Privacy Policy

1. Introduction

In the following, we provide information about the processing of personal data when using ● our website https://www.internetwarriors.de ● our profiles on social media. Personal data includes all data that can be related to a specific natural person, such as their name or IP address.

1.1. Contact Information

The responsible party in accordance with Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is internetwarriors GmbH, Bülowstraße 66, 10783 Berlin, Germany, Email: info@internetwarriors.de. We are legally represented by Gert Axel Zawierucha. Our Data Protection Officer can be contacted through heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, Email: datenschutz@heydata.eu.

1.2. Scope of Data Processing, Processing Purposes and Legal Basis

We detail the scope of data processing, processing purposes, and legal basis further below. The following generally apply as the legal basis for data processing: ● Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent. ● Art. 6 para. 1 sentence 1 lit. b GDPR is the legal basis if the processing of personal data is necessary for the performance of a contract, for example, if a site visitor purchases a product from us or we provide a service for them. This legal basis also applies to processing operations required for pre-contractual measures, such as inquiries about our products or services. ● Art. 6 para. 1 sentence 1 lit. c GDPR applies when we process personal data to fulfill a legal obligation, such as under tax law. ● Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis when we rely on legitimate interests for processing personal data, e.g., for cookies necessary for the technical operation of our website.

1.3. Data Processing Outside the EEA

If we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission pursuant to Art. 45 para. 3 GDPR ensure the security of the data during transfer, provided they are available, such as for the UK, Canada, and Israel. For data transfer to service providers in the USA, an adequacy decision by the EU Commission serves as the legal basis for data transfer, provided the service provider is additionally certified under the EU-US Data Privacy Framework. In other cases (e.g., if no adequacy decision exists), the legal basis for data transfer is generally Standard Contractual Clauses, unless we provide a divergent notice. These are an EU Commission-issued regulation and part of the contract with the respective third party. According to Art. 46 para. 2 lit. b GDPR, they ensure the security of the data transfer. Many providers offer contractual guarantees beyond Standard Contractual Clauses that protect data beyond these, such as guarantees regarding the encryption of data or the third party's obligation to inform data subjects if law enforcement seeks access to the data.

1.4. Data Retention Period

Unless explicitly specified in this privacy policy, stored data will be deleted as soon as it is no longer needed for its intended purpose and no statutory retention obligations hinder deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted, i.e., the data will be locked and not processed for other purposes. This applies, for example, to data we must retain for commercial or tax law reasons.

1.5. Rights of Data Subjects

Data subjects have the following rights regarding their personal data: ● Right to information, ● Right to rectification or deletion, ● Right to restrict processing, ● Right to object to processing,● Right to data portability, ● Right to revoke consent at any time.Data subjects also have the right to lodge a complaint with a data protection supervisory authority about the processing of their personal data. Contact details for the data protection supervisory authorities are available at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

1.6. Obligation to Provide Data

Customers, prospects, or third parties must provide us with only those personal data required for the establishment, execution, and termination of the business relationship or other relationship, or which we are legally required to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service, or else we may be unable to fulfill any existing contract or relationship. Mandatory details are indicated as such.

1.7. No Automated Decision-Making in Individual Cases

We generally do not use fully automated decision-making processes in accordance with Article 22 GDPR for establishing and conducting a business relationship or other relationship. Should we use these processes in individual cases, we will inform you separately if this is required by law.

1.8. Contact

If you contact us, e.g., via email or telephone, the data provided by you (e.g., name and email addresses) will be stored by us to answer the questions. The legal basis for processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in responding to inquiries addressed to us. We delete the data collected in this context after storage is no longer required or restrict processing if there are statutory retention obligations.

1.9. Sweepstakes

Occasionally, we offer sweepstakes on our website or otherwise. The data requested in this context is processed to determine and notify winners. Subsequently, we delete the data. Sometimes, we may offer sweepstakes only for existing customers. We then only process the name to identify winners and contact information to notify them. Offering sweepstakes serves our legitimate interest in gaining new customers or interacting with existing customers. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

1.10. Customer Surveys

We conduct customer surveys from time to time to better understand our customers and their needs. We collect the data requested in these surveys. Our legitimate interest lies in gaining a better understanding of our customers and their needs, making the legal basis of the accompanying data processing Art. 6 para. 1 sentence 1 lit. f GDPR. We delete the data once the survey results have been evaluated.

2. Newsletter

We reserve the right to inform customers who have already used our services or purchased goods from us from time to time via email or other means about our offers, provided they have not objected. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in direct advertising (Recital 47 GDPR). Customers can object to the use of their email address for advertising at any time without additional costs, for example, via the link at the end of each email or via email to the address mentioned above. Interested parties can subscribe to a free newsletter. We process the data provided during registration solely for sending the newsletter. Registration is done by selecting the corresponding field on our website, by checking the relevant box in a paper document, or through another clear action, where interested parties give their consent to the processing of their data, so that the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Consent can be revoked at any time, for example, by clicking the corresponding link in the newsletter or notifying us at the email address mentioned above. Data processed until the revocation remains lawful even in case of revocation. Based on the recipients' consent (Art. 6 para. 1 sentence 1 lit. a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients. We send newsletters using the MAILINGWORK tool from Mailingwork GmbH, Schönherrstraße 8, 09113 Chemnitz, Germany (Privacy Policy: https://mailingwork.de/datenschutzerklaerung). The provider processes content, usage, meta-/communication data, and contact data within the EU.

3. Data Processing on Our Website

3.1. Note for Website Visitors from Germany

Our website stores information in the terminal device of website visitors (e.g., cookies) or accesses information already stored in the terminal device (e.g., IP addresses). Details of the information are available in the following sections. This storage and access occur based on the following regulations: ● If this storage or access is strictly necessary for us to provide the expressly requested service of our website to website visitors (e.g., to operate a chatbot used by the website visitor or to ensure the IT security of our website), it takes place based on § 25 para. 2 no. 2 TTDSG. ● In all other respects, this storage or access takes place based on the consent of website visitors (§ 25 para. 1 TTDSG). Subsequent data processing follows the provisions of the GDPR as set out in the following sections.

3.2. Informational Use of the Website

When the website is used informationally, i.e., when site visitors do not transmit information separately, we collect the personal data the browser transmits to our server to ensure the stability and security of our website. This constitutes our legitimate interest, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. This data includes: ● IP address ● Date and time of request ● Time zone difference to Greenwich Mean Time (GMT) ● Content of the request (specific page) ● Access status/HTTP status code ● Amount of data transferred ● Website from which the request originates ● Browser ● Operating system and its interface ● Language and version of the browser software. This data is also stored in log files. They are deleted when storage is no longer necessary, at the latest after 14 days.

3.3. Web Hosting and Website Provision

We host our website with Mittwald. The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp. The provider processes personal data transmitted through the website, e.g., content, usage, meta-/communication data, or contact data, within the EU. Further information is available in the provider's privacy policy at https://www.mittwald.de/datenschutz. It is our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

3.4. Contact Form

When contacting us through the contact form on our website, we store the data requested there and the content of the message. The legal basis for processing is our legitimate interest in responding to inquiries directed at us. Therefore, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We delete the related data after storage is no longer necessary or restrict processing if statutory retention obligations exist.

3.5. Job Advertisements

We post vacancies in our company on our website, on pages linked to the website, or third-party websites. Processing the data provided in the job application is carried out for conducting the application procedure. To the extent necessary for our decision to establish an employment relationship, the legal basis is Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG. We have marked or indicate the data necessary for the application process. If applicants do not provide this data, we cannot process the application. Additional data is voluntary and not needed for the application. If applicants provide additional information, it is based on their consent (Art. 6 para. 1 sentence 1 lit. a GDPR). We ask applicants to omit political opinions, religious views, and similarly sensitive data from resumes and cover letters. They are not necessary for an application. If applicants still provide such information, we cannot prevent its processing as part of processing the resume or cover letter. In this case, processing is also based on the applicant's consent (Art. 9 para. 2 lit. a GDPR). Lastly, we process applicant data for further application procedures if they have consented to it. In this case, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We forward the applicant data to the responsible HR department employees, our recruitment processors, and the other employees involved in the application procedure. If we enter into an employment relationship following the application procedure, we delete the data only after ending the employment relationship. Otherwise, we delete the data at the latest six months after rejecting an applicant. If applicants have consented to their data's use for further application procedures, we delete their data one year after receiving the application.

3.6. Booking Appointments

Website visitors can book appointments with us on our website. For this, besides the data entered, we also process meta or communication data. We have a legitimate interest in offering interested parties a user-friendly way of booking appointments. Therefore, the legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. To the extent we use a third-party tool for appointment booking, information can be found under 'Third Parties.'

3.7. Third Parties

3.7.1. LinkedIn Ads

We use LinkedIn Ads for advertising. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta-/communication data (e.g., device information, IP addresses) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy, for example. Revocation does not affect the lawfulness of processing before revocation. We delete the data when its purpose ceases to exist. Further information is available in the provider's privacy policy at https://www.linkedin.com/legal/privacy-policy?

3.7.2. Leadinfo

We use Leadinfo for identifying business opportunities. The provider is Leadinfo B.V., Rivium Quadrant 141, 2909 LC Capelle aan den IJssel, Netherlands. The provider processes meta-/communication data (e.g., device information, IP addresses) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy, for example. Revocation does not affect the lawfulness of processing before revocation. We delete the data when its purpose ceases to exist. Further information is available in the provider's privacy policy at https://www.leadinfo.com/de/datenschutz/.

3.7.3. Contact Form 7

We use Contact Form 7 for creating websites. The provider is Rock Lobster, LLC, 777 W. ROOSEVELT ST. UNIT 5, PHOENIX, 85007, Maricopa, AZ, USA. The provider processes usage data (e.g., visited websites, interest in content, access times), contact data (e.g., email addresses, phone numbers), and meta-/communication data (e.g., device information, IP addresses) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in setting up and maintaining a website and thus presenting ourselves externally. The data will be deleted when their collection purpose ceases, and no retention obligations conflict. Further information is available in the provider's privacy policy at https://contactform7.com/privacy-policy/.

3.7.4. Google Webfonts

We use Google Webfonts for fonts on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Processing occurs only on our servers. The provider processes meta-/communication data (e.g., device information, IP addresses) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in using an easy to implement and cost-effective font on our website. Further information is in the provider's privacy policy at https://policies.google.com/privacy?hl=de.

3.7.5. Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store the site visitors' cookie consent. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The borlabs-cookie stores the site visitors' consents given upon entering the website. If site visitors wish to revoke these consents, simply delete the cookie in your browser. When the website is reloaded, you will be asked for your cookie consent again. The data will be deleted when their collection purpose ceases, and no retention obligations conflict.

3.7.6. WP Rocket

We use WP Rocket for website performance. The provider is SAS WP MEDIA, 4 rue de la République, 69001 LYON, France. The provider processes meta-/communication data (e.g., device information, IP addresses) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in reducing loading time on our website. The data will be deleted when their collection purpose ceases, and no retention obligations conflict. Further information is available in the provider's privacy policy at https://wp-rocket.me/de/impressum/.

3.7.7. UpdraftPlus

We use UpdraftPlus as a backup. The provider is Updraft WP Software Ltd., 11 Barringer Way, Saint Neots PE19 1LW, United Kingdom. The provider processes content data (e.g., inputs in online forms) and meta-/communication data (e.g., device information, IP addresses) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in ensuring data availability through backups. The data will be deleted when their collection purpose ceases, and no retention obligations conflict. Further information is available in the provider's privacy policy at https://updraftplus.com/data-protection-and-privacy-centre/.

3.7.8. Calendly

We use Calendly for scheduling appointments. The provider is Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA. The provider processes usage data (e.g., visited websites, interest in content, access times), contact data (e.g., email addresses, phone numbers), and master data (e.g., names, addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for data transfer outside the EEA is Standard Contractual Clauses. The security of data transferred to a third country (i.e., a country outside the EEA) is ensured by EU Commission-adopted standard data protection clauses (Art. 46 para. 2 lit. c GDPR) we agreed with the provider. We delete the data when its purpose ceases to exist. Further information is available in the provider's privacy policy at https://calendly.com/pages/privacy.

3.7.9. Google Ads

We use Google Ads for advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta-/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for transfer outside the EEA is adequacy decision. The security of data transferred to a third country (i.e., a country outside the EEA) is ensured because the EU Commission decided within an adequacy decision according to Art. 45 para. 3 GDPR that the third country offers an adequate level of protection. We delete the data when its purpose ceases to exist. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de.

3.7.10. Google Conversion Tag

We use Google Conversion Tag for conversion tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for data transfer outside the EEA is Standard Contractual Clauses. Security of the data transferred to a third country (i.e., a country outside the EEA) is assured by standard data protection clauses issued according to the examination procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR) that we agreed with the provider. The data will be deleted when their collection purpose ceases, and no retention obligations conflict. More information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de https://support.google.com/tagmanager/answer/9323295?hl=de&ref_topic=3441532.

3.7.11. Meta Pixel

We use Meta Pixel for analysis. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for data transfer outside the EEA is Standard Contractual Clauses. The security of data transferred to a third country (i.e., a country outside the EEA) is ensured by standard data protection clauses issued according to the examination procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR) that we agreed with the provider. The data will be deleted when their collection purpose ceases, and no retention obligations conflict. More information is available in the provider's privacy policy at https://www.facebook.com/policy.php.

3.7.12. Facebook Like Button

We use Facebook Like Button for sharing interests on social media. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta-/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for data transfer outside the EEA is consent. The data will be deleted when their collection purpose ceases, and no retention obligations conflict. More information is available in the provider's privacy policy at https://www.facebook.com/policy.php.

3.7.13. Google Analytics

We use Google Analytics for analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta-/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for transfer outside the EEA is adequacy decision. The security of data transferred to a third country (i.e., a country outside the EEA) is ensured because the EU Commission decided within an adequacy decision according to Art. 45 para. 3 GDPR that the third country offers an adequate level of protection. The data will be deleted when their collection purpose ceases, and no retention obligations conflict. More information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de.

3.7.14. Google Maps

We use Google Maps for maps on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times), location data, and meta-/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for transfer outside the EEA is consent. We delete the data when its purpose ceases to exist. More information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de.

3.7.15. Facebook Conversion API

We use Facebook Conversion API for analysis. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta-/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for transfer outside the EEA is adequacy decision. The security of data transferred to a third country (i.e., a country outside the EEA) is ensured because the EU Commission decided within an adequacy decision according to Art. 45 para. 3 GDPR that the third country offers an adequate level of protection. The data will be deleted when their collection purpose ceases, and no retention obligations conflict. More information is available in the provider's privacy policy at https://www.facebook.com/policy.php.

3.7.16. Font Awesome

We use Font Awesome for fonts on the website. The provider is Fonticons, Inc., 307 S Main St, Bentonville, Arkansas, 72712, USA. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for data transfer outside the EEA is Standard Contractual Clauses. The security of data transferred to a third country (i.e., a country outside the EEA) is assured by the standard data protection clauses issued according to the examination procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR) we agreed with the provider. The data will be deleted when their collection purpose ceases, and no retention obligations conflict. More information is available in the provider's privacy policy at https://fontawesome.com/privacy.

3.7.17. Rank Math

We use Rank Math for SEO optimization. The provider is Rank Math Ventures LLP, EC-320, G-8, Area Rajouri Garden, Maya Enclave, Hari Nagar, New Delhi, IN – 110064, India. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta-/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for data transfer outside the EEA is Standard Contractual Clauses. The security of data transferred to a third country (i.e., a country outside the EEA) is assured by the standard data protection clauses issued according to the examination procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR) we agreed with the provider. The data will be deleted when their collection purpose ceases, and no retention obligations conflict. More information is available in the provider's privacy policy at https://rankmath.com/de/privacy-policy/.

3.7.18. Google Tag Manager

We use Google Tag Manager for analysis and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for transfer outside the EEA is adequacy decision. The security of data transferred to a third country (i.e., a country outside the EEA) is ensured because the EU Commission decided within an adequacy decision according to Art. 45 para. 3 GDPR that the third country offers an adequate level of protection. We delete the data when its purpose ceases to exist. More information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de.

3.7.19. Google reCAPTCHA

We use Google reCAPTCHA for managing authentications. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta-/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for transfer outside the EEA is consent. More information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de.

3.7.20. Google Merchant Center

We use Google Merchant Center for maintaining an online store. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta-/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Affected persons can revoke their consent at any time by contacting us through the contact details in our privacy policy. Revocation does not affect the lawfulness of processing before revocation. The legal basis for data transfer outside the EEA is Standard Contractual Clauses. Security of the data transferred to a third country (i.e., a country outside the EEA) is assured by standard data protection clauses issued according to the examination procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR) we agreed with the provider. The data will be deleted when their collection purpose ceases, and no retention obligations conflict. More information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de.

3.7.21. heyData

We have integrated a privacy seal on our website. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes meta-/communication data (e.g., IP addresses) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in providing website visitors with confirmation of our privacy compliance. At the same time, the provider has a legitimate interest in ensuring only customers with existing agreements use its seals, making a mere image copy of the certificate an impractical alternative for confirmation. The data is masked after collection, ensuring no personal reference remains. More information is available in the provider's privacy policy at https://heydata.eu/datenschutzerklaerung.

4. Data Processing on Social Media Platforms

We maintain presences on social media networks to present our organization and services there. The operators of these networks regularly process users’ data for advertising purposes. Among other things, they create user profiles from their online behavior, which are then used, for example, to display interest-based advertising to users on network sites and elsewhere on the internet. To this end, the network operators store information about usage behavior in cookies on the users’ computers. It is also possible that the operators combine this information with other data. Further information and guidance on how users can object to processing by page operators is available in the privacy policies of the respective operators listed below. The operators or their servers may also be located in non-EU states, which may result in risks for users, e.g., because their rights are more difficult to enforce or government authorities may access the data. If users of the networks contact us via our profiles, we process the information provided to answer inquiries. This constitutes our legitimate interest, making Art. 6 para. 1 sentence 1 lit. f GDPR the legal basis.

4.1. Facebook

We maintain a profile on Facebook. Operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. Users can object to data processing through ad settings: https://www.facebook.com/settings?tab=ads. Based on an agreement, we share joint responsibility under Art. 26 GDPR with Facebook for processing data of profile visitors. Facebook explains which data is processed under https://www.facebook.com/legal/terms/information_about_page_insights_data. Affected persons can exercise their rights both against us and Facebook. According to our agreement, however, we are obliged to forward requests to Facebook. Affected persons receive a faster response if they contact Facebook directly.

4.2. Instagram

We maintain a profile on Instagram. Operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://help.instagram.com/519522125107875.

4.3. TikTok

We maintain a profile on TikTok. Operator is TikTok Technology Limited, whose registered office is at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The privacy policy is available here: https://www.tiktok.com/de/privacy-policy.

4.4. YouTube

We maintain a profile on YouTube. Operator is Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland. The privacy policy is available here: https://policies.google.com/privacy?hl=de.

4.5. LinkedIn

We maintain a profile on LinkedIn. Operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE. Users can object to data processing through ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

4.6. Xing

We maintain a profile on Xing. Operator is New Work SE, Dammtorstraße 29-32, 20354 Hamburg. The privacy policy is available here: https://privacy.xing.com/de/datenschutzerklaerung.