Privacy Policy

Controller

‍BRNDLB // T.O.M. GmbH
Köpenicker Str. 148
10997 Berlin
Authorized Representatives: Blundstone Osterberger
Email: info@brndlb.com
Imprint: https://brndlb.com/impressum

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of processing, as well as the categories of data subjects affected.

Types of Processed Data:

• Master data.
• Payment data.
• Location data.
• Contact data.
• Content data.
• Contract data.
• Usage data.
• Metadata, communication data, and procedural data.
• Log data.

Categories of Data Subjects:

• Recipients of services and clients.
• Prospective customers.
• Communication partners.
• Users.
• Business and contractual partners.

Processing Purposes:

• Providing contractual services and fulfilling contractual obligations.
• Communication.
• Security measures.
• Direct marketing.
• Measuring reach.
• Tracking.
• Office and organizational procedures.
• Target audience development.
• Organizational and administrative processes.
• Feedback.
• Marketing.
• User-based profiles.
• Providing our online offering and enhancing user-friendliness.
• IT infrastructure.
• Public relations.
• Sales promotion.
• Business processes and economic procedures.

Relevant Legal Basis

Legal Basis under the GDPR:

Below, you’ll find an overview of the GDPR legal bases that form the foundation for processing personal data. Please note that in addition to GDPR provisions, national data protection regulations may apply in your or our country of residence. Should other, more specific legal bases apply in individual cases, we’ll mention them in this privacy policy.

• Consent (Art. 6(1)(a) GDPR): The data subject has given their consent to the processing of personal data for one or more specific purposes.
• Performance of a Contract and Pre-Contractual Inquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party or to take steps prior to entering into a contract at the request of the data subject.
• Legal Obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate Interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Laws in Germany:

In addition to GDPR, German national regulations on data protection apply. This includes the Federal Data Protection Act (BDSG), which provides specific rules on access rights, deletion rights, objection rights, processing special categories of personal data, processing for other purposes, and automated individual decision-making including profiling. Additionally, individual federal state data protection laws may apply.

Note on Applicability of GDPR and Swiss Data Protection Act (DPA):

These privacy notices are intended to inform you both under the Swiss DPA and the GDPR. Consequently, GDPR terminology is used for greater clarity and broader applicability. For instance, rather than referring to “processing” of “personal data” under Swiss law as “handling” of “person-related data,” we use the GDPR terms. However, the legal meaning of the terms remains determined by the applicable Swiss data protection law.

Security Measures

‍In accordance with legal requirements, we implement technical and organizational measures to ensure an appropriate level of security based on the latest technology, the cost of implementation, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risk to individuals’ rights and freedoms.

These measures include securing the confidentiality, integrity, and availability of data through controlled physical and electronic access, data transmission control, input control, data separation, and other measures. We have established processes to handle data subject rights, delete data, and respond to data breaches. Furthermore, we integrate privacy protections in the design and configuration of technology, following the principles of data protection by design and by default.

Transfer of Personal Data

‍In the course of processing personal data, we may transfer it to other entities, companies, legally independent units, or individuals or disclose it to them. Recipients of such data might include service providers tasked with IT operations or providers of integrated services and content on our website. In such cases, we adhere to legal requirements and enter into appropriate agreements or contracts to protect your data.

International Data Transfers

Data Processing in Third Countries:

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing involves services from third-party providers or disclosing data to other parties, it is done only in accordance with legal requirements. Transfers occur under the following conditions:

• If the third country’s data protection standards have been recognized as adequate by an adequacy decision (Art. 45 GDPR).
• In the absence of adequacy decisions, transfers are based on other safeguards, such as standard contractual clauses (Art. 46 para. 2 lit. c GDPR), explicit consent, or legally required transfers (Art. 49 para. 1 GDPR).

We provide details of third-country transfers in the context of the services listed in this policy.
Further information on third-country transfers and adequacy decisions is available from the European Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en.
The EU also recognizes certain U.S. companies as meeting adequate data protection standards under the “Data Privacy Framework.” You can find a list of certified companies and more details at the U.S. Department of Commerce: https://www.dataprivacyframework.gov/.

General Information on Data Storage and Deletion

‍We delete personal data processed by us in compliance with legal requirements as soon as the consent is revoked or other legal bases cease to apply. This includes cases where the initial purpose for processing is no longer relevant. However, legal or statutory retention periods may require us to store certain data for longer.
For example, data may be stored to fulfill commercial or tax-related obligations or to safeguard legal claims. Data stored beyond its original purpose is processed only for the reasons justifying its retention.

Rights of Data Subjects

‍Under the GDPR, you have several rights regarding your personal data. These include:

• Right to Object: You can object at any time, for reasons related to your particular situation, to the processing of your personal data based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions. You can also object to data processing for direct marketing purposes.
• Right to Withdraw Consent: You may withdraw any consent given for data processing at any time.
• Right of Access: You can request confirmation as to whether data concerning you is being processed and receive detailed information about this data, including a copy.
• Right to Rectification: You have the right to correct inaccurate or incomplete personal data.
• Right to Erasure and Restriction: You may request the deletion of personal data or restriction of processing under certain conditions.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format or have it transferred to another controller.
• Right to Lodge a Complaint: You can lodge a complaint with a supervisory authority if you believe the processing of your personal data violates GDPR regulations.

Business Services

‍We process data from our contractual and business partners—such as clients and interested parties (collectively referred to as “contractual partners”)—in the context of contractual and similar legal relationships, as well as related measures and communication. For instance, we use these data to fulfill our contractual obligations, which may include providing agreed-upon services, updating those services, and resolving any performance issues or warranty claims. Additionally, we use these data to safeguard our rights, manage administrative tasks, and ensure efficient business operations.
We may also process these data based on our legitimate interests, including maintaining proper and economical business management and implementing security measures to protect our contractual partners and business operations against misuse, risks to their data, confidential information, and rights.
When required under applicable law, we only share these data with third parties—such as telecommunication services, shipping and transportation companies, subcontractors, financial institutions, tax and legal advisors, payment service providers, or tax authorities—if necessary for the aforementioned purposes or to meet legal obligations.
Details on which data are necessary for these purposes are provided to contractual partners at or before the time of data collection, for example, in online forms or through highlighted symbols (e.g., asterisks) or verbal communication.

‍
Retention and Deletion:

We delete data after the expiration of legal or similar obligations, generally four years unless stored in a customer account or retained for statutory archiving purposes (typically for tax reasons, ten years). Data disclosed to us by the contractual partner is deleted according to their instructions or generally upon the termination of the contract.

Types of Processed Data:

• Master data (e.g., full name, residential address, contact information, customer number).
• Payment data (e.g., bank details, invoices, payment history).
• Contact data (e.g., postal and email addresses, phone numbers).
• Contract data (e.g., contract subject, duration, customer category).
• Usage data (e.g., page views, session duration, click paths, usage frequency, device types and operating systems, interactions with content and functions).
• Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved individuals).

Data Subjects:

• Recipients of services and clients.
• Interested parties.
• Business and contractual partners.

Purposes of Processing:

• Providing contractual services and fulfilling obligations.
• Implementing security measures.
• Communication.
• Office and organizational procedures.
• Organizational and administrative procedures.
• Business processes and economic procedures.

Retention and Deletion:

Data are deleted in accordance with the information in the section “General Information on Data Storage and Deletion.”

Legal Basis:

• Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
• Legal obligation (Art. 6(1)(c) GDPR).
• Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing, Procedures, and Services:

Online shop, order forms, e-commerce, and delivery:

‍We process customer data to enable selection, purchase, or ordering of products and services, as well as payment and delivery or performance.
To complete orders, we use service providers—such as postal, logistics, and shipping companies. We also rely on banks and payment service providers for processing payments. Required information is clearly indicated during the ordering process and includes details necessary for fulfillment, invoicing, and communication with the customer.

Legal Basis:

‍Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Provision of Online Services and Web Hosting

‍We process user data to provide our online services. This includes processing the user’s IP address, which is necessary for delivering content and functionality to their browser or device.

Types of Processed Data:

• Usage data (e.g., page views, session duration, click paths, usage intensity and frequency, device types, operating systems, interactions with content and features).
• Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identifiers, involved parties).
• Log data (e.g., login attempts, data retrieval timestamps).

Data Subjects:

• Users (e.g., website visitors, users of online services).

Purposes of Processing:

• Providing our online offering and improving user-friendliness.
• IT infrastructure (operation and provision of information systems and technical devices, such as computers and servers).
• Security measures.

Retention and Deletion:

‍Data are deleted in accordance with the information in the section “General Information on Data Storage and Deletion.”

Legal Basis:

• Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing, Procedures, and Services:

Collection of Access Data and Log Files:

‍Access to our online services is logged in “server log files.” These files may include the addresses and names of accessed web pages and files, timestamps, data volumes transferred, messages confirming successful access, browser type and version, user operating system, referrer URLs (previously visited pages), IP addresses, and the requesting provider.
These server log files are used for security purposes, such as preventing server overload (especially in the event of abusive attacks like DDoS attacks), and for ensuring server performance and stability.

Legal Basis:

• Legitimate interests (Art. 6(1)(f) GDPR).

Data Deletion:

‍Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidence purposes are exempt from deletion until the respective incident is fully resolved.

Use of Cookies

‍The term “cookies” refers to functions that store information on users’ devices and retrieve it from them. Cookies can be used for a variety of purposes, including ensuring the functionality, security, and convenience of online offerings as well as analyzing visitor flows.
We use cookies in accordance with legal requirements. Where necessary, we obtain users’ consent beforehand. If consent is not required, we rely on our legitimate interests. This applies when storing and retrieving information is essential for providing explicitly requested content and features, such as storing settings and ensuring the functionality and security of our online offering.
Users can revoke their consent at any time, and we provide clear information on the scope of and the cookies we use.

Legal Basis for Data Processing Using Cookies:

‍If we process personal data via cookies, we rely on user consent where applicable. Otherwise, we rely on our legitimate interests, as described in this section and within the context of the respective services and procedures.

Storage Duration:

‍The following types of cookies are distinguished by their storage duration:

• Temporary Cookies (Session Cookies): These cookies are deleted once the user leaves the online offering and closes their device (e.g., browser or mobile app).
• Permanent Cookies: These cookies remain stored even after the device is closed. For example, they can retain login status or display preferred content upon returning to a website. Additionally, cookies may be used for audience measurement. If we do not explicitly state the type and duration of cookies during consent collection, users can assume they are permanent and may last up to two years.

General Information on Revocation and Objection (Opt-Out):

‍Users may withdraw their consent at any time or object to processing in accordance with legal requirements by using their browser’s privacy settings.

Types of Processed Data:

• Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identifiers, involved parties).

Data Subjects:

• Users (e.g., website visitors, users of online services).

Legal Basis:

• Legitimate interests (Art. 6(1)(f) GDPR).
• Consent (Art. 6(1)(a) GDPR).

Additional Information on Processing, Procedures, and Services:

‍Processing Cookie Data Based on Consent:

‍We use a consent management solution to collect, document, manage, and allow users to withdraw their consent regarding the use of cookies or other related technologies. The solution ensures that users can manage and withdraw their consent at any time. Consent declarations are stored to prevent repeated requests and to demonstrate compliance with legal requirements. Storage may occur server-side and/or in a cookie (known as an opt-in cookie) or similar technology to associate the consent with a specific user or device. If specific details about the consent management service providers are not listed, the following general notes apply:

• Consent is stored for up to two years.
• A pseudonymous user identifier is created and stored alongside the time of consent, the scope of consent (e.g., applicable categories of cookies and/or service providers), and information about the browser, system, and device used.
• Legal Basis: Consent (Art. 6(1)(a) GDPR).

Blogs and Publication Media

‍We use blogs or similar means of online communication and publication (hereinafter referred to as “publication media”). The data of readers are processed only to the extent necessary for displaying the publication and enabling communication between authors and readers, or for security reasons.
Further details about the processing of visitors’ data within our publication media are provided in this privacy notice.

Types of Processed Data:

• Master data (e.g., full name, residential address, contact information, customer number).
• Contact data (e.g., postal and email addresses, phone numbers).
• Content data (e.g., textual or visual messages and contributions, as well as information such as authorship details or creation timestamps).
• Usage data (e.g., page views, time spent on pages, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features).
• Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identifiers, involved parties).

Data Subjects:

• Users (e.g., website visitors, users of online services).

Purposes of Processing:

• Feedback (e.g., collecting feedback via online forms).
• Providing our online offering and improving user-friendliness.
• Security measures.
• Organizational and administrative procedures.

Retention and Deletion:

‍Data are deleted in accordance with the information in the section “General Information on Data Storage and Deletion.”

Legal Basis:

• Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing, Procedures, and Services:

‍Comments and Contributions:

‍If users leave comments or other contributions, their IP addresses may be stored on the basis of our legitimate interests. This is done for our security in case of unlawful content in comments and contributions (e.g., insults, prohibited political propaganda). In such cases, we may be held liable for the comment or contribution, and we therefore have an interest in the identity of the author.
Additionally, we may process user data to detect spam.
We also reserve the right, based on our legitimate interests, to store user IP addresses for the duration of surveys to prevent multiple votes and to use cookies.
The personal information provided in comments and contributions (e.g., contact information, website details, and the content itself) is stored permanently unless users object to this storage.

Legal Basis:

• Legitimate interests (Art. 6(1)(f) GDPR).

Contact and Inquiry Management

‍When contacting us (e.g., by mail, contact form, email, telephone, or via social media) or as part of existing user and business relationships, we process the data provided by the requesting individuals to the extent necessary to respond to the contact inquiries and any requested measures.

Types of Processed Data:

• Master data (e.g., full name, residential address, contact information, customer number).
• Contact data (e.g., postal and email addresses, phone numbers).
• Content data (e.g., textual or visual messages and contributions, as well as information such as authorship details or creation timestamps).
• Usage data (e.g., page views, time spent on pages, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features).
• Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identifiers, involved parties).

Data Subjects:

• Communication partners.

Purposes of Processing:

• Communication.
• Organizational and administrative procedures.
• Feedback (e.g., collecting feedback via online forms).
• Providing our online offering and improving user-friendliness.

Retention and Deletion:

‍Data are deleted in accordance with the information in the section “General Information on Data Storage and Deletion.”

Legal Basis:

• Legitimate interests (Art. 6(1)(f) GDPR).
• Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Additional Information on Processing, Procedures, and Services:

‍Contact Form:

‍When you contact us via our contact form, email, or other communication methods, we process the personal data provided to respond to your inquiry. Typically, this includes details like your name, contact information, and any other information you share that’s necessary to address your request. We use these data exclusively for the purpose of communication and responding to your inquiry.

Legal Basis:

• Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
• Legitimate interests (Art. 6(1)(f) GDPR).

Newsletters and Electronic Notifications

‍We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipients or where legally permitted. If newsletter contents are specifically described during subscription, they are determinative of the recipient’s consent. Typically, subscribing to our newsletter requires providing your email address. However, to offer a personalized service, we may also request your name for personalized addressing in the newsletter or additional information if necessary for its purpose.

Retention and Processing Limitation:

‍We may retain the email addresses of unsubscribed recipients for up to three years based on our legitimate interests before deleting them. This allows us to demonstrate that consent was previously granted. Data processing during this period is limited to defense against possible claims. An individual deletion request is possible at any time, provided that the existence of prior consent is confirmed. In cases where we must permanently honor objections, we may store the email address solely for this purpose in a “blocklist.”
The documentation of the subscription process is conducted based on our legitimate interests, to verify that the process was lawful. If we engage a service provider to send emails, this is done in our legitimate interest in ensuring an efficient and secure delivery system.

Contents:

• Information about us, our services, promotions, and offers.

Types of Processed Data:

• Master data (e.g., full name, residential address, contact information, customer number).
• Contact data (e.g., postal and email addresses, phone numbers).
• Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identifiers, involved parties).
• Usage data (e.g., page views, time spent on pages, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features).

Data Subjects:

• Communication partners.

Purposes of Processing:

• Direct marketing (e.g., via email or mail).

Legal Basis:

• Consent (Art. 6(1)(a) GDPR).

Opt-Out Option:

‍You can unsubscribe from our newsletter at any time and withdraw your consent or object to further receipt. A link to unsubscribe is included at the bottom of each newsletter. Alternatively, you can contact us using one of the methods listed above, preferably via email.

Additional Information on Processing, Procedures, and Services:

‍Measurement of Opening and Click Rates:

‍Newsletters may include a so-called “web beacon,” a pixel-sized file that is retrieved from our server or the server of our service provider when the newsletter is opened. This retrieval logs certain technical information, such as the browser and system details, your IP address, and the time of retrieval. These data are used to improve the technical performance of our newsletters and adapt content to the reading habits of recipients. Opening and click rates are measured to understand user engagement and improve future content offerings.

Legal Basis:

• Consent (Art. 6(1)(a) GDPR).

Promotional Communication via Email, Post, Fax, or Telephone

‍We process personal data for the purpose of promotional communication through various channels—such as email, telephone, postal mail, or fax—compliant with legal requirements.
Recipients of such communication have the right to withdraw consent at any time or to object to receiving further promotional messages.
After a withdrawal or objection, we retain the data necessary to demonstrate prior authorization for up to three years. This processing is limited to the purpose of defending against potential claims.
In addition, we store the data required to avoid further contact based on our legitimate interest in permanently respecting users’ objections. This may include storing contact details—such as email addresses, phone numbers, or names—on a suppression list.

Types of Processed Data:

• Master data (e.g., full name, residential address, contact information, customer number).
• Contact data (e.g., postal and email addresses, phone numbers).
• Content data (e.g., textual or visual messages and related information, such as authorship details or timestamps).

Data Subjects:

• Communication partners.

Purposes of Processing:

• Direct marketing (e.g., by email or postal mail).
• Marketing and sales promotion.

Retention and Deletion:

‍Data are deleted in accordance with the information in the section “General Information on Data Storage and Deletion.”

Legal Basis:

• Consent (Art. 6(1)(a) GDPR).
• Legitimate interests (Art. 6(1)(f) GDPR).

Web Analysis, Monitoring, and Optimization

‍Web analysis, also known as “audience measurement,” evaluates visitor flows on our online offering. This may include tracking user behavior, interests, or demographic data (such as age or gender) in pseudonymized form. Web analysis helps us understand which parts of our online offering are most frequently accessed or need improvement.
In addition to web analysis, we may use testing methods to evaluate different versions of our online offering or its components to optimize performance.

Types of Processed Data:

• Usage data (e.g., page views, time spent on pages, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features).
• Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identifiers, involved parties).

Data Subjects:

• Users (e.g., website visitors, users of online services).

Purposes of Processing:

• Audience measurement (e.g., access statistics, recognizing returning visitors).
• User profile development.
• Providing our online offering and improving user-friendliness.

Retention and Deletion:

‍Data are deleted in accordance with the information in the section “General Information on Data Storage and Deletion.”
Cookies and similar storage methods may be stored on user devices for up to two years, unless otherwise specified.

Security Measures:

• IP masking (pseudonymizing IP addresses).

Legal Basis:

• Consent (Art. 6(1)(a) GDPR).
• Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing, Procedures, and Services:

Google Analytics:

‍We use Google Analytics to measure and analyze the use of our online offering, assigning pseudonymous user identifiers rather than personal data. These identifiers help us understand which content users engage with, the search terms they used, and how often they return.
Pseudonymous profiles are created using cookies, but no individual IP addresses are stored for users in the EU. Analytics only provides broad geographic information by deriving city-level data from IP addresses before deleting them.
Google Analytics performs all IP-related queries on EU-based servers before forwarding traffic for processing.
Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Legal Basis: Consent (Art. 6(1)(a) GDPR).
Security Measures: IP masking (pseudonymizing IP addresses).
Privacy Policy: https://policies.google.com/privacy.
Data Processing Agreement: https://business.safety.google/adsprocessorterms/.
Third-Country Transfers: Data Privacy Framework (DPF).
Opt-Out Option: Google Opt-Out Plugin.
Additional Information: Google Analytics Data Usage.

Continuing the translation:

Customer Reviews and Rating Procedures

‍We participate in review and rating procedures to evaluate, optimize, and promote our services. If users leave reviews via participating platforms or methods, the terms of service and privacy policies of these providers also apply. Reviewing often requires registering with the respective platforms.
To confirm that the reviewers have indeed used our services, we may share certain data—such as name, email address, and order number—with the review platform, provided that the user has given their consent. These data are solely used to verify the authenticity of the reviewer.

Types of Processed Data:

• Contract data (e.g., contract subject, duration, customer category).
• Usage data (e.g., page views, time spent on pages, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features).
• Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identifiers, involved parties).

Data Subjects:

• Recipients of services and clients.
• Users (e.g., website visitors, users of online services).

Purposes of Processing:

• Feedback (e.g., gathering feedback through online forms).
• Marketing.

Legal Basis:

• Legitimate interests (Art. 6(1)(f) GDPR).

Social Media Presences

‍We maintain online presences within social networks and process user data as part of this presence to communicate with active users or provide information about our company.
Please note that user data may be processed outside the European Union. This can result in risks, such as making it more difficult for users to enforce their rights.
Additionally, user data on social networks are often processed for market research and advertising purposes. User profiles may be created based on their behavior and interests, which can be used to display ads both within and outside the networks. These profiles are typically generated using cookies that track user behavior. The profiles may also contain data collected across devices, especially if users are logged into the platforms.
For details on processing methods and opt-out options, please refer to the privacy policies of the respective network providers.
For inquiries about data subject rights, we recommend contacting the providers directly, as they have direct access to user data and can take appropriate actions.

Types of Processed Data:

• Contact data (e.g., postal and email addresses, phone numbers).
• Content data (e.g., textual or visual messages and contributions, as well as information such as authorship details or creation timestamps).
• Usage data (e.g., page views, time spent on pages, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features).

Data Subjects:

• Users (e.g., website visitors, users of online services).

Purposes of Processing:

• Communication.
• Feedback (e.g., gathering feedback via online forms).
• Public relations.

Retention and Deletion:

‍Data are deleted in accordance with the information in the section “General Information on Data Storage and Deletion.”

Legal Basis:

• Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing, Procedures, and Services:

Instagram:

‍A social network for sharing photos and videos, commenting, favoriting posts, sending messages, and subscribing to profiles and pages.
Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
Privacy Policy: https://privacycenter.instagram.com/policy/.
Third-Country Transfers: Data Privacy Framework (DPF).

Facebook Pages:

‍Our Facebook page allows us to communicate with users and display our content. We share responsibility for data collection (not further processing) with Meta Platforms Ireland Limited.
Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
Privacy Policy: https://www.facebook.com/privacy/policy/.
Third-Country Transfers: Data Privacy Framework (DPF).

LinkedIn:

‍A professional social network where we use “Page Insights” to understand how users interact with our LinkedIn profile.
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
Privacy Policy: https://www.linkedin.com/legal/privacy-policy.
Third-Country Transfers: Data Privacy Framework (DPF).
Opt-Out Option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Plugins and Embedded Features, as well as Content

‍We integrate functional and content elements into our online offering, which are retrieved from their respective providers’ servers (referred to as “third-party providers” below). These may include graphics, videos, or city maps (referred to collectively as “content” below).
To display the content and provide the associated features, third-party providers must process the user’s IP address because they cannot send the content to the browser without it. We aim to use only content from providers who process the IP address solely for delivering the content.
Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze visitor traffic on the website. Pseudonymous information may also be stored in cookies on the user’s device. These cookies may contain technical details about the browser and operating system, referring websites, visit times, and other usage details. They may also be linked to information from other sources.

Legal Basis for Data Processing:

‍If we obtain user consent, the legal basis for processing data by third-party providers is consent. If consent is not obtained, data is processed on the basis of our legitimate interests in efficient, economical, and user-friendly services. For further details, please refer to the information about cookies in this privacy policy.

Types of Processed Data:

• Usage data (e.g., page views, time spent on pages, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features).
• Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identifiers, involved parties).
• Location data (e.g., geographic location of a device or person).

Data Subjects:

• Users (e.g., website visitors, users of online services).

Purposes of Processing:

• Providing our online offering and improving user-friendliness.
• Audience measurement (e.g., traffic statistics, recognizing returning visitors).
• Tracking (e.g., interest/behavior-based profiling, use of cookies).
• Target group formation.
• Marketing.

Retention and Deletion:

‍Data are deleted in accordance with the information in the section “General Information on Data Storage and Deletion.”
Cookies and similar storage methods may remain on user devices for up to two years, unless otherwise stated.

Legal Basis:

• Consent (Art. 6(1)(a) GDPR).
• Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing, Procedures, and Services:

‍Google Fonts (retrieved from Google servers):

‍We retrieve fonts and symbols for a technically secure, maintenance-free, and efficient use of typography and symbols in terms of currentness and loading times, their consistent display, and compliance with possible licensing restrictions. The provider of the fonts receives the user’s IP address so that the fonts can be displayed in the user’s browser. Additionally, technical data (e.g., language settings, screen resolution, operating system, hardware used) may be transmitted to facilitate the delivery of the fonts based on the devices and technical environment.

• Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
• Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
• Privacy Policy: https://policies.google.com/privacy.
• Third-Country Transfers: Data Privacy Framework (DPF).

Google Maps:

‍We integrate maps from the “Google Maps” service provided by Google. Processed data may include IP addresses and location data of users.

• Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland.
• Legal Basis: Consent (Art. 6(1)(a) GDPR).
• Privacy Policy: https://policies.google.com/privacy.
• Third-Country Transfers: Data Privacy Framework (DPF).

YouTube Videos:

‍We embed videos from the YouTube platform.

• Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
• Legal Basis: Consent (Art. 6(1)(a) GDPR).
• Privacy Policy: https://policies.google.com/privacy.
• Third-Country Transfers: Data Privacy Framework (DPF).