General Information The following information provides a brief overview of what happens to your personal data when you visit this website. Personal data refers to any information that can be used to identify you personally. For detailed information on data protection, please refer to our Privacy Policy listed below.

Data Collection on This Website Who is responsible for data collection on this website? Data processing on this website is carried out by the website operator. You can find the operator’s contact information in the “Information on the Responsible Party” section of this Privacy Policy. How do we collect your data? Your data is collected, on the one hand, when you provide it to us. This may include, for example, data that you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website through our IT systems. This primarily consists of technical data (e.g., internet browser, operating system, or time of page view). This data is collected automatically as soon as you access this website.

What do we use your data for? Some of the data is collected to ensure the website functions properly. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated through the website, the data provided will also be processed for contract offers, orders, or other order inquiries.

What rights do you have regarding your data? You have the right at any time to receive, free of charge, information about the source, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time with future effect. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to file a complaint with the competent supervisory authority. You may contact us at any time regarding this matter or any other questions about data protection.

Analytics Tools and Third-Party Tools When you visit this website, your browsing behavior may be analyzed for statistical purposes. This is done primarily using so-called analytics tools.

You can find detailed information about these analytics programs in the following Privacy Policy.

We host our website's content with the following provider: onepage.io

We have integrated onepage.io into this website. The provider is Onepage GmbH, Neue Rothofstr. 13 -19, 60313 Frankfurt am Main (hereinafter “onepage.io”).

onepage.io allows us to build websites, landing pages, link trees, and quiz pages. The websites are generated entirely on onepage.io and hosted there as well. For this purpose, onepage.io processes personal data. All personal data that you enter on this site or that is automatically collected from you is therefore also processed by onepage.io and stored on its servers.

The legal basis for data processing is Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in providing the service. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be revoked at any time.

For further details, please refer to the provider’s privacy policy at https://onepage.io/de/datenschutzerklarung.

Data Processing We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Privacy Policy The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws as well as this Privacy Policy.

When you use this website, various types of personal data are collected. Personal data is information that can be used to identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.

Please note that data transmission over the Internet (e.g., when communicating via email) may be subject to security risks. It is not possible to completely protect data from access by third parties.

Information about the data controller The data controller responsiblefor data processing on this website is:

Familie Steinbacher OHG represented by Anna Maria Steinbacher and Stefan Steinbacher Fletzingergasse 3 83512 Wasserburg am Inn Phone: +49 (0)8071 904090 Email: info@fletzinger.de

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Retention Period Unless a more specific retention period is stated in this Privacy Policy, we will retain your personal data until the purpose for which it is processed no longer applies. If you submit a valid request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these grounds no longer apply.

If you have consented to the processing of your data, we process your personal data on the basis of Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, provided that special categories of data as defined in Article 9(1) of the GDPR are processed. In the event of explicit consent to the transfer personal data to third countries, data processing is also carried out on the basis of Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), data processing is additionally carried out on the basis of § 25(1) TDDDG. Consent may be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to comply with a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Information regarding the applicable legal bases in each individual case is provided in the following sections of this Privacy Policy.

As part of our business operations, we collaborate with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the disclosure of data. When using data processors, we only transfer our customers’ personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of Your Consent to Data Processing Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.

IF DATA PROCESSING IS BASED ON ART. 6(1)(e) OR (f) OF THE GDPR , YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE SPECIFIC LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR for the purposes of such marketing; this also applies to profiling, insofar as it is . IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place where the alleged violation occurred. This right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to Data Portability You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract in a commonly used, machine-readable format, either for yourself or for a third party. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Access, Correction, and Deletion In accordance with applicable legal provisions, you have the right at any time to obtain, free of charge, information about your stored personal data, its source and recipients, and the purpose of the data processing, as well as the right to have this data corrected or deleted, if applicable. For this purpose, as well as for any further questions regarding personal data, you may contact us at any time.

Right to Restriction of Processing You have the right to request that the processing of your personal data be restricted. You may contact us at any time to exercise this right. The right to restriction of processing applies in the following cases:

If you have restricted the processing of your personal data, such data—apart from its storage—may be processed only with your consent or for the purpose of asserting, exercising, or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of a substantial public interest of the European Union or a Member State.

SSL or TLS Encryption This site uses SSL or TLSencryption for security reasons and to protect the transmission of confidential information, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock icon in your browser bar.

If SSL or TLS encryption is enabled, the data you send to us cannot be intercepted by third parties.

Objection to Advertising Emails We hereby object to the use of contact information published in accordance with legal disclosure requirements for the purpose of sending unsolicited advertising and informational materials. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited transmission of advertising information, such as via spam emails.

4. Data Collection on This Website

Cookies Our website uses so-called “cookies.” Cookies are small data packets that do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies may be set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services into websites (e.g., cookies used to process payment transactions).

Cookies serve various purposes. Many cookies are technically necessary, as certain website features would not work without them (e.g., the shopping cart feature or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes .

Cookies that are necessary for the execution of the electronic communication process, for providing certain functions you have requested (e.g., the shopping cart function), or for optimizing the website (e.g., cookies for measuring web traffic) are stored pursuant to Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent may be revoked at any time.

You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, to block cookies in certain cases or generally, and to enable the automatic deletion of cookies when you close your browser. If you disable cookies, the functionality of this website may be limited.

If other cookies and services are used on this website, you can find this information in this Privacy Policy.

Server Log Files The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes:

This data is not combined with other data sources.

This data is collected on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring that its website functions properly and in optimizing it— which requires the collection of server log files.

Contact Form If you submit an inquiry to us via the contact form, the information you provide in the inquiry form—including the contact details you enter there—will be stored by us for the purpose of processing your inquiry and in case we have any follow-up questions. We will not share this data without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if such consent was requested; consent may be withdrawn at any time.

The data you enter in the contact form will remain with us until you request that we delete it, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g., once your inquiry has been processed). Mandatory legal provisions— in particular retention periods—remain unaffected.

Inquiries via Email, Phone, or Fax If you contact us via email, phone, or fax, your inquiry—including all personal data contained therein (name, inquiry)—will be stored and processed by us for the purpose of handling your request. We will not disclose this data without your consent. The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if such consent was requested; consent may be withdrawn at any time.

The data you send us via contact requests will remain with us until you ask us to delete it, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g., once your request has been processed). Mandatory legal provisions— in particular statutory retention periods—remain unaffected.

Google Tag Manager We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform its own analyses. It is used solely for managing and deploying the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States .

The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information on this, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables website operators to analyze the behavior of website visitors. In doing so, website operators receive various usage data, such as page views, time spent on the site, operating systems used, and the user’s location. This data is associated with the user’s respective device. It is not linked to a user ID.

In addition, Google Analytics allows us to track your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data sets and employs machine learning technologies in its data analysis. Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google regarding the use of this website is generally transmitted to a Google server in the U.S. and stored there.

Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit: https://business.safety.google/adscontrollerterms/sccs/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information on this, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.

IP Anonymization Google Analytics IP anonymization is enabled. This means that Google will truncate your IP address within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area before transmitting it to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

Browser Plugin You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how Google Analytics handles user data, please see Google's Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de.

Data Processing We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities regarding the use of Google Analytics.

Google Ads The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display ads in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted ads can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can evaluate this data quantitatively by, for example, analyzing which search terms led to the display of our ads and how many ads resulted in corresponding clicks.

Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information on this, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Ads Remarketing This website uses Google Ads Remarketing features. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online content to specific target groups so that we can subsequently show them interest-based ads on the Google Display Network (remarketing or retargeting).

Furthermore, the advertising audiences created with Google Ads Remarketing can be linked to Google’s cross-device features. In this way, interest-based, personalized advertising messages that have been tailored to you based on your previous usage and browsing behavior on one device (e.g., a smartphone) can also be displayed on another of your devices (e.g., a tablet or PC).

If you have a Google account, you can opt out of personalized ads by clicking the following link: https://adssettings.google.com/anonymous?hl=de.

Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.

For more information and the privacy policy, please see Google’s Privacy Policy at: https://policies.google.com/technologies/ads?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information on this, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.

Target Audience Creation Using Customer Match To create target audiences, we use, among other things, Google Ads Remarketing’s Customer Match feature. In this process, we transfer specific customer data (e.g., email addresses) from our customer lists to Google. If the customers in question are Google users and are logged into their Google accounts, they will be shown relevant advertising messages within the Google network (e.g., on YouTube, Gmail, or in the search engine).

Google Conversion Tracking This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can determine whether a user has performed certain actions. For example, we can analyze which buttons on our website are clicked and how often, as well as which products are viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that would allow us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification purposes.

Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.

For more information about Google Conversion Tracking, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information on this, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.

Meta Pixel (formerly Facebook Pixel) This website uses Meta’s visitor action pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. However, according to Meta, the collected data is also transferred to the United States and other third countries.

This allows the behavior of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a meta-ad. This enables the effectiveness of the meta-ads to be evaluated for statistical and market research purposes and future advertising campaigns to be optimized.

The data collected is anonymous to us as the operators of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta, enabling a link to the respective user profile on Facebook or Instagram, and allowing Meta to use the data for its own advertising purposes, in accordance with Meta’s Data Use Policy (https://de-de.facebook.com/about/privacy/) . This enables Meta to display advertisements on Facebook or Instagram pages and other advertising channels. We, as the website operator, have no influence over this use of the data.

Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Dublin, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing carried out by Meta after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum.

Under this agreement, we are responsible for providing privacy notices when the Meta tool is used and for ensuring that the tool is implemented on our website in compliance with data protection laws. Meta is responsible for the data security of Meta products. You can exercise your data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Meta. If you exercise your data subject rights with us, we are obligated to forward them to Meta.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find more information about protecting your privacy in Meta's privacy policy: https://de-de.facebook.com/about/privacy/.

You can also disable the "Custom Audiences" remarketing feature in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

To do this, you must be logged in to Facebook.

If you do not have a Facebook or Instagram account, you can opt out of interest-based advertising from Meta on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to complying with these data protection standards.

For more information, please visit the provider's website at the following link: https://www.dataprivacyframework.gov/participant/4452.

Meta Custom Audiences We use Meta Custom Audiences. This service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When you visit or use our websites and apps, take advantage of our free or paid services, submit data to us, or interact with our company’s Facebook or Instagram content, we collect your personal data. If you give us your consent to use Meta Custom Audiences, we will transfer this data to Meta, which Meta can then use to display relevant advertisements to you. Furthermore, your data can be used to define target groups (Lookalike Audiences).

Meta processes this data as our data processor. For details, please refer to Meta’s Terms of Service:

https://www.facebook.com/legal/terms/customaudience.

Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information on this, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/4452.

Newsletter Information If you would like to subscribe to the newsletter offered on the website, we require your email address as well as information that allows us to verify that you are the owner of the provided email address and consent to receiving the newsletter. Additional data is not collected, or is collected only on a voluntary basis. To manage the newsletter, we use newsletter service providers, which are described below.

Brevo This website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is a service that can be used, among other things, to organize and analyze the distribution of newsletters. The data you provide to subscribe to the newsletter is stored on the servers of Sendinblue GmbH in Germany.

Data Analysis with Brevo Brevo allows us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked, if any. This enables us to determine, among other things, which links were clicked on particularly often.

We can also track whether certain predefined actions were taken after the newsletter was opened or clicked (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter.

Brevo also allows us to segment newsletter recipients into different categories (“cluster”). For example, newsletter recipients can be segmented by age, gender, or location. This makes it easier to tailor the newsletters to the respective target groups. If you do not want Brevo to analyze your data, you must unsubscribe from the newsletter. To do so, we provide a corresponding link in every newsletter message.

For detailed information about Brevo's features, please visit the following link: https://www.brevo.com/de/newsletter-software/.

Legal Basis Data processing is based on your consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time. The lawfulness of any data processing that has already taken place remains unaffected by the withdrawal.

Retention Period The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter mailing list, your email address may be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves both your interest and our interest in comply with legal requirements regarding the sending of newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage on the blacklist is not time-limited. You may object to such storage provided that your interests outweigh our legitimate interest. For more details, please refer to Brevo’s privacy policy at: https://www.brevo.com/de/datenschutz-uebersicht/ and https://www.brevo.com/de/legal/privacypolicy/.

Data Processing We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Sending Newsletters to Existing Customers If you order goods or services from us and provide your email address in the process, we may subsequently use this email address to send you newsletters, provided that we inform you of this in advance. In such cases, the newsletter will only contain direct marketing for our own similar goods or services. You may unsubscribe from this newsletter at any time. A link for this purpose is included in every newsletter. The legal basis for sending the newsletter in this case is Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG.

After you unsubscribe from the newsletter mailing list, your email address may be stored in a blacklist to prevent future mailings from being sent to you. The data in the blacklist is used solely for this purpose and is not combined with any other data. This serves both your interests and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage on the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.

Google Fonts (locally hosted) This site uses Google Fonts, which are provided by Google, to ensure consistent font display. The Google Fonts are installed locally. No connection to Google’s servers is established in the process.

For more information about Google Fonts, visit https://developers.google.com/fonts/faq and Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

Zapier We use Zapier. The provider is Zapier Inc., 62411 Market St., San Francisco, CA 94104-5401, USA (hereinafter “Zapier”).

Zapier allows us to connect various features, databases, and tools and synchronize them with one another. This makes it possible, for example, to automatically post content that we publish on our website to our social media channels, or to export content from marketing and analytics tools. Depending on the feature, Zapier may also collect various personal data in the process.

The use of Zapier is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring the most effective integration possible of the tools we use. If the relevant consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. The consent may be revoked at any time.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit: https://zapier.com/tos.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information on this, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/4425.

Data Processing We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

8. Our Services Handling of Applicant Data

We offer you the opportunity to apply for a position with us (e.g., by email, mail, or via our online application form). Below, we provide information about the scope, purpose, and use of the personal data collected from you during the application process. We assure you that the collection, processing, and use of your data are carried out in accordance with applicable data protection laws and all other legal provisions, and that your data will be treated as strictly confidential.

Scope and Purpose of Data Collection When you submit an application to us, we process your associated personal data (e.g., contact and communication details, application documents, notes taken during job interviews, etc.), to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Article 6(1)(b) of the GDPR (general contract initiation) and—provided you have given your consent—Article 6(1)(a) of the GDPR. Consent may be withdrawn at any time. Your personal data will be shared within our company exclusively with persons involved in processing your application. If the application is successful, the data you have submitted will be stored in our data processing systems on the basis of Section 26 BDSG and Article 6(1)(b) GDPR for the purpose of carrying out the employment relationship.

As part of the application process, we may also conduct an online search regarding your person. This primarily includes Google searches, LinkedIn, and Xing. The legal basis for this type of processing is our legitimate interest in forming an overall impression of publicly available information about you, in accordance with Article 6(1)(f) of the GDPR.

Data Retention Period If we are unable to offer you a position, if you decline a job offer, or if you withdraw your application, we reserve the right to retain the data you have provided based on our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from the conclusion of the application process (rejection or withdrawal of the application). Subsequently, the data will be deleted and the physical application documents destroyed. The retention serves, in particular, as evidence in the event of a legal dispute. If it becomes apparent that the data will be required after the 6-month period has expired (e.g., due to an impending or pending legal dispute), deletion will not take place until the purpose for continued retention no longer applies.

Data may also be retained for a longer period if you have provided the necessary consent (Art. 6 (1)(a) GDPR) or if statutory retention requirements prevent its deletion.