Privacy policy

Table of contents

Introduction and overview

We have prepared this privacy policy (version 20.02.2022-111949157) in order to provide you with information in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller - and the processors commissioned by us (e.g. providers) - process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Data protection declarations usually sound very technical and use legal jargon. This privacy policy, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. As far as it is conducive to transparency, technical Terms explained in a reader-friendly way, Links to further information and Graphics for use. We use it to inform you in clear and simple language that we only process personal data as part of our business activities if there is a corresponding legal basis. This is certainly not possible if we provide explanations that are as concise, unclear and legal-technical as possible, as is often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information that you did not yet know.
If you still have questions, we would like to ask you to contact the responsible body named below or in the legal notice, follow the links provided and view further information on third-party websites. Our contact details can of course also be found in the legal notice.

Area of application

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes

  • all online presences (websites, online shops) that we operate
  • Social media presence and e-mail communication
  • Mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in the company in a structured manner via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course access this EU General Data Protection Regulation online on EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679 read more.

We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
  2. Contract (Article 6(1)(b) GDPR): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we require personal information in advance.
  3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
  4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and efficiently. This processing is therefore a legitimate interest.

Other conditions such as the fulfilment of recording in the public interest and the exercise of official authority as well as the protection of vital interests do not generally arise for us. If such a legal basis is relevant, it will be indicated at the appropriate point.

In addition to the EU regulation, national laws also apply:

  • In Austria this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), in short DSG.
  • In Germany this applies Federal Data Protection Act, short BDSG.

If other regional or national laws apply, we will inform you of this in the following sections.

Storage duration

It is a general criterion for us that we only store personal data for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

If you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and insofar as there is no obligation to store it.

We will inform you below about the specific duration of the respective data processing if we have further information on this.

Rights under the General Data Protection Regulation

According to Article 13 GDPR, you have the following rights to ensure fair and transparent processing of data:

  • According to Article 15 GDPR, you have a right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and the following information:

    • the purpose for which we carry out the processing;
    • the categories, i.e. the types of data that are processed;
    • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
    • how long the data will be stored;
    • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
    • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
    • the origin of the data if we have not collected it from you;
    • whether profiling is carried out, i.e. whether data is automatically analysed in order to create a personal profile of you.
  • According to Article 16 GDPR, you have a right to rectification of data, which means that we must correct data if you find errors.
  • According to Article 17 GDPR, you have the right to erasure ("right to be forgotten"), which specifically means that you may request the erasure of your data.
  • According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it any further.
  • According to Article 19 GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
  • According to Article 21 GDPR, you have the right to object, which will result in a change in the processing after enforcement.

    • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally honour this objection.
    • If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
    • If data is used for profiling purposes, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
  • Under Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g. profiling).

In short: You have rights - do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the data protection authority, whose website you can find at https://www.dsb.gv.at/ find. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) contact. The following local data protection authority is responsible for our company:

Austria Data Protection Authority

Manager: Dr Andrea Jelinek
Address:
Barichgasse 40-42, 1030 Vienna
Telephone no:
+43 1 52 152-0
E-mail address:
dsb@dsb.gv.at
Website:
https://www.dsb.gv.at/

Security of data processing

We have implemented both technical and organisational measures to protect personal data. Where possible, we encrypt or pseudonymise personal data. This makes it as difficult as possible for third parties to infer personal information from our data.

Art. 25 GDPR refers to "data protection by design and by default", meaning that both software (e.g. forms) and hardware (e.g. access to the server room) should always be designed with security in mind and appropriate measures should be taken. If necessary, we will go into more detail on specific measures below.

TLS encryption with https

TLS, encryption and https sound very technical - and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transmit data tap-proof on the Internet.
This means that the complete transmission of all data from your browser to our web server is secured - nobody can "listen in".

We have thus introduced an additional layer of security and fulfil data protection through technology design Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognise the use of this data transmission protection by the small lock symbol at the top left of the browser, to the left of the Internet address (e.g. examplepage.com) and the use of the https scheme (instead of http) as part of our Internet address.
If you want to know more about encryption, we recommend a Google search for "Hypertext Transfer Protocol Secure wiki" to get good links to further information.

Communication

Communication Summary
👥 Data subjects: Anyone who communicates with us by phone, email or online form
📓 Processed data: e.g. telephone number, name, email address, form data entered. You can find more details on this in the respective contact type used
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage period: Duration of the business case and the statutory provisions
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests)

If you contact us and communicate with us by telephone, e-mail or online form, personal data may be processed.

The data is processed for the handling and processing of your enquiry and the associated business transaction. The data will be stored for as long as required by law.

Persons concerned

All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.

Telephone

When you call us, the call data is stored pseudonymised on the respective end device and with the telecommunications provider used. In addition, data such as your name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to your enquiry. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

e-mail

If you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Online forms

If you communicate with us using an online form, data is stored on our web server and may be forwarded to one of our e-mail addresses. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of the data is based on the following legal bases:

  • Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to store your data and to use it for purposes relating to the business transaction;
  • Art. 6 para. 1 lit. b GDPR (contract): It is necessary for the fulfilment of a contract with you or a processor, such as the telephone provider, or we need to process the data for pre-contractual activities, such as the preparation of an offer;
  • Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to handle customer enquiries and business communication in a professional manner. This requires certain technical facilities such as email programmes, exchange servers and mobile network operators in order to operate communication efficiently.

Cookies

Cookies summary
👥 Data subject: Visitors to the website
🤝 Purpose: depending on the respective cookie. You can find more details on this below or from the manufacturer of the software that sets the cookie.
📓 Processed data: Depending on the cookie used. You can find more details on this below or from the manufacturer of the software that sets the cookie.
📅 Storage duration: depends on the respective cookie, can vary from hours to years
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, the "brain" of your browser, so to speak. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.

HTTP cookie interaction between browser and web server

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programmes and do not contain viruses, Trojans or other "malware". Cookies also cannot access information on your PC.

Cookie data can look like this, for example:

Name: _ga
Value: GA1.2.1326744211.152111949157-9
Intended use: Differentiation of website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

  • At least 4096 bytes per cookie
  • At least 50 cookies per domain
  • At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly explain the different types of HTTP cookies.

A distinction can be made between 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic website functions. For example, these cookies are needed when a user places a product in the shopping basket, then continues surfing on other pages and only goes to the checkout later. These cookies ensure that the shopping basket is not deleted even if the user closes their browser window.

Purposeful cookies
These cookies collect information about user behaviour and whether the user receives any error messages. These cookies are also used to measure the loading time and the behaviour of the website with different browsers.

Target-orientated cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are saved.

Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver customised advertising to the user. This can be very practical, but also very annoying.

When you visit a website for the first time, you are usually asked which of these cookie types you would like to allow. And of course this decision is also stored in a cookie.

If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Purpose of processing via cookies

The purpose ultimately depends on the cookie in question. You can find more details on this below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalise which data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Storage duration of cookies

The storage period depends on the cookie in question and is specified below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You can also influence the storage period yourself. You can delete all cookies manually at any time via your browser (see also "Right to object" below). Furthermore, cookies that are based on consent will be deleted at the latest after you withdraw your consent, whereby the legality of the storage until then remains unaffected.

Right to object - how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option of deleting, deactivating or only partially allowing cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. You can then decide for each individual cookie whether or not to allow it. The procedure differs depending on the browser. It is best to search for the instructions in Google using the search term "delete cookies Chrome" or "deactivate cookies Chrome" in the case of a Chrome browser.

Legal basis

The so-called "cookie guidelines" have been in place since 2009. This stipulates that the storage of cookies is a Consent (Article 6(1)(a) GDPR) from you. However, there are still very different reactions to these directives within the EU countries. In Austria, however, this directive has been implemented in Section 96 (3) of the Telecommunications Act (TKG). In Germany, the cookie directives have not been implemented as national law. Instead, this directive was largely implemented in Section 15 (3) of the Telemedia Act (TMG).

For strictly necessary cookies, even if no consent has been given. legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and certain cookies are often absolutely necessary for this.

If cookies that are not absolutely necessary are used, this will only take place with your consent. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.

In the following sections, you will be informed in more detail about the use of cookies if the software used utilises cookies.

Webhosting introduction

Web hosting summary
👥 Data subject: Visitors to the website
🤝 Purpose: professional hosting of the website and securing its operation
📓 Processed data: IP address, time of website visit, browser used and other data. You can find more details on this below or from the web hosting provider used.
📅 Storage period: depends on the respective provider, but usually 2 weeks
⚖️ Legal basis: Art. 6 para. 1 lit.f GDPR (legitimate interests)

What is web hosting?

When you visit websites these days, certain information - including personal data - is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, by the way, we mean the entirety of all web pages on a domain, i.e. everything from the start page (homepage) to the very last subpage (like this one). By domain we mean, for example, example.de or example.com.

If you want to view a website on a screen, you use a programme called a web browser. You probably know a few web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari.

This web browser must connect to another computer where the website code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why this is usually done by professional providers. These providers offer web hosting and thus ensure reliable and error-free storage of website data.

When the browser on your computer (desktop, laptop, smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a certain period of time in order to ensure proper operation.

By way of illustration:

Browser and web server

Why do we process personal data?

The purposes of data processing are:

  1. Professional website hosting and operational security
  2. to maintain operational and IT security
  3. Anonymous evaluation of access behaviour to improve our offer and, if necessary, for criminal prosecution or prosecution of claims

What data is processed?

Even while you are currently visiting our website, our web server, i.e. the computer on which this website is stored, usually automatically saves data such as

  • the complete Internet address (URL) of the website accessed
  • Browser and browser version (e.g. Chrome 87)
  • the operating system used (e.g. Windows 10)
  • the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen.html/)
  • the host name and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
  • Date and time
  • in files, the so-called web server log files

How long is data stored?

As a rule, the above-mentioned data is stored for a fortnight and then automatically deleted. We do not pass this data on, but we cannot rule out the possibility of this data being viewed by the authorities in the event of unlawful behaviour.

In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not pass on your data without your consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company securely and user-friendly on the Internet and to be able to pursue attacks and claims from this if necessary.

As a rule, there is a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

Social media introduction

Social media privacy policy summary
👥 Data subject: Visitors to the website
🤝 Purpose: Presentation and optimisation of our services, contact with visitors, interested parties, etc., advertising
📓 Processed data: Data such as telephone numbers, email addresses, contact details, user behaviour data, information about your device and your IP address.
You can find more details on this in the respective social media tool used.
📅 Storage duration: depending on the social media platforms used
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is social media?

In addition to our website, we are also active on various social media platforms. User data may be processed so that we can target users who are interested in us via the social networks. In addition, elements of a social media platform may also be embedded directly in our website. This is the case, for example, if you click on a social button on our website and are forwarded directly to our social media presence. Social media or social media refers to websites and apps through which registered members can produce content, share content openly or in specific groups and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and socialise online. With our social media presence, we can bring our products and services closer to interested parties. The social media elements integrated on our website help you to switch to our social media content quickly and without complications.

The data that is stored and processed through your use of a social media channel is primarily used to carry out web analyses. The aim of these analyses is to be able to develop more precise and personalised marketing and advertising strategies. Depending on your behaviour on a social media platform, the analysed data can be used to draw conclusions about your interests and create user profiles. This also enables the platforms to present you with customised advertisements. Cookies are usually set in your browser for this purpose, which store data on your user behaviour.

As a rule, we assume that we remain responsible under data protection law, even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is then reproduced below for the platform concerned.

Please note that when using the social media platforms or our built-in elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may not be able to claim or enforce your rights in relation to your personal data as easily.

What data is processed?

Exactly which data is stored and processed depends on the respective provider of the social media platform. However, it usually involves data such as telephone numbers, email addresses, data that you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Data can be linked to your profile, especially if you have a profile on the social media channel you are visiting and are logged in.

All data that is collected via a social media platform is also stored on the provider's servers. This means that only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly what data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the respective company's privacy policy. We also recommend that you contact the provider directly if you have any questions about data storage and data processing or wish to assert corresponding rights.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. For example, the social media platform Facebook stores data until it is no longer required for its own purposes. However, customer data that is compared with our own user data is deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If required by law, for example in the case of accounting, this storage period may be exceeded.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

As social media tools may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be processed on the basis of our legitimate interest if consent has been given. (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use these tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Information on specific social media platforms - if available - can be found in the following sections.

Instagram privacy policy

Instagram privacy policy summary
👥 Data subject: Visitors to the website
🤝 Purpose: Optimisation of our service performance
📓 Processed data: Data such as user behaviour data, information about your device and your IP address.
You can find more details below in the privacy policy.
📅 Storage period: until Instagram no longer needs the data for its purposes
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Instagram?

We have integrated Instagram functions on our website. Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is a Facebook product. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you visit web pages on our website that have an Instagram function integrated, data is transmitted to Instagram, stored and processed. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.

In the following, we want to give you a more detailed insight into why Instagram collects data, what data is involved and how you can largely control data processing. As Instagram belongs to Meta Platforms Inc., we obtain our information from the Instagram guidelines on the one hand, but also from the Meta privacy policy itself on the other.

Instagram is one of the most popular social media networks in the world. Instagram combines the advantages of a blog with the benefits of audiovisual platforms such as YouTube or Vimeo. You can upload photos and short videos to "Insta" (as many users casually call the platform), edit them with various filters and also share them on other social networks. And if you don't want to be active yourself, you can also just follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really gone through the roof in recent years. And of course we have also responded to this boom. We want you to feel as comfortable as possible on our website. That's why a varied presentation of our content is a matter of course for us. The embedded Instagram functions allow us to enrich our content with helpful, funny or exciting content from the Instagram world. As Instagram is a subsidiary of Facebook, the data collected can also be useful to us for personalised advertising on Facebook. This means that only people who are genuinely interested in our products or services receive our adverts.

Instagram also uses the collected data for measurement and analysis purposes. We receive summarised statistics and thus gain more insight into your wishes and interests. It is important to note that these reports do not identify you personally.

What data is stored by Instagram?

When you visit one of our pages that has Instagram functions (such as Instagram images or plug-ins), your browser automatically connects to Instagram's servers. In the process, data is sent to Instagram, stored and processed. This happens regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, adverts you see and how you use our website. The date and time of your interaction with Instagram is also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that this is exactly the case with Instagram. Customer data includes, for example, name, address, telephone number and IP address. This customer data is only transmitted to Instagram once it has been hashed. Hashing means that a data record is converted into a character string. This allows the contact data to be encrypted. The "event data" mentioned above is also transmitted. By "event data", Facebook - and consequently Instagram - means data about your user behaviour. Contact data may also be combined with event data. The contact data collected is compared with the data that Instagram already has about you.

The collected data is transmitted to Facebook via small text files (cookies), which are usually set in your browser. Depending on the Instagram functions used and whether you have an Instagram account yourself, different amounts of data are stored.

We assume that Instagram processes data in the same way as Facebook. This means that if you have an Instagram account or www.instagram.com Instagram has at least set a cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram function. This data is deleted or anonymised after 90 days at the latest (after reconciliation). Although we have intensively analysed Instagram's data processing, we cannot say exactly what data Instagram collects and stores.

Below we will show you the minimum cookies that are set in your browser when you click on an Instagram function (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies will of course be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: ""
Intended use: This cookie is most likely set for security reasons to prevent falsified requests. However, we were unable to find out more about this.
Expiry date: after one year

Name: mid
Value: ""
Intended use: Instagram sets this cookie to optimise its own services and offers within and outside Instagram. The cookie defines a unique user ID.
Expiry date: after the end of the session

Name: fbsr_111949157124024
Value: not specified
Intended use: This cookie stores the log-in request for users of the Instagram app.
Expiry date: after the end of the session

Name: rur
Value: ATN
Intended use: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date: after the end of the session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe111949157”
Intended use: This cookie is used for Instagram's marketing purposes.
Expiry date: after the end of the session

Remark: We cannot claim completeness here. Which cookies are set in individual cases depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information received between the Facebook companies with external partners and with people you connect with worldwide. Data processing is carried out in compliance with our own data policy. For security reasons, among others, your data is distributed on Facebook servers around the world. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to access, portability, rectification and erasure of your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how deleting your Instagram account works:

First open the Instagram app. On your profile page, go to the bottom and click on "Help section". You will now be taken to the company's website. On the website, click on "Manage your account" and then on "Delete your account".

If you delete your account completely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and will therefore not be deleted.

As mentioned above, Instagram stores your data primarily via cookies. You can manage, deactivate or delete these cookies in your browser. Depending on your browser, the management always works a little differently. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Instagram and Facebook also process data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Facebook uses standard contractual clauses approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. These clauses oblige Facebook to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here: https://germany.representation.ec.europa.eu/index_de.

We have tried to provide you with the most important information about data processing by Instagram. On https://help.instagram.com/519522125107875
you can take a closer look at Instagram's data policy.

Cookie Consent Management Platform Summary
👥 Affected parties: Website visitors
🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of certain tools
📓 Processed data: Data for managing the cookie settings such as IP address, time of consent, type of consent, individual consents. You can find more details on this in the respective tool used.
📅 Storage duration: Depends on the tool used, you have to be prepared for periods of several years
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

What is a Cookie Consent Management Platform?

We use Consent Management Platform (CMP) software on our website to make it easier for us and you to handle scripts and cookies correctly and securely. The software automatically creates a cookie pop-up, scans and checks all scripts and cookies, provides you with the cookie consent required under data protection law and helps us and you to keep track of all cookies. Most cookie consent management tools identify and categorise all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or disallow. The following graphic illustrates the relationship between browser, web server and CMP.

Consent Management Platform Overview

Why do we use a cookie management tool?

Our aim is to offer you the best possible transparency in the area of data protection. We are also legally obliged to do so. We want to provide you with as much information as possible about all tools and all cookies that can store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we first need to know exactly which cookies have ended up on our website in the first place. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information about them. You can then accept or reject cookies via the consent system.

What data is processed?

As part of our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to ask you every time you visit our website and we can also prove your consent if required by law. This is stored either in an opt-in cookie or on a server. The storage period of your cookie consent varies depending on the provider of the cookie management tool. In most cases, this data (e.g. pseudonymised user ID, time of consent, details of cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should be prepared for a storage period of several years. You can usually find detailed information about the duration of data processing in the respective data protection declarations of the individual providers.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

Information on special cookie management tools, if available, can be found in the following sections.

Legal basis

If you consent to cookies, your personal data will be processed and stored via these cookies. If we are informed by your Consent (Article 6(1)(a) GDPR), this consent is also the legal basis for the use of cookies and the processing of your data. Cookie consent management platform software is used to manage consent to cookies and to enable you to give your consent. The use of this software enables us to operate the website in an efficient and legally compliant manner, which is a Legitimate interest (Article 6(1)(f) GDPR).

Payment provider introduction

Payment provider privacy policy summary
👥 Data subject: Visitors to the website
🤝 Purpose: To enable and optimise the payment process on our website
📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data
You can find more details on this in the respective payment provider tool used.
📅 Storage duration: depending on the payment provider used
⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (fulfilment of a contract)

What is a payment provider?

We use online payment systems on our website that enable us and you to make secure and smooth payments. Among other things, personal data may be sent to the respective payment provider, stored and processed there. Payment providers are online payment systems that enable you to place an order via online banking. Payment processing is carried out by the payment provider you have selected. We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks that do not offer or accept such payment methods.

Why do we use payment providers on our website?

With our website and our integrated online shop, we naturally want to offer you the best possible service so that you feel comfortable on our site and take advantage of our offers. We know that your time is precious and that payment transactions in particular need to work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your favourite payment provider and pay in the usual way.

What data is processed?

Exactly which data is processed depends of course on the respective payment provider. However, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are generally stored. This is necessary data in order to be able to carry out a transaction at all. In addition, any contract data and user data, such as when you visit our website, what content you are interested in or which subpages you click on, may also be stored. Your IP address and information about the computer you are using are also stored by most payment providers.

The data is usually stored and processed on the payment provider's servers. We as the website operator do not receive this data. We are only informed whether the payment has worked or not. For identity and credit checks, payment providers may forward data to the relevant body. The business and data protection principles of the respective provider always apply to all payment transactions. Therefore, please always check the payment provider's general terms and conditions and privacy policy. You also have the right to have data deleted or corrected at any time. Please contact the respective service provider regarding your rights (right of cancellation, right to information and right to be affected).

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period may also be exceeded. For example, we store accounting documents relating to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are created.

Right of objection

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the person responsible for the payment provider used at any time. Contact details can be found either in our specific privacy policy or on the website of the relevant payment provider.

You can delete, deactivate or manage cookies that payment providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.

Legal basis

We therefore offer the following services for the handling of contractual and legal relationships (Art. 6 para. 1 lit. b GDPR) In addition to traditional banking/credit institutions, we also offer other payment service providers. In the data protection declarations of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) provides you with a detailed overview of data processing and data storage. In addition, you can always contact the persons responsible if you have any questions about data protection issues.

Information on the special payment providers - if available - can be found in the following sections.

External online platforms Introduction

External online platforms Privacy policy summary
Data subjects: Visitors to the website or visitors to the external online platforms
🤝 Purpose: Presentation and optimisation of our services, contact with visitors, interested parties
📓 Processed data: Data such as telephone numbers, email addresses, contact details, user behaviour data, information about your device and your IP address.
You can find more details on this in the respective platform used.
📅 Storage duration: depending on the platforms used
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are external online platforms?

We also use external platforms to offer our services or products outside of our website. These are usually online marketplaces such as Amazon or eBay. In addition to our responsibility for data protection, the data protection provisions of the external platforms we use also apply. This is particularly the case if our products are purchased via the platform. In other words, if there is a payment process. Furthermore, most platforms also use your data to optimise their own marketing measures. For example, the platform can use the data collected to tailor adverts precisely to the interests of customers and website visitors.

Why do we use external online platforms?

In addition to our website, we also want to offer our products on other platforms in order to bring our range closer to more customers. External online marketplaces such as Amazon, Ebay or Digistore24 offer large sales websites that offer our products to people who may not be familiar with our website. It may also be the case that built-in elements on our site direct you to an external online platform. Data that is processed and stored by the online platform used is used by the company to record the payment process on the one hand and to carry out web analyses on the other.

The aim of these analyses is to be able to develop more precise and personalised marketing and advertising strategies. Depending on your behaviour on a platform, the analysed data can be used to draw conclusions about your interests and create so-called user profiles. This also enables the platforms to present you with customised advertisements or products. Cookies are usually set in your browser for this purpose, which store data on your user behaviour.

Please note that when using the platforms or our built-in elements, your data may also be processed outside the European Union, as online platforms such as Amazon or eBay are American companies. As a result, you may not be able to claim or enforce your rights in relation to your personal data as easily.

What data is processed?

Exactly which data is stored and processed depends on the external platform in question. But it is usually data such as telephone numbers, email addresses, data that you enter in a contact form, user data such as which buttons you click, when you visited which pages, information about your device and your IP address. Very often, most of this data is stored in cookies. If you have your own profile on an external platform and are also logged in there, data can be linked to the profile. The data collected is stored on the servers of the platforms used and processed there. You can find out exactly how an external platform stores, manages and processes data in the respective privacy policy. If you have any questions about data storage and data processing or wish to assert corresponding rights, we recommend that you contact the platform directly.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. For example, Amazon stores data until it is no longer required for its own purposes. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies at any time. This works either via our cookie management tool or via opt-out functions on the respective external platform. You can also prevent the collection of data by cookies by managing, deactivating or deleting cookies in your browser.

As cookies may be used, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective external platforms.

Legal basis

If you have consented to your data being processed and stored by external platforms, this consent shall apply. Consent as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be processed on the basis of your consent if consent has been given. legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. If we have integrated elements from external platforms on our website, we will only use these if you have given your consent.

Information on special external platforms - if available - can be found in the following sections.

Audio & Video Introduction

Audio & Video Privacy Policy Summary
👥 Data subject: Visitors to the website
🤝 Purpose: Optimisation of our service performance
📓 Processed data: Data such as contact details, user behaviour data, information about your device and your IP address may be stored.
You can find more details on this below in the corresponding data protection texts.
📅 Storage period: Data is generally stored for as long as it is required for the purpose of the service
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are audio and video elements?

We have integrated audio and video elements on our website so that you can watch videos or listen to music/podcasts directly via our website. The content is provided by service providers. All content is therefore also obtained from the corresponding servers of the providers.

These are integrated functional elements from platforms such as YouTube, Vimeo or Spotify. The use of these portals is usually free of charge, but paid content can also be published. With the help of these integrated elements, you can listen to or watch the respective content via our website.

If you use audio or video elements on our website, your personal data may also be transmitted to the service providers, processed and stored.

Why do we use audio & video elements on our website?

Of course we want to provide you with the best offer on our website. And we realise that content is no longer conveyed in text and static images alone. Instead of simply giving you a link to a video, we offer you audio and video formats directly on our website that are entertaining or informative and ideally even both. This expands our service and makes it easier for you to access interesting content. We therefore offer video and/or audio content in addition to our texts and images.

What data is stored by audio & video elements?

When you access a page on our website that has an embedded video, for example, your server connects to the server of the service provider. Your data is also transferred to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system and other general information about your end device. In addition, most providers also collect information about your web activity. This includes, for example, session duration, bounce rate, which button you clicked on or which website you used to access the service. All this information is usually stored via cookies or pixel tags (also known as web beacons). Pseudonymised data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.

Duration of data processing

You can find out exactly how long the data is stored on the servers of the third-party providers either below in the data protection text of the respective tool or in the provider's privacy policy. In principle, personal data is only ever processed for as long as is absolutely necessary for the provision of our services or products. This generally also applies to third-party providers. In most cases, you can assume that certain data will be stored on the servers of third-party providers for several years. Data can be stored for different lengths of time, especially in cookies. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. This does not affect the lawfulness of processing up to the time of cancellation.

As the integrated audio and video functions on our website usually also use cookies, you should also read our general privacy policy on cookies. You can find out more about the handling and storage of your data in the privacy policies of the respective third-party providers.

Legal basis

If you have consented to your data being processed and stored by integrated audio and video elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated audio and video elements if you have given your consent.

All texts are protected by copyright.

Source: Created with the Data protection generator from AdSimple

Privacy policy - regiondo.de

Status: 01 January 2022

The following data protection provisions apply to the online offering at www.regiondo.com ("Online Offering").

1 Who are we? (person responsible)

The controller (also: "controller") is Regiondo GmbH, Mühldorfstr. 8, 81671 Munich, hereinafter referred to as "we" or "us".

Exceptions are explained in this privacy policy.

2. contact details of our data protection officer

If you have any questions about this privacy policy or generally about the processing of your data in the context of this online offer, please contact our data protection officer:

e-mail: dataprotection@regiondo.com

3. revoke cookie consent

You can revoke your consent at any time with effect for the future. You can withdraw your consent by clicking on the fingerprint symbol in the bottom left-hand corner and changing your selection.

4 What personal data of yours do we process?

General information

Personal data is any information relating to an identified or identifiable natural person (e.g. name, address, telephone number, date of birth or email address). When we process personal data, this means that we collect, store, use, transmit to others or delete it, for example. In principle, you can use our online services without providing personal data. However, the use of certain services may require the provision of personal data, e.g. registration or participation in a competition. Mandatory information is regularly marked with an *. If you do not wish to provide us with the required data, you will unfortunately not be able to use the corresponding services.

What do we use your data for and on what legal basis?

We process your personal data for the following purposes and on the basis of the aforementioned legal bases. In the event that data processing is based on a balancing of interests, we will also explain to you our legitimate interest that we are pursuing with the processing:

No. Purpose of the processing Legal basis of the processing and description of the legitimate interest, if relevant
1. Provision of this online offer and fulfilment of the contract in accordance with our User agreement / GTC Contract fulfilment
2. Personalisation of the offer. Contract fulfilment or consent
3. Analysis of the offer to determine user behaviour including market research and reach measurement. Weighing of interests; we have a legitimate interest in analysing user behaviour in our online offering in order to continuously improve it and adapt it to the interests of our users.
4. Recording and evaluation of user behaviour for interest-based advertising (also by third parties) Balancing of interests; we and other advertisers have a legitimate interest in displaying interest-based advertising and offering our users advertising that is tailored to their personal interests.
5. Self-promotion and third-party advertising to the extent permitted by law or based on consent. Consent or balancing of interests; we have a legitimate interest in direct marketing as long as this is done in accordance with data protection and competition law.
6. Sending existing customers information on your own offers without registration. Balancing of interests; we have a legitimate interest in direct marketing as long as the marketing is carried out in compliance with data protection and competition law requirements
7. Sending a newsletter by e-mail or SMS/MMS with the consent of the recipient. Contract fulfilment or consent
8. Sending an e-mail or SMS/MMS with the consent of the recipient as a reminder to complete the newsletter registration. Contract fulfilment or consent
9. Integration of social plugins and social share functions. Balancing of interests; we have a legitimate interest in sharing information with the relevant social network at the request of our users who have activated a social plugin.
10. Provision of a login via social networks (social sign-in). Contract fulfilment
11. Identification and, if necessary, blocking of users who have installed an ad blocker and are thus blocking adverts. Balancing of interests; we have a legitimate interest in only making our fully or partially ad-financed offers available to users who do not block advertising.
12. Investigating faults and ensuring system security, including detecting and tracking unauthorised access and attempted access to our web servers Fulfilment of our legal obligations in the area of data security and balancing of interests; we have a legitimate interest in eliminating faults, ensuring system security and detecting and tracking unauthorised access attempts or access.
13. Safeguarding and defending our rights Weighing of interests; we have a legitimate interest in the assertion and defence of our rights.

On request, we can provide you with information on the balancing of interests we have carried out. Simply use the information in section Contact.

Please note your right to object to the processing of data for the purpose of direct marketing or for personal reasons (see section Rights of data subjects).

You will find the data protection information for customers, suppliers and business partners in accordance with Art. 13 GDPR here.

Registration

If you wish to make use of services that require the conclusion of a contract, we will ask you to register. As part of the registration process, we collect the personal data required for the establishment and fulfilment of the contract (e.g. first name, surname, date of birth, e-mail address, details of the desired payment method or account holder, if applicable) and any other data on a voluntary basis. Mandatory information is marked with an *.

5 Who receives your personal data and why?

Disclosure of data to third parties

Your personal data will only be disclosed by us to third parties if this is necessary for the fulfilment of the contract, if we or the third party have a legitimate interest in the disclosure or if we have your consent to do so. If data is transferred to third parties, this is explained in these data protection provisions. In the case of transmission on the basis of consent, the explanation can also be provided when consent is obtained.

In addition, data may be transmitted to third parties if we are obliged to do so by law or by enforceable official or court order; in connection with legal disputes (vis-à-vis courts or our lawyers) or tax audits (vis-à-vis auditors); in connection with possible criminal offences vis-à-vis the competent investigating authorities; in the event of a sale of the business (vis-à-vis the purchaser).

In addition, we pass on personal data to providers of tools for the display of "interest-based advertising" and, in individual cases, to providers of analysis tools. You can find more information about these providers in our Consent Management Platform ("CMP"). You can access this by clicking on the fingerprint symbol in the bottom left-hand corner.

Service provider

We reserve the right to use service providers for the collection and processing of data. Service providers only receive the personal data from us that they require for their specific activity. For example, your e-mail address may be passed on to a service provider so that they can deliver a newsletter you have ordered. Service providers may also be commissioned to provide server capacity. Service providers are generally involved as so-called processors who may only process the personal data of users of this online service in accordance with our instructions. As part of order processing, the service providers we use here (such as carriers, logistics companies, banks) receive the necessary data for order and order processing.

6. when do we transfer data to countries that are not part of the European Economic Area?

We also transfer personal data to third parties or processors based in non-EEA countries. In this case, we ensure before the transfer that the recipient either has an adequate level of data protection (e.g. based on an adequacy decision of the EU Commission for the respective country in accordance with Art. 45 GDPR, through self-certification of the recipient for the EU-US Privacy Shield in conjunction with the corresponding adequacy decision of the Commission in accordance with Art. 45 GDPR or the agreement of so-called EU standard contractual clauses of the European Commission with the recipient in accordance with Art. 46 GDPR) or that our users have given their express consent.

7 How long do we store your data?

We store your data for as long as this is necessary to provide our online offering and the associated services or as long as we have a legitimate interest in further storage. In all other cases, we delete your personal data with the exception of data that we must continue to store in order to fulfil statutory (e.g. tax or commercial law) retention periods (e.g. invoices). We block data that is subject to a retention period until the period expires.

8. processing of data by credit institutions and payment service providers; receivables management

Processing of data by credit institutions and payment service providers

We use external payment service providers. Depending on which payment method you select in the ordering process, we will pass on the data collected for processing payments (e.g. bank details or credit card details) to the credit institution commissioned with the payment or to payment service providers commissioned by us. In some cases, the payment service providers also collect this data themselves under their own responsibility. In this respect, the privacy policy of the respective payment service provider applies.

Receivables management

We reserve the right to have the collection of receivables carried out by service providers who collect them as so-called processors.

We also have a legitimate interest in selling receivables to third parties and, in this context, transmitting the data required for the collection of receivables to the respective purchaser of the receivable. When collecting receivables, buyers of receivables act in their own name and process the transmitted data on their own responsibility. In this respect, the data protection provisions of the respective debt buyer apply.

Processing customer enquiries

To process customer enquiries, we use the live chat tool LiveChat, which is provided by LiveChat Inc.One International Place, Suite 1400 Boston, MA 02110-2619 USA ("LiveChat").

In order to process your enquiry, necessary data such as IP address, domain, chat content and, if applicable, contact details are collected via our website in order to be able to process your request. The information generated in this way can be transferred to a Zendesk server in the USA and stored there.

You can find more information on this in LiveChat's privacy policy: https://www.livechat.com/legal/privacy-policy/

9. log files

Every time you use the Internet, certain information is automatically transmitted by your Internet browser and stored by us in so-called log files.

The log files are stored by us for 7 to 10 days to investigate faults and for security reasons (e.g. to clarify attempted attacks) and then deleted. Log files whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified and may be passed on to investigating authorities in individual cases.

In particular, the following information is stored in the log files:

- IP address (Internet Protocol address) of the end device from which the online offer is accessed;

- Internet address of the website from which the online offer was accessed (so-called origin or referrer URL);

- Name of the service provider used to access the online offer;

- Name of the retrieved files or information;

- Date and time as well as duration of the retrieval;

- amount of data transferred;

- Operating system and information on the Internet browser used, including installed add-ons (e.g. for Flash Player);

- http status code (e.g. "request successful" or "requested file not found");

- Log files are also used for web analysis.

10. cookies

This website uses cookies and similar technologies (hereinafter collectively referred to as "cookies").

What are cookies?

Cookies are small text files that are sent when a website is visited and stored in the user's browser. If the corresponding website is called up again, the user's browser sends back the content of the cookies and thus enables the user to be recognised. Certain cookies are automatically deleted at the end of the browser session (so-called session cookies), others are stored in the user's browser for a specified period of time or permanently and then delete themselves automatically (so-called temporary or permanent cookies).

What data is stored in the cookies?

Cookies do not store any data that makes you personally identifiable (e.g. no names, email addresses or IP addresses). Instead, cookies typically contain a code (so-called identifier) as well as information on the storage period and possibly also certain technical features (e.g. security functions). However, cookies can be used to create user profiles.

How can you prevent the use of cookies or delete cookies?

With the exception of essential cookies (strictly necessary cookies), we only use cookies with your consent. You can give this consent via our Consent Management Platform ("CMP") and subsequently revoke it at any time with effect for the future by configuring your privacy settings. You can access these via the fingerprint symbol in the bottom left-hand corner.

You can also delete cookies that have already been saved in your browser at any time. Please note, however, that without cookies this online offer may not work or may only work to a limited extent

What kind of cookies do we use?

Essential cookies

These cookies and other information are absolutely necessary for the functioning of our service. They guarantee that our service works securely and in the way you want it to. Therefore, they cannot be deactivated.

Functional cookies

We want to make our service as good as possible for you. That is why we are constantly improving our services and your user experience. In order to do this, we would like to analyse the use of the service and evaluate it in statistical form.

Marketing cookies

To make our service even more personal, we use these cookies and other information to provide personalised recommendations and advertising and enable interaction with social networks.

The cookies are set by us and our advertising partners. This enables us and our partners to display personalised advertising to users of our service based on an analysis of their usage behaviour across websites and devices. The data collected with the help of cookies can be merged by us and our partners with data from other websites.

Some of our partners are based in countries outside the European Economic Area (EEA).

If you do not consent to these cookies or subsequently deactivate them, you will only be shown adverts that may be less relevant to you.

11. web analysis

We need statistical information about the use of our online services in order to make them more user-friendly, to measure their reach and to conduct market research.

We use analysis tools for this purpose. The user profiles created by the tools using functional cookies and by analysing the log files are not merged with personal data. The tools either do not use users' IP addresses at all or truncate them immediately after collection.

The providers of the tools generally only process data as processors in accordance with our instructions and not for their own purposes.

You can prevent the creation of user profiles for analysis purposes by not giving your consent to the use of functional cookies in our Consent Management Platform ("CMP") or by revoking this consent. You will also find further information on the providers of the tools used in the CMP. You can access this via the fingerprint symbol in the bottom left-hand corner.

Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Google Analytics

Google Analytics is provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google Analytics with the additional function offered by Google to anonymise IP addresses: As a rule, the IP address is already truncated by Google within the EU and only in exceptional cases in the USA and in any case only stored in truncated form.

You can object to the collection or analysis of your data by this tool by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de .

Hotjar Form Analysis & Conversion Funnels

Hotjar Heat Map & Recordings, Form Analysis & Conversion Funnels

Hotjar Heat Map & Recordings and Hotjar Form Analysis & Conversion Funnels are provided by Hotjar Ltd, Level 2, St. Julians Business Centre 3, Erlia Zammit Street, St. Julian STJ 1000, Malta.

In this way, focal points of interest can be recognised. Hotjar uses cookies to collect non-personal data. In particular, these cookies can be used to determine which areas of a page are clicked on most frequently or on which areas the cursor of a mouse moves most frequently. Visitors to the website are given a unique user identifier (UUID) so that Hotjar can track returning visitors without having to rely on personal information such as IP addresses. Visitors' IP addresses are always suppressed before they are stored using Hotjar's core feature set.

For more information about Hotjar, please refer to Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy

If you wish to deactivate data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/legal/compliance/opt-out

Hubspot

Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information is stored on the servers of our software partner HubSpot. It can be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected exclusively to optimise our marketing.

We use HubSpot for our online marketing activities. This is an integrated software solution that we use to cover various aspects of our online marketing.

These include, among others:

Email marketing (newsletters and automated mailings, e.g. to provide downloads), social media publishing & reporting, reporting (e.g. traffic sources, hits, etc.), contact management (e.g. user segmentation & CRM), landing pages and contact forms.

HubSpot is a software company from the USA with a branch in Ireland.

Contact: HubSpot, 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500

As personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.

More information about the Data protection regulations from Hubspot.

More information from Hubspot regarding the EU data protection regulations

You can find more information about the cookies used by Hubspot here here & here.

Usercentrics

We use the Usercentrics tool from Usercentrics GmbH, Rosental 4, 80331 Munich ("Usercentrics") to obtain and manage cookie consent. This tool can be used to consent to all, individual or no data processing by cookies.

As part of your website visit, your consent or revocation, your IP address, information about your browser, your end device and the time of your visit are transmitted to Usercentrics. Usercentrics also uses a necessary cookie to save your consents and revocations.

This data processing is necessary to provide you with the legally required cookie management solution and to fulfil our documentation obligations. The legal basis for the use of Usercentrics is Art. 6 para. 1 lit. f GDPR, justified by our interest in fulfilling the legal requirements for cookie consent management.

WordPress Stat

This website uses the WordPress tool Stats, an offer from Automattic Inc, 60 29th Street #343, San Francisco, CA 94110-4929, USA ("Automattic").

The information generated by the cookies about the use of this website (including your IP address) may be transferred to an Automattic server in the USA and stored there. However, we trust in the reliability and IT and data security of Automattic. Automattic is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection regulations.

You can find more information on data protection at Automattic at https://automattic.com/privacy/

You can object to the collection and use of your data for the future by clicking on this link to set an opt-out cookie in your browser: https://www.quantcast.com/opt-out/

12. recording and evaluation of user behaviour for interest-based advertising (also by third parties)

We would like to present our users with adverts or special offers tailored to their interests ("interest-based advertising") and limit the frequency with which certain adverts are displayed.

The user profiles created by the tools using marketing cookies are not merged with personal data. The tools either do not process users' IP addresses at all or shorten them immediately after collection.

The providers of the tools may also pass on information to third parties for the aforementioned purposes.

You can prevent the creation of user profiles for interest-based advertising by not giving your consent to the use of marketing cookies in our Consent Management Platform ("CMP") or by revoking this consent. Please note that this does not switch off advertising. If you do not allow marketing cookies, this will only mean that you will not be shown interest-based advertising based on your user behaviour. You will also find further information on the providers of the tools used in the CMP. You can access this via the fingerprint symbol in the bottom left-hand corner.

Further information on interest-based advertising can be found on the consumer portal http://www.meine-cookies.org available. You can also use the following link to this portal to view the activation status of tools from different providers and object to the collection or analysis of your data by these tools: http://www.meine-cookies.org/cookies_verwalten/praeferenzmanager-beta.html.

A centralised opt-out option for various tools, particularly from US providers, can also be accessed via the following link: http://optout.networkadvertising.org/#/

Amazon Simple Email Service (Amazon SES)

We use the Amazon Simple Email Service (Amazon SES) to send our newsletter. This is an offer from Amazon Web Services Inc (AWS). To send the newsletter, users' email addresses are temporarily (during dispatch) transmitted to an AWS server (within the EU). You can find more information on this at https://aws.amazon.com/de/ses/ and under https://aws.amazon.com/de/compliance/eu-data-protection/ .

DoubleClick Ad

This website uses DoubleClick Ad, a web service of Google Ireland Ltd, Google Building Gordon House, 4 Barrow St. Dublin, D04 E5W5 Ireland ("DoubleClick Ad").

This service enables us to display interest-based advertising to our users. For this purpose, DoubleClick uses cookies to place adverts that are relevant to our users, to evaluate and improve campaign performance and to prevent the same advert from being shown to a user more than once.

Further information on data protection at DoubleClick can be found at: https://policies.google.com/privacy?hl=en

You can easily object to data processing by DoubleClick Ad in our cookie consent management platform. You can access this via the fingerprint symbol in the bottom left-hand corner.

Facebook Pixel and Website Custom Audience

We would like to present our users with adverts or special offers tailored to their interests ("interest-based advertising") and limit the frequency with which certain adverts are displayed. For this purpose, we use Facebook's Website Custom Audiences tool and the Facebook pixel.
The Facebook pixel is a JavaScript code that sends the following data to Facebook Ireland Ltd, Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"):

- HTTP header information (including IP address, information on the web browser, page location, document, URL of the website and user agent of the web browser as well as the date and time of use);

- Pixel-specific data; this includes the pixel ID and Facebook cookie data, including your Facebook ID (this is used to link events to a specific Facebook advertising account and assign them to a Facebook user);

- Additional information about the visit and about standard and custom data events. We use the following custom data events:

o Searched and viewed content at product level;
o Product has been added to shopping basket;
o Initiation of a checkout in the order process; and
o Completion of the order process.

Facebook uses the hashed user-specific Facebook ID (contained in the Facebook cookie) to automatically check whether the data transmitted by the Facebook pixel can be assigned to a Facebook user. If no Facebook cookie is stored in your browser, no categorisation into one of the user groups referred to as "Custom Audience" is carried out.

If the Facebook ID contained in the Facebook cookie can be assigned to a Facebook user, Facebook assigns this user to a "Custom Audience" based on the rules we have defined, provided that the applicable criteria are met. We use the information obtained in this way to display adverts on Facebook ("Facebook Ads"). However, adverts are only displayed to a "Custom Audience" of 20 or more different users, meaning that no conclusions can be drawn about the characteristics of the individual users from the ad placement. The assignment to a "Custom Audience" takes place for a maximum of 180 days. This period begins again if you visit our website again and there is a match with the same "Custom Audience" rules.

Facebook can assign your visit to our website and your associated activities to your Facebook user account. This is not possible for us. We only receive statistical information from Facebook about the use of our website via Audience Insights.

Facebook passes your data on to Facebook Inc, Facebook 1 Hacker Way Menlo Park, CA 94025, USA and uses your data to improve the quality of its advertising by, among other things, improving the optimisation algorithm used by Facebook to display Facebook Ads and the News Feed ranking.

You can find more information on data protection on Facebook at https://www.facebook.com/privacy/explanation .

You can easily object to the collection of data by Facebook in our privacy settings. You can access these via the fingerprint symbol in the bottom left-hand corner.

Google Ads

Google Ads Conversion

We use the online advertising programme "Google Ads" and conversion tracking as part of Google Ads. Google Conversion Tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on an advert placed by Google, a cookie for conversion tracking is stored on your computer. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification.

If you visit certain web pages on our website and the cookie has not yet expired, Google and we can recognise that you have clicked on the ad and have been redirected to this page. Each Google AdWords customer receives a different cookie. It is therefore not possible for cookies to be tracked via the websites of AdWords customers.

The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. This tells customers the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to do so, you can opt out by adjusting the advertising settings on Google or by deactivating the Network Advertising Initiative.

Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy.

Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google Ads Remarketing

In addition, we use the remarketing function within the Google Ads service provided by Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). The Google Ads Remarketing function enables us to present interest-based advertising to users of our website on other websites within the Google advertising network (in Google Search or on YouTube, so-called "Google Ads" or on other websites). In order to be able to display interest-based advertising to users on other websites, the interaction of users on our website is analysed. For this purpose, Google stores so-called tracking pixels in the browsers of users who visit certain Google services or websites in the Google Display Network. This number, known as a "cookie", is used to record the visits of these users. This can be used to identify a web browser on a specific end device, but not to identify a person; personal data is not stored.
If you do not wish to do so, you can opt out via a Customisation of advertising settings on Google or Deactivation page of the Network Advertising Initiative possible.

Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy.

Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Microsoft Advertising

On our website, we use Microsoft Advertising, a technology of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft". We use this service for marketing and advertising purposes and for the purpose of measuring the success of advertising measures (conversion tracking). This technology enables us to track the total number of users who reach our website via an advert placed by Microsoft Advertising and complete a transaction. However, it is not possible to personally identify these users. Microsoft Advertising uses technologies such as cookies and tracking pixels that enable us to analyse your use of the website. When you click on an advert placed by Microsoft Advertising, a cookie for conversion tracking is stored on your computer. This cookie has a limited validity and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognise that you have clicked on the ad and have been redirected to this page. The following information may be collected: IP address, identifiers assigned by Microsoft (identifiers), information about the browser you are using and the device you are using, referrer URL (website from which you accessed our website), URL of our website. Your data may be transferred to the USA. Microsoft has certified itself in accordance with the US-EU data protection agreement "Privacy Shield" and is therefore obliged to comply with European data protection guidelines. Data processing, in particular the setting of cookies, is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can find more information on data protection and the cookies used by Microsoft Advertising athttps://privacy.microsoft.com/de-de/privacystatement).

Newsletter2Go from Sendinblue

In addition to the Amazon Simple Email Service, we also use the Newsletter2Go service to send our newsletter. This is provided by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin ("Newsletter2Go"). The use of this service not only allows us to send out our newsletter. We also use it for analysis and optimisation purposes. In addition to your e-mail address, the IP address, browser information, date and time of access may also be processed for this purpose.

You can find more information on data protection at Newsletter2Go at https://www.newsletter2go.de/datenschutz/

Twitter Ads Conversion Tracking

We use the conversion tracking of Twitter Inc, 1355 Market Street #900San Francisco, California 94103, ("Twitter") on our website.

Twitter stores a cookie on the user's computer for the purpose of analysing the online usage behaviour of our website visitors. With Twitter's conversion tracking, the actions of users can be tracked that they have carried out after viewing adverts or interacting with adverts on Twitter. Twitter's conversion tracking enables the allocation of conversions such as link clicks, retweets or "likes".

The information generated by the cookies about the use of this website (including your IP address) may be transmitted by Twitter to a Twitter server in the USA and stored there. However, we trust in the reliability and IT and data security of Twitter. Twitter is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection regulations.

You can find more information on data protection on Twitter at: https://twitter.com/de/privacy

If you wish to object to tracking, you can do so using the Digital Advertising Alliance tool at https://optout.aboutads.info/

13. adblockers and opt-out cookies

We would like to point out that the use of an adblocker can impair the functionality of opt-out cookies. In certain cases, the corresponding tools may therefore continue to collect data despite the storage of an opt-out cookie. In this case, you can restore the functionality by configuring or uninstalling the adblocker accordingly.

14. hCaptcha service Intuition Machines, Inc.

We use the anti-bot service hCaptcha (hereinafter "hCaptcha") on our website. This service is provided by Intuition Machines, Inc., a US company based in Delaware ("IMI"). hCaptcha is used to check whether the data entered on our website (e.g. on a registration page or a contact form) has been entered by a human or an automated programme. To do this, hCaptcha analyses the behaviour of the visitor to the website or mobile app based on various characteristics. This analysis begins automatically as soon as the website or mobile app visitor accesses a part of the website or app with hCaptcha activated. For the analysis, hCaptcha evaluates various information (e.g. IP address, time spent by the visitor on the website or app or mouse movements made by the user). The data collected during the analysis is forwarded to IMI. In "invisible mode", the hCaptcha analysis can take place completely in the background. Visitors to the website or app are not informed that such an analysis is taking place if no task is displayed to the user. Data processing is carried out on the basis of Art. 6 para. 1 (f) of the GDPR: The operator of the website or mobile app has a legitimate interest in protecting its website from abusive automated crawling and spam. IMI acts as a "processor" acting on behalf of its customers within the meaning of the GDPR and as a "service provider" within the meaning of the California Consumer Privacy Act (CCPA). For more information about hCaptcha and IMI's privacy policy and terms of use, please see the links below: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms.

15. social sign-in (registration via social networks)

Google OAuth

We also offer you the option of registering or logging in with us via your Google+ account. If you make use of this option, we will receive the data required for registration or login from Google (e.g. e-mail address, name).

We have no influence on the scope of the data collected by Google using Google OAuth. If you do not want Google to collect data about you in connection with your use of our online services and use it for its own purposes, you should not use this login method.

Further information on the purpose and scope of the collection and further processing and use of your data by Google, as well as your rights and settings options for protecting your data, can be found in Google's privacy policy at https://policies.google.com/privacy

16. plugins

YouTube video widget

YouTube is a video content visualisation service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube").
The integration of YouTube videos on this website takes place in the so-called "extended data protection mode", so that data collection by YouTube only takes place when the videos are played. YouTube can assign the visit to our site to your user account. We would like to point out that Regiondo has no influence on this and no knowledge of the content of the transmitted data and receives no knowledge of its use by YouTube.

You can find more detailed information on data protection at Google at https://policies.google.com/privacy?hl=de&gl=de

17. social plugins

This website uses social plugins ("plugins") from the following providers:

- Plugins of the social network Facebook; Facebook is operated under www.facebook.com by Facebook Inc., 1601 Willow Road, Manlo Park, CA 94025, USA, and under www.facebook.de by Facebook Ireland Limited, 4 Gand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). An overview of the Facebook plugins and their appearance can be found here: http://developers.facebook.com/docs/plugins; information on data protection at Facebook can be found here: http://www.facebook.com/policy.php.

- Plugins from Twitter; Twitter is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). An overview of the Twitter plugins and their appearance can be found here: https://twitter.com/about/resources/buttons; information on data protection at Twitter can be found here: https://twitter.com/privacy .

- Plugins from Pinterest; Pinterest is operated by Pinterest Inc, 808 Brennan St, San Francisco, CA 94103, USA ("Pinterest"). An overview of the Pinterest plugins and their appearance can be found here: https://developers.pinterest.com/tools/widget-builder/; Information on data protection at Pinterest can be found here: https://about.pinterest.com/de/privacy-policy

- Plugins from Instagram; Instagram is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). An overview of the Instagram plugins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges; Information on data protection at Instagram can be found here: https://help.instagram.com/155833707900388/.

- Plugins from LinkedIn; LinkedIn is operated by LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA ("LinkedIn"). An overview of the LinkedIn plugins and their appearance can be found here: https://www.linkedin.com/legal/privacy-policy?trk=d_checkpoint_lg_consumerLogin_ft_privacy_policy.

Tumblr plugin

On our website we use buttons of the Tumblr service, which is provided by Tumblr, Inc, 35 East 21st St, 10th Floor, New York, NY 10010, USA.

These buttons allow website visitors to share a post or page on Tumblr or to follow the provider on Tumblr. When you visit one of our websites with a Tumblr button, the browser establishes a direct connection to Tumblr's servers. We have no influence on the scope of the data that Tumblr collects and transmits with the help of this plugin. According to the current status, the IP address of the user and the URL of the respective website are transmitted.

Further information on this can be found in Tumblr's privacy policy at: https://www.tumblr.com/policy/de/privacy.

The various providers of plugins are summarised below under the term "plugin provider".

In order to increase the protection of your data when you visit our website, the plugins are integrated into the page using the so-called "Shariff solution". This ensures that no connection is established with the servers of the respective plug-in provider when a page of this online offering is accessed.

Only when you activate the plugins does your Internet browser establish a direct connection to the servers of the respective plugin provider. As a result, the plug-in provider receives the information that your Internet browser has accessed the corresponding page of our online offering, even if you do not have a user account with the provider or are not currently logged in. Log files (including the IP address) are transmitted directly from your Internet browser to a server of the respective plug-in provider and may be stored there. This server may be located outside the EU or the EEA (e.g. in the USA).

The plugins are independent extensions of the plugin providers. We therefore have no influence on the scope of the data collected and stored by the plugin providers via the plugins.

If you do not want the plugin providers to receive the data collected via this online service and, if necessary, to store or use it, you should not use the respective plugins.

Further information about the purpose and scope of the collection and the further processing and use of your data by plug-in providers as well as your rights and setting options for protecting your data can be found in the data protection notices of the respective providers.

16. newsletter

Newsletter with registration

We offer you the option of subscribing to a newsletter. You can revoke your consent at any time. You can find information on this in section Your right to withdraw consent.

Existing customer information without registration

If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers for similar goods or services from our portfolio by e-mail (Section 7 (3) UWG, Art. 6 (1) sentence 1 (f) GDPR). You can object to this at any time without incurring any costs; information on this can be found in section Your right to object to direct marketing.

19. your rights (rights of the data subject)

How can you assert your rights?

Please use the information in the Contact section to assert your rights. Please ensure that we are able to clearly identify you.

Alternatively, you can also use the settings options in your user account to correct the data you provided during registration or to object to advertising.

Please note that your data will initially only be blocked if the deletion conflicts with retention periods.

Your rights to information and rectification

You can request that we confirm whether we process personal data concerning you and you have a right to information with regard to your data processed by us. If your data is incorrect or incomplete, you can request that your data be corrected or completed. If we have passed on your data to third parties, we will inform them of the correction if this is required by law.

Your rights to cancellation

If the legal requirements are met, you can demand that we delete your personal data immediately. This is particularly the case if

- your personal data are no longer required for the purposes for which they were collected;

- the legal basis for the processing was exclusively your consent and you have withdrawn this consent;

- you have objected to processing for advertising purposes ("objection to advertising");

- you have objected to processing on the legal basis of balancing of interests for personal reasons and we cannot prove that there are overriding legitimate grounds for processing;

- your personal data has been processed unlawfully; or

- Your personal data must be deleted in order to comply with legal requirements.

If we have passed on your data to third parties, we will inform them of the deletion if this is required by law.

Please note that your right to erasure is subject to restrictions. For example, we are not obliged or permitted to erase any data that we are still required to retain due to statutory retention periods. Data that we require for the assertion, exercise or defence of legal claims is also excluded from your right to erasure.

Your right to restriction of processing

If the legal requirements are met, you can demand that we restrict processing. This is particularly the case if

- the accuracy of your personal data is disputed by you, and then until we have had the opportunity to verify the accuracy;

- the processing is not lawful and you request a restriction of use instead of erasure (see the previous section);

- we no longer need your data for the purposes of processing, but you need it for the assertion, exercise or defence of your legal claims;

- you have raised an objection on personal grounds, and then until it has been established whether your interests prevail.

If there is a right to restriction of processing, we will mark the data concerned to ensure that it is only processed within the narrow limits that apply to such restricted data (namely in particular for the defence of legal claims or with your consent).

Your right to data portability

You have the right to receive personal data that you have provided to us for the fulfilment of a contract or on the basis of consent in a transferable format. In this case, you can also request that we transfer this data directly to a third party, insofar as this is technically feasible.

Your right to withdraw consent

If you have given us your consent to process your data, you can revoke this at any time with effect for the future. The legality of the processing of your data up to the time of cancellation remains unaffected by this.

Your right to object to direct marketing

You can also object to the processing of your personal data for advertising purposes at any time ("advertising objection"). Please note that, for organisational reasons, there may be an overlap between your objection and the use of your data as part of an ongoing campaign.

Your right to object for personal reasons

You have the right to object to data processing by us for reasons arising from your particular situation, insofar as this is based on the legal basis of legitimate interest. We will then cease processing your data unless we can demonstrate compelling legitimate grounds for further processing that override your rights in accordance with the legal requirements.

Your right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection authority. In particular, you can contact the data protection authority that is responsible for your place of residence or your federal state or that is responsible for the place where the breach of data protection law took place. Alternatively, you can also contact the data protection authority responsible for us, which is: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 D-91522 Ansbach poststelle@lda.bayern.de

20. contact

For information and suggestions on the subject of data protection, please contact us or our data protection officer at the following e-mail address dataprotection@regiondo.com gladly at your disposal.

If you would like to contact us, you can reach us as follows:

Regiondo GmbH
Mühldorfstr. 8
81671 Munich
support@regiondo.de

21 Appendix: Technical notes

Technical instructions for deleting cookies

Internet Explorer:

- Instructions under
http://windows.microsoft.com/de-de/internet-explorer/delete-manage-cookies#ie=ie-11-win-7

Mozilla Firefox:
- Instructions under
https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Google Chrome:
- Instructions under https://support.google.com/chrome/answer/95647

Safari:
- Instructions under http://help.apple.com/safari/mac/8.0/#/sfri11471