Privacy Statement

This data protection declaration explains to you the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the associated websites, features and contents as well as in our external online presences, e.g. our social media profile. (hereinafter jointly referred to as "online offer"). With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible:

Name/Company: Shellfire Gattung und Behr GbR
Street, no.: Rosenweg 18
Postcode, city, country: 61118 Bad Vilbel, Deutschland
Managing Partners: Florian Gattung, Maximilian Behr
E-mail: hosting@shellfire.de

Types of data processed:

  • Inventory data (e.g. names, addresses).
  • Contact details (e.g. e-mail, telephone numbers).
  • Content data (e.g., text input, photographs, videos).
  • Contract data (e.g., subject matter of the contract, duration, customer category).
  • Payment data (e.g., bank details, payment history).
  • Usage data (e.g., visited websites, interest in content, access times).
  • Meta/communication data (e.g., device information, IP addresses).

Processing of special categories of data (Article 9 (1) GDPR):

No special categories of data are processed.

Categories of data subjects:

  • Customers / interested parties / suppliers.
  • Visitors and users of the online offer.

Subsequently we will refer to the persons concerned as "users".

Purpose of the processing:

  • Providing the online offer, its contents and functions.
  • Providing contractual services, service and customer care.
  • Responding to contact requests and communicating with users.
  • Marketing, advertising and market research.
  • Security measures.

As of 5/25/2018

1. Relevant legal bases

In accordance with Article 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the privacy statement, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a. and Article 7 GDPR, the legal basis for processing in order to fulfil our services and to carry out contractual measures as well as for answering inquiries is Art. 6 (1) lit. b. GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 (1) lit. c. GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 (1) lit. f . GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1) lit. d. GDPR serves as the legal basis.

2. Änderungen und Aktualisierungen der Datenschutzerklärung

We ask you to check our privacy policy regularly. We will update this privacy statement as soon as changes in the way we process data make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

3. Safety precautions

3.1

We shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk according to Article 32 GDPR, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing and the different likelihood and severity of the risk to the rights and freedoms of natural persons; the measures shall include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation. Furthermore, we have established procedures to ensure the rights of data subjects can be exercised, data can be deleted and compromise of data can be responded to. Furthermore, we already incorporate the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presettings (Article 25 GDPR).

3.2

The security measures include in particular the encrypted transmission of data between your browser and our server.

4. Cooperation with contract processors and third parties

4.1

If we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data in the course of our processing, this shall only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers is necessary for contract fulfilment according to Art. 6 (1) lit. b. GDPR), if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

4.2

If we commission third parties to process data on the basis of a so-called "commissioned-processing contract", this is done on the basis of Article 28 GDPR.

5. Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs by using third-party services or disclosing or transferring data to third parties, it is only for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements according to Art. 44 et seq. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as an officially recognised data protection level that is in line with the EU (e.g. the "Privacy Shield" in the USA) or compliant with officially recognised special contractual obligations (so-called "standard contractual clauses"). With our VPN service, the user can stop the processing of his data outside the EU at any time by selecting a Shellfire server in one of the EU member states.

6. Rights of data subjects

6.1

You have the right to request confirmation as to whether data concerning you are being processed and to request further information and a copy of the data according to Art. 15 GDPR.

6.2

In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or to demand the correction of incorrect data concerning you.

6.3

In accordance with Art. 17 GDPR, you have the right to demand that data concerning you be deleted immediately or, alternatively, to demand a restriction on the processing of the data according to Art. 18 GDPR.

6.4

You have the right to receive the data that you have provided to us and to request transmitting it to other persons responsible according to Art. 20 GDPR.

6.5

In accordance with Art. 77 GDPR, you also have the right to file a complaint with the competent supervisory authority.

7. Right of revocation

You have the right to revoke consents granted according to Art. 7 (3) GDPR with effect for the future.

8. Right of objection

You can object to the future processing of the data concerning you according to Art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.

9. Cookies and right of objection in direct advertising

9.1

We use temporary and permanent cookies, i.e. small files that are saved on the user's devices (for an explanation of the term and the function, see last section of this privacy statement). In part, cookies serve security purposes or are required for the operation of our online offer (e.g., for the presentation of the website) or to record the user decision when confirming the cookie banner. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, about which the users will be informed in the course of the privacy statement.

9.2

A general objection to the use of cookies used for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by deactivating them in the browser settings. Please note that in this case not all functions of this online offer can be used.

10. Deletion of data

10.1

The data processed by us will be deleted or their processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy statement, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

10.2

In accordance with statutory requirements, the records are kept for 6 years according to § 257 (1) of the German HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years according to § 147 (1) of the German AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

11. Performing contractual services

11.1

We process inventory data (e.g. names and addresses as well as contact information of users), and contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services according to Art. 6 (1) lit b. GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract.

11.2

Users have the option to create a user account, in which they can view and, if necessary, change their orders and the status of their booked services. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data regarding the user account will be deleted, apart from data that is necessary for commercial or tax reasons according to Art. 6 (1) lit. c. GDPR. It is up to the users to save their data before the end of the contract if they have given notice of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.

11.3

When registering, re-registering and using our online services, we save the IP address and the time of each user action. The data is stored on the basis of our legitimate interests as well as the user's protection against misuse and other unauthorized use. These data are generally not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation according to Art. (6) 1 lit. c. GDPR.

11.4

When using our VPN services, no personal data (e.g. IP addresses) is stored.

11.5

We process usage data (e.g., the visited websites of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) to advertise on a user profile in such as way as to show the user e.g. product information based on their previously used services.

11.6

The deletion takes place after the expiration of statutory warranty and comparable obligations. We check every three years if storing the data is necessary; if we are obliged to statutory archiving, the deletion takes place after the obligation has expired (end of statutory storage obligations by commercial law (6 years) and tax law (10 years)); details in the customer account are kept up to its deletion.

12. Use of the SEPA Direct Debit procedure

12.1

If a customer uses the option of paying by SEPA direct debit, the plausibility of the account data provided by him will be checked automatically by Oliver Siegmar IT Consulting, Kafkastr. 6, 81737 Munich. This is done on the basis of our legitimate interests according to Art. 6 (1) lit. f. GDPR. Oliver Siegmar IT Consulting does not permanently store the account data nor does it perform a credit check. In the event of a negative result of the plausibility check, the account data specified by the customer will automatically be rejected for the direct debit procedure.

12.2

The plausibility check is carried out for our safety in order to prevent incorrect registrations and direct debit returns as far as possible.

13. Contact

13.1

When contacting us (via contact form or e-mail), the user's details are processed in order to deal with the contact enquiry and to handle it in accordance with Art. 6 (1) lit. b. GDPR.

13.2

User information can be stored in our Customer Relationship Management System ("CRM System") or in a similar system.

13.3

We delete the requests if they are no longer necessary. We review the necessity every two years; requests from customers who have a customer account are stored permanently and are linked to the customer account details for deletion. If we are obliged to statutory archiving, the deletion takes place after the obligation has expired (end of statutory storage obligations by commercial law (6 years) and tax law (10 years)).

14. Comments and posts

14.1

If users leave comments or other posts, their IP addresses will be used on the basis of our legitimate interests according to Art. 6 (1) f. GDPR for 7 days.

14.2

This is for our safety, in case somebody leaves illegal contents in comments and posts (insults, forbidden political propaganda, etc.). In this case the comment or post can lead to us ourselves being prosecuted, therefore we have legitimate interest in the identity of the author.

15. Collecting access data and log files

15.1

We collect data about each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests according to Art. 6 (1) lit. f. GDPR. Access data include the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

15.2

Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.

15.3

No personal data is stored on the servers of our VPN service.

15.4

A user of our VPN apps has the option of voluntarily sending us local log files of his device in order for us to support him in the analysis of errors or connection problems. The transmission and storage of these log files is encrypted.

16. Online presence in social media

16.1

We maintain online presences within social networks and platforms to communicate with existing clients, prospective customers and active users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of the respective operating companies apply.

16.2

Unless otherwise stated in our privacy statement, we process the data of users who communicate with us over social networks and platforms, e.g. if they write articles on our websites or send us messages.

17. Cookies & Reach measurement

17.1

Cookies are information that is transferred from our web server or third party web servers to the user's web browser where they are saved for later retrieval. Cookies can be small files or other types of information storage.

17.2

We use "session cookies" (e.g. to save your login status or to operate the shopping cart features which is absolutely necessary to use our online offer). A randomly generated unique identification number, a so-called session ID, is saved in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out.

17.3

Users will be informed in the course of this privacy statement how we use cookies to measure reach pseudonymously.

17.4

If users do not want cookies to be saved on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can limit the functionality of this online offer.

17.5

You may opt-out of the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

18. Google Analytics

18.1

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer according to Art. 6 (1) lit. f. GDPR) we use Google Analytics, a web analysis service of Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the use of the online offer by users is generally transferred to a Google server in the USA and stored there.

18.2

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European law for data protection (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

18.3

Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services regarding the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data.

18.4

We use Google Analytics to display the ads placed by Google and its partners exclusively to users who have shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are determined by which web pages they visited). These information is transmitted to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences we also aim to ensure that our ads correspond to the potential interest of the users and are not annoying.

18.5

We use Google Analytics only with IP anonymization enabled. This means that Google will shorten the IP address of users in member states of the European Union or in other states that adhere to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

18.6

The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting and processing the data generated by the cookie that relate to their use of the online offer by downloading and installing a browser plug-in which is available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

18.7

Further information on data use by Google, possible settings and objections can be found on Google's websites: https://www.google.com/intl/en/policies/privacy/partners ("Data use by Google when using our partners' websites or apps"), https://policies.google.com/technologies/ads ("Data use for advertising purposes"), https://adssettings.google.com/authenticated ("Manage information that Google uses to show you advertisements").

18.8

In addition, personal data will be made anonymous or deleted after a period of 14 months.

19. Google Remarketing/Marketing Services

19.1

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer according to Art. 6 (1) lit. f. GDPR) we use the marketing and remarketing services ("Google Marketing Services" for short) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").

19.2

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

19.3

The Google marketing services allow us to show better targeted ads for and on our site in order to present only ads that potentially match the user's interests. For example, if a user sees ads for products he has been interested in on other websites, this is referred to as "remarketing". For these purposes, when our and other websites are accessed on which Google marketing services are active, Google directly executes a code from Google and (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. These help to place an individual cookie, i.e. a small file, on the user's device (comparable technologies can also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file contains the information which websites the user visits, which contents he is interested in and which offers he has clicked on, furthermore technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offer. The IP address of the users is also recorded, although in the context of Google Analytics the IP address is shortened in member states of the European Union or in other states that adhere to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address is not merged with the user's data of other Google offers. The above information may also be linked by Google to similar information from other sources. If the user then visits other websites, the ads tailored to his interests can be displayed.

19.4

Users' data for Google marketing services is processed pseudonymously. This means that Google does not store and process, for example, the names or e-mail addresses of users, but processes the relevant data cookie-related in pseudonymous user profiles. This means from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.

19.5

One of the Google marketing services we use is the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Therefore cookies cannot be traced through the websites of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.

19.6

We may also use the "Google Optimizer" service. Google Optimizer uses the so-called "A/B testing" which allows us to track the effects of various changes to a website (e.g. changes to input fields, design, etc.). Cookies are stored on the user's devices for these test purposes. Only pseudonymous user data is processed.

19.7

In addition we may use the "Google Tag Manager" to integrate and manage Google analysis and marketing services on our website.

19.8

Further information on Google's use of data for marketing purposes can be found on the overview page: https://policies.google.com/technologies/ads, Google's privacy policy can be accessed at https://policies.google.com/privacy.

19.9

If you wish to object to targeted advertising by Google marketing services, you can use the setting and opt-out options provided by Google: https://adssettings.google.com/authenticated.

20. Facebook, Custom Audiences and Facebook Marketing Services

20.1

Due to our legitimate interests in the analysis, optimisation and economic operation of our online offer and for these purposes we use the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") in our online offer.

20.2

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

20.3

With the help of Facebook pixel, Facebook is able to present the visitors of our online offer targeted ads (so-called "Facebook ads"). Accordingly, we use Facebook pixel to display our Facebook ads only to Facebook users who have shown an interest in our online offer or who have certain features (e.g. interests in certain topics or products that are determined by the websites visited) that we transmit to Facebook (so-called "custom audiences"). We also use Facebook pixel because we want to ensure that our Facebook ads meet the potential interest of users and are not annoying. Facebook pixel also helps us to see how effective Facebook ads are for statistical analysis and market purposes by showing whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion").

20.4

Facebook processes the data in accordance with Facebook's Data Usage Policy. Accordingly, general information on the display of Facebook ads can be found in the Facebook Data Usage Policy: https://www.facebook.com/policy.php. For specific information and details about Facebook pixel and how it works, please visit the Facebook Help section: https://www.facebook.com/business/help/651294705016616.

20.5

You can object to data collection by Facebook pixel and usage of your data for displaying Facebook ads. To set what types of ads you see on Facebook, you can visit this page and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

20.6

To prevent your information from being collected via the Facebook pixel on our website, please click on the following link:
The Facebook Pixels and Facebook-Social Plugins are
Note: When you click on the link, an opt-out cookie is stored on your device. If you delete the cookies in this browser, you must click on the link again. Furthermore, the opt-out only applies within the browser you use and only within our web domain where the link was clicked.

20.7

ou may also object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/) .

21. Facebook Social Plugins

21.1

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer according to Art. 6 (1) lit. f. GDPR) we use Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can show interactive elements or content (e.g. videos, graphics or text) and can be identified by one of the Facebook logos (white "f" on blue tile, the term "like" or a "thumbs up" sign) or are marked with the words "Facebook Social Plugin". The list and the look of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

21.2

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

21.3

When a user accesses a feature of this online offer that contains such a plugin, his device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offer. The processed data can be used to create user profiles. We therefore have no influence on the amount of data Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

21.4

By integrating the plugins, Facebook receives information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can attribute the visit to his Facebook account. When users interact with the plugins, such as pressing the Like button or posting a comment, the information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

21.5

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of users' privacy, can be found in Facebook's data protection notice: https://www.facebook.com/about/privacy/.

21.6

To prevent your information from being collected via the Facebook pixel on our website, please click on the following link:
The Facebook Pixels and Facebook-Social Plugins are
Note: When you click on the link, an opt-out cookie is stored on your device. If you delete the cookies in this browser, you must click on the link again. Furthermore, the opt-out only applies within the browser you use and only within our web domain where the link was clicked.

21.7

If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his membership data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. Further settings and objections to the use of data for advertising purposes can be made within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

22. Newsletter

22.1

Below we inform you about the contents of our newsletter as well as the registration, sending process and statistical evaluation procedures and your rights of objection. By subscribing you agree to receiving our newsletter and to the described procedures.

22.2

Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter "newsletters") only with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described during the registration, they are decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and company.

22.3

Double opt-in and recording: Subscription to our newsletter uses a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses. If you register for our newsletter via the Android app, there is no double opt-in confirmation, as the e-mail address of the logged in Google account is automatically copied from the device. Subscriptions to the newsletter are recorded in order to prove that the registration process happened in accordance with legal requirements. This includes saving the login and confirmation time, as well as the shortened IP address. The changes to your data that are stored with the e-mail marketing service are also recorded.

22.4

The newsletter is sent by Shellfire.

22.5

Registration details: To subscribe to the newsletter, simply enter your e-mail address.

22.6

Performance measurement - The newsletters can contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the e-mail marketing service's server when the newsletter is opened. Initially technical information are collected, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on the locations (which can be determined using the IP address) or times when the e-mail is retrieved. Also statistical information is collected to determine whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, we do not intend to observe individual users. In fact, the evaluations serve to recognize the reading habits of our users and to adapt our contents to them or to send different contents based on the interests of our users.

22.7

The dispatch of the newsletter and the performance measurement are based on the recipients' consent according to Art. 6 (1) lit. a. and Art. 7 GDPR in conjunction with § 7 (2), point 3 of the German UWG or on the legal permission according to § 7 (3) UWG.

22.8

The registration procedure is recorded on the basis of our legitimate interests according to Art. 6 (1) lit. f. GDPR and serves as proof of consent to receiving the newsletter.

22.9

Cancellation/Revocation - Newsletter recipients can cancel receiving our newsletter at any time, i.e. revoke their consent. You will find a link to cancel the newsletter at the end of each newsletter. At the same time, their consent to performance measurement is revoked. Unfortunately revoking the performance measurement separately is not possible, so that the entire newsletter subscription must be cancelled. With the cancellation of the newsletter, the personal data are deleted, unless their storage is legally required or justified, although in this case their processing is limited only to these exceptional purposes. In particular, we may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them for the purpose of sending the newsletter in order to be able to prove a previously given consent. The processing of these data is limited to the purpose of defending us against possible claims. An individual application for cancellation is possible at any time, provided that at the same time the former existence of a consent is confirmed.

23. Integration of third-party services and content

23.1

We use content or service provided by third parties within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer according to Art. 6 (1) lit. f. GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always requires that the third party providers of this content receive the IP address of the users, since without the IP address they can not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. "Pixel tags" can be used to evaluate information such as traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, and may also be linked to such information from other sources.

23.2

The following presentation provides an overview of third-party providers and their contents, together with links to their privacy statement, which contain further information on the processing of data and possibilities of objection (so-called opt-out) that were in some cases already mentioned here before: