Protection
Welcome to this website. The protection of personal data is very important to us. Therefore, we inform you about the processing of personal data and all data subject rights in connection with the use of this website. If you have any questions about data protection or the processing of personal data, you can find imprint the contact details of the responsible person or body. We have concluded a contract for order processing with the providers named below and fully implement the strict requirements of the German data protection authorities when using our services.
Summary: We take data protection very seriously and adhere to the principle of data economy at all levels. All internal and external technical processes, server-client communication, and backups of this website are encrypted. All additional components and plugins used on this website are selected with great care. Additional plugins are regularly subject to rigorous auditing. For the service providers we commission for external data processing, such as storing backups, creating invoices, etc., we use only reputable, fully GDPR-compliant providers whose security has been verifiably tested regularly, preferably from the European Economic Area.
Data processing
This website can be used without providing any personal data. If personal data (such as names or email addresses) is collected on our website, this is done on a voluntary basis unless it is absolutely necessary to provide a service. As a general rule, all collected data will not be passed on to third parties without your express consent.
As a responsible company, we have taken numerous technical, conceptual, and organizational measures to ensure the most comprehensive protection possible for the data collected and processed via this website. As a responsible company, we consciously refrain from automated decision-making or profiling.
The responsible body within the meaning of the General Data Protection Regulation, the data protection laws of the Member States of the European Union and other provisions of a data protection nature is also clearly defined and valid.
scope
This privacy policy applies to all personal data processed on this website and connected systems, as well as to all personal data processed by companies commissioned by us (processors). In addition, we have concluded a data processing agreement (DPA) with all processors. Personal data refers to information within the meaning of Art. 4 No. 1 GDPR, such as names, email addresses, IP addresses, and postal addresses of individuals. The processing of personal data enables us to offer and bill our services and products, whether online or offline. The scope of this privacy policy extends to the following services. The services actually used may vary over time:
- Our online presence: websites or online shops
- Customer communication via email or messenger
- Social media presence
- Newsletters or other mailings
- Apps for mobile devices
- Online billing systems
- Encrypted backups in cloud storage services
Legal basis
We process your data exclusively on the basis of the following legal bases
- Legitimate interests (Article 6 (1) (f) GDPR): If legitimate interests require it, the processing of data is possible without active consent, e.g. to deliver the website to your computer.
- Consent (Article 6 paragraph 1 letter a GDPR): Your consent enables us to process data for a specific purpose, e.g. when entering forms.
- Contract (Article 6 paragraph 1 letter b GDPR): In order to fulfill a contract or pre-contractual obligations with you, we may also process your data, e.g. for invoicing.
- Legal obligation (Article 6 paragraph 1 letter c GDPR): We also process your data if we have to fulfill a legal requirement, e.g. the legal obligation to retain invoices.
Rights of data subjects according to GDPR
You have the right to information, rectification, erasure, restriction of processing, data portability, and objection. Further information on the GDPR: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.
- Right to information (Article 15 GDPR): You have the right to know whether we process your data. If so, you have the right to receive a copy of the data as well as information about the purpose of processing, the categories of data processed, the recipients (including any transfers to third countries), the storage period, your right to rectification, erasure, restriction of processing and objection, the right to lodge a complaint with a supervisory authority (link to the authority below), the origin of the data (if not collected from you), and the possible implementation of profiling.
- Right to rectification (Article 16 GDPR): You have the right to have inaccurate data corrected.
- Right to erasure (Article 17 GDPR – “right to be forgotten”): You can request that your data be deleted.
- Right to restriction of processing (Article 18 GDPR): Under certain circumstances, we may only store your data but not further process it.
- Right to data portability (Article 20 GDPR): Upon request, we will provide you with your data in a common format.
- Right of objection (Article 21 GDPR): You may object to processing based on public interest or legitimate interest. We will consider whether we can comply with your objection.
- Right to object to direct marketing and profiling: You can object to the use of your data for direct advertising or profiling at any time.
- Automated decisions (Article 22 GDPR): Under certain circumstances, you have the right not to be subject to measures based solely on automated decisions.
- Right to lodge a complaint (Article 77 GDPR): You have the right to complain to the data protection authority if you believe that the processing of your data violates the GDPR.
To exercise these rights, please contact us. If you have a complaint about how we handle your data, we would like to hear from you, but you also have the right to lodge a complaint with the relevant supervisory authority (the Data Protection Authority).
Data transfer to the USA
Our website includes tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obligated to disclose personal data to security authorities without you, as the data subject, being able to take legal action. It cannot therefore be ruled out that US authorities (e.g., intelligence agencies) may process, evaluate, and permanently store your data on US servers for surveillance purposes. We have no influence over these processing activities.
Storage period
The data processed during your use of our website will be deleted as soon as the purpose for which it was stored no longer applies. This occurs on the condition that there are no legal retention obligations that prevent deletion and no deviating information regarding specific processing methods is available. In some cases, we are legally obligated to retain certain data even after the original purpose no longer applies, for example, due to tax law requirements.
Revocation of your consent to data processing
Many data processing operations are only possible with the express consent of the data subjects. You can revoke your consent at any time. The legality of the data processing carried out up to the time of revocation remains unaffected.
Cookies
Our website uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. We use cookies to make our website easier to use and to perform statistical evaluations. You can prevent cookies from being saved by setting your browser software accordingly. For more information about the cookies used, their purpose, and the storage period, please refer to the Cookie Policy.
Web hosting
To display a website, the browser on the visitor's computer must connect to a web server and retrieve the website code. Operating a web server is a complex and time-consuming task. We therefore rely on professional providers and server systems that are operated with high performance, redundancy, security, and reliability. During data transfer from the web server to your local network and ultimately to your browser, personal data may be processed. On the one hand, your computer stores the received data, and on the other hand, the web server must also store your data in order to send it to you. Below, we provide information about the type and scope of the stored data, as well as the protective measures we have taken.
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 (1) (f) GDPR). Our hoster will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.
Server log files
Each time you access our website, information is automatically collected by the web hosting provider and stored in so-called server log files. This information includes:
- IP address
- Date and time of access
- Name of the page accessed
- Referrer URL (the previously visited page)
- Amount of data transferred
- Browser type and version
- Operating system
The processing of this data is technically necessary so that we can deliver the site to you; it is therefore carried out out of legitimate interest in accordance with Art. 6 (1) (f) GDPR. The data is used exclusively for statistical evaluations and to improve the website. IP addresses are stored for 30 days in a so-called log rotation and then deleted.
SSL encryption
We use SSL certificates for secure technical communication between the client and the website. This is especially necessary when transmitting confidential data, such as form entries. SSL or TLS encryption is therefore used on this site. An encrypted connection is easily recognizable by the fact that the browser's address bar displays "https://"; a colored lock symbol is usually also displayed in the browser's address bar. By using SSL or TLS encryption, the data you transmit cannot be read by third parties.
Core services
Content management system (WordPress)
Our website is based on the open source content management system WordPress. The system is installed locally on our servers. No data processing of the WordPress core services takes place outside of the secure server environment. If you have a login and log in to the site, WordPress processes personal data such as your email address or your name for authentication. WordPress uses cookies to ensure the functionality of the website. Further information can be found in the WordPress privacy policy and in our Cookie Policy.
- Provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA
- WordPress Privacy Policy
- GDPR compliance
Comment function (WordPress)
Posts on this website can be commented on by visitors. When a comment is written, it is stored indefinitely, including other metadata. This allows us to recognize discussions and moderate comments automatically. For example, a follow-up comment is automatically approved if a comment from an author has already been approved. Authors are identified by their email address. The criterion for the duration of storage of further personal data is the respective statutory retention period. After expiry of this period, the corresponding data is routinely deleted unless it is no longer required to fulfill or initiate a contract. The comments made in our blog can in principle also be subscribed to by third parties. In particular, it is possible for a commentator to subscribe to the comments on a specific blog post that follow their comment. If a data subject chooses to subscribe to comments, the controller will send an automatic confirmation email to use the double opt-in procedure to verify whether the owner of the specified email address has actually chosen this option. The option to subscribe to comments can be canceled at any time.
- Provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA
- WordPress Privacy Policy
- GDPR compliance
Registration function (WordPress)
We offer you the opportunity to register on our website. The data entered during registration, which can be seen in the input mask of the registration form, is collected and stored exclusively for the use of our service. When you register on our website, we will also save your IP address and the date and time of your registration. This serves as a safeguard on our part in the event that a third party misuses your data and registers on our website using this data without your knowledge. Your data will not be passed on to third parties. The data collected in this way will also not be compared with data that may be collected by other components of our website.
For users who register on our website, we also store the personal information they provide in their user profiles. All users can view, change, or delete their personal information at any time (the username cannot be changed). Website administrators can also view and change this information.
The controller will provide each data subject with information about which personal data about them is stored at any time upon request. Furthermore, the controller will correct or delete personal data at the request or notification of the data subject, provided this is not contrary to statutory retention periods. Exporting the technically stored data is possible at any time and can be requested via email. The data subject's email address serves as the identification feature. For the purposes of legitimacy, this address must also match the sender's address of the requester.
- Provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA
- WordPress Privacy Policy
- GDPR compliance
Server Management Plesk
We use the Plesk web server management software to administer our server services. This is a server administration system. The EU Commission has determined, through an adequacy decision pursuant to Art. 45 GDPR, that Switzerland, as a third country, provides an adequate level of data protection compared to the usual scope of the GDPR. You can find the corresponding decision here. here
- Provider: Plesk International GmbH, Vordergasse 59, 8200 Schaffhausen, Switzerland
- Plesk Privacy Policy
- GDPR compliance
Cloudflare CDN
We may use the Content Delivery Network (CDN) on our website to reduce loading times and protect it from misuse. Cloudflare may set cookies and process user data such as the IP address.
- Provider: Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA)
- Cloudflare Privacy Policy
Tracking
We use web analytics software on our website that anonymously logs and evaluates actions such as clicks or entries made by visitors to our website. We use these services to improve the performance of our offering. The respective system collects and processes anonymized data and provides us with analyses of user behavior. The tools also offer testing options, such as A/B testing, in which two versions of content are tested to determine which version leads to more acquisitions. In such tests or other analyses, anonymous user profiles may also be created and data stored in cookies.
Consent Manager
We use SEOPress as our cookie compliance management system. Read moreFor further information, please visit the WordPress Privacy Policy read.
Matomo
We use Matomo for anonymous visitor tracking. Read moreThe use of web analytics requires your consent, which we have obtained through our Cookie Compliance System. According to Art. 6 (1) (a) GDPR, this consent constitutes the legal basis for the processing of personal data, as may occur when collected using web analytics tools.
With the help of web analysis systems, we can identify which content has been accessed and how often, how long visitors stay on the site, which device they use to access the website, and where they are geographically from. These statistics help us improve the efficiency of our services. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). We make every effort not to use cookies for this purpose. For further information, please refer to our Cookie Policy.
- Provider: InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand
- Matomo privacy policy
Google Tag Manager
This website uses Google Tag Manager. This service allows website tags to be managed via an interface. Google Tag Manager merely implements tags. This means that no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager.
- Provider: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
- Google Privacy Policy
Google Conversion Tracking
This website uses Google Conversion Tracking. With the help of Google Conversion Tracking, we and Google can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked and how often, and which products were viewed or purchased most frequently. This information is used to compile conversion statistics. We learn the total number of users who clicked on our ads and which actions they performed. We do not receive any information with which we can personally identify the user. Google itself uses cookies or similar recognition technologies for identification. The use of Google Conversion Tracking is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If corresponding consent has been requested (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; consent can be revoked at any time. More information about Google Conversion Tracking can be found in Google's privacy policy.
- Provider: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
- Google Privacy Policy
Meta: Facebook Pixel
This website uses Facebook's visitor action pixel to measure conversions. However, according to Facebook, the collected data is also transferred to the USA and other third countries. This means that the behavior of site visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy. This enables Facebook to enable the placement of advertisements on Facebook pages and outside of Facebook. We as the website operator cannot influence this use of the data. The use of Facebook pixel is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If corresponding consent has been requested (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; consent can be revoked at any time. You can find further information on protecting your privacy in Facebook's privacy policy.
- Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
- Facebook Privacy Policy
Plugins
Contact form (Forminator)
We use Forminator, a form system for securely capturing user inquiries, on our website. If you send us data via a contact form, your details from the inquiry form, including the contact information you provided there, will be saved for the purpose of processing your inquiry and in case of follow-up questions. We will not share this data without your consent. The data will be automatically deleted after 30 days. If you use the "Continue Later" function in one of our forms, the form entries you have entered so far will be saved locally in a cookie.
- Provider: WPMUDEV, Incsub, LLC, 120 19th St N Ste 201 PMB 88100, Birmingham, AL, 35203-3219, US
- Privacy Policy WPMUDEV
- Privacy Policy Incsub
- GDPR compliance
Transactional emails
We use Mailgun, an email API service for transactional email communication, on our website. The service provider is the American company Mailgun Technologies. Mailgun processes your data, including in the USA.
- Provider: Sinch Group, Mailgun Technologies Inc., 112 E Pecan St #1135, San Antonio, TX 78205, USA
- Sinch Group Privacy Policy
- GDPR compliance
Spam protection (hCaptcha)
We use technology on our website to prevent spam submissions on forms. The service provider is the American company Intuition Machines Inc. hCaptcha processes your data, including in the USA.
- Provider: Intuition Machines Inc., 350 Alabama St, San Francisco, CA 94110, USA
- Privacy Policy Intuition Machines Inc.
- GDPR compliance
Social Media
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because it could, for example, make it more difficult to enforce user rights. With regard to US providers certified under the Privacy Shield, we would like to point out that they thereby undertake to comply with EU data protection standards. Furthermore, user data is generally processed for market research and advertising purposes. For example, user profiles can be created from user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on users' computers in which the usage behavior and interests of the users are saved. Furthermore, data may also be stored in the user profiles regardless of the devices used by the users (particularly if the users are members of the respective platforms and are logged in to them).
The processing of users' personal data is based on our legitimate interest in providing effective information and communication with users in accordance with Art. 6 (1) (f) GDPR. If users are asked by the respective providers for consent to data processing (i.e., they declare their consent, for example, by checking a box or confirming a button), the legal basis for processing is Art. 6 (1) (a) and Art. 7 GDPR.
For a detailed description of the respective processing activities and the options for opting out, please refer to the information provided by the providers linked below. In the case of requests for information and the assertion of user rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to user data and can directly take appropriate measures and provide information. If you still need help, please contact us.
Google My Business
We maintain an external company profile on Google. We merely link to this profile and do not use any of the platform's plugins on our website.
- Provider: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
- Google Maps Privacy Policy
- GDPR compliance
Bing Places for Business
We maintain an external company profile on Bing. We only link to this profile and do not use any of the platform's plugins on our website.
- Provider: Bing Ireland Limited (Microsoft), Gordon House, Barrow Street, Dublin 4, Ireland.
- Bing Maps Privacy Policy
- GDPR compliance
We maintain an external company profile on LinkedIn. We merely link to this profile and do not use any of the platform's plug-ins on our website.
- Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
- LinkedIn Privacy Policy
- Privacy Shield
Last updated on: July 5, 2025