Privacy Policy

 

Preamble

The following privacy policy is intended to inform you about the type, scope, and purpose of the processing of your personal data (hereinafter also referred to as “data”). This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences such as our social media profiles (collectively referred to below as the “online offering”).

The terms used are not gender-specific.

Last updated: October 20, 2025

 

Table of Contents

• Preamble
• Responsible
• Overview of Processing Activities
• Relevant Legal Bases
• Business Services
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Contact and Inquiry Management
• Web Analytics, Monitoring, and Optimization
• Online Marketing
• Presence on Social Networks (Social Media)
• Plug-ins and Embedded Features and Content
• Amendments and Updates

 

 

Responsible

FourBeasts
Helene-Mössinger-Str. 58
63303 Dreieich
Germany

E-Mail-Adresse: contact(at)fourbeasts.com

 

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of their processing, and the categories of data subjects concerned.

Types of Data Processed

• Inventory data
• Payment data
• Contact data
• Content data
• Contract data
• Usage data
• Meta, communication, and process data
• Log data

Categories of Data Subjects

• Service recipients and clients
• Interested parties
• Communication partners
• Users
• Business and contractual partners

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations
• Communication
• Security measures
• Reach measurement (audience measurement)
• Tracking
• Office and organizational procedures
• Conversion measurement
• Target group formation (audience segmentation)
• Organizational and administrative procedures
• Feedback
• Marketing
• Profiling with user-related information
• Provision of our online offering and improvement of user-friendliness
• Information technology infrastructure
• Public relations
• Business processes and commercial procedures

 

Relevant Legal Bases

Relevant legal bases under the GDPR:
The following section provides an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may also apply in your or our country of residence or establishment. Where more specific legal bases are relevant in individual cases, we will inform you of these within this privacy policy.

• Consent (Art. 6 (1) sentence 1 lit. a GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps prior to entering into a contract at the data subject’s request.
• Legal obligation (Art. 6 (1) sentence 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany:
In addition to the provisions of the GDPR, national data protection laws in Germany also apply, in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific regulations regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, data transfers, and automated individual decision-making including profiling. Furthermore, the data protection laws of the individual German federal states may also apply.

Note on the applicability of the GDPR and the Swiss Data Protection Act (DSG):
This privacy notice serves to provide information in accordance with both the Swiss Data Protection Act (DSG) and the EU General Data Protection Regulation (GDPR). For the sake of broader applicability and clarity, the terminology of the GDPR is used. In particular, instead of the terms used in the Swiss DSG — such as “processing of personal data,” “overriding interest,” and “particularly sensitive personal data” — the GDPR terms “processing of personal data,” “legitimate interest,” and “special categories of data” are used. The legal meaning of these terms, however, remains governed by the Swiss DSG where it applies.

 

Business Services

We process the data of our contractual and business partners, such as customers and prospective clients (collectively referred to as “business partners”), within the scope of contractual and comparable legal relationships, as well as associated measures and in the context of communication with our business partners (or pre-contractual relationships).

We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and to remedy warranty or other performance issues. Furthermore, we use the data to protect our rights and for administrative tasks associated with these obligations, as well as for the internal organization of our business.

In addition, we process the data on the basis of our legitimate interests — namely, in ensuring proper and economically efficient business management, and in implementing security measures to protect our contractual partners and our business operations from misuse, and to safeguard their data, trade secrets, information, and rights. This may include, for example, cooperation with telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisers, payment service providers, or financial authorities.

In accordance with applicable law, we only disclose the data of our contractual partners to third parties insofar as this is necessary for the aforementioned purposes or for the fulfillment of legal obligations. Contractual partners are informed about any further processing — such as for marketing purposes — within this privacy policy.

We inform our contractual partners which data are required for the purposes described above before or during the collection of such data — for example, in online forms, through specific markings (such as color highlights) or symbols (e.g., asterisks), or personally.

We delete the data after the expiry of statutory warranty or comparable obligations — generally after four years — unless the data are stored in a customer account, for example, as long as retention is required for statutory archiving purposes (usually ten years for tax purposes). Data disclosed to us by the contractual partner in the course of an assignment are deleted in accordance with the applicable requirements and generally upon completion of the contract.

• Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses, telephone numbers); Contract data (e.g., subject matter of the contract, duration, customer category)
• Data Subjects: Service recipients and clients; Prospective customers; Business and contractual partners
• Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Communication; Office and organizational procedures; Organizational and administrative procedures; Business processes and commercial operations
• Retention and Deletion: Data are deleted in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
• Legal Bases: Performance of a contract and pre-contractual measures (Art. 6 (1) lit. b GDPR); Legal obligation (Art. 6 (1) lit. c GDPR); Legitimate interests (Art. 6 (1) lit. f GDPR)

Further Information on Processing Procedures, Methods, and Services:

• Agency Services: We process our clients’ data in the context of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services, and training services. Legal Basis: Performance of a contract and pre-contractual measures (Art. 6 (1) lit. b GDPR)

 

Provision of the Online Offering and Web Hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the content and functions of our online services to the user’s browser or device.

• Types of Data Processed: Usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); Log data (e.g., log files related to logins, data retrieval, or access times); Content data (e.g., textual or visual messages and posts, as well as related information such as authorship or creation time)
• Data Subjects: Users (e.g., website visitors, users of online services)
• Purposes of Processing: Provision of our online services and ensuring user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); Security measures
• Retention and Deletion: Data are deleted in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
• Legal Bases: egitimate interests (Art. 6 (1) lit. f GDPR)

Further Information on Processing Procedures, Methods, and Services:

• Provision of Online Services on Rented Hosting Space: We use storage space, computing capacity, and software rented or otherwise provided by a server provider (also referred to as a “web host”) to provide our online services. Legal Basis: Legitimate interests (Art. 6 (1) lit. f GDPR)
• Collection of Access Data and Log Files: Access to our online services is logged in the form of so-called “server log files.” These log files may include the address and name of the requested web pages and files, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL (previously visited page), and typically IP addresses and the requesting provider. Server log files are used for security purposes, e.g., to prevent server overload (particularly in case of malicious attacks such as DDoS attacks), and to ensure server capacity and stability. Legal Basis: Legitimate interests (Art. 6 (1) lit. f GDPR). Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes are excluded from deletion until the respective case is finally resolved.
• WordPress.com: Hosting and software for creating, providing, and operating websites, blogs, and other online services. Service Provider: Automattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal Basis: Legitimate interests (Art. 6 (1) lit. f GDPR); Website: https://wordpress.com; Privacy Policy: https://automattic.com/de/privacy/; Data Processing Agreement: https://wordpress.com/support/data-processing-agreements/. Basis for Transfers to Third Countries: Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider)

 

Use of Cookies

The term “cookies” refers to functions that store information on users’ devices and read information from them. Cookies can serve various purposes, such as ensuring the functionality, security, and convenience of online services, as well as analyzing visitor traffic. We use cookies in accordance with legal requirements. Where necessary, we obtain users’ consent in advance. If consent is not required, we rely on our legitimate interests. This applies when storing and reading information is essential to provide explicitly requested content and functions. This includes, for example, saving user settings and ensuring the functionality and security of our online services. Consent can be revoked at any time. We provide clear information about its scope and which cookies are used.

Notes on Data Protection Legal Basis: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained in this section and in the context of the respective services and processes.

Storage Duration: Regarding storage duration, the following types of cookies are distinguished:

• Temporary Cookies (also: session cookies): Temporary cookies are deleted no later than when a user leaves an online service and closes their device (e.g., browser or mobile application).
• Persistent Cookies: Persistent cookies remain stored even after the device is closed. For example, they can retain login status and display preferred content directly when a user revisits a website. Data collected via cookies can also be used for measuring reach. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), it should be assumed that these are persistent and can be stored for up to two years.

General Information on Withdrawal and Objection (Opt-out): Users can withdraw any consent they have given at any time and can also object to the processing of their data in accordance with legal requirements, for example, via the privacy settings of their browser.

• Types of Data Processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Affected Persons: Users (e.g., website visitors, users of online services).
• Legal Basis: Legitimate interests (Art. 6(1) lit. f GDPR); Consent (Art. 6(1) lit. a GDPR).

Additional Information on Processing Procedures, Methods, and Services:

• Processing of cookie data based on consent: We use a consent management solution to obtain users’ consent for the use of cookies or for the procedures and providers specified in the consent management solution. This process is used to obtain, log, manage, and revoke consents, particularly regarding the use of cookies and similar technologies that store, read, and process information on users’ devices. Within this procedure, users’ consents for the use of cookies and the associated processing of information—including the specific processing and providers named in the consent management solution—are collected. Users also have the option to manage and revoke their consents. Consent declarations are stored to avoid repeated requests and to provide proof of consent in accordance with legal requirements. Storage occurs server-side and/or in a cookie (so-called Opt-In cookie) or using similar technologies to associate the consent with a specific user or their device. If no specific information about consent management providers is available, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created and stored together with the time of consent, information on the scope of consent (e.g., categories of cookies and/or service providers), and information about the browser, system, and device used. Legal Basis: Consent (Art. 6(1) lit. a GDPR).

 

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone, or via social media) as well as within the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to contact requests and any requested measures.

• Processed Data Types: Master data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses, telephone numbers); Content data (e.g., textual or visual messages and posts, including related information such as authorship or creation time); Usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons)
• Affected Persons: Communication partners.
• Purposes of Processing: Communication; Organizational and administrative procedures; Feedback collection (e.g., via online forms); Provision of our online offerings and user-friendliness
• Storage and Deletion: Data are deleted according to the provisions in the section “General Information on Data Storage and Deletion.”
• Legal Basis: Legitimate interests (Art. 6(1) lit. f GDPR); Performance of a contract and pre-contractual requests (Art. 6(1) lit. b GDPR)

Additional Information on Processing Procedures, Methods, and Services:

• Contact Form: When contacting us via our contact form, email, or other communication channels, we process the personal data provided to respond to and handle the respective request. This generally includes information such as name, contact details, and, if applicable, other information provided that is necessary for proper processing. We use these data exclusively for the specified purpose of contacting and communicating with us. Legal Basis: Performance of a contract and pre-contractual requests (Art. 6(1) lit. b GDPR); Legitimate interests (Art. 6(1) lit. f GDPR)

 

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as “reach measurement”) is used to evaluate visitor flows on our online offerings and can include pseudonymous information about visitor behavior, interests, or demographic data such as age or gender. By using reach analysis, we can, for example, determine the times when our online services or their functions and content are most frequently used, or encourage repeated visits. It also allows us to identify areas that require optimization.Neben der Webanalyse können wir auch Testverfahren einsetzen, um etwa unterschiedliche Versionen unseres Onlineangebots oder seiner Bestandteile zu testen und zu optimieren.

In addition to web analysis, we may use testing procedures to evaluate and optimize different versions of our online offerings or their components.

Unless otherwise stated below, profiles—i.e., data aggregated from a single usage session—may be created for these purposes, and information can be stored in and read from a browser or device. The data collected typically include visited websites and elements used, as well as technical details such as the browser, operating system, and usage times. If users have consented to location data collection with us or with the providers of the services we use, location data may also be processed.

Additionally, users’ IP addresses are stored. However, we use an IP-masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, web analysis, A/B testing, and optimization do not store users’ clear personal data (e.g., email addresses or names), but only pseudonymous information. This means neither we nor the providers of the software know the actual identity of users, only the data stored in profiles for the purpose of the respective processes. Legal Basis: If users give consent for the use of third-party providers, the legal basis is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). For more information, users should also refer to the section on the use of cookies in this privacy policy.

• Processed Data Types: Usage data: e.g., page views and duration of visits, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features. Meta, communication, and procedural data: e.g., IP addresses, timestamps, identification numbers, involved persons.
• Data Subjects: Users, e.g., website visitors, users of online services.
• Purposes of Processing: Reach measurement: e.g., access statistics, identification of returning visitors. Profiles with user-related information: creating user profiles. Provision of our online offerings and user-friendliness.
• Storage and Deletion: Deletion according to the specifications in the section “General information on data storage and deletion.” Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of two years).
• Security Measures: IP masking (pseudonymization of the IP address).
• Legal Basis: Consent: Art. 6(1)(a) GDPR. Legitimate interests: Art. 6(1)(f) GDPR

Further information on processing activities, procedures, and services:

• Google Analytics: We use Google Analytics to measure and analyze the usage of our online offerings based on a pseudonymous user identification number. This identification number does not contain any personally identifiable information, such as names or email addresses. Its purpose is to assign analytical information to a device in order to determine which content users have accessed during one or multiple sessions, which search terms they have used, revisited, or interacted with on our online offerings. The time and duration of use, the sources referring users to our site, and technical aspects of their devices and browsers are also recorded. Pseudonymous user profiles are created based on the usage of various devices, and cookies may be used for this purpose. Google Analytics does not log or store individual IP addresses of EU users. However, Analytics provides approximate geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this geolocation derivation and is immediately deleted afterward. They are not logged, accessible, or used for any other purposes. When Google Analytics collects measurement data, all IP queries are conducted on EU-based servers before traffic is transmitted to Analytics servers for processing. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal Basis: Consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of IP addresses); Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for international transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-out options: Opt-out-plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Ad personalization settings: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and processed data).
• Google Tag Manager: We use the Google Tag Manager, a software provided by Google, which allows us to centrally manage so-called website tags through a user interface. Tags are small code elements on our website that serve to record and analyze visitor activities. This technology helps us improve our website and the content offered on it. The Google Tag Manager itself does not create user profiles, does not store cookies containing user profiles, and does not perform independent analyses. Its function is limited to simplifying and streamlining the integration and management of tools and services we use on our website. Nevertheless, when using the Google Tag Manager, the IP address of users is transmitted to Google, which is technically necessary to implement the services we use. Cookies may also be set in this context. This data processing only occurs if services are integrated via the Tag Manager. For more detailed information about these services and their data processing, please refer to the relevant sections of this privacy policy. Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal Basis: Consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms. Basis for international transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms).

 

Onlinemarketing

We process personal data for the purpose of online marketing, which primarily includes the promotion of advertising space or the display of advertising and other content (collectively referred to as “content”) based on the potential interests of users, as well as the measurement of its effectiveness.

For these purposes, user profiles are created and stored in a file (the so-called “cookie”) or through similar methods, in which information relevant for displaying the aforementioned content is saved. This may include, for example, content viewed, websites visited, online networks used, communication partners, and technical data such as the browser used, the computer system, and information about usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear personal data (such as email addresses or names) is stored in the context of online marketing; only pseudonyms are used. This means that neither we nor the providers of the online marketing services know the actual identity of the users, only the information stored in their profiles.

The information in the profiles is usually stored in cookies or through similar methods. These cookies can generally also be read on other websites that use the same online marketing services and analyzed for the purpose of displaying content, supplemented with additional data, and stored on the server of the online marketing service provider.

In exceptional cases, clear personal data may be linked to profiles, primarily when users are members of a social network whose online marketing services we use, and the network links the profiles with the aforementioned information. Please note that users may enter into additional agreements with the providers, for example by giving consent during registration.

We generally only receive access to aggregated information about the success of our advertisements. However, in the context of conversion measurement, we can determine which of our online marketing activities have led to a so-called conversion, e.g., a contract concluded with us. Conversion measurement is used solely for evaluating the success of our marketing measures.

Unless otherwise stated, please assume that the cookies used are stored for a period of two years.

Legal Basis: If we ask users for their consent to the use of third-party services, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., the interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

Information on Withdrawal and Objection

We refer to the privacy notices of the respective providers and the objection options provided by them (so-called “opt-out”). If no explicit opt-out option is provided, you can also disable cookies in your browser settings. However, this may restrict certain functions of our online offerings. We therefore additionally recommend the following opt-out options, which are offered for the respective regions:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://youradchoices.ca/.

c) USA: https://optout.aboutads.info/.

d) Global: https://optout.aboutads.info.

• Processed Data Types: Usage data (e.g., page views and duration of stay, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Tracking (e.g., interest-/behavior-based profiling, use of cookies); Audience building; Marketing; Profiles with user-related information (creation of user profiles); Conversion measurement (evaluation of marketing effectiveness)
• Storage and Deletion: Deletion according to the section “General Information on Data Storage and Deletion.” Cookies may be stored for up to two years (unless otherwise specified, cookies and similar storage methods can be stored on users’ devices for a period of two years).
• Security Measures: IP masking (pseudonymization of the IP address).
• Legal Basis: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR)

Additional Information on Processing Procedures, Methods, and Services

• Google Ads and Conversion Measurement: Online marketing procedures for the purpose of placing content and ads within the service provider’s advertising network (e.g., in search results, videos, on websites, etc.), so that they are displayed to users who are presumed to be interested in the ads. In addition, we measure ad conversions, i.e., whether users interacted with the ads and used the promoted offers (so-called conversions). We only receive anonymous information and no personal information about individual users. Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal Basis: Consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO), Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for international transfers: Data Privacy Framework (DPF); Further information: Types of processing and processed data: https://business.safety.google/adsservices/. Data processing terms between controllers and standard contractual clauses for international data transfers: https://business.safety.google/adscontrollerterms.

Social Media Presences

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.

Please note that user data may be processed outside the territory of the European Union. This may entail risks for users, as the enforcement of user rights could be more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created based on user behavior and resulting interests. These profiles may then be used to display advertisements within and outside the networks that are presumably of interest to the users. Consequently, cookies are usually stored on users’ devices, in which usage behavior and interests are saved. In addition, user profiles may also store data independently of the devices used by the users (especially if they are members of the respective platforms and logged in).

For a detailed description of the respective processing practices and objection options (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Even for requests for information and the assertion of data subject rights, we point out that these are most effectively exercised directly with the providers. Only they have access to the user data and can take appropriate actions and provide information. If you still need assistance, you may contact us.

• Processed Data Types: Contact data (e.g., postal and email addresses, or phone numbers); Content data (e.g., textual or visual messages and posts, as well as related information such as authorship details or creation timestamps); Usage data (e.g., page views and duration of stay, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions)
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Communication; Feedback (e.g., collecting feedback via online forms); Public relations
• Storage and Deletion: Deletion according to the section “General Information on Data Storage and Deletion.”
• Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR)

Further Information on Processing Procedures, Methods, and Services

• Instagram: Social network that allows sharing of photos and videos, commenting on and liking posts, sending messages, and subscribing to profiles and pages. Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for transfers to third countries: Data Privacy Framework (DPF).
• Facebook Pages: Profiles within the Facebook social network. The controller is jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data from visitors to our Facebook page (“fan page”). This includes information on user behavior (e.g., viewed or interacted content, actions taken) and device information (e.g., IP address, operating system, browser type, language settings, cookie data). More details can be found in Facebook’s Data Policy: https://www.facebook.com/privacy/policy/. Facebook uses these data to provide us with statistical evaluations via the “Page Insights” service, showing how people interact with our page and content. Basis for this is an agreement with Facebook (“Information on Page Insights”: https://www.facebook.com/legal/terms/page_controller_addendum), which regulates security measures and the exercise of data subject rights. For further information: https://www.facebook.com/legal/terms/information_about_page_insights_data. Users can make information or deletion requests directly to Facebook. User rights (especially access, deletion, objection, complaint to a supervisory authority) remain unaffected. Joint responsibility is limited to data collection by Meta Platforms Ireland Limited (EU). Any further processing, including potential transfer to Meta Platforms Inc. in the USA, is the responsibility of Meta Platforms Ireland Limited alone. Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for transfers to third countries: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).
• LinkedIn: Social network – We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of data from visitors, which is used to create “Page Insights” (statistics) for our LinkedIn profiles. Collected data includes information on types of content users view or interact with, actions performed, device details (IP address, operating system, browser type, language settings, cookie data), and profile information such as job function, country, industry, hierarchy level, company size, and employment status. Privacy information for LinkedIn’s data processing can be found here: https://www.linkedin.com/legal/privacy-policy. We have a specific agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum”: https://legal.linkedin.com/pages-joint-controller-addendum), governing security measures and ensuring that data subject rights can be exercised directly with LinkedIn. Joint responsibility is limited to data collection and transfer to LinkedIn Ireland; further processing, including transfer to LinkedIn Corporation in the USA, is solely LinkedIn Ireland’s responsibility; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for transfers to third countries: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• Xing: Social network; Service Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.xing.com/. Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

 

Plug-ins and Embedded Features and Content

We integrate functional and content elements into our online offerings that are retrieved from the servers of their respective providers (hereinafter referred to as “third parties”). These may include, for example, graphics, videos, or maps (hereinafter collectively referred to as “content”).

The integration always requires that the third-party providers of this content process users’ IP addresses, since without the IP address, they would not be able to deliver the content to the users’ browsers. The IP address is therefore necessary for displaying this content or these functions. We strive to use only content whose providers apply the IP address solely for content delivery.

Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may additionally be stored in cookies on the users’ devices and can include technical details about the browser and operating system, referring websites, time of visit, as well as further information about the use of our online offerings, and may also be combined with information from other sources.

Legal Basis: If we request the users’ consent for the use of third-party content, the legal basis for processing is permission (consent). Otherwise, user data are processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

• Processed Data Types: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of our online offerings and ensuring user-friendliness.
• Storage and Deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.” Cookies may be stored for up to two years (unless otherwise indicated, cookies and similar storage methods may be stored on users’ devices for a period of up to two years).
• Legal Basis: Consent (Art. 6 (1) lit. a GDPR). Legitimate interests (Art. 6 (1) lit. f GDPR).

Further Information on Processing, Procedures, and Services

• Google Fonts (retrieval from Google servers): Retrieval of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols, taking into account up-to-dateness, loading times, uniform display, and possible licensing restrictions. The IP address of the user is transmitted to the font provider so that the fonts can be made available in the user’s browser. Additionally, technical data (language settings, screen resolution, operating system, used hardware) are transmitted, which are necessary for providing the fonts depending on the devices and technical environment used. These data may be processed on a server of the font provider in the USA. When visiting our online offer, users’ browsers send HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) of Google Fonts and the fonts specified in the CSS. These HTTP requests include: The IP address used by the respective user to access the Internet. The requested URL on the Google server. HTTP headers, including the User-Agent, which describes the browser and operating system versions of the website visitors, and the referrer URL (i.e., the website on which the Google font is displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, User-Agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families the user wants to load. These data are logged so that Google can determine how often a specific font family is requested. The User-Agent is primarily logged for debugging purposes and used to generate aggregated usage statistics, which measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and to generate an aggregated report on the top integrations based on the number of font requests. According to Google, none of the information collected by Google Fonts is used to create end-user profiles or serve targeted ads. Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal Basis: Legitimate interests (Art. 6 (1) lit. f GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for Data Transfers to Third Countries: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.

 

Changes and Updates

Please review the content of our privacy policy regularly. We update the privacy policy as soon as changes in our data processing activities make it necessary. We will inform you whenever these changes require any action on your part (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time. We kindly ask you to verify this information before contacting them.

Created with the free Privacy Policy Generator by Dr. Thomas Schwenke