Privacy Policy

Introduction and Overview

We have prepared this privacy policy (version 07.03.2025-322959328) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as "data") we, as data controllers – and the data processors we have engaged (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a reader-friendly way , links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides the briefest, unclear, and overly technical legal explanations that are often standard practice on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps you will find some information that you were not yet aware of.
If you still have questions, please contact the responsible party named below or in the legal notice, follow the provided links, and consult further information on third-party websites. Our contact details can, of course, also be found in the legal notice.

scope

This privacy policy applies to all personal data processed by us within our company and to all personal data processed by companies commissioned by us (data processors). Personal data, as defined in Article 4 No. 1 GDPR, refers to information such as a person's name, email address, and postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• Social media presence and email communication
• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas where personal data is processed in a structured manner within the company via the aforementioned channels. Should we enter into a legal relationship with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy statement, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General
Data Protection Regulation (GDPR), that allow us to process personal data. With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679 .

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
2. Contract (Article 6 paragraph 1 lit. b GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information beforehand.
3. Legal obligation (Article 6 paragraph 1 lit. c GDPR): We process your data when we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes. These typically contain personal data.
4. Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not infringe your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically. This processing therefore constitutes a legitimate interest.

Other conditions, such as the recording of images in the public interest, the exercise of public authority, or the protection of vital interests, do not generally apply in our case. If such a legal basis should apply, it will be indicated at the relevant point.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data ( Data Protection Act ), abbreviated DSG .
• In Germany the Federal Data Protection Act ( BDSG) .

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible party

Should you have any questions regarding data protection or the processing of personal data, you will find the contact details of the controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) below:
Dr. med. Gunther Oldag
Hauptstrasse 53,
66798 Wallerfangen

Email: info@ schoenheits-hand-werk .de
Telephone: 06831/4005904
Imprint: https:// schoenheits-hand-werk .de/impressum/

Storage duration

We generally adhere to the principle that we only store personal data for as long as is absolutely necessary for providing our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased to exist, for example, for accounting purposes.

Should you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and provided there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights to which you are entitled, in order to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and the following information:
  • for what purpose we carry out the processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
• According to Article 16 of the GDPR, you have a right to rectification of your data, which means that we must correct any data you find.
• According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request the deletion of your data.
• According to Article 18 GDPR, you have the right to restrict processing, which means that we may only store the data but not use it further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
• According to Article 21 GDPR, you have the right to object, which, if exercised, will result in a change to the processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
  • If your data is used for direct marketing purposes, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for direct marketing.
  • If data is used for profiling, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for profiling.
• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means you can lodge a complaint with the data protection authority at any time if you believe that the processing of your personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/ . In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) . The following local data protection authority is responsible for our company:

Saarland Data Protection Authority

State Commissioner for Data Protection: Monika Grethel
Address: Fritz-Dobisch-Straße 12, 66111 Saarbrücken
Telephone number: 06 81/947 81-0
Email address: poststelle@datenschutz.saarland.de
Website:
https://www.datenschutz.saarland.de/

Data processing security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our means, for third parties to infer personal information from our data.

Article 25 of the GDPR refers to "data protection by design and by default," meaning that security must always be considered and appropriate measures implemented for both software (e.g., forms) and hardware (e.g., access to the server room). We will discuss specific measures below, if necessary.

TLS encryption with https

TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.
This means that the entire transmission of all data from your browser to our web server is secure – no one can eavesdrop.

This introduces an additional layer of security, allowing us to comply with data protection by design ( Article 25 Paragraph 1 GDPR ). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize this secure data transmission by the small padlock icon in the top left corner of your browser, to the left of the web address (e.g., examplepage.com), and the use of the https scheme (instead of http) as part of our web address.
If you would like to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find helpful links to further information.

communication

Communication Summary 👥 Data Subjects: Everyone who communicates with us by phone, email, or online form 📓 Data Processed: e.g., phone number, name, email address, form data entered. More details can be found under the respective contact method used. 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Storage Period: Duration of the business transaction and legal requirements ⚖️ Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. b GDPR (Contract), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

When you contact us and communicate via telephone, email or online form, personal data may be processed.

The data will be processed for the handling and processing of your inquiry and the associated business transaction. The data will be stored for as long as required by law.

Affected persons

The aforementioned processes affect everyone who contacts us via the communication channels we provide.

phone

When you call us, the call data is stored pseudonymously on your device and with your telecommunications provider. Additionally, data such as your name and phone number may be sent via email and stored for the purpose of responding to your inquiry. This data will be deleted as soon as the matter is resolved and legal requirements permit.

e-mail

When you communicate with us via email, data may be stored on your device (computer, laptop, smartphone, etc.) and on our email server. This data will be deleted once the business transaction is complete and legal requirements permit.

Online forms

When you communicate with us via online form, data is stored on our web server and may be forwarded to an email address provided by us. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of the data is based on the following legal grounds:

• Article 6 paragraph 1 letter a GDPR (consent): You give us your consent to store your data and to use it further for purposes relating to the business transaction;
• Article 6 paragraph 1 letter b GDPR (contract): The processing is necessary for the performance of a contract with you or a data processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
• Article 6 paragraph 1 letter f GDPR (Legitimate Interests): We want to handle customer inquiries and business communication in a professional manner. This requires certain technical equipment such as email programs, Exchange servers, and mobile network operators to ensure efficient communication.

Data Processing Agreement (DPA)

In this section, we would like to explain what a data processing agreement (DPA) is and why it is necessary. Because the term "data processing agreement" is quite a mouthful, we will often use the acronym DPA in this text. Like most companies, we don't work alone, but also utilize the services of other companies or individuals. By involving various companies or service providers, we may transfer personal data for processing. These partners then act as data processors, with whom we conclude a contract, the so-called data processing agreement (DPA). Most importantly for you to know is that the processing of your personal data must be carried out exclusively according to our instructions and must be regulated by the DPA.

Who are data processors?

As a company and website owner, we are responsible for all data we process from you. In addition to the data controller, there may also be so-called data processors. This includes any company or individual that processes personal data on our behalf. More precisely, and according to the GDPR definition: any natural or legal person, public authority, agency, or other body that processes personal data on our behalf is considered a data processor. Data processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

To better understand the terminology, here is an overview of the three roles in the GDPR:

Data subject (you as a customer or prospective customer) → Controller (we as a company and client) → Processor (service providers such as web hosts or cloud providers)

Content of a data processing agreement

As mentioned above, we have concluded a data processing agreement (DPA) with our partners who act as data processors. This agreement stipulates, above all, that the data processor will process the data to be processed exclusively in accordance with the GDPR. The agreement must be in writing; however, in this context, an electronic agreement is also considered "in writing." Personal data will only be processed on the basis of this agreement. The agreement must contain the following:

• Loyalty to us as the responsible party
• Duties and rights of the controller
• Categories of affected persons
• Type of personal data
• Type and purpose of data processing
• Subject matter and duration of data processing
• Location of data processing

Furthermore, the contract contains all the obligations of the data processor. The most important obligations are:

• To ensure data security measures
• to take possible technical and organizational measures to protect the rights of the data subject
• to maintain a data processing directory
• to cooperate with the data protection supervisory authority upon request
• to conduct a risk analysis regarding the personal data received
• Sub-processors may only be commissioned with the written consent of the data controller

You can see an example of what such a data processing agreement (DPA) looks like at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html . A sample contract is presented there.

Web hosting introduction

Web Hosting Summary 👥 Data Subjects: Website visitors 🤝 Purpose: Professional website hosting and operational security 📓 Data Processed: IP address, time of website visit, browser used, and other data. More details can be found below or with your web hosting provider. 📅 Storage Period: Depends on the provider, but usually 2 weeks ⚖️ Legal Basis: Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is web hosting?

When you visit websites these days, certain information – including personal data – is automatically generated and stored, and this website is no exception. This data should be processed as sparingly as possible and only with justification. By "website," we mean all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By "domain," we mean, for example, example.de or sample.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You're probably familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply call them browsers or web browsers.

To display the website, the browser needs to connect to another computer where the website's code is stored: the web server. Operating a web server is a complex and resource-intensive task, which is why it's usually handled by professional providers. These providers offer web hosting and ensure the reliable and error-free storage of website data. A lot of technical terms, but please bear with us, it gets better!

When your browser connects to the web server (desktop, laptop, tablet, or smartphone) and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server also needs to store data for a certain period of time to ensure proper operation.

A picture is worth a thousand words, therefore the following graphic illustrates the interaction between browser, the internet and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional website hosting and operational security
2. to maintain operational and IT security
3. Anonymous analysis of access behavior to improve our services and, if necessary, for law enforcement or pursuit of claims

What data is processed?

Even while you are currently visiting our website, our web server, that is the computer on which this website is stored, usually automatically saves data such as

• the complete internet address (URL) of the accessed website
• Browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.examplesourcesite.de/fromwhereIcame/ )
• the hostname and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
• Date and time
• in files, the so-called web server log files

How long is data stored?

The data mentioned above is generally stored for two weeks and then automatically deleted. We do not share this data, but we cannot rule out the possibility that authorities may access it in the event of unlawful activity.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we will not share your data without your consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting is based on Art. 6 para. 1 lit. f GDPR (safeguarding legitimate interests), because the use of professional hosting from a provider is necessary to present the company securely and user-friendly on the internet and to be able to pursue attacks and claims arising therefrom.

We and the hosting provider usually have a data processing agreement in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

ALL-INKL Privacy Policy

We use ALL-INKL, a web hosting provider, for our website. The service provider is the German company ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany.

You can find out more about the data processed through the use of ALL-INKL in the privacy policy at https://all-inkl.com/datenschutzinformationen/ .

Data Processing Agreement (DPA) ALL-INKL

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a data processing agreement (DPA) with ALL-INKL. You can find out exactly what a DPA is and, above all, what it must contain in our general section "Data Processing Agreement (DPA).".

This contract is legally required because ALL-INKL processes personal data on our behalf. It stipulates that ALL-INKL may only process data received from us according to our instructions and must comply with the GDPR.

Web Analytics Introduction

Web Analytics Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Analysis of visitor information to optimize the website. 📓 Data processed: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Further details can be found in the documentation for the respective web analytics tool used. 📅 Storage period: Depends on the web analytics tool used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is web analytics?

We use software on our website to analyze visitor behavior, commonly known as web analytics. This involves collecting data that is stored, managed, and processed by the respective analytics tool provider (also called a tracking tool). This data is used to create analyses of user behavior on our website and made available to us as the website operator. Most tools also offer various testing options. For example, we can test which offers or content resonate best with our visitors. To do this, we display two different offers for a limited time. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as other analytics methods, user profiles can be created and the data stored in cookies.

Why do we use web analytics?

With our website, we have a clear goal in mind: to deliver the best online offering on the market for our industry. To achieve this, we aim to provide the best and most engaging content while ensuring you feel completely comfortable on our website. Web analytics tools allow us to closely examine the behavior of our website visitors and then improve our online offerings accordingly, benefiting both you and ourselves. For example, we can determine the average age of our visitors, their geographical origin, peak traffic times, and which content or products are particularly popular. All this information helps us optimize the website and tailor it perfectly to your needs, interests, and preferences.

What data is processed?

Exactly which data is stored depends, of course, on the analytics tools used. However, it typically includes information such as which content you view on our website, which buttons or links you click, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website, and which computer system you are using. If you have consented to the collection of location data, this may also be processed by the web analytics tool provider.

Your IP address will also be stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is generally stored in pseudonymized form (i.e., in an unidentifiable and shortened form). For the purposes of testing, web analytics, and web optimization, no direct data such as your name, age, address, or email address is stored. All such data, if collected, is stored pseudonymously. This ensures that you cannot be identified as an individual.

The following example schematically illustrates how Google Analytics works as an example of client-based web tracking using JavaScript code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. Generally, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If legally required, as in the case of accounting, for example, this storage period may be exceeded.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we obtained via our cookie popup. According to Article 6(1)(a) GDPR (consent), constitutes the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to obtaining your consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Web analytics helps us identify website errors, detect attacks, and improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests) . However, we only use these tools if you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general privacy policy regarding cookies. To learn exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Information on specific web analytics tools can be found – if available – in the following sections.

WP Statistics Privacy Policy

WP Statistics Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Analysis of visitor information to optimize the website. 📓 Data processed: Access statistics, including data such as anonymized IP addresses, duration of website visits, and your click behavior. 📅 Storage period: The data is stored until it is no longer needed for the purposes for which it was collected. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is WP Statistics?

We use the WP Statistics analytics plugin on our website. This plugin was developed by Veronalabs (5460 W Main St, Verona, NY 13478, USA), an American software company. This plugin provides us with basic statistics on how you, as a user, interact with our website. In this privacy policy, we explain the analytics tool in more detail and show you what data is stored, where it is stored, and for how long.

This plugin is analytics software specifically designed for websites using the WordPress content management system. WordPress allows us to easily manage our website even without programming knowledge. WP Statistics can collect data such as how long you stay on our website, which subpages you visit, the number of visitors, and which website you came from. WP Statistics does not set cookies, and you cannot be personally identified by the collected data.

Why do we use WP Statistics?

WP Statistics provides us with simple statistics that help us make our website even more interesting and better for you. Our website and the content, products, and/or services offered on it should meet your needs and wishes as closely as possible. To achieve this goal, we naturally need to know where we can make improvements and changes. The statistics we receive help us get one step closer to this goal.

What data does WP Statistics store?

WP Statistics does not use cookies, and the data collected is used only to generate anonymized statistics about the use of our website. WP Statistics also anonymizes your IP address. You cannot be identified as an individual.

WP Statistics collects visitor data (so-called Visitors' Data) when your web browser connects to our web server. This data is stored in our database on our server. Examples include:

• the address (URL) of the accessed website
• Browser and browser version
• the operating system used
• the address (URL) of the previously visited page (referrer URL)
• the hostname and IP address of the device from which access is made
• Date and time
• Information about country/city
• Number of visitors coming from a search engine
• Duration of website visit
• Clicks on the website

The data will not be shared or sold.

How long and where will the data be stored?

All data is stored locally on our web server. The data will remain on our web server until it is no longer needed for the purposes mentioned above.

How can I delete my data or prevent data storage?

You have the right to access, rectify, erase, and restrict the processing of your personal data at any time. You can also withdraw your consent to data processing at any time.

Legal basis

The use of WP Statistics requires your consent, which we obtained via our cookie popup. According to Article 6 Paragraph 1 Letter a GDPR (consent), constitutes the legal basis for the processing of personal data, such as that which may occur when collected by web analytics tools.

In addition to your consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. WP Statistics helps us identify website errors, detect attacks, and improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests) . However, we only use WP Statistics if you have given your consent.

Please note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. Data processing is primarily carried out by WP Statistics. This may result in data being processed and stored in a non-anonymized manner. Furthermore, US government authorities may potentially access individual data points. It is also possible that this data may be linked to data from other WP Statistics services where you have a user account.

We have now provided you with the most important information regarding data processing by WP Analytics. Because the plugin does not use cookies and the data for statistical analysis is stored locally on the web server, your data is handled with great care. If you would like to learn more about WP Analytics, please refer to the company's privacy policy at https://wp-statistics.com/privacy-policy .

Yoast SEO WordPress Plugin Privacy Policy

We use the Yoast SEO WordPress plugin for our website's analytics tool. The service provider is the Dutch company Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, Netherlands.

You can find out more about the data processed through the use of the Yoast SEO WordPress plugin in the privacy policy at https://yoast.com/privacy-policy/ .

Security & Anti-Spam

Security & Anti-Spam Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Cybersecurity 📓 Data processed: Data such as your IP address, name, or technical data such as browser version. More details can be found below and in the individual privacy policies. 📅 Storage period: In most cases, the data is stored until it is no longer needed to fulfill the service. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is security and anti-spam software?

With so-called security and anti-spam software, you and we can protect ourselves from various spam and phishing emails, as well as other potential cyberattacks. Spam refers to unsolicited advertising emails sent in bulk. These emails are also known as junk mail and can even incur costs. Phishing emails, on the other hand, are messages designed to gain your trust through fake messages or websites in order to obtain personal data. Anti-spam software typically protects against unwanted spam messages or malicious emails that could, for example, introduce viruses into your system. We also use general firewall and security systems that protect our computers from unwanted network attacks.

Why do we use security and anti-spam software?

We place particular emphasis on security on our website. After all, it's not just about our security, but above all, yours. Unfortunately, cyber threats are now commonplace in the world of IT and the internet. Hackers often attempt to steal personal data from IT systems using cyberattacks. Therefore, a robust defense system is absolutely essential. A security system monitors all incoming and outgoing connections to our network and computers. To achieve even greater protection against cyberattacks, we utilize additional external security services alongside the standard security systems on our computers. This effectively prevents unauthorized data traffic and protects us against cybercrime.

What data is processed by security and anti-spam software?

Exactly which data is collected and stored depends, of course, on the specific service. However, we always strive to use only programs that collect very little data or only store data necessary for fulfilling the offered service. Generally, the service may store data such as name, address, IP address, email address, and technical data like browser type and version. Performance and log data may also be collected to detect potential incoming threats in a timely manner. This data is processed within the scope of the services and in compliance with applicable laws. For US providers, this includes the GDPR (via standard contractual clauses). In some cases, these security services also collaborate with third-party providers who may store and/or process data under our instructions and in accordance with data protection guidelines and other security measures. Data storage is usually done via cookies.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information. For example, security programs store data until you or we revoke the data storage consent. Generally, personal data is only stored for as long as is absolutely necessary for the provision of the services. Unfortunately, in many cases, we lack precise information from the providers regarding the storage period.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party security software at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since such security services may also use cookies, we recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis

We primarily use security services based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in a good security system against various cyberattacks.

Certain data processing activities, in particular the use of cookies and security features, require your consent. If you have consented to the processing and storage of your data by integrated security services, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the services we use place cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Information on specific tools – if available – can be found in the following sections.

UpdraftPlus Privacy Policy

We use UpdraftPlus, a backup and security system, for our website. The service provider is the British company Updraft WP Software Ltd., 11 Barringer Way, St. Neots, PE19 1LW, Cambridgeshire, United Kingdom.

With the UK's withdrawal from the European Union, the GDPR no longer applies to data transfers to the UK. However, the European Commission has decided, based on Article 45 of the GDPR, that the UK offers an adequate level of protection compared to the GDPR. Data transfers to the UK are therefore permissible. You can view the decision here (download): https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D1772

You can find out more about the data processed through the use of UpdraftPlus in the Privacy Policy at https://updraftplus.com/data-protection-and-privacy-centre/ .

Web Design Introduction

Web Design Privacy Policy Summary 👥 Data Subjects: Website Visitors 🤝 Purpose: Improving the User Experience 📓 Data Processed: The data processed depends heavily on the services used. This typically includes IP address, technical data, language settings, browser version, screen resolution, and browser name. More details can be found with the respective web design tools used. 📅 Storage Period: Depends on the tools used ⚖️ Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is web design?

We use various tools on our website to enhance our web design. Contrary to popular belief, web design isn't just about making our website look good; it's also about functionality and performance. Of course, a visually appealing website is also a key objective of professional web design. Web design is a subfield of media design and deals with the visual, structural, and functional aspects of a website. The goal of web design is to improve your experience on our website. In web design terminology, this is referred to as user experience (UX) and usability. User experience encompasses all the impressions and experiences a website visitor has on a website. Usability is a subset of user experience, focusing on the user-friendliness of a website. The emphasis here is on ensuring that content, subpages, and products are clearly structured, allowing you to easily and quickly find what you're looking for. To provide you with the best possible experience on our website, we also use third-party web design tools. Therefore, in this privacy policy, the category "web design" includes all services that improve the design of our website. This could include, for example, fonts, various plugins, or other integrated web design functions.

Why do we use web design tools?

How you absorb information from a website depends heavily on its structure, functionality, and visual appeal. Therefore, good and professional web design has become increasingly important to us. We are constantly working to improve our website and see this as an added service for you as a website visitor. Furthermore, a beautiful and functional website also offers us economic advantages. Ultimately, you will only visit us and take advantage of our services if you feel completely comfortable.

What data is stored by web design tools?

When you visit our website, web design elements may be integrated into our pages that can also process data. The exact data processed depends heavily on the tools used. Below you can see exactly which tools we use for our website. For more detailed information about data processing, we recommend that you also read the respective privacy policies of the tools used. These policies usually explain which data is processed, whether cookies are used, and how long the data is stored. For example, fonts such as Google Fonts automatically transmit information like language settings, IP address, browser version, browser screen resolution, and browser name to Google servers.

Duration of data processing

How long data is processed varies greatly and depends on the web design elements used. For example, if cookies are used, the storage period can be as short as a minute or as long as a few years. Please familiarize yourself with this. We recommend reading our general section on cookies as well as the privacy policies of the tools used. There you will usually find information about which cookies are used and what information they store. Google Fonts, for example, are stored for one year. This is intended to improve website loading times. Generally, data is only stored for as long as necessary to provide the service. Data may be stored for longer periods if required by law.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. You can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. However, some web design elements (mostly fonts) contain data that cannot be deleted quite so easily. This is the case when data is automatically collected and transmitted to a third-party provider (such as Google) directly upon page request. In this case, please contact the support of the respective provider. For Google, you can reach their support at https://support.google.com/?hl=de .

Legal basis

If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when collected by web design tools. We also have a legitimate interest in improving the web design on our website. After all, this is the only way we can provide you with an attractive and professional website. The corresponding legal basis for this is Article 6(1)(f) GDPR (legitimate interests). However, we only use web design tools if you have given your consent. We want to emphasize this point again.

Information on specific web design tools can be found – if available – in the following sections.

Google Fonts Local Privacy Policy

Our website uses Google Fonts from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible. We have integrated the Google fonts locally, i.e., on our web server – not on Google's servers. Therefore, there is no connection to Google servers and consequently no data transfer or storage.

What are Google Fonts?

Google Fonts, formerly known as Google Web Fonts, is an interactive directory of over 800 fonts by Google . Google Fonts allows users to utilize fonts without uploading them to their own servers. However, to prevent any data transfer to Google servers, we have downloaded the fonts to our own server. This ensures our compliance with data protection regulations and prevents us from sending any data to Google Fonts.

Use of Linguise (automatic website translation)

To provide our website in multiple languages, we use the Linguise , operated by DXT ONE, 32565 B Golden Lantern St, Suite 191, Dana Point, CA 92629, USA .

Linguise enables the automatic translation of website content. When a page is accessed, the service detects the language preset by the browser and delivers the corresponding language version. In doing so, the IP address of website visitors be transmitted to Linguise's servers to provide the appropriate language version.

The processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in a user-friendly and multilingual presentation of our online offer).

Further information on data processing by Linguise can be found at:
https://www.linguise.com/de/rechtliche-erwahnungen/

Closing remarks

Congratulations! If you're reading this, you've really made it through our entire privacy policy, or at least scrolled this far. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.
It's important to us to inform you about the processing of personal data to the best of our knowledge and belief. We don't just want to tell you which data is processed, but also explain the reasons for using various software programs. Privacy policies usually sound very technical and legal. Since most of you aren't web developers or lawyers, we wanted to take a different approach and explain things in simple and clear language. Of course, this isn't always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please don't hesitate to contact us or the responsible party. We wish you all the best and hope to welcome you back to our website soon.

All texts are protected by copyright.

 

Last modified: April 23, 2025