identifiers
• Technical characteristics of users (e.g. browser type and version, device type, operating system)
• Measurement of user behavior (e.g. views of individual pages / content, views of content from different areas, session duration / dwell time, bounce rate)
• Use of individual functionalities of the website (e.g. search queries, downloads)
• eCommerce activity (e.g. products purchased, sales)
• Referral URL (the previously visited page)

The legal basis for the use of the service is Art. 6(1)(a) GDPR and Section 25(1) TDDDG, i.e. the integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or cookie banner or by deleting the cookies.

Personal data will be anonymized by Google 14 months after your last activity, unless there is a legal obligation to retain it.
We have concluded a data processing agreement for the use of Google Analytics. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other suitable guarantees with the data recipients within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are Standard Contractual Clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when transferring your data. You can find a copy of these standard contractual clauses at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link
https://www.dataprivacyframework.gov/s/participant-search

Further information and the data protection provisions can be found in Google’s privacy notice at: https://policies.google.com/?hl=de.

10.4. Google Ads & Conversion Tracking

Our website uses Google Ads (formerly Google AdWords) from Google LLC, [1600 Amphitheatre Parkway, Mountain View, California 94043, USA; (Google)]. In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited [Gordon House, Barrow Street, Dublin 4, Ireland; (Google)].
Google Ads enables us to draw attention to our offers with the help of advertising material on external websites and to determine how successful individual advertising measures are. This helps us to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
As part of Google Ads, we use what is known as conversion tracking. The advertising material is delivered by Google via so-called “AdServers”. For this purpose, we use so-called AdServer cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user’s computer. These cookies lose their validity after 30 days and do not serve to personally identify the user. These cookies enable Google to recognize your web browser. If you visit certain pages of our website when the cookie has not yet expired, Google and we can recognize that you have clicked on the specific ad and have been redirected to this page.

Each Google Ads customer receives a different cookie. The cookies can therefore not be tracked via the websites of Ads customers. The following information is usually stored as analysis values for the cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be contacted). The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Ads customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking statistics.

The legal basis for the use of Google Tag Manager is your voluntary and revocable consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by making the corresponding changes or adjustments in your cookie settings. By integrating the services on our websites, data is transmitted to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes.

We have concluded a data processing agreement for the use of Google Ads & Conversion Tracking. This is a contract prescribed by data protection law, which guarantees that your personal data will only be processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other suitable guarantees with the data recipients within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are Standard Contractual Clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when transferring your data. You can find a copy of these standard contractual clauses at
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link
https://www.dataprivacyframework.gov/s/participant-search

Further information and the data protection provisions can be found in Google’s privacy notice at:
https://policies.google.com/technologies/ads?hl=de.

10.5. Google Adsense

Our website uses Google AdSense, a service for integrating advertisements from Google LLC, [1600 Amphitheatre Parkway, Mountain View, California 94043, USA; (Google)]. In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited [Gordon House, Barrow Street, Dublin 4, Ireland; (Google)].

Google AdSense uses so-called “cookies”, i.e. text files that are stored on your computer and are used to display advertisements on our website that match our content and your interests. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons can be used to statistically analyze information about visitor traffic on our pages for online marketing purposes.

The information generated by cookies and web beacons about the use of our website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information may be passed on to third parties by Google. However, Google will not merge your IP address with other data that Google may have stored about you.

The legal basis for the use of the service is Art. 6(1)(a) GDPR, i.e. the integration only takes place with your consent. You can revoke your consent at any time with effect for the future.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

We have concluded a data processing agreement for the use of Google Adsense. This is a contract prescribed by data protection law, which guarantees that your personal data will only be processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other suitable guarantees with the data recipients within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are Standard Contractual Clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when transferring your data. You can find a copy of these standard contractual clauses at
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link
https://www.dataprivacyframework.gov/s/participant-search

Further information and the data protection provisions can be found in Google’s privacy notice at:
https://policies.google.com/technologies/ads?hl=de.

10.6. OpenStreetMap

We have integrated the OpenStreetMap map service from the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road Cambridge, CB4 0WS, United Kingdom (OpenStreetMap) on our website. This enables us to show you interactive maps directly on the website and allows you to use the map function conveniently. When you use the map service, records of this use are created and transmitted to OpenStreetMap Foundation. According to the information in the OpenStreetMap Foundation’s privacy notice, this includes the following
https://osmfoundation.org/wiki/Privacy_Policy

To the best of our knowledge, at least the following data is collected by OpenStreetMap:

• information about your browser or application and
• Your interaction with our website, including
• your IP address,
• Browser and device type,
• Operating system,
• referring website,
• Date and time of the page visits and
• the pages accessed on our websites.

The legal basis for the use of the service is Art. 6(1)(a) GDPR and Section 25(1) TDDDG, i.e. the integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or cookie banner or by deleting the cookies.

We have concluded an order processing contract for the use of OpenStreetMaps with OSM providers. This is a contract required by data protection law, which ensures that the provider only processes your personal data in accordance with our instructions and in compliance with the GDPR.

The information collected is stored on OpenStreetMaps servers in the UK. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the UK. On the basis of this decision, data transfers to organizations based in the UK are permitted.

10.7. Meta Pixel

We use the so-called “meta pixel” from Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland; (Meta)) – formerly Facebook Ireland Limited – on our websites under joint responsibility.
Controller within the meaning of Art. 26 GDPR is:

• Meta Platforms Ireland Limited
  Merrion Road, Dublin 4, D04 X2K5, Ireland

The agreement on joint responsibility pursuant to Art. 26(1)(2) GDPR is available at: https://www.facebook.com/legal/controller_addendum

We use Meta Pixel for marketing and optimization purposes, to place relevant and interesting ads for you on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying ads. All information collected by the cookie is forwarded to Meta and allows Meta to draw conclusions about your user behavior. If you are registered on a Meta platform/service, Meta can assign this visit to you. Even if you are not registered on a Meta platform/service or are not logged in, there is a possibility that Meta will receive your IP address and other identifying features and store them in an assignable manner.

When you access our website via your browser, the built-in meta pixel initiates cookie storage in your system if you have given your consent. The legal basis for the use of the service is Art. 6(1)(a) GDPR and Section 25(1) TDDDG, i.e. the integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or cookie banner or by deleting the cookies.

We only receive non-personal data from Meta, which is used for the purpose of optimizing and measuring the success of interest-based advertisements and events. you can find further information regarding the data processing for which Meta is responsible from the following sources of information, for example:
Meta Terms of Use: https://www.facebook.com/legal/terms/update
Data policy: https://de-de.facebook.com/privacy/explanation

By integrating the services on our websites, data is transmitted to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes.

As personal data may be transferred by Meta to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45(1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Meta is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link
https://www.dataprivacyframework.gov/s/participant-search.

10.8. TikTok Pixel

The so-called pixel of the provider TikTok Pixel is used on our website. TikTok Pixel is a service of TikTok Technology Limited, [10 Earlsfort Terrace, Dublin, D02 T380, Ireland; (TikTok)].

The TikTok pixel enables us to identify visitors to our website as a target group for advertising (ads) within the TikTok service. The TikTok pixel enables us to place or display advertisements only to those users who are also interested in our offers and services. We can also track the effectiveness of the advertisements we place on TikTok and evaluate them for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a TikTok ad.
The TikTok Pixel collects information that is available via web browsers such as Chrome. This includes:

• Information about ads/events: Information about ads that TikTok users have clicked on or events that have been triggered.
• Timestamp: This is used to determine when website actions (e.g. page views, product purchases) took place.
• IP address: Used to determine the geographical location of an event.
• User agent: Used to determine the device make, model, operating system and browser information.
• Cookies: They make it easier to measure, optimize and target your campaigns. Learn more about the use of cookies with the TikTok Pixel.
• Metadata and button clicks: This includes descriptive page metadata, structured microdata, page performance data and button clicks. TikTok will be able to use this information to make recommendations on how to best set up pixel events and provide automated solutions. This information can also be used to personalize ad campaigns for TikTok users and improve ad delivery on TikTok.

The legal basis for the use of the service is Art. 6(1)(a) GDPR and Section 25(1) TDDDG, i.e. the integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or cookie banner or by deleting the cookies.

Personal data is anonymized or deleted by TikTok Pixel after 13 months, unless there is a legal obligation to retain it.
We have concluded a data processing agreement for the use of TikTok Pixel. This is a contract required by data protection law, which ensures that it processes your personal data only in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other suitable guarantees with the data recipients within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can find a copy of these standard contractual clauses at
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In this respect, TikTok’s privacy notice applies, which also contains more detailed information on the TikTok pixel and its functions. TikTok’s privacy notice is available at https://www.tiktok.com/legal/privacy-policy-eea?lang=de.

10.9. WPML

We use the WPML service (WordPress Multilingual Plugin) from OnTheGoSystems Ltd (22/F 3 Lockhart Road, Wanchai, Hong Kong) on our website.

Only functional information of your browser settings regarding the language is retrieved by the hosting service for the WPML service. These cookies are activated by default on websites that use the language filtering function for AJAX operations and are activated for all website visitors if you use the browser language redirection function. In addition, data is collected about the current language of the WordPress administration area. This data is essential so that we can offer a smooth service on our website.

The legal basis for processing is therefore Art. 6(1)(f) GDPR to guarantee the provision, security and stability of our website.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
We have concluded an order processing contract for the use of WPML. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other suitable guarantees with the data recipients within the meaning of Art. 44 et seq. GDPR have been agreed.

Further information and the privacy notice can be found in WPML’s privacy notice at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/

10.10. All-in-One WP Migration

This website uses the WordPress plugin All-in-One WP Migration from ServMask, Inc (16192 Coastal Highway Lewes, Delaware 19958 USA).

For operation and maintenance purposes, All-in-One WP Migration may collect data that records interaction with All-in-One WP Migration (system logs) or use other personal data (such as IP address) for this purpose.
The use is based on our legitimate interests within the meaning of Art. 6(1)(f) GDPR to ensure the provision, security and stability of our website.

This service is used to back up the entire WordPress installation on the web host’s servers at regular intervals.
Personal data will be processed and stored for as long as required by the purpose for which it was collected and may be retained for longer periods of time due to applicable legal obligations or user consent.

You can find more information on data processing via All-in-One WP Migration in the ServMask Inc. privacy notice at https://www.iubenda.com/privacy-policy/715803.

10.11 Cloudflare

When you visit our website, certain content is loaded via Cloudflare’s Content Delivery Network (CDN). Cloudflare is a service of Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA, which is used to deliver websites faster and more securely via a globally distributed network.

When you access our website, a connection to the Cloudflare servers is established. Your IP address is transmitted to Cloudflare to deliver the content correctly. Cloudflare also uses cookies and other technologies to optimize loading times and to defend against security threats (e.g. DDoS attacks). We have no influence on the scope and further use of the data that is collected and processed by Cloudflare itself using Cloudflare.

The legal basis for the use of the service is Art. 6(1)(a) GDPR and Section 25(1) TDDDG, i.e. the integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or in the cookie banner used or by deleting the cookies.

Further information on data processing by Cloudflare can be found in Cloudflare’s privacy notice.

10.12 jsDelivr

On our website we use the open-source Content Delivery Network (CDN) service jsDelivr, provided by Prospect One, Królewska 65A/1, 30-081 Kraków, Poland. jsDelivr enables us to provide certain content – in particular JavaScript libraries and CSS files – quickly and reliably via a globally distributed network.

When you access our website, your browser loads the required files directly from the jsDelivr servers. Your IP address is transmitted to jsDelivr, as the content cannot be technically provided without it. Other technical information such as the type of browser used, operating system and time stamp may also be transmitted. This data is used to ensure the stability and security of the CDN service. To the best of our knowledge, jsDelivr does not store any personal data permanently and does not create any profiles.

The legal basis for the use of the service is Art. 6(1)(a) GDPR and Section 25(1) TDDDG, i.e. the integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or in the cookie banner used or by deleting the cookies.

Further information on data processing by jsDelivr can be found in the privacy notice of jsDelivr (Prospect One).

11. Transmission of personal data

12. Deletion of data

The personal data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other permissions cease to apply (e.g. if the purpose of processing this personal data no longer applies, or it is not required for the purpose).

Our data protection notices also contain further information on the retention and deletion of personal data, which apply primarily to the respective processing operations.

13. Your rights as a data subject

13.1. Right of objection

You have the right to object, on grounds relating to your situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

13.2. Right to information

You have the right to obtain confirmation as to whether personal data concerning you is being processed and to obtain information about this personal data and further information and a copy of the personal data in accordance with the legal requirements.

13.3. Right to rectification

In accordance with the statutory provisions, you have the right to request the completion of personal data concerning you or the rectification of inaccurate personal data concerning you.

13.4. Right to erasure and restriction of processing

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.

13.5. Restriction of processing

You have the right to demand that we restrict processing if one of the legal requirements is met.

13.6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.

13.7. Right to withdraw consent

You have the right to withdraw your consent at any time.

13.8. Complaint to the supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

14. Amendment and updating of the privacy notice

We will adapt the privacy notice as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

If we further develop our website and our offers or if legal or official requirements change, it may be necessary to amend this data protection notice. You can access the current data protection information at any time here.

Status: June 2025