Privacy Policy
Preamble
With this privacy policy, we inform you about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and particularly on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "Online Offer").
The terms used are not gender-specific.
Last updated: November 17, 2025
Table of Contents
- Preamble
- Controller
- Overview of Processing Activities
- Relevant Legal Bases
- Security Measures
- Transfer of Personal Data
- International Data Transfers
- General Information on Data Retention and Deletion
- Rights of the Data Subjects
- Provision of the Online Offer and Web Hosting
- Use of Cookies
- Registration, Login, and User Account
- Administration Access and User Management
- Community Functions
- Contact and Request Management
- Newsletter and Electronic Notifications
- Contests and Competitions
- Surveys and Questionnaires
- Web Analysis, Monitoring, and Optimization
- Presence in Social Networks (Social Media)
- Changes and Updates
Controller
Neo Karbach
Schieferweg 5
56244, Helferskirchen, Germany
Email address: support@faser.app
Imprint: https://faser.app/imprint
Overview of Processing Activities
The following overview summarizes the types of data processed, the purposes of processing, and the data subjects involved.
Types of Processed Data
- Inventory data
- Contact data
- Content data
- Usage data
- Meta, communication, and procedural data
- Log data
Categories of Data Subjects
- Communication partners
- Users
- Contest and competition participants
- Participants
Purposes of Processing
- Provision of contractual services and fulfillment of contractual obligations
- Communication
- Security measures
- Direct marketing
- Audience measurement
- Organizational and administrative procedures
- Conducting contests and competitions
- Feedback
- Surveys and questionnaires
- Profiles with user-related information
- Provision of our online offer and user-friendliness
- Information technology infrastructure
- Public relations
Relevant Legal Bases
Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that national data protection regulations in your or our country of residence or domicile may also apply in addition to the GDPR. If more specific legal bases apply in individual cases, we will inform you of these in this privacy policy.
- Consent (Art. 6 para. 1 sent. 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for one or more specific purposes.
- Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
- Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject which require protection of personal data do not override them.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes the Federal Data Protection Act (BDSG). The BDSG contains special regulations for the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases including profiling. State data protection laws of the individual federal states may also apply.
Note on GDPR and Swiss DPA applicability: These data protection notices serve to provide information in accordance with both the Swiss DPA and the General Data Protection Regulation (GDPR). For this reason, please note that the terms used in the GDPR are applied for broader geographical application and understanding. Specifically, instead of the terms "processing" of "personal data", "overriding interest", and "special categories of personal data" used in the Swiss DPA, the terms "processing" of "personal data" and "legitimate interest" and "special categories of data" as used in the GDPR are applied. The legal meaning of these terms remains determined by the Swiss DPA where applicable.
Security Measures
We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, securing availability, and separation of the data. Furthermore, we have procedures in place that ensure the exercise of data subjects' rights, the deletion of data, and responses to data vulnerabilities. Moreover, we take into account the protection of personal data during the development or selection of hardware, software, and procedures, following the principle of data protection by design and by default.
Shortening of the IP address: If IP addresses are processed by us or by the service providers we use, and the processing of a complete IP address is not required, the IP address will be shortened (also referred to as "IP masking"). This involves removing or replacing the last two digits or the last part of the IP address after a dot. The purpose of IP address shortening is to prevent or significantly hinder the identification of a person based on their IP address.
Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users that is transmitted through our online services against unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission over the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transfers meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by displaying HTTPS in the URL, signaling to users that their data is being transmitted securely and encrypted.
Transfer of Personal Data
In the course of processing personal data, it may occur that these are transmitted to other entities, companies, legally independent organizational units, or individuals or disclosed to them. Recipients of this data may include service providers tasked with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.
International Data Transfers
Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or if the processing takes place as part of the use of services of third parties or the disclosure or transfer of data to other persons, entities, or companies, this only occurs in accordance with legal requirements. Transfers occur either if the level of data protection in the third country has been recognized by the EU Commission (e.g., through an adequacy decision under Art. 45 GDPR) or if there are other guarantees such as standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or if the transfer is necessary for the performance of a contract or the fulfillment of legal obligations (Art. 49 para. 1 GDPR).
Further information on data transfers to third countries can be found in the information provided by the EU Commission at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en. In addition, as part of the "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure based on the adequacy decision dated 10.07.2023. You can find the list of certified companies and further information on the DPF on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/.
General Information on Data Retention and Deletion
We delete personal data that we process in accordance with legal provisions as soon as the underlying consent is revoked or there are no longer legal grounds for processing. This applies in cases where the original purpose of the processing has ceased or the data is no longer needed. Exceptions to this rule exist where statutory obligations or special interests require longer retention or archiving of the data.
Data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or the protection of the rights of others is stored accordingly.
Our data protection information includes additional information on retention and deletion of data, specifically for certain processing operations.
If multiple retention or deletion periods are specified, the longest period always applies. If a period does not explicitly start on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event that triggered the period occurred. In the case of ongoing contractual relationships where data is stored, the trigger event is the time of the effectiveness of the termination or other end of the legal relationship.
Data that is no longer stored for the originally intended purpose but due to legal requirements or other reasons is processed solely for the reasons that justify its retention.
Additional information on processing operations, procedures, and services:
- Retention and deletion of data: The following general periods apply for retention and archiving under German law:
- 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheet, as well as the working instructions and other organizational documents required for their understanding, booking vouchers, and invoices (§ 147 para. 3 in conjunction with para. 1 no. 1, 4, and 4a AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 and 4, para. 4 HGB).
- 6 years - Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents relevant for taxation, such as time sheets, business accounting sheets, calculation documents, price quotations, but also payroll documents, if not already accounting vouchers, and cash receipts (§ 147 para. 3 in conjunction with para. 1 no. 2, 3, 5 AO, § 257 para. 1 no. 2 and 3, para. 4 HGB).
- 3 years - Data required to account for potential warranty and compensation claims or similar contractual claims and rights, as well as related inquiries based on previous business experiences and standard industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).
Rights of the Data Subjects
Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly those arising from Articles 15 to 21 GDPR:
- Right to object: You have the right to object at any time to the processing of your personal data, which is based on Art. 6 para. 1 lit. e or f GDPR, for reasons arising from your particular situation. This also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling to the extent that it is related to such direct marketing.
- Right to withdraw consent: You have the right to withdraw your consent at any time.
- Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.
- Right to rectification: You have the right, in accordance with legal requirements, to request the completion or correction of data concerning you.
- Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request the immediate deletion of data concerning you or, alternatively, to request a restriction of the processing of the data in accordance with legal requirements.
- Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with legal requirements.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the provisions of the GDPR.
Provision of the Online Offer and Web Hosting
We process users' data in order to provide our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the browser or device of the users.
- Processed data types: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Log data (e.g., logins or data retrieval or access times).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)). Security measures.
- Retention and deletion: Deletion in accordance with the section "General Information on Data Retention and Deletion".
- Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR).
Additional notes on processing operations, procedures, and services:
- Provision of online services on rented storage space: For the provision of our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from an appropriate server provider (also known as a "web host"); Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR).
- Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files". The server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, a message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, known as DDoS attacks), and for load balancing of the servers and ensuring their stability; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidence purposes is excluded from deletion until the incident is finally clarified.
- Content Delivery Network (CDN): We use a "Content Delivery Network" (CDN). A CDN is a service that helps to deliver the content of an online offer, particularly large media files such as graphics or program scripts, more quickly and securely using regionally distributed servers connected via the internet; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR).
Use of Cookies
The term "cookies" refers to functions that store and retrieve information on users' devices. Cookies can be used for various purposes, such as ensuring the functionality, security, and comfort of online services and creating analyses of visitor flows. We use cookies in accordance with legal requirements. This includes obtaining users' consent in advance, where required. If consent is not required, we rely on our legitimate interests, particularly when storage and retrieval of information are necessary to provide explicitly requested content and functions. This includes, for example, storing settings and ensuring the functionality and security of our online offer. Consent can be revoked at any time. We provide clear information on the scope and types of cookies used.
Notes on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, as explained in this section and in the context of the respective services and procedures.
Storage duration: With regard to the storage duration, the following types of cookies are distinguished:
- Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes their device (e.g., browser or mobile application).
- Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be stored, and preferred content can be displayed directly when the user revisits a website. Likewise, the user data collected with the help of cookies can be used for audience measurement. If no explicit information is provided to users about the type and storage duration of cookies (e.g., as part of obtaining consent), they should assume that these are permanent and that the storage duration may be up to two years.
General notes on withdrawal and objection (Opt-out): Users can revoke their given consent at any time and also declare an objection to processing in accordance with legal requirements, including through the privacy settings of their browser.
- Processed data types: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
- Data subjects: Users (e.g., website visitors, users of online services).
- Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR). Consent (Art. 6 para. 1 sent. 1 lit. a) GDPR).
Additional notes on processing operations, procedures, and services:
- Processing of cookie data based on consent: We use a consent management solution to obtain users' consent for the use of cookies or the procedures and providers mentioned within the consent management solution. This procedure serves to obtain, log, manage, and revoke consent, particularly in relation to the use of cookies and similar technologies that are used to store, read, and process information on users' devices. In this context, the consents of users for the use of cookies and the associated processing of information, including the specific processing and providers mentioned within the consent management procedure, are obtained. Users also have the option to manage and revoke their consents. The consents are stored to avoid having to ask again and to be able to prove consent in accordance with legal requirements. The storage is server-side and/or in a cookie (so-called opt-in cookie) or by means of similar technologies to be able to assign the consent to a specific user or their device. If no specific information is provided about the providers of consent management services, the following general notes apply: The storage duration of the consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, the information on the scope of consent (e.g., categories of cookies and/or service providers concerned), as well as information about the browser, system, and device used; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a) GDPR).
Registration, Login, and User Account
Users can create a user account. During registration, users are informed of the required mandatory details, which are processed for the purpose of providing the user account based on contractual obligation. The data processed includes, in particular, login information (username, password, and an email address).
In the context of using our registration and login functions, as well as using the user account, we store the IP address and the time of each user action. The storage is based on our legitimate interests as well as those of the users for protection against abuse and other unauthorized use. These data are generally not disclosed to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so.
Users may be informed by email of processes relevant to their user account, such as technical changes.
- Processed data types: Inventory data (e.g., full name, home address, contact details, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and posts, as well as information about them, such as authorship or time of creation); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions). Log data (e.g., logins or data retrieval or access times).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Organizational and administrative procedures. Provision of our online offer and user-friendliness.
- Retention and deletion: Deletion in accordance with the section "General Information on Data Retention and Deletion". Deletion upon termination.
- Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR).
Additional notes on processing operations, procedures, and services:
- Registration with pseudonyms: Users may use pseudonyms instead of their real names as usernames; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR).
- User profiles are public: Users' profiles are publicly visible and accessible.
- Adjusting profile visibility: Users can use settings to determine to what extent their profiles are visible or accessible to the public or only to specific people or groups; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR).
- Deletion of data upon termination: If users have terminated their user account, their data regarding the user account will be deleted, subject to a legal permission, obligation, or user consent; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR).
Administrative Support Access
In certain cases, authorized administrators may temporarily access user accounts to reproduce and resolve technical issues (e.g., bugs reported by users). This access is solely for diagnostic purposes and is strictly logged, limited in time, and does not include the ability to change user data without user consent. The legal basis for this is our legitimate interest under Art. 6 para. 1 lit. f GDPR.
Community Functions
The community features we provide allow users to engage in conversations or otherwise exchange information with each other. Please note that the use of the community features is only permitted in compliance with the applicable legal regulations, our terms and policies, as well as the rights of other users and third parties.
- Processed data types: Inventory data (e.g., full name, home address, contact details, customer number, etc.). Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures. Provision of our online offer and user-friendliness.
- Retention and deletion: Deletion in accordance with the section "General Information on Data Retention and Deletion".
- Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR).
Additional notes on processing operations, procedures, and services:
- User contributions are public: User-generated content and contributions are publicly visible and accessible; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR).
- Adjusting visibility of contributions: Users can use settings to determine to what extent their contributions and content are visible to the public or only to specific people or groups; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR).
- Storage of data for security purposes: User contributions and other user inputs are processed for the purposes of community and conversational features, and, unless there is a legal obligation or permission to disclose them to third parties, they are not shared with third parties. A disclosure obligation may arise, particularly in the case of unlawful contributions, for the purpose of legal prosecution. We note that, in addition to the content of contributions, the time of the contributions and users' IP addresses are also stored. This is to enable appropriate actions to protect other users and the community; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR).
- Right to delete content and information: Deleting user-generated content, contributions, or information is permissible after a proper assessment to the extent necessary if there are concrete indications that they violate legal rules, our guidelines, or the rights of third parties; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR).
- Protecting own data: Users decide for themselves what data they disclose within our online offer. For example, when users provide information about themselves or participate in conversations. We ask users to protect their data and only disclose personal information with caution and only to the extent necessary. In particular, we ask users to protect their access data carefully and to use secure passwords (i.e., especially long and random combinations of characters); Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR).
Contact and Request Management
When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within the context of existing user and business relationships, the information provided by the requesting persons is processed to the extent necessary to respond to the contact inquiries and any requested actions.
- Processed data types: Inventory data (e.g., full name, home address, contact details, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and posts, as well as information about them, such as authorship or time of creation); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
- Data subjects: Communication partners.
- Purposes of processing: Communication; Organizational and administrative procedures; Feedback (e.g., collecting feedback via online form). Provision of our online offer and user-friendliness.
- Retention and deletion: Deletion in accordance with the section "General Information on Data Retention and Deletion".
- Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR). Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR).
Additional notes on processing operations, procedures, and services:
- Contact form: When contacting us via our contact form, by email, or through other communication channels, we process the personal data provided to us to respond to and handle the respective request. This typically includes information such as name, contact details, and any other information that may be necessary for the proper handling of the request. We use this data exclusively for the specified purpose of contact and communication; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR).
Newsletter and Electronic Notifications
We send newsletters, emails, and other electronic notifications (hereinafter "Newsletter") only with the consent of the recipients or based on a legal basis. If the contents of a newsletter are specifically described in the context of registration, they are decisive for the users' consent. For registration to our newsletter, it is usually sufficient to provide your email address. However, to provide a personalized service, we may ask for your name for personal address in the newsletter or other information necessary for the purpose of the newsletter.
Deletion and restriction of processing: We may store the email addresses of unsubscribed users for up to three years based on our legitimate interests to provide evidence of previously given consent before deleting them. The processing of these data is limited to the purpose of a potential defense against claims. An individual deletion request is possible at any time, provided that the previous existence of consent is confirmed. In the event of obligations to permanently consider objections, we reserve the right to store the email address for this purpose alone in a suppression list (so-called "blocklist").
The logging of the registration process is based on our legitimate interests for the purpose of proving its proper implementation. If we engage a service provider for sending emails, this is done based on our legitimate interests in an efficient and secure mailing system.
Contents: Information about us, our services, promotions, and offers.
- Processed data types: Inventory data (e.g., full name, home address, contact details, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions).
- Data subjects: Communication partners.
- Purposes of processing: Direct marketing (e.g., via email or postal services).
- Retention and deletion: 3 years - Contractual claims (AT) (Data required to account for potential warranty and compensation claims or similar contractual claims and rights, as well as to process related inquiries, are stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).). 10 years - Contractual claims (CH) (Data necessary to account for potential compensation claims or similar contractual claims and rights, as well as to process related inquiries, are stored for the statutory limitation period of ten years, unless a shorter period of 5 years is applicable, which may apply in certain cases (Art. 127, 130 OR)).
- Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR).
- Opt-out option: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent, or object to further receipt. A link to cancel the newsletter can be found either at the end of each newsletter or by using one of the above-mentioned contact options, preferably email.
Additional notes on processing operations, procedures, and services:
- Measurement of open and click rates: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server or, if we use a mailing service provider, from their server when the newsletter is opened. As part of this retrieval, technical information such as details about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used to improve our newsletter based on technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether and when newsletters are opened and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until deleted. The evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content based on the interests of our users; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a) GDPR).
Competitions and Contests
We process the personal data of participants in competitions and contests in compliance with the relevant data protection regulations, to the extent that the processing is necessary for providing, conducting, and handling the competition, the participants have consented to the processing, or the processing serves our legitimate interests (e.g., ensuring the security of the competition or protecting our interests against abuse, such as collecting IP addresses when competition entries are submitted).
If participants' entries are published as part of the competition (e.g., as part of a vote or presentation of the competition entries or winners or reporting on the competition), we point out that the participants' names may also be published in this context. Participants can object to this at any time.
If the competition takes place within an online platform or social network (e.g., Facebook or Instagram, hereinafter referred to as "Online Platform"), the terms of use and privacy policies of the respective platforms apply in addition. In such cases, we note that we are responsible for the information provided by the participants in the context of the competition and that inquiries regarding the competition should be directed to us.
The participants' data will be deleted as soon as the competition or contest is over and the data is no longer required to inform the winners or because further inquiries regarding the competition are no longer to be expected. In principle, the participants' data will be deleted no later than 6 months after the end of the competition. Data of the winners may be retained longer, e.g., to answer inquiries about the prizes or to fulfill the prize obligations; in this case, the retention period depends on the type of prize and is, e.g., up to three years for goods or services to handle warranty cases. Furthermore, the participants' data may be stored longer, e.g., as part of reporting on the competition in online and offline media.
If data is also collected for other purposes as part of the competition, its processing and retention period will be based on the data protection information provided for this use (e.g., in the case of newsletter registration as part of a competition).
- Processed data types: Inventory data (e.g., full name, home address, contact details, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers). Content data (e.g., textual or visual messages and posts, as well as information about them, such as authorship or time of creation).
- Data subjects: Competition and contest participants.
- Purposes of processing: Conducting competitions and contests.
- Retention and deletion: Deletion in accordance with the section "General Information on Data Retention and Deletion".
- Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR).
Surveys and Questionnaires
We conduct surveys and questionnaires to collect information for the respective survey or questionnaire purpose. The surveys and questionnaires we conduct (hereinafter referred to as "surveys") are evaluated anonymously. Processing of personal data only occurs to the extent necessary to provide and technically conduct the surveys (e.g., processing of the IP address to display the survey in the user's browser or using a cookie to enable resuming the survey).
- Processed data types: Inventory data (e.g., full name, home address, contact details, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and posts, as well as information about them, such as authorship or time of creation). Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions).
- Data subjects: Participants.
- Purposes of processing: Feedback (e.g., collecting feedback via online form). Surveys and questionnaires (e.g., surveys with input options, multiple-choice questions).
- Retention and deletion: Deletion in accordance with the section "General Information on Data Retention and Deletion".
- Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR).
Additional notes on processing operations, procedures, and services:
Web Analysis, Monitoring, and Optimization
Web analysis (also referred to as "reach measurement") serves to evaluate the visitor flows of our online offer and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. Using reach analysis, we can, for example, recognize when our online offer or its features or content are used most frequently or invite reuse. It also allows us to identify areas that need optimization.
In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offer or its components.
Unless otherwise specified below, profiles, i.e., data aggregated into a usage process, may be created and information may be stored in a browser or on a device and then read. The collected data includes, in particular, visited websites and the elements used there, as well as technical information such as the browser used, the computer system used, and usage times. If users have consented to the collection of their location data, processing of location data is also possible.
In addition, users' IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear data (such as email addresses or names) of users is stored during web analysis, A/B testing, and optimization, but pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users but only the information stored in their profiles for the purposes of the respective procedures.
Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for the data processing is consent. Otherwise, the users' data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would like to point out the information on the use of cookies in this privacy policy.
- Processed data types: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Profiles with user-related information (creation of user profiles). Provision of our online offer and user-friendliness.
- Retention and deletion: Deletion in accordance with the section "General Information on Data Retention and Deletion". Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods can be stored on users' devices for up to two years).
- Security measures: IP masking (pseudonymization of the IP address).
- Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR).
Additional notes on processing operations, procedures, and services:
- PostHog: We use PostHog to analyze user interactions within our online platform. This helps us improve our services by understanding how users navigate and interact with our website. PostHog collects data such as page views, clicks, and session durations. If users opt for "only essential" in our cookie banner, PostHog will not collect any tracking data.
Data is processed via PostHog Cloud, meaning that information is transmitted to PostHog’s servers. By default, PostHog may collect metadata such as device type, browser information, and general geolocation data derived from IP addresses, but we do not track personal information like names or email addresses.
Service provider: PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a) GDPR); Website:https://posthog.com/; Privacy Policy:https://posthog.com/privacy; Opt-out option: Users can disable tracking by selecting "Only essential" in our cookie banner.
Presence in Social Networks (Social Media)
We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.
We point out that user data may be processed outside the European Union in this process. This can result in risks for users because, for example, it may be more difficult to enforce users' rights.
Furthermore, users' data is generally processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on users' behavior and interests. These usage profiles may, in turn, be used to place advertisements inside and outside the networks that are likely to correspond to users' interests. For this purpose, cookies are usually stored on the users' devices, in which the usage behavior and interests of the users are stored. The usage profiles may also store data independently of the devices used by the users (especially if the users are members of the respective platforms and logged in).
For a detailed presentation of the respective processing forms and the options to object (opt-out), we refer to the privacy policies and information of the operators of the respective networks.
In the case of information requests and the assertion of data subjects' rights, we also point out that these can be most effectively asserted with the providers. Only they have access to users' data and can take direct action and provide information. If you still need assistance, you can contact us.
- Processed data types: Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and posts, as well as information about them, such as authorship or time of creation). Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Communication; Feedback (e.g., collecting feedback via online form). Public relations.
- Retention and deletion: Deletion in accordance with the section "General Information on Data Retention and Deletion".
- Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR).
Additional notes on processing operations, procedures, and services:
- Instagram: Social network for sharing photos and videos, commenting and liking posts, sending messages, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR); Website:https://www.instagram.com; Privacy Policy:https://privacycenter.instagram.com/policy/. Basis for third country transfers: Data Privacy Framework (DPF).
- X: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR); Website:https://x.com; Privacy Policy:https://x.com/de/privacy.
Changes and Updates
We ask you to regularly review the content of our privacy policy. We adapt the privacy policy as soon as changes in our data processing make this necessary. We will inform you as soon as changes require your participation (e.g., consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting them.
Created with a free privacy policy generator from Dr. Thomas Schwenke