Skip to main content

Privacy Policy

This Privacy Policy will provide you with an explanation on the type, scope and purpose of the processing of personal data (hereinafter referred to as „data“) conducted as part the provision of our services as well as within our online offering and the associated websites, functions, content and external online presences, such as our social media profile (hereinafter collectively referred to as „online offering“). With regard to the terms used, such as

„processing“ or „data controller“, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Data controller

The responsible body for data processing on this website is the website operator:

Katharina Ferster
KC FortuneFamily LTD Faiakon 16
4108 Limassol Cyprus
Email: hallo@fortune-family.com Director: Yvonne Stein

 

Types of data processed

Inventory data (such as personal master data, names or addresses)

Contact data (e.g., email address, phone numbers)Content data (e.g., text input, photographs, videos)

Usage data (e.g., visited websites, interest in content, access times)

Meta/communication data (e.g., device information, IP addresses)

Categories of data subjects

Visitors and users of the online offering (data subjects will hereinafter also be referred to as „users“).

Purpose of processing

Provision of the website, its functions and contentsTo respond to contact requests and to communicate with usersSecurity measuresReach measurement/marketing

Terms used

„Personal Data“ refers to all information relating to an identified or identifiable natural person (hereinafter the „Data Subject“); a natural person is regarded as identifiable if they can be directly or indirectly identified, especially by means of association with an identifier, such as a name, with an identification number, with location data, with an online identifier (e.g., cookies) or with one or several special features reflecting the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.

„Processing“ means any operation or series of operations carried out with or without the help of automated procedures in connection with personal data. The term is broad and covers virtually every aspect of dealing with data. „Pseudonymisation“ means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data is not attributed to an identified or an identifiable natural person. „Profiling“ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements. „Controller“ (or „data controller“) refers to the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.

A „processor“ is a natural or legal person, public authority, institution, or other body which processes personal data on behalf of the data controller.

Applicable legal bases

In accordance with Article 13 GDPR, we are informing you of the legal basis of our data processing. For users covered by the scope of the General Data Protection Regulation (GDPR), i.e., in the EU and EEC, the following applies insofar as the legal basis is not stated in the Privacy Policy: The legal basis for obtaining consent is Article 6 para. 1 lit. a and Article 7 GDPR; The legal basis for processing in order to fulfil our services, implement contractual activities, and respond to enquiries is Article 6 para 1 lit. b GDPR; The legal basis for processing in order to fulfil our contractual obligations is Article 6 para. 1 lit. c GDPR; In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 para. 1 lit. d GDPR applies as the legal basis. The legal basis for processing required to perform a task which falls within the public interest or in the exercise of public authority which is transferred to the data controller is Article 6 para. 1 lit. e GDPR. The legal basis for processing in order to safeguard our legitimate interests is Article 6 para. 1 lit. f GDPR. The processing of data for purposes other than those for which the data was originally obtained is determined in accordance with the provisions of Article 6 para. 4 GDPR. The processing of particular categories of data (in accordance with Article 9 para. 1 GDPR) is determined in accordance with the provisions of Article 9 para. 2 GDPR.

Security measures

In accordance with legal requirements, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account current technology, implementation costs, the nature, scope, context and purposes of processing, and the varying likelihood and severity of the risk to the rights and freedoms of natural persons. These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling both physical access to the data and access pertaining to it, input, transmission, security of its availability, and its separation. We have also established procedures which guarantee the exercise of the rights of data subjects, deletion of data, and reaction to risks concerning the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software, and procedures in accordance with the principle of data protection through technology design and data protection-friendly defaults.

Collaboration with processors, joint data controllers and third parties

If, in the context of our processing, we disclose data to other persons and companies (processors, mutually responsible persons or third parties), transmit it to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (e.g. if the data has been transmitted to third parties, such as payment service providers, to fulfil the contract), users have consented to a legal obligation to do so or on the basis of our legitimate interests (e.g. the use of agents, web hosters, etc.). Insofar as we disclose data to other companies within our group of companies, transmit data to these, or otherwise grant them access to the data, this will be done, in particular, for administrative purposes, constituting a legitimate interest, and, beyond that, on a basis which corresponds to the legal requirements.

Transmission to third countries

If we process data either in a third country (i.e. a country outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or in the context of using third-party services, or

disclose or transmit data to other persons or companies, this will only be done in order to fulfil our (pre)contractual obligations, or based on either your consent, a legal objection, or our legitimate interests. Subject to legal or contractual permission, we will only process data or have data processed in a third country if the legal requirements are met.

This means data will be processed on the basis of, for example, special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (for example, through „Privacy Shield“ for the USA) or compliance with officially recognised special contractual obligations.

Rights of data subjects

You have the right to request confirmation as to whether the data in question is being processed and for information about this data as well as for further information and copying of the data in accordance with the legal requirements. You have the right, in accordance with the legal requirements, to demand the completion of data concerning you or the correction of incorrect data concerning you. In accordance with the statutory provisions, you have the right to demand that the relevant data be deleted immediately, or, alternatively, to demand restriction of the processing of the data in accordance with the statutory provisions. You have the right to request receipt of the data concerning you that you have provided to us in accordance with the legal requirements and to request its transmission to other controllers. You also have the right, in accordance with the legal provisions, to submit a complaint to the responsible supervisory authority.

Right of withdrawal

You have the right to withdraw consent which you have granted to us with effect for the future.

Right of rejection

In accordance with the legal provisions, you can object to the future processing of your data at any time. You can in particular object to processing for the purposes of direct advertising.

Cookies and right of objection to direct advertising

Cookies are small files stored on users‘ computers. A variety of data can be stored within cookies. A cookie serves primarily to save the data of a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, as well as „session cookies“ or

„transient cookies“, are cookies which are deleted after a user leaves an online offering and closes their browser. For example, the

content of a shopping cart in an online shop or a login status can be stored in a cookie of this kind. Cookies are referred to as „permanent“ or „persistent“ if they remain stored even after the browser has been closed. For example, this allows the login status to be saved if users visit the site again after several days. Likewise, users‘ interests may be stored in a cookie of this nature and used for measuring reach or marketing purposes. „Third-party cookies“ are cookies that are offered by providers other than the data controller who operates the website (if only the data controller’s cookies are concerned, they are referred to as

„first-party cookies“). We may use temporary and permanent cookies and clarify this within the framework of our Privacy Policy. If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Cookies which are already stored can be deleted in the system settings of the browser at any time. The exclusion of cookies can lead to functional restrictions of this website. You can make a general objection to the use of cookies used for online marketing purposes for a variety of services, especially tracking cookies, via the US

website http://www.aboutads.info/choices/or the EU

site http://www.youronlinechoices.com/. In addition, the storage of cookies can be disabled in your browser settings.

Please note that this may prevent the use of all functions of this online offering.

Deletion of data

Either the data processed by us will be deleted, or its processing will be restricted in accordance with the legal provisions. Unless expressly stated in this Privacy Policy, the data stored by us shall be deleted as soon as it is no longer required for its intended purpose, and the deletion does not conflict with any statutory storage obligations.

If the data is not deleted because it is required for other legally permissible purposes, the processing of the data will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies,

for example, to data which must be retained for commercial or tax reasons.

Changes and updates to this Privacy Policy

We ask that you to inform yourself regularly as to the content of our Privacy Policy. The Privacy Policy will be adapted as soon as changes to the data processing carried out by us make this necessary. We will inform you when these changes require either your cooperation (for example, consent) or other individual notification.

Business-related processing

In addition, we process – contract data (e.g., subject matter of the contract, duration, customer category). – Payment data (e.g., bank details, payment history) of our customers, interested parties, and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.

Agency services

We process our customers‘ data as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services. We process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., email, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history), usage and metadata (e.g. as part of the evaluation and performance measurement of marketing measures). On principle, we do not process special categories of personal data unless these are part of commissioned processing. The data subjects include our customers, prospects and their customers, users, website visitors or employees, and also third parties. The purpose of the processing is to provide contractual services, billing and our customer service. The legal basis of the processing results from Art. 6 para. 1 lit. b GDPR (contractual services), Art. 6 para. 1 lit. f GDPR (analysis, statistics, optimisation, safety measures). We process data which is necessary to justify and fulfil the contractual services, and we point out the necessity of its disclosure. Disclosure to external parties only takes place if it is necessary within the framework of an order. When processing the data provided to us within the framework of an order, we act in accordance with the instructions of the client, as well as with the legal requirements of order processing pursuant to Art. 28 GDPR and process the data for no other purpose than those of the order. We delete the data after expiry of legal warranty and comparable obligations. The necessity of keeping the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after its expiry (6 years, in accordance with §257 para. 1 of the German Commercial Code (HGB), 10 years in accordance with § 147 para. 1 of the Fiscal Code (AO)). In the case of data disclosed to us within the scope of an order by the customer, we delete the data in accordance with the specifications of the order, generally after the end of the order.

Therapeutic Services and Coaching
We process the data of our clients and interested parties, as well as other principals or contractual partners (hereinafter referred to as „clients“) in accordance with Article 6(1)(b) of the GDPR to provide our contractual or pre-contractual services. The type, scope, purpose, and necessity of data processing depend on the underlying contractual relationship. The data processed generally includes clients’ basic and master data (e.g., name, address, etc.), contact data (e.g., email address, phone number, etc.), contract data (e.g., services utilized, fees, names of contact persons, etc.), and payment data (e.g., bank details, payment history, etc.).

As part of our services, we may also process special categories of data as per Article 9(1) of the GDPR, specifically information regarding the client’s health, potentially related to their sexual life or orientation, ethnic origin, or religious or ideological beliefs. Where required, we obtain explicit consent from clients in accordance with Article 6(1)(a), Article 7, and Article 9(2)(a) of the GDPR and process special categories of data otherwise for health care purposes under Article 9(2)(h) of the GDPR and § 22(1)(1)(b) of the Federal Data Protection Act (BDSG).

Where necessary for contract fulfillment or as legally required, we disclose or transfer client data in the course of communication with other professionals, to third parties involved in contract fulfillment as needed or typically, such as billing offices or similar service providers. This disclosure is to facilitate our services according to Article 6(1)(b) of the GDPR, fulfill legal obligations under Article 6(1)(c) of the GDPR, serve our or the clients’ interests in efficient and cost-effective health care as a legitimate interest under Article 6(1)(f) of the GDPR, or as necessary to protect the vital interests of the clients or another natural person under Article 6(1)(d) of the GDPR, or with consent in accordance with Article 6(1)(a) and Article 7 of the GDPR.

Data is deleted when it is no longer required for fulfilling contractual or legal duties of care and managing any warranty or comparable obligations. The necessity for retaining data is reviewed every three years; otherwise, statutory retention obligations apply.

Contractual Services
We process the data of our contractual partners and interested parties, as well as other clients, customers, mandatees, clients, or contractual partners (hereinafter referred to as „contractual partners“) in accordance with Article 6(1)(b) of the GDPR, in order to provide them with our contractual or pre-contractual services. The type, scope, purpose, and necessity of data processing are determined based on the underlying contractual relationship. The data processed includes the basic data of our contractual partners (e.g., names and addresses), contact data (e.g., email addresses and phone numbers), contractual data (e.g., services utilized, contract contents, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history). We do not process special categories of personal data unless they are part of commissioned or contractually required processing.

We process data necessary for establishing and fulfilling contractual services and indicate the necessity of providing such information where it may not be apparent to the contractual partners. Disclosure to external persons or entities only occurs when required within the framework of a contract. When processing data entrusted to us as part of a contract, we act in accordance with the instructions of the principals and the legal provisions.

In the context of using our online services, we may store the IP address and time of each user action. This storage is based on our legitimate interests as well as the interests of users in protection against misuse and other unauthorized usage. Disclosure of this data to third parties is generally not permitted, unless necessary to pursue our claims in accordance with Article 6(1)(f) of the GDPR or there is a legal obligation to do so under Article 6(1)(c) of the GDPR. Data will be deleted when it is no longer necessary for fulfilling contractual or legal duties of care, as well as for managing any warranty or comparable obligations; data retention requirements are reviewed every three years. Otherwise, statutory retention obligations apply.

External Payment Service Providers
We use external payment service providers through whose platforms users and we can conduct payment transactions (e.g., with links to their privacy policies: Paypal, Klarna, Skrill, Giropay, Visa, Mastercard, American Express).

In fulfilling contracts, we utilize these payment service providers based on Article 6(1)(b) of the GDPR. Additionally, we employ external payment service providers based on our legitimate interests under Article 6(1)(f) of the GDPR, to provide our users with effective and secure payment options. The data processed by the payment service providers includes basic information such as name and address, bank details such as account or credit card numbers, passwords, TANs, and verification information, as well as contract, sum, and recipient-specific information. This data is required to execute the transactions. However, the entered data is processed solely by the payment service providers and stored with them, meaning we do not receive any account or credit card information, only payment confirmations or rejections.

In some cases, the payment service providers may transmit the data to credit agencies to verify identity and creditworthiness. For further details, please refer to the terms and privacy policies of the respective payment service providers, which are accessible on their respective websites or transaction applications. We also refer you to these sources for further information and for exercising rights to withdraw, obtain information, or assert other data subject rights.

Participation in Affiliate Partner Programs
Within our online offering, we use standard tracking measures based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering) in accordance with Art. 6(1)(f) GDPR, insofar as they are necessary for the operation of the affiliate system. Below, we inform users about the technical background. The services offered by our contractual partners may also be advertised and linked on other websites (so-called affiliate links or after-buy systems, where links or third-party services are offered after a contract is concluded, for example). The operators of the respective websites receive a commission if users follow the affiliate links and then accept the offers.

In summary, it is necessary for our online offering to track whether users who are interested in affiliate links and/or the offers available with us subsequently accept the offers based on the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented by certain values that can be part of the link or set in another way, e.g., in a cookie. These values include, in particular, the referring website (referrer), time, an online identifier of the website operator on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising material ID, partner ID, and categorizations.

The online identifiers of users that we use are pseudonymous values. In other words, the online identifiers do not contain personal data such as names or email addresses. They help us only to determine whether the same user who clicked on an affiliate link or was interested in an offer through our online offering has accepted the offer, i.e., concluded a contract with the provider, for example. However, the online identifier is personal to the extent that the partner company and we both have access to the online identifier along with other user data. Only in this way can the partner company inform us that the user accepted the offer, enabling us, for example, to pay out the bonus.

Digistore24 Affiliate Program
We participate in the affiliate program of Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany, based on our legitimate interests (i.e., interest in the economic operation of our online offering in accordance with Art. 6(1)(f) GDPR). This program is designed to provide a platform for websites that can earn advertising fees through the placement of advertisements and links to Digistore24 (so-called affiliate system). Digistore24 uses cookies to track the origin of the contract conclusion. Among other things, Digistore24 can recognize that you clicked on the partner link on this website and subsequently made a purchase or concluded a contract with Digistore24.

For more information on Digistore24’s data usage and options for objection, please see the company’s privacy policy: https://www.digistore24.com/page/privacyl.

Privacy Notice in the Application Process
We process applicant data solely for the purpose and within the scope of the application process in compliance with legal requirements. The processing of applicant data is carried out to fulfill our (pre)contractual obligations within the application process under Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR if data processing becomes necessary, for example, within the context of legal proceedings (in Germany, § 26 BDSG also applies). The application process requires that applicants provide us with their data. Required applicant data is marked if we provide an online form; otherwise, it is derived from the job descriptions and generally includes personal details, postal and contact addresses, and documents related to the application, such as cover letters, CVs, and certificates. Applicants may also voluntarily provide additional information.

By submitting their application, applicants agree to the processing of their data for the purpose of the application process in accordance with the nature and scope outlined in this privacy policy. If applicants voluntarily disclose special categories of personal data within the meaning of Art. 9(1) GDPR during the application process, these will also be processed under Art. 9(2)(b) GDPR (e.g., health data such as disability status or ethnic origin). If the application process requires special categories of personal data per Art. 9(1) GDPR, processing will additionally take place under Art. 9(2)(a) GDPR (e.g., health data when relevant to the job).

If available, applicants may submit their applications via an online form on our website. The data will be transmitted to us in an encrypted manner in line with technical standards. Applicants may also submit their applications via email; however, please note that emails are generally not sent in an encrypted form, and applicants are responsible for encryption. We therefore cannot assume responsibility for the application transmission between the sender and receipt on our server and recommend using an online form or postal mail instead. Besides the online form and email, applicants may always submit applications by mail.

The data provided by applicants may be further processed for employment purposes in the event of a successful application. If an application for a job offer is unsuccessful, the applicant’s data will be deleted. Applicant data will also be deleted if an application is withdrawn, which applicants may do at any time. Subject to a justified revocation by the applicant, deletion occurs six months after the application process concludes, allowing us to answer follow-up questions about the application and fulfill our legal obligations under the German Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

Comments and Contributions
When users leave comments or other contributions, their IP addresses may be stored for seven days based on our legitimate interests under Art. 6(1)(f) GDPR. This storage is for our security, in case someone leaves unlawful content in comments and contributions (such as insults, prohibited political propaganda, etc.). In such cases, we may be held accountable for the comment or contribution and are therefore interested in the author’s identity. Additionally, based on our legitimate interests under Art. 6(1)(f) GDPR, we reserve the right to process user data for spam detection. On the same legal basis, we may store users’ IP addresses during surveys to prevent multiple responses and use cookies for this purpose. Information voluntarily shared by users within comments and contributions, such as personal data, contact, and website information, as well as content-related details, will be permanently stored by us unless users object.

Akismet Anti-Spam Check
Our online offering uses the service “Akismet,” provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. This use is based on our legitimate interests under Art. 6(1)(f) GDPR. This service helps differentiate real comments from spam comments. For this purpose, all comment information is sent to a server in the USA, where it is analyzed and stored for four days for comparison purposes. If a comment is classified as spam, the data will be stored beyond this period. This information includes the entered name, email address, IP address, comment content, referrer, information about the browser used, the computer system, and the entry time. For more information on data collection and use by Akismet, please refer to Automattic’s privacy policy: https://automattic.com/privacy/. Users may use pseudonyms or omit entering their name or email address. They can completely prevent data transmission by not using our comment system. We regret this inconvenience, but unfortunately, we have no equally effective alternatives.

Retrieving Profile Pictures with Gravatar
Within our online offering, particularly on the blog, we use the Gravatar service provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Gravatar is a service where users can register and store profile pictures and email addresses. When users leave posts or comments on other online platforms (especially blogs) with their registered email address, their profile picture can be displayed next to these posts or comments. To verify if a profile is associated with the email address, the provided email address is encrypted and sent to Gravatar. This is the sole purpose of transmitting the email address, which is not used for any other purposes and is subsequently deleted.

The use of Gravatar is based on our legitimate interests per Art. 6(1)(f) GDPR, as it allows post and comment authors to personalize their contributions with a profile picture. Displaying the images enables Gravatar to recognize the IP address of users, as this is necessary for communication between a browser and an online service. For more information on Gravatar’s data collection and usage, please refer to Automattic’s privacy policy: https://automattic.com/privacy/.

If users do not wish for a profile picture linked to their email address to appear in comments, they should use an email address not registered with Gravatar. It is also possible to use an anonymous or no email address at all if users do not want their email address transmitted to Gravatar. Users can completely prevent data transmission by choosing not to use our comment system.

Retrieving Emojis and Smilies
Within our WordPress blog, we use graphic emojis (or smilies)—small graphic files that express emotions—that are obtained from external servers. In this process, the servers’ providers collect users‘ IP addresses. This is necessary for the emoji files to be transmitted to users‘ browsers. The emoji service is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Automattic’s privacy notice can be found here: https://automattic.com/privacy/. The server domains used are s.w.org and twemoji.maxcdn.com, which we understand to be content delivery networks, meaning servers that solely serve the purpose of rapid and secure file delivery and delete users‘ personal data after transmission. The use of emojis is based on our legitimate interests, namely, in creating an attractive online offering per Art. 6(1)(f) GDPR.

Contacting Us
When contacting us (e.g., via contact form, email, telephone, or social media), user information is processed to handle and respond to the contact request per Art. 6(1)(b) GDPR (for contractual/pre-contractual relationships) and Art. 6(1)(f) GDPR (for other inquiries). User information may be stored in a Customer Relationship Management (CRM) system or similar inquiry organization system. We delete inquiries once they are no longer necessary. The necessity of retaining information is reviewed every two years; additionally, statutory archiving obligations apply.

CRM System Zendesk
We use the CRM system „Zendesk“ provided by Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA, to handle user inquiries more quickly and efficiently (legitimate interest according to Art. 6(1)(f) GDPR). Zendesk is certified under the Privacy Shield Agreement, providing an additional guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active). Zendesk only uses users‘ data for the technical processing of inquiries and does not share it with third parties. To use Zendesk, a valid email address is required at a minimum, and pseudonymous use is possible. Additional data (e.g., name, address) may be collected as necessary during the processing of service requests. If users do not agree with data collection and storage in Zendesk’s external system, we offer alternative contact options for submitting service inquiries via email, telephone, fax, or post. For more information, users can refer to Zendesk’s privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.

Newsletter
The following information provides details about the content of our newsletter, the registration, distribution, and statistical evaluation procedures, as well as your rights to object. By subscribing to our newsletter, you agree to receive it and the described procedures.

Newsletter Content:
We send newsletters, emails, and other electronic notifications containing promotional information (hereinafter „newsletter“) only with the consent of the recipients or legal permission. If the content of the newsletter is specifically described during registration, it is decisive for the user’s consent. Otherwise, our newsletters contain information about our services and us.

Double-Opt-In and Logging:
Registration for our newsletter follows a so-called double-opt-in procedure. This means you receive an email after registration asking you to confirm your registration. This confirmation is necessary to prevent others from registering with external email addresses. Newsletter registrations are logged to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation times and the IP address. Changes to your data stored with the newsletter service provider are also logged.

Registration Data:
To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we may ask you to provide a name for personalizing the newsletter.

Newsletter Delivery and Performance Measurement:
The newsletter is sent and its success measured based on the recipient’s consent, in accordance with Art. 6 (1)(a), Art. 7 GDPR, in conjunction with § 7 (2) no. 3 UWG, or, if consent is not required, based on our legitimate interest in direct marketing, as per Art. 6 (1)(f) GDPR in conjunction with § 7 (3) UWG. The logging of the registration process is based on our legitimate interests according to Art. 6 (1)(f) GDPR. Our interest lies in a user-friendly and secure newsletter system that serves both our business interests and meets users’ expectations while providing proof of consent.

Cancellation/Revocation:
You can cancel your subscription to our newsletter at any time, i.e., revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to demonstrate previously given consent. The processing of this data is limited to the purpose of possible legal defense. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed.

Newsletter – Service Provider
The distribution of the newsletter is carried out by the service provider KLICK-TIPP LIMITED, 15 Cambridge Court, 210 Shepherd’s Bush Road, London W6 7NJ, United Kingdom. You can view the privacy policy of the service provider here: Klick-Tipp Privacy Policy. The service provider is engaged based on our legitimate interests in accordance with Art. 6(1)(f) GDPR and a data processing agreement under Art. 28(3)(1) GDPR. The service provider may use recipients‘ data in pseudonymized form, meaning without direct user identification, to optimize or improve its own services, such as technical optimization of the distribution and presentation of the newsletter or for statistical purposes. However, the service provider does not use the data of our newsletter recipients to contact them directly or to pass on the data to third parties.

Newsletter – Performance Measurement
Our newsletters contain a “web beacon,” a tiny pixel-sized file retrieved from our server, or from the server of a service provider if used, when the newsletter is opened. In this process, technical information such as information about the browser, your system, your IP address, and the time of retrieval are collected. This information is used for the technical improvement of our services based on technical data or target groups and their reading behavior, identified by the retrieval locations (which can be determined using the IP address) or access times. Statistical data collection also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients; however, it is neither our aim, nor that of any service provider we might use, to monitor individual users. Instead, these evaluations help us recognize the reading habits of our users and adapt our content to them or send different content based on the interests of our users. A separate revocation of performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled.

Hosting and Email Dispatch
The hosting services we utilize serve to provide the following functions: infrastructure and platform services, computing capacity, storage space, and database services, email dispatch, security services, and technical maintenance services we use to operate this online offering. In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, metadata, and communication data of customers, prospects, and visitors to this online offering, based on our legitimate interest in an efficient and secure provision of this online offering according to Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Collection of Access Data and Logfiles
We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) based on our legitimate interests in terms of Art. 6 (1) lit. f GDPR. The access data include the name of the accessed webpage, file, date and time of access, data volume transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider. Logfile information is stored for a maximum of 7 days for security reasons (e.g., to investigate misuse or fraudulent activities) and deleted afterward. Data whose further retention is required for evidentiary purposes are excluded from deletion until the respective incident has been clarified.

Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC („Google“), based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 (1) lit. f GDPR). Google uses cookies. The information generated by the cookie about users’ use of the online offering is generally transmitted to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google uses this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within this online offering, and to provide additional services to us related to the use of this online offering and internet usage. Pseudonymous usage profiles of users can be created from the processed data.

We use Google Analytics only with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by selecting the appropriate settings on their browser software; users can also prevent Google from collecting the data generated by the cookie and related to their use of the online offering and from processing this data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. Further information on Google’s data usage, settings, and opt-out options can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated). The personal data of users is deleted or anonymized after 14 months.

Facebook Pixel, Custom Audiences, and Facebook Conversion
Within our online offering, the „Facebook Pixel“ of the social network Facebook is used for analysis, optimization, and economic operation of our online offering, based on our legitimate interests. This service is provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“). Facebook is certified under the Privacy Shield Agreement, providing a guarantee to comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

The Facebook Pixel enables Facebook to determine the visitors of our online offering as a target group for displaying ads (so-called „Facebook Ads“). We use the Facebook Pixel to show Facebook Ads only to those Facebook users who have shown interest in our online offering or who have certain characteristics (e.g., interest in specific topics or products, determined by the websites visited) that we transmit to Facebook (so-called „Custom Audiences“). The Facebook Pixel also allows us to ensure that our Facebook Ads match the potential interest of users without being intrusive. Additionally, the Facebook Pixel helps us understand the effectiveness of Facebook Ads for statistical and market research purposes by tracking whether users are redirected to our website after clicking on a Facebook Ad (known as „Conversion“).

Facebook processes data in accordance with Facebook’s Data Use Policy. General information about displaying Facebook Ads can be found in Facebook’s Data Use Policy: https://www.facebook.com/policy. For specific information and details on how the Facebook Pixel works, please visit Facebook’s Help Center: https://www.facebook.com/business/help/651294705016616.

You can object to the collection of data by the Facebook Pixel and the use of your data to display Facebook Ads. To manage the types of ads shown to you within Facebook, you can visit the page set up by Facebook and follow the instructions for usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, meaning they apply to all devices, such as desktop computers or mobile devices. You can further object to the use of cookies for reach measurement and advertising purposes through the Network Advertising Initiative’s deactivation page (http://optout.networkadvertising.org/) and additionally on the U.S. website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Online Presences on Social Media
We maintain online presences within social networks and platforms to communicate with active customers, interested parties, and users there and inform them about our services. We point out that in this context, user data may be processed outside the European Union. This may pose risks for users, as it could make it harder for them to exercise their rights. Regarding U.S. providers certified under the Privacy Shield, we note that they commit to adhering to EU data protection standards.

User data is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and resulting interests. These usage profiles may then be used to, for example, place advertisements inside and outside the platforms that are likely to match users‘ interests. For these purposes, cookies are typically stored on users‘ devices, recording their usage behavior and interests. Additionally, data can also be stored in the usage profiles regardless of the devices used by users (especially if they are members of the respective platforms and are logged in).

The processing of users‘ personal data is based on our legitimate interest in effective user information and communication according to Art. 6(1)(f) GDPR. If users are asked by the respective providers for consent to data processing, the legal basis of processing is Art. 6(1)(a) and Art. 7 GDPR. For a detailed explanation of the respective processes and opt-out options, please refer to the linked provider information below.

In the case of information requests and the assertion of user rights, we advise that the most effective way is to address these to the providers. Only the providers have access to users‘ data and can directly take appropriate measures and provide information. Should you need assistance, you can contact us.

 

Integration of Third-Party Services and Content
We incorporate content or service offerings from third-party providers within our online offering based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering in the sense of Art. 6 para. 1 lit. f GDPR) to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content receive the IP address of the users, as they cannot send the content to their browsers without the IP address. The IP address is therefore necessary for the presentation of this content. We endeavor to use only content whose providers use the IP address solely for delivering the content. Third-party providers may also use pixel tags (invisible graphics, also referred to as „web beacons“) for statistical or marketing purposes. These „pixel tags“ allow for the evaluation of visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users‘ devices and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other details about the use of our online offering, as well as being linked to such information from other sources.

Vimeo
We may embed videos from the “Vimeo” platform provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street, New York, New York 10011, USA. Privacy Policy: https://vimeo.com/privacy. We note that Vimeo may use Google Analytics and refer to the privacy policy (https://policies.google.com/privacy) as well as opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=en) or Google’s settings for data usage for marketing purposes (https://adssettings.google.com/).

YouTube
We embed videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Fonts
We incorporate the fonts („Google Fonts“) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Use of Facebook Social Plugins
We use Social Plugins (“Plugins”) of the social network facebook.com based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering according to Art. 6 (1) lit. f. GDPR), which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). These may include, for example, content like images, videos, or text and buttons that allow users to share content from this online offering within Facebook. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield Agreement and thus provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user calls up a function of this online offering that contains such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the online offering. Facebook may thereby create user profiles from the processed data. We therefore have no influence over the extent of data collected by Facebook through this plugin and inform users based on our current knowledge. By embedding the plugins, Facebook receives the information that a user has accessed the respective page of the online offering. If the user is logged into Facebook, Facebook can link the visit to their Facebook account. If users interact with the plugins, for example by clicking the Like button or leaving a comment, the corresponding information is transmitted directly from their device to Facebook and stored there.

If a user is not a Facebook member, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany. For the purpose and scope of the data collection, as well as further processing and use of the data by Facebook and the relevant rights and settings to protect user privacy, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their Facebook-stored member data, they must log out of Facebook and delete their cookies before using our online offering. Further settings and objections to the use of data for advertising purposes can be made within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, meaning they are applied across all devices, such as desktop computers or mobile devices.

Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke