Privacy Policy

1. Introduction

In the following, we inform you about the processing of personal data when using ● our website https://www.internetwarriors.de ● our profiles on social media. Personal data refers to all data that can be related to a specific natural person, for example, their name or IP address.

1.1. Contact Information

The controller according to Article 4 (7) EU General Data Protection Regulation (GDPR) is internetwarriors GmbH, Bülowstraße 66, 10783 Berlin, Germany, Email: info@internetwarriors.de. We are legally represented by Gert Axel Zawierucha. Our Data Protection Officer can be reached via heyData GmbH, Schützenstraße 5, 10117 Berlin,www.heydata.eu, Email: datenschutz@heydata.eu.

1.2. Scope of Data Processing, Processing Purposes and Legal Basis

We explain the scope of data processing, processing purposes and legal basis in detail below. The following generally apply as legal basis for data processing: ● Art. 6 para. 1 sentence 1 letter a GDPR serves as a legal basis for processing operations for which we obtain consent. ● Art. 6 para. 1 sentence 1 letter b GDPR is the legal basis as long as the processing of personal data is necessary for the fulfillment of a contract, e.g., when a visitor purchases a product from us or we perform a service for them. This legal basis also applies to processing required for pre-contractual measures, such as inquiries about our products or services. ● Art. 6 para. 1 sentence 1 letter c GDPR applies when we fulfill a legal obligation through the processing of personal data, as may be the case in tax law. ● Art. 6 para. 1 sentence 1 letter f GDPR serves as a legal basis when we can invoke legitimate interests for the processing of personal data, e.g., for cookies necessary for the technical operation of our website.

1.3. Data Processing Outside the EEA

If we transfer data to service providers or other third parties outside the EEA, the security of the data during transmission is guaranteed by adequacy decisions of the EU Commission according to Art. 45 para. 3 GDPR, where such decisions exist, as is the case for the UK, Canada, and Israel. When transferring data to service providers in the USA, the legal basis for data transmission is an adequacy decision of the EU Commission, provided that the service provider is additionally certified under the EU-US Data Privacy Framework. In other cases (e.g., if no adequacy decision exists), the standard contractual clauses typically serve as the legal basis for data transfer, unless we provide alternative guidance. These are rules adopted by the EU Commission and part of the contract with the respective third party. According to Art. 46 para. 2 letter b GDPR, they ensure the security of data transfer. Many providers have given contractual guarantees exceeding the standard contractual clauses, which provide additional protection for the data. These are, for example, guarantees regarding data encryption or an obligation of the third party to inform data subjects if law enforcement agencies wish to access the data.

1.4. Duration of Storage

Unless explicitly stated within this Privacy Policy, the data stored with us will be deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted, meaning the data will be blocked and not processed for other purposes. This applies, for example, to data that we must retain for commercial or tax reasons.

1.5. Rights of the Data Subjects

Data subjects have the following rights regarding their personal data: ● Right to information, ● Right to correction or deletion, ● Right to restrict processing, ● Right to object to processing,● Right to data portability, ● Right to revoke consent at any time.Data subjects also have the right to lodge a complaint with a data protection supervisory authority about the processing of their personal data. Contact details of data protection supervisory authorities are available at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

1.6. Obligation to Provide Data

Customers, prospects, or third parties only need to provide us with the personal data necessary for establishing, conducting, and terminating a business relationship or another relationship, or which we are legally required to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service or may no longer be able to execute an existing contract or other relationship. Required information is marked as such.

1.7. No Automatic Decision-Making in Individual Cases

We do not use fully automated decision-making according to Article 22 GDPR for establishing and conducting a business relationship or other relationship. Should we use these procedures in individual cases, we will inform you separately if legally required.

1.8. Contact

When you contact us, for example via email or phone, we store the data you provide (e.g., names and email addresses) to answer your questions. The legal basis for processing is our legitimate interest (Art. 6 para. 1 sentence 1 letter f GDPR) in answering inquiries addressed to us. The data collected in this context will be deleted once storage is no longer necessary or processing will be restricted if there are legal retention obligations.

1.9. Competitions

We occasionally offer competitions on our website or in other ways. We process the data requested in this context to determine and notify the winners. We then delete the data. We may also offer competitions only for existing customers. In this case, we only process the name to determine the winners and the contact details to notify them. It is in our legitimate interest to offer competitions for customer acquisition or interaction with our existing customers. The legal basis for data processing is Art. 6 para. 1 sentence 1 letter f GDPR.

1.10. Customer Surveys

We conduct customer surveys from time to time to better understand our customers and their desires. We collect the data specified in each instance. It is in our legitimate interest to better understand our customers and their desires, so the legal basis for the associated data processing is Art. 6 para. 1 sentence 1 letter f GDPR. We delete the data once the survey results have been evaluated.

2. Newsletter

We reserve the right to inform customers who have already used our services or purchased goods about our offers from time to time via email or other means unless they have objected. The legal basis for this data processing is Art. 6 para. 1 sentence 1 letter f GDPR. Our legitimate interest lies in direct advertising (recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time without additional costs, for example via the link at the end of each email or by emailing us at the address provided above. Prospects may sign up for a free newsletter. We process the data provided at registration solely for sending the newsletter. Registration is via selection of the respective field on our website, by checking the corresponding field in a paper document, or through another clear action by which prospects express their consent to the processing of their data, so the legal basis is Art. 6 para. 1 sentence 1 letter a GDPR. The consent can be withdrawn at any time, for example, by clicking the corresponding link in the newsletter or notifying us at the email address provided above. The processing of the data until the withdrawal remains lawful even if consent is withdrawn. Based on the recipient's consent (Art. 6 para. 1 sentence 1 letter a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients. We send newsletters using the MAILINGWORK tool from Mailingwork GmbH, Schönherrstraße 8, 09113 Chemnitz, Germany (Privacy Policy: https://mailingwork.de/datenschutzerklaerung). The provider processes content, usage, meta/communication data, and contact data in the EU.

3. Data Processing on Our Website

3.1. Notice for Website Visitors from Germany

Our website stores information on the terminal device of website visitors (e.g., cookies) or accesses information already stored on the terminal device (e.g., IP addresses). The specific information is detailed in the following sections. This storage and access are based on the following regulations: ● If this storage or access is strictly necessary for us to provide the service expressly requested by website visitors (e.g., to operate a chatbot used by the website visitor or to ensure IT security of our website), it is based on § 25 para. 2 No. 2 TTDSG. ● Otherwise, this storage or access takes place based on the consent of website visitors (§ 25 para. 1 TTDSG). The subsequent data processing takes place according to the provisions of the GDPR set out in the following sections.

3.2. Informational Use of the Website

When the website is used for informational purposes only, i.e., when visitors do not transmit additional information to us, we collect the personal data that the browser transmits to our server to ensure the stability and security of our website. This constitutes our legitimate interest, making Art. 6 para. 1 sentence 1 letter f GDPR the legal basis. This data includes: ● IP address ● Date and time of request ● Time zone difference to Greenwich Mean Time (GMT) ● Content of the request (specific page) ● Access status/HTTP status code ● Amount of data transferred ● Website the request comes from ● Browser ● Operating system and its interface ● Language and version of the browser software. This data is also stored in log files. It will be deleted when storage is no longer necessary, at the latest after 14 days.

3.3. Web Hosting and Providing the Website

Our website is hosted by Mittwald. The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp. The provider processes personal data transmitted via the website, e.g., content, usage, meta/communication data, or contact data, in the EU. More information can be found in the provider's privacy policy at https://www.mittwald.de/datenschutz. Our legitimate interest is to provide a website, so the legal basis for the described data processing is Art. 6 para. 1 sentence 1 letter f GDPR.

3.4. Contact Form

When contacting us via the contact form on our website, we store the data requested there and the contents of the message. The legal basis for processing is our legitimate interest in answering inquiries addressed to us. Therefore, the legal basis is Art. 6 para. 1 sentence 1 letter f GDPR. The data collected in this context will be deleted once storage is no longer necessary or processing will be restricted if there are legal retention obligations.

3.5. Job Offers

We publish vacancies in our company on our website, on pages connected to the website, or on third-party websites. The processing of the data provided in the application framework is carried out to conduct the application procedure. Insofar as they are necessary for our decision to establish an employment relationship, the legal basis is Art. 88 para. 1 GDPR in connection with § 26 para. 1 BDSG. The data required for conducting the application process is marked accordingly or indicated. If applicants do not provide this data, we cannot process the application. Further data is voluntary and not required for an application. If applicants provide additional information, it is based on their consent (Art. 6 para. 1 sentence 1 letter a GDPR). We ask applicants to refrain from including information on political opinions, religious beliefs, and similarly sensitive data in their CVs and cover letters, as it is unnecessary for an application. However, if applicants still provide such information, we cannot prevent its processing during the processing of the CV or cover letter. Its processing is then also based on the applicants' consent (Art. 9 para. 2 letter a GDPR). Finally, we process applicants' data for further application procedures if they consent to it. In this case, the legal basis is Art. 6 para. 1 sentence 1 letter a GDPR. We share applicants' data with the responsible HR department staff, our processors in recruiting, and the employees involved in the application process. If, after the application process, we enter into an employment relationship with the applicant, we will only delete the data after the end of the employment relationship. Otherwise, we will delete the data at the latest six months after rejecting an applicant. If applicants have given us consent to use their data for further application procedures, we will only delete their data one year after receipt of the application.

3.6. Booking Appointments

Website visitors can book appointments with us through our website. In addition to the entered data, we process meta or communication data. We have a legitimate interest in offering prospects a user-friendly way to schedule appointments. Therefore, the legal basis for data processing is Art. 6 para. 1 sentence 1 letter f GDPR. If we use a third-party tool for scheduling, the information about it can be found under "Third-Party Providers."

3.7. Third-Party Providers

3.7.1. LinkedIn Ads

We use LinkedIn Ads for advertising. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. We delete the data when the purpose of its collection has been fulfilled. Further information is available in the provider's Privacy Policy at https://www.linkedin.com/legal/privacy-policy.

3.7.2. Leadinfo

We use Leadinfo to identify business opportunities. The provider is Leadinfo B.V., Rivium Quadrant 141, 2909 LC Capelle aan den IJssel, Netherlands. The provider processes meta/communication data (e.g., device information, IP addresses) in the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. We delete the data when the purpose of its collection has been fulfilled. Further information is available in the provider's Privacy Policy at https://www.leadinfo.com/en/privacy/.

3.7.3. Contact Form 7

We use Contact Form 7 to create websites. The provider is Rock Lobster, LLC, 777 W. ROOSEVELT ST. UNIT 5, PHOENIX, 85007, Maricopa, AZ, USA. The provider processes usage data (e.g., visited websites, interest in content, access times), contact data (e.g., email addresses, phone numbers) and meta/communication data (e.g., device information, IP addresses) in the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 letter f GDPR. We have a legitimate interest in setting up and maintaining a website and thus presenting ourselves externally. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way. Further information is available in the provider's Privacy Policy at https://contactform7.com/privacy-policy/.

3.7.4. Google Webfonts

We use Google Webfonts for fonts on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. However, processing takes place only on our servers. The provider processes meta/communication data (e.g., device information, IP addresses) in the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 letter f GDPR. We have a legitimate interest in using an easy-to-implement and cost-effective font on our website. Further information is available in the provider's Privacy Policy at https://policies.google.com/privacy?hl=en.

3.7.5. Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store the cookie consents of website visitors. The legal basis for processing is Art. 6 para. 1 sentence 1 letter f GDPR. The consents of the website visitors given when entering the website are stored in the borlabs-cookie. If website visitors wish to withdraw these consents, they simply need to delete the cookie in their browser. When the website is reloaded, they will be asked for their cookie consent again. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way.

3.7.6. WP Rocket

We use WP Rocket for website performance. The provider is SAS WP MEDIA, 4 rue de la République, 69001 LYON, France. The provider processes meta/communication data (e.g., device information, IP addresses) in the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 letter f GDPR. We have a legitimate interest in reducing the loading time on our website. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way. Further information is available in the provider's Privacy Policy at https://wp-rocket.me/impressum/.

3.7.7. UpdraftPlus

We use UpdraftPlus as a backup. The provider is Updraft WP Software Ltd., 11 Barringer Way, Saint Neots PE19 1LW, United Kingdom. The provider processes content data (e.g., entries in online forms) and meta/communication data (e.g., device information, IP addresses) in the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 letter f GDPR. We have a legitimate interest in ensuring the availability of data through backups. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way. Further information is available in the provider's Privacy Policy at https://updraftplus.com/data-protection-and-privacy-centre/.

3.7.8. Calendly

We use Calendly for scheduling appointments. The provider is Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA. The provider processes usage data (e.g., visited websites, interest in content, access times), contact data (e.g., email addresses, phone numbers) and master data (e.g., names, addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is standard contractual clauses. The safety of data transmitted to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses enacted under the procedure in Art. 93 para. 2 GDPR (Art. 46 para. 2 letter c GDPR), which we have agreed with the provider. We delete the data when the purpose of its collection has been fulfilled. Further information is available in the provider's Privacy Policy at https://calendly.com/pages/privacy.

3.7.9. Google Ads

We use Google Ads for advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is adequacy decisions. The safety of data transmitted to the third country (i.e. a country outside the EEA) is ensured because the EU Commission has determined, as part of an adequacy decision under Art. 45 para. 3 GDPR, that the third country provides an adequate level of protection. We delete the data when the purpose of its collection has been fulfilled. Further information is available in the provider's Privacy Policy at https://policies.google.com/privacy?hl=en.

3.7.10. Google Conversion Tag

We use Google Conversion Tag for conversion tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is standard contractual clauses. The safety of data transmitted to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses enacted under the procedure in Art. 93 para. 2 GDPR (Art. 46 para. 2 letter c GDPR), which we have agreed with the provider. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way. Further information is available in the provider's Privacy Policy at https://policies.google.com/privacy?hl=en and https://support.google.com/tagmanager/answer/9323295?hl=en&ref_topic=3441532.

3.7.11. Meta Pixel

We use Meta Pixel for analysis. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is standard contractual clauses. The safety of data transmitted to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses enacted under the procedure in Art. 93 para. 2 GDPR (Art. 46 para. 2 letter c GDPR), which we have agreed with the provider. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way. Further information is available in the provider's Privacy Policy at https://www.facebook.com/policy.php.

3.7.12. Facebook Like Button

We use the Facebook Like Button for sharing interests on social media. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is consents. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way. Further information is available in the provider's Privacy Policy at https://www.facebook.com/policy.php.

3.7.13. Google Analytics

We use Google Analytics for analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is adequacy decision. The safety of data transmitted to the third country (i.e. a country outside the EEA) is ensured because the EU Commission decided, as part of an adequacy decision under Art. 45 para. 3 GDPR, that the third country provides an adequate level of protection. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way. Further information is available in the provider's Privacy Policy at https://policies.google.com/privacy?hl=en.

3.7.14. Google Maps

We use Google Maps for maps on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times), location data, and meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is consents. We delete the data when the purpose of its collection has been fulfilled. Further information is available in the provider's Privacy Policy at https://policies.google.com/privacy?hl=en.

3.7.15. Facebook Conversion API

We use Facebook Conversion API for analysis. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is adequacy decision. The safety of data transmitted to the third country (i.e. a country outside the EEA) is ensured because the EU Commission decided, as part of an adequacy decision under Art. 45 para. 3 GDPR, that the third country provides an adequate level of protection. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way. Further information is available in the provider's Privacy Policy at https://www.facebook.com/policy.php.

3.7.16. Font Awesome

We use Font Awesome for fonts on the website. The provider is Fonticons, Inc., 307 S Main St, Bentonville, Arkansas, 72712, USA. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is standard contractual clauses. The safety of data transmitted to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses enacted under the procedure in Art. 93 para. 2 GDPR (Art. 46 para. 2 letter c GDPR), which we have agreed with the provider. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way. Further information is available in the provider's Privacy Policy at https://fontawesome.com/privacy.

3.7.17. Rank Math

We use Rank Math for SEO optimization. The provider is Rank Math Ventures LLP, EC-320, G-8, Area Rajouri Garden, Maya Enclave, Hari Nagar, New Delhi, IN – 110064, India. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is standard contractual clauses. The safety of data transmitted to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses enacted under the procedure in Art. 93 para. 2 GDPR (Art. 46 para. 2 letter c GDPR), which we have agreed with the provider. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way. Further information is available in the provider's Privacy Policy at https://rankmath.com/privacy-policy/.

3.7.18. Google Tag Manager

We use Google Tag Manager for analysis and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is adequacy decision. The safety of data transmitted to the third country (i.e. a country outside the EEA) is ensured because the EU Commission decided, as part of an adequacy decision under Art. 45 para. 3 GDPR, that the third country provides an adequate level of protection. We delete the data when the purpose of its collection has been fulfilled. Further information is available in the provider's Privacy Policy at https://policies.google.com/privacy?hl=en.

3.7.19. Google reCAPTCHA

We use Google reCAPTCHA for managing authentications. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is consents. Further information is available in the provider's Privacy Policy at https://policies.google.com/privacy?hl=en.

3.7.20. Google Merchant Center

We use Google Merchant Center to maintain an online shop. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 letter a GDPR. Processing is based on consents. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our Privacy Policy. Withdrawal does not affect the lawfulness of processing until withdrawal. The legal basis for transmission to a country outside the EEA is standard contractual clauses. The safety of data transmitted to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses enacted under the procedure in Art. 93 para. 2 GDPR (Art. 46 para. 2 letter c GDPR), which we have agreed with the provider. The data is deleted when the purpose of its collection has been fulfilled, and no retention obligation stands in the way. Further information is available in the provider's Privacy Policy at https://policies.google.com/privacy?hl=en.

3.7.21. heyData

We have incorporated a data protection seal on our website. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes meta/communication data (e.g., IP addresses) in the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 letter f GDPR. We have a legitimate interest in providing website visitors with a confirmation of our data protection compliance. At the same time, the provider has a legitimate interest in ensuring that only customers with existing contracts use its seals, which is why a mere image copy of the certificate is not a feasible alternative to confirmation. The data is masked after collection so that no personal reference remains. Further information is available in the provider's Privacy Policy at https://heydata.eu/privacy-policy/.

4. Data Processing on Social Media Platforms

We are present in social media networks to present our organization and services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to display advertisements corresponding to the users' interests on the network pages and elsewhere on the Internet. For this purpose, the network operators store information on the users' behavior in cookies on their computers. It is also possible that the operators merge this information with additional data. Further information and notes on how users can object to processing by the page operators can be found in the Privacy Policies of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, which means they process data there. This may entail risks for the users, e.g., because the enforcement of their rights becomes more difficult or state authorities gain access to the data. When network users contact us via our profiles, we process the data provided to answer the inquiries. This constitutes our legitimate interest, making Art. 6 para. 1 sentence 1 letter f GDPR the legal basis.

4.1. Facebook

We maintain a profile on Facebook. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Privacy Policy is available here: https://www.facebook.com/policy.php. An option to object to data processing can be found through the ad settings: https://www.facebook.com/settings?tab=ads. Based on an agreement, we and Facebook are jointly responsible for processing the data of visitors to our profile under Art. 26 GDPR. Facebook explains which data is processed under https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can exercise their rights both towards us and Facebook. However, based on our agreement with Facebook, we are obliged to forward inquiries to Facebook. Therefore, data subjects will receive a quicker response if they contact Facebook directly.

4.2. Instagram

We maintain a profile on Instagram. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Privacy Policy is available here: https://help.instagram.com/519522125107875.

4.3. TikTok

We maintain a profile on TikTok. The provider is TikTok Technology Limited, whose registered office is at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The Privacy Policy is available here: https://www.tiktok.com/privacy-policy.

4.4. YouTube

We maintain a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Privacy Policy is available here: https://policies.google.com/privacy?hl=en.

4.5. LinkedIn

We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The Privacy Policy is available here: https://www.linkedin.com/legal/privacy-policy?_l=en_US. An option to object to data processing is via the ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

4.6. Xing

We maintain a profile on Xing. The provider is New Work SE, Dammtorstraße 29-32, 20354 Hamburg. The Privacy Policy is available here: https://privacy.xing.com/en/privacy-policy.