Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and especially on our websites, in mobile applications, and within external online presences such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

Last updated: May 26, 2025

Table of Contents

• Preamble
• Controller
• Overview of Processing
• Relevant Legal Bases
• Security Measures
• International Data Transfers
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Payment Procedures
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Registration, Login, and User Account
• Community Features
• Contact and Inquiry Management
• Web Analytics, Monitoring and Optimization
• Presence in Social Networks (Social Media)
• Plugins and Embedded Functions and Content
• Definitions

Controller

Marc Seegelken
Richard-Köhn-Str. 34
25421 Pinneberg

Email address: webmaster@gta6-forum.com

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

• Inventory data.
• Payment data.
• Contact data.
• Content data.
• Contract data.
• Usage data.
• Meta, communication and procedural data.
• Event data (Facebook).
• Log data.

Categories of Data Subjects

• Service recipients and clients.
• Interested parties.
• Communication partners.
• Users.
• Business and contractual partners.

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations.
• Communication.
• Security measures.
• Reach measurement.
• Tracking.
• Building target groups.
• Organizational and administrative procedures.
• Feedback.
• Marketing.
• Profiles with user-related information.
• Provision of our online offering and user-friendliness.
• IT infrastructure.
• Public relations.
• Business processes and economic administration.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Germany: In addition to the data protection provisions of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions regarding the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases including profiling. In addition, the data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability, and separation thereof. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Additionally, we take the protection of personal data into account during the development or selection of hardware, software, and procedures, according to the principle of data protection, by design and by default.

IP address truncation: Where IP addresses are processed by us or the service providers and technologies we use, and the processing of a full IP address is not necessary, the IP address is truncated (also known as "IP masking"). In this case, the last two digits or the final part of the IP address after a dot are removed or replaced with placeholders. The purpose of IP address truncation is to prevent or significantly complicate the identification of a person based on their IP address.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect users' data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information exchanged between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator for users that their data is transmitted securely and encrypted.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or this occurs as part of the use of third-party services or the disclosure or transmission of data to other persons, bodies, or companies, this is done in compliance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission on July 10, 2023. Additionally, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and define contractual obligations to protect your data.

This dual safeguard ensures comprehensive protection of your data: the DPF serves as the primary protection level, while the standard contractual clauses provide an additional safety net. Should changes occur under the DPF, the standard contractual clauses serve as a reliable fallback option. In this way, we ensure that your data remains adequately protected even in the event of political or legal changes.

For individual service providers, we inform you whether they are certified under the DPF and whether standard contractual clauses exist. More information on the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, corresponding security measures apply, in particular standard contractual clauses, explicit consents, or legally required transmissions. Information on third-country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/…a-protection_en.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal grounds for processing exist. This applies to cases where the original purpose of processing no longer applies or the data is no longer required. Exceptions exist where legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal enforcement or the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information about the retention and deletion of data that apply specifically to certain processing operations.

If there are multiple statements regarding retention periods or deletion deadlines for data, the longest period always applies.

If a deadline does not expressly begin on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the event triggering the deadline occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the date on which the termination becomes effective or the legal relationship otherwise ends.

Data that is no longer stored for its originally intended purpose, but is retained due to legal requirements or other reasons, is processed exclusively for the reasons that justify its retention.

Further information on processing operations, procedures, and services:

• Retention and deletion of data: The following general periods apply for storage and archiving under German law:
  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the instructions and other organizational documents required to understand these documents (§ 147(1) No. 1 in conjunction with (3) AO, § 14b(1) UStG, § 257(1) No. 1 in conjunction with (4) HGB).
  • 8 years – Accounting documents such as invoices and cost receipts (§ 147(1) Nos. 4 and 4a in conjunction with (3) sentence 1 AO and § 257(1) No. 4 in conjunction with (4) HGB).
  • 6 years – Other business documents: received commercial or business letters, copies of sent commercial or business letters, and other documents relevant for taxation, such as time sheets, operating accounting sheets, calculation documents, price tags, and also payroll accounting documents if not already part of accounting records, and cash register receipts (§ 147(1) Nos. 2, 3, 5 in conjunction with (3) AO, § 257(1) Nos. 2 and 3 in conjunction with (4) HGB).
  • 3 years – Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to handle related inquiries, based on past business experience and common industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

• Right to object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
• Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain access to this data and further information, as well as a copy of the data, in accordance with legal requirements.
• Right to rectification: You have the right, in accordance with legal requirements, to request the completion or correction of data concerning you.
• Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request that data concerning you be deleted without delay, or alternatively, to request a restriction of the processing of the data in accordance with legal requirements.
• Right to data portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller, in accordance with legal requirements.
• Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

Payment Procedures

In the context of contractual and other legal relationships, due to legal obligations, or based on our legitimate interests, we offer data subjects efficient and secure payment options and use additional service providers (collectively referred to as "payment service providers") alongside banks and credit institutions.

The data processed by payment service providers includes inventory data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs, and checksums as well as contract, total, and recipient-related data. This information is necessary to carry out transactions. However, the entered data is only processed and stored by the payment service providers. That means we do not receive account or credit card-related information but only information confirming or rejecting the payment. Under certain circumstances, data may be transmitted by the payment service providers to credit agencies for identity and credit checks. Please refer to the terms and conditions and the privacy notices of the payment service providers for more information.

For payment transactions, the terms and conditions and the privacy policies of the respective payment service providers apply, which can be accessed from the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of withdrawal, access, and other data subject rights.

• Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank account details, invoices, payment history); contract data (e.g., subject of the contract, term, customer category); usage data (e.g., page views, duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data subjects: Service recipients and clients; business and contractual partners; interested parties.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; business processes and economic administration.
• Retention and deletion: Deletion according to the section "General Information on Data Storage and Deletion."
• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• PayPal: Payment services (technical integration of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://www.paypal.com/de; Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Provision of the Online Offering and Web Hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or end device.

• Types of data processed: Usage data (e.g., page views, duration of visit, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); log data (e.g., log files regarding logins or access to data or access times); content data (e.g., textual or visual messages and contributions and related information, such as authorship or creation time).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); security measures.
• Retention and deletion: Deletion according to the section "General Information on Data Storage and Deletion."
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• Provision of the online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also known as a "web host"); Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).
• Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files." Server log files may include the address and name of accessed web pages and files, date and time of access, transferred data volumes, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. Server log files may be used, on the one hand, for security purposes (e.g., to avoid server overloads, especially in the case of misuse attacks, such as DDoS attacks), and on the other hand, to ensure server utilization and stability; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose continued storage is required for evidentiary purposes is excluded from deletion until the respective incident is fully clarified.
• Email dispatch and hosting: The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the addresses of recipients and senders as well as further information regarding email transmission (e.g., the involved providers) and the contents of the respective emails are processed. The aforementioned data may also be processed for spam detection purposes. Please note that emails are generally not sent in encrypted form on the internet. As a rule, emails are encrypted during transmission, but not on the servers from which they are sent and received unless an end-to-end encryption method is used. We therefore cannot assume responsibility for the transmission path of the emails between the sender and receipt on our server; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Use of Cookies

The term "cookies" refers to technologies that store and retrieve information on users' devices. Cookies can serve various purposes, such as ensuring functionality, security, and user convenience of online offerings, as well as conducting analyses of visitor flows. We use cookies in accordance with legal regulations. Where necessary, we obtain users’ prior consent. If consent is not required, we rely on our legitimate interests. This applies when storing and accessing information is essential to provide explicitly requested content and services. This includes storing settings and ensuring functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about the scope of consent and which cookies are used.

Legal basis: Whether we process personal data using cookies depends on whether users have given consent. If consent has been given, it is the legal basis. If not, we rely on our legitimate interests as outlined in this section and in connection with the respective services and procedures.

Retention period: Cookies are categorized based on their duration as follows:

• Temporary cookies (also known as session cookies): These are deleted at the latest after a user leaves our online offering and closes their device (e.g., browser or mobile app).
• Persistent cookies: These remain stored even after the device is closed. For example, the login status can be saved or preferred content shown directly upon revisiting a site. Usage data collected via cookies may also be used for reach measurement. Unless otherwise specified, assume that cookies are persistent and may be stored for up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and object to processing in accordance with legal requirements, for example through their browser's privacy settings.

• Types of data processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data subjects: Users (e.g., website visitors, users of online services).
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).

Further information on processing operations, procedures, and services:

• Processing of cookie data based on consent: We use a consent management solution where users' consent to the use of cookies or to specific procedures and providers listed in the consent platform is obtained. This process enables the recording, management, and revocation of consent, particularly regarding the use of cookies and similar technologies. The consent records are stored to prevent repeated requests and to demonstrate compliance with legal obligations. Storage may be server-side and/or via an opt-in cookie or similar technologies to associate consent with a specific user or device. If no provider-specific information is given, assume the following general terms: Consent is stored for up to two years. A pseudonymous user identifier is created along with the time of consent, the scope of consent (e.g., cookie categories and/or providers), and information about the browser, system, and device used; Legal basis: Consent (Art. 6(1)(a) GDPR).

Registration, Login and User Account

Users can create a user account. During registration, required mandatory information is provided to the users and processed for the purpose of providing the user account based on contractual obligation. Processed data includes login information (username, password, and an email address).

When using our registration and login features and the user account itself, we store the IP address and the time of the respective user activity. The storage is based on our legitimate interests as well as those of the users to protect against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed via email about actions relevant to their user account, such as technical changes.

• Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and contributions and related information, such as authorship or creation time); usage data (e.g., page views, duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); log data (e.g., log files regarding logins or access to data or access times).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; organizational and administrative procedures; provision of our online offering and user-friendliness.
• Retention and deletion: Deletion according to the section "General Information on Data Storage and Deletion." Deletion after account termination.
• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• Registration with pseudonyms: Users may use pseudonyms instead of real names as usernames; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
• User profiles are public: User profiles are publicly visible and accessible.
• Profile visibility settings: Users can use settings to determine the extent to which their profiles are visible or accessible to the public or specific groups of people; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
• Two-factor authentication: Two-factor authentication adds an additional layer of security to your user account and ensures that only you can access your account, even if someone else knows your password. To do so, you must perform another authentication step in addition to your password (e.g., entering a code sent to a mobile device). We will inform you about the method used; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
• Deletion of data after termination: When users terminate their user account, their data in relation to the user account will be deleted, unless legally permitted or required to be retained, or based on users' consent; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Community Features

Our community features allow users to engage in conversations and interact with each other. Please note that the use of these features is only permitted in compliance with applicable law, our terms and policies, and the rights of other users and third parties.

• Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); usage data (e.g., page views, duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; provision of our online offering and user-friendliness.
• Retention and deletion: Deletion according to the section "General Information on Data Storage and Deletion."
• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• User contributions are public: Content created by users is publicly visible and accessible; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
• Data storage for security purposes: User contributions and other inputs are processed to enable community and communication features and are not disclosed to third parties unless legally required or permitted. This may be the case with unlawful content for the purpose of legal prosecution. Please note that we also store the timestamp and IP address associated with contributions in order to take appropriate measures to protect other users and the community; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
• Protecting your own data: Users decide what information they disclose within our online offering. For example, when sharing personal information or participating in discussions. We urge users to protect their data and share personal information thoughtfully and only to the extent necessary. In particular, we ask users to carefully protect access credentials and use strong passwords (i.e., long and random character combinations); Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Contact and Inquiry Management

When contacting us (e.g., via post, contact form, email, phone, or social media) and within existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested actions.

• Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and contributions and related information, such as authorship or creation time); usage data (e.g., page views, duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data subjects: Communication partners.
• Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form); provision of our online offering and user-friendliness.
• Retention and deletion: Deletion according to the section "General Information on Data Storage and Deletion."
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further information on processing operations, procedures, and services:

• Contact form: When contacting us via our contact form, email, or other communication channels, we process the personal data provided to us to respond to and handle the respective inquiry. This typically includes name, contact information, and any additional information required for appropriate handling. We use this data solely for the stated purpose of communication; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Web Analysis, Monitoring and Optimization

Web analysis (also referred to as "reach measurement") is used to evaluate visitor behavior on our online offering and may include pseudonymized data about user behavior, interests, or demographic information such as age or gender. This allows us to determine, for example, when our online offering or its features or content are used most frequently or encourage re-use. It also helps identify which areas need optimization.

In addition to web analysis, we may use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated, profiles may be created for these purposes and information may be stored and read in a browser or end device. The collected data may include visited websites and elements used there, as well as technical details such as the browser used, the computer system used, and usage times. If users have agreed to share their location data, this data may also be processed.

Additionally, users' IP addresses are stored, but we use IP masking techniques (i.e., pseudonymization by shortening the IP address) to protect user identities. As a rule, clear data such as email addresses or names are not stored in the context of web analysis, A/B testing, and optimization, but pseudonyms are used. This means that neither we nor the software providers know the actual identity of the users—only the data stored in their profiles for the respective procedures.

Legal basis: If we ask users for their consent to use third-party providers, the legal basis for processing is that consent. Otherwise, data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). Please also see the cookie information in this privacy policy.

• Types of data processed: Usage data (e.g., page views, duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, identification of returning visitors); profiles with user-related information (creating user profiles); provision of our online offering and user-friendliness.
• Retention and deletion: Deletion according to the section "General Information on Data Storage and Deletion." Cookies and similar storage technologies may remain on users’ devices for up to two years unless otherwise specified.
• Security measures: IP masking (pseudonymization of IP address).
• Legal bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Additional information about processing operations, procedures, and services:

• Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This ID does not contain any personal data such as names or email addresses. It is used to associate analytics information with a device in order to determine which content users have accessed during one or multiple usage sessions, what search terms they used, whether they returned, or how they interacted with our online offering. The time and duration of use, referral sources, and technical details of users' devices and browsers are also recorded.
  Pseudonymous user profiles may be created using information from multiple devices, potentially involving cookies. Google Analytics does not log or store individual IP addresses for users within the EU. However, it provides approximate location data derived from IP metadata, including city (and its derived latitude/longitude), continent, country, region, and subcontinent (and ID-based equivalents). For EU traffic, IP address data is only used for geolocation and is immediately deleted thereafter. It is not logged, accessible, or used for any other purpose. When Google Analytics collects measurement data, all IP lookups are done on EU-based servers before the data is forwarded for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Security measures: IP masking (pseudonymization of IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Third-country transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Ad personalization settings: https://myadcenter.google.com/personalizationoff. More info: https://business.safety.google/adsservices/ (Types of processing and data involved).
• Google Tag Manager: We use Google Tag Manager, a tool provided by Google that enables us to manage so-called website tags via a central interface. Tags are small code elements on our website used to track and analyze visitor behavior. This technology helps us improve our website and the content we offer. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analytics. Its function is limited to integrating and managing the tools and services we use. However, the user's IP address is transmitted to Google when using Google Tag Manager, which is technically necessary to implement the services we use. Cookies may also be set in the process. This data processing only occurs when services are integrated via the Tag Manager. For more information on these services and their data processing, please refer to the relevant sections of this privacy policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms; Third-country transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms).
• Microsoft Clarity: We use “Microsoft Clarity” on our website, a web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Clarity enables analysis of user behavior on our site, in particular through so-called “session replays” (recordings of mouse movements, clicks, and scrolling behavior), heatmaps, and usage statistics. The following data may be collected:
  - pages visited
  - time spent on the site
  - mouse movements and clicks
  - technical data such as IP address, device type, operating system, and browser
  This information may also be transferred to and processed in the United States. Microsoft may use this data for its own purposes. For more information, visit: https://privacy.microsoft.com/en-us/privacystatement. The use of Microsoft Clarity is based on your explicit consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TTDSG. You can grant or revoke this consent at any time via our cookie banner. You may also opt out of Clarity tracking at any time by visiting: https://optout.aboutads.info/?c=2&lang=EN.

Social Media Presences

We maintain online presences on social networks and process user data in this context to communicate with users active there or to provide information about us.

Please note that user data may be processed outside the European Union. This can pose risks for users, for example by making it more difficult to enforce data subject rights.

Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests. These profiles may, in turn, be used to display advertisements inside and outside the networks that presumably match users’ interests. Cookies are usually stored on users’ devices for this purpose, in which the usage behavior and interests of users are stored. Additionally, data can also be stored in user profiles across devices (especially if users are members of the respective platforms and logged in).

For a detailed overview of the respective processing and opt-out options, please refer to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the exercise of data subject rights, we also point out that these can most effectively be asserted with the respective providers. Only they have access to users’ data and can take appropriate measures directly. If you still need assistance, you may contact us.

• Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and posts as well as related information such as authorship or time of creation); usage data (e.g., page views and dwell time, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and features).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Communication; feedback (e.g., collecting feedback via online form); public relations.
• Storage and deletion: Deletion in accordance with the section "General Information on Data Storage and Deletion".
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing, procedures and services:

• Instagram: Social network for sharing photos and videos, commenting and liking posts, messaging, and following profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Data Privacy Framework (DPF).
• Facebook Pages: Profiles on the Facebook social network – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page ("Fanpage"). This includes information about the types of content users view or interact with, or actions they take (see "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as device information (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, known as "Page Insights", for page operators to understand how people interact with their pages and content. We have entered into a specific agreement with Facebook ("Page Insights Controller Addendum", https://www.facebook.com/legal/terms/pa…roller_addendum) which, among other things, defines the security measures Facebook must observe and where Facebook agrees to fulfill data subject rights (i.e., users can address access or deletion requests directly to Facebook). Users' rights (especially to access, deletion, objection, and complaint to the supervisory authority) are not limited by the agreement with Facebook. Further details can be found in the "Information about Page Insights Data" (https://www.facebook.com/legal/terms/in…e_insights_data). The joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of data is the sole responsibility of Meta Platforms Ireland Limited, particularly concerning data transfers to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).
• X: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://x.com; Privacy Policy: https://x.com/de/privacy.

Additional information about processing operations, procedures, and services:

• Facebook Pages: Profiles within the Facebook social network – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (known as a "Fanpage"). This data includes information about the types of content users view or interact with, or actions they take (see "Things you and others do and provide" in Facebook’s Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/).
  As explained in the section "How do we use this information?" of the Facebook Data Policy, Facebook also collects and uses information to provide analytics services, known as "Page Insights", for page operators so they can gain insights into how people interact with their pages and the content associated with them.
  We have entered into a special agreement with Facebook ("Page Insights Controller Addendum", https://www.facebook.com/legal/terms/pa…roller_addendum), which specifically outlines the security measures Facebook must implement and confirms Facebook’s responsibility for fulfilling data subject rights (e.g., users may contact Facebook directly for access or deletion requests).
  The rights of users (in particular, the rights to access, deletion, objection, and to lodge a complaint with a supervisory authority) are not limited by these agreements with Facebook. Additional information can be found in the "Information about Page Insights data" (https://www.facebook.com/legal/terms/in…e_insights_data).
  The joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of data is the sole responsibility of Meta Platforms Ireland Limited, particularly concerning any data transfers to the parent company Meta Platforms, Inc. in the USA. Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/; Third-country transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).

Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are retrieved from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or city maps (hereinafter collectively referred to as "content").

The integration always requires that the third-party providers process the users' IP address, as they could not send the content to their browser without the IP address. The IP address is therefore required to display this content or functionality. We strive to use only such content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users' device and may include technical information about the browser and operating system, referring websites, time of visit, and other details about the use of our online offering, and may also be linked with such information from other sources.

Legal Basis Notice: If we ask users for their consent to use third-party services, the legal basis for processing data is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

• Types of data processed: Usage data (e.g., page views, dwell time, click paths, usage intensity and frequency, device types and operating systems used, interaction with content and functions); meta, communication and procedural data (e.g., IP addresses, timestamps, identifiers, involved parties). Event data (Facebook) (“Event data” refers to information transmitted to Meta via pixels (via apps or other means) and relating to individuals or their actions, such as visits to websites, interactions with content and functions, app installations, and product purchases. Event data does not include content such as comments, login details, or contact information like names, email addresses, or phone numbers. Meta deletes event data within a maximum of two years, and any audiences created from it are deleted when our Meta accounts are removed.).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; reach measurement (e.g., access statistics, identification of returning visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); audience creation; marketing. Profiles with user-related information (creating user profiles).
• Storage and deletion: Deletion in accordance with the section "General Information on Data Retention and Deletion". Cookies may be stored on users' devices for up to 2 years (unless otherwise specified).
• Legal basis: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Additional information on processing operations, procedures, and services:

• Facebook plug-ins and content: Facebook social plug-ins and content – These may include content such as images, videos, texts, and buttons that allow users to share content from this online offering on Facebook. A list and appearance of Facebook social plug-ins can be found here: https://developers.facebook.com/docs/plugins/ – We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt (but not the further processing) of "event data" by Facebook via the Facebook social plug-ins and embedded content functions on our site, for the following purposes: (a) display of content and advertisements that match users’ presumed interests; (b) delivery of commercial and transactional messages (e.g., messages via Facebook Messenger); (c) improvement of ad delivery and personalization of content and functions. We have entered into a special agreement with Facebook ("Controller Addendum", https://www.facebook.com/legal/controller_addendum) that stipulates the security measures Facebook must adhere to (https://www.facebook.com/legal/terms/data_security_terms) and confirms that Facebook fulfills data subject rights (e.g., users can contact Facebook directly for access or deletion requests). Note: When Facebook provides metrics, analytics, and reports (aggregated and anonymous), this processing is not under joint responsibility, but is based on a data processing agreement ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Terms", and, for transfers to the U.S., based on Standard Contractual Clauses ("Facebook-EU Data Transfer Addendum", https://www.facebook.com/legal/EU_data_transfer_addendum). The users' rights (e.g., access, deletion, objection, complaint) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/; Third-country transfer basis: Data Privacy Framework (DPF).
• Instagram plug-ins and content: Instagram plug-ins and content – These may include content such as images, videos, texts, and buttons that allow users to share content from this online offering on Instagram. We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt (but not the further processing) of "event data" via Instagram content functions embedded on our site for the purposes described above under Facebook. We have signed a specific agreement with Facebook ("Controller Addendum", https://www.facebook.com/legal/controller_addendum) which regulates Facebook’s security obligations (https://www.facebook.com/legal/terms/data_security_terms) and confirms their responsibility for data subject rights. Note: When Facebook provides aggregated, anonymous metrics and reports, this is not covered under joint responsibility but under a data processing agreement. Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/.
• YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Third-country transfer basis: Data Privacy Framework (DPF); Opt-out options: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Ad settings: https://myadcenter.google.com/personalizationoff.

Definitions

This section provides an overview of the terms used in this privacy policy. Where terms are legally defined, their legal definitions apply. The following explanations are intended primarily to improve understanding.

• Inventory Data: Inventory data includes essential information necessary to identify and manage contractual partners, user accounts, profiles, and similar records. This may include personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Inventory data serves as the basis for any formal interaction between individuals and services, institutions, or systems by enabling clear identification and communication.
• Content Data: Content data comprises information generated in the creation, editing, and publication of content of all types. This category may include text, images, videos, audio files, and other multimedia content published across various platforms and media. Content data also includes metadata such as tags, descriptions, author information, and publication dates.
• Contact Data: Contact data includes essential information required to communicate with individuals or organizations. This includes phone numbers, postal addresses, email addresses, and communication methods such as social media handles and instant messaging identifiers.
• Meta, Communication, and Procedural Data: These categories contain information about how data is processed, transmitted, and managed. Metadata includes data that describes other data, such as file size, creation date, document authorship, and change histories. Communication data tracks exchanges between users through various channels, including email traffic, call logs, social media messages, and chat histories, along with timestamps and transmission routes. Procedural data describes processes and workflows within systems or organizations, including workflow documentation, transaction logs, and audit trails.
• Usage Data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This includes data about how applications are used, preferred features, time spent on specific pages, and navigation paths. It can also include frequency of use, activity timestamps, IP addresses, device information, and location data. Usage data is crucial for behavioral analysis, optimizing user experiences, personalizing content, and product improvement. It also plays a key role in identifying trends, preferences, and potential issues.
• Personal Data: "Personal data" refers to any information relating to an identified or identifiable natural person (the "data subject"). A person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
• Profiles with User-Related Information: The processing of "profiles with user-related information," or simply "profiles," includes any automated processing of personal data intended to analyze, evaluate, or predict aspects related to a natural person. These aspects may involve demographics, behavior, and interests (e.g., interaction with websites and content). Profiling often uses cookies and web beacons.
• Log Data: Log data refers to records of events or activities within a system or network. These logs typically include information such as timestamps, IP addresses, user actions, error messages, and other operational details. Log data is often used for troubleshooting, security monitoring, or performance reporting.
• Reach Measurement: Reach measurement (also known as web analytics) evaluates visitor flows on an online offering and may include analyzing behaviors or interests of visitors regarding specific website content. It helps operators understand when users visit their sites and what interests them, enabling better content customization. Pseudonymous cookies and web beacons are often used to identify repeat visitors and allow for more precise usage analysis.
• Tracking: "Tracking" refers to monitoring user behavior across multiple online offerings. Typically, behavior and interest information related to online usage is stored in cookies or on tracking technology providers' servers (so-called profiling). This information is then used to display advertisements presumed to match users’ interests.
• Controller: A "controller" is the natural or legal person, authority, agency, or other body that determines, alone or jointly with others, the purposes and means of processing personal data.
• Processing: "Processing" refers to any operation or set of operations performed on personal data, whether or not by automated means. This broad term includes collecting, analyzing, storing, transmitting, or deleting data.
• Contract Data: Contract data includes information related to formalizing agreements between two or more parties. It documents the conditions under which services or products are provided, exchanged, or sold. These data include details about the contracting parties, terms, start and end dates, service descriptions, pricing, payment terms, termination rights, and specific clauses. Contract data provides the legal foundation for managing relationships and resolving disputes.
• Payment Data: Payment data includes all information required for processing payment transactions between buyers and sellers. This includes credit card numbers, bank details, payment amounts, transaction data, verification codes, and billing information. It may also include payment statuses, chargebacks, authorizations, and fees.
• Audience Building: "Audience building" (also known as "custom audiences") refers to creating target groups for advertising purposes. For example, based on a user's interest in certain products or topics, they may be shown related ads. "Lookalike audiences" involve displaying content to users whose profiles or interests are similar to those of users on whom profiles were originally based. Cookies and web beacons are typically used to create such audiences.

Generated with the free Datenschutz-Generator.de by Dr. Thomas Schwenke

This privacy policy was fully translated from German into English by ChatGPT.
In case of a dispute, the German version shall prevail.