This privacy policy applies to all websites for which Bureau Wehrmann is responsible (bureau-wehrmann.eu, falseflag.agency). Each of these websites refers to this privacy policy. False Flag (falseflag.agency) is a project of Bureau Wehrmann: ‍ Preamble With the following dataprotection declaration, we would like to inform you about the types of yourpersonal data (hereinafter also referred to as "data") that weprocess, for what purposes and to what extent. The data protection declarationapplies to all processing of personal data carried out by us, both as part ofthe provision of our services and, in particular, on our websites, in mobileapplications and within external online presences, such as our social mediaprofiles (hereinafter collectively referred to as "online offer"). The terms used are notgender specific. Status: September 1st, 2023 Table of contents Preamble Responsible Processing overview Relevant legal bases Security measures Data deletion Cookies use Business services Providers and services used in the course of business Provision of the online offer and web hosting Contact and request management Communication via messenger Chatbots and chat functions Application procedure Newsletter and electronic notifications Web analysis, monitoring and optimization Presence in social networks (social media) Plugins and embedded functions and content Management, organization and auxiliary tools Modification and update of the privacy policy Rights of the data subjects Definitions Responsible Dennis Wehrmann Bahnhofstraße 159 86438 Kissing / GERMANY Authorized representatives: Dennis Wehrmann E-mail address: info@bureau-wehrmann.eu Imprint: https://www.bureau-wehrmann.eu/impressum Processing overview The following overviewsummarizes the types of data processed and the purposes of their processing andrefers to the data subjects. Types of data processed Inventory data. Payment details. Contact details. Content data. Contract data. Usage data. Meta, communication and procedural data. Applicant Data. Categories of affected persons Customers. Interested parties. Communication partner. Users. Applicants. Business and Contractual Partners. Processing purposes Provision of contractual services and customer service. Contact requests and communication. Safety measures. Direct marketing. Reach measurement. Office and organizational procedures. Managing and responding to inquiries. Application Procedure. Feedback. Marketing. Profiles with user-related information. Provision of our online offer and user-friendliness. Information Technology Infrastructure. Relevant legal bases The following is anoverview of the legal basis of the GDPR on the basis of which we processpersonal data. Please note that in addition to the provisions of the GDPR,national data protection regulations may apply in your or our country ofresidence or domicile. If, in addition, more specific legal bases are relevantin individual cases, we will inform you of these in the data protectiondeclaration. Consent (Art. 6 (1) p. 1 lit. a) DSGVO) - The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes. Contract performance and pre-contractual requests (Art. 6 (1) p. 1 lit. b) DSGVO) - Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request. Legal obligation (Art. 6 (1) p. 1 lit. c) DSGVO) - Processing is necessary for compliance with a legal obligation to which the controller is subject. Legitimate interests (Art. 6 (1) p. 1 lit. f) DSGVO) - Processing is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. Application procedure as a pre-contractual or contractual relationship (Art. 6 (1) b) GDPR) - Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants as part of the application procedure, so that the controller or the data subject can exercise the rights accruing to him or her under labor law and social security and social protection law and fulfill his or her obligations in this regard, they are processed in accordance with Art. 9 (2) b). rights under labor law and social security and social protection law and to comply with his or her obligations in this regard, their processing is carried out in accordance with Art. 9(2)(b). DSGVO, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of a communication of special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. DSGVO. In addition to the dataprotection regulations of the GDPR, national regulations on data protectionapply in Germany. These include, in particular, the Act on Protection againstMisuse of Personal Data in Data Processing (Federal Data Protection Act -BDSG). In particular, the BDSG contains special regulations on the right toinformation, the right to erasure, the right to object, the processing ofspecial categories of personal data, processing for other purposes andtransmission, as well as automated decision-making in individual cases,including profiling. Furthermore, state data protection laws of the individualfederal states may apply. Security measures We take appropriatetechnical and organizational measures to ensure a level of protectionappropriate to the risk in accordance with the legal requirements, taking intoaccount the state of the art, the implementation costs and the nature, scope,circumstances and purposes of the processing, as well as the differentprobabilities of occurrence and the extent of the threat to the rights andfreedoms of natural persons. The measures include, inparticular, safeguarding the confidentiality, integrity and availability ofdata by controlling physical and electronic access to the data as well as theaccess, input, transfer, safeguarding of availability and its separation.Furthermore, we have established procedures to ensure the exercise of datasubjects' rights, the deletion of data, and responses to data compromise.Furthermore, we take the protection of personal data into account as early asthe development or selection of hardware, software and processes in accordancewith the principle of data protection, through technology design and throughdata protection-friendly default settings. IP address shortening: IfIP addresses are processed by us or by the service providers and technologiesused and the processing of a complete IP address is not required, the IPaddress is shortened (also referred to as "IP masking"). In thisprocess, the last two digits or the last part of the IP address after a periodare removed or replaced by wildcards. The shortening of the IP address isintended to prevent or make it significantly more difficult to identify aperson by their IP address. TLS encryption (https):To protect your data transmitted via our online offer, we use TLS encryption.You can recognize such encrypted connections by the prefix https:// in theaddress bar of your browser. Data deletion The data processed by uswill be deleted in accordance with the legal requirements as soon as theirconsents permitted for processing are revoked or other permissions cease toapply (e.g. if the purpose of processing this data has ceased to apply or it isnot required for the purpose). If the data are not deleted because they arerequired for other and legally permissible purposes, their processing will belimited to these purposes. That is, the data is blocked and not processed forother purposes. This applies, for example, to data that must be retained forreasons of commercial or tax law or whose storage is necessary for theassertion, exercise or defense of legal claims or for the protection of therights of another natural or legal person. Our privacy notices mayalso contain further information on the retention and deletion of data, whichwill take precedence for the respective processing operations. Cookies use Cookies are small textfiles or other memory tags that store information on end devices and readinformation from the end devices. For example, to store the login status in auser account, a shopping cart content in an e-shop, the content accessed orfunctions used of an online offer. Cookies can also be used for variouspurposes, e.g. for purposes of functionality, security and convenience ofonline offers as well as the creation of analyses of visitor flows. Consent notices: We use cookies in accordance with the law.Therefore, we obtain prior consent from users, except when it is not requiredby law. In particular, consent is not required if the storage and reading ofinformation, including cookies, are absolutely necessary to provide thetelemedia service (i.e., our online offering) expressly requested by users. Thestrictly necessary cookies usually include cookies with functions related tothe display and operability of the online offer , load balancing, security,storage of users' preferences and choices or similar purposes related to theprovision of the main and secondary functions of the online offer requested bythe users. The revocable consent will be clearly communicated to the users andwill contain the information regarding the respective cookie use. Notes on legal basesunder data protection law: Thelegal basis under data protection law on which we process users' personal datausing cookies depends on whether we ask users for consent. If users consent,the legal basis for processing their data is their declared consent. Otherwise,the data processed with the help of cookies is processed on the basis of ourlegitimate interests (e.g. in the business operation of our online offer andimprovement of its usability) or, if this is done in the context of theperformance of our contractual obligations, if the use of cookies is necessaryto fulfill our contractual obligations. We explain the purposes for which weprocess the cookies in the course of this privacy policy or as part of ourconsent and processing procedures. Storage duration: In terms of storage duration, the following typesof cookies are distinguished: Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g. browser or mobile app). Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years. General information onrevocation and objection (opt-out): Users can revoke the consents they have given at any time and also file anobjection to processing in accordance with the legal requirements in Art. 21DSGVO. Users can also declare their objection via their browser settings, e.g.by deactivating the use of cookies (although this may also limit thefunctionality of our online services). An objection to the use of cookies foronline marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. Cookie settings/opposition: Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Consent (Art. 6 para. 1 p. 1 lit. a) DSGVO). Further guidance onprocessing operations, procedures and services: Processing of cookie data on the basis of consent: We use a cookie consent management procedure, in the context of which the consent of users to the use of cookies, or the processing and providers mentioned in the cookie consent management procedure, can be obtained and managed and revoked by users. Here, the declaration of consent is stored in order not to have to repeat its query and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies), in order to be able to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is formed and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used; legal basis: consent (Art. 6 para. 1 p. 1 lit. a) DSGVO). Cookiebot: Cookie consent management; Service provider: Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark; Website: https://www.cookiebot.com/de; Privacy policy: https://www.cookiebot.com/de/privacy-policy/; Other information: Data stored (on the service provider's server): The user's IP number in anonymized form (the last three digits are set to 0), Date and time of consent, Browser details, The URL from which the consent was sent, An anonymous, random and encrypted key value; The user's consent status. Business services We process data of ourcontractual and business partners, e.g. customers and interested parties(collectively referred to as "contractual partners") in the contextof contractual and comparable legal relationships as well as related measuresand in the context of communication with contractual partners (orpre-contractual), e.g. to answer inquiries. We process this data inorder to fulfill our contractual obligations. These include, in particular, theobligations to provide the agreed services, any update obligations and remediesin the event of warranty and other service disruptions. In addition, we processthe data to safeguard our rights and for the purpose of administrative tasksassociated with these obligations and company organization. Furthermore, weprocess the data on the basis of our legitimate interests in proper andbusiness management as well as security measures to protect our contractualpartners and our business operations from misuse, endangerment of their data,secrets, information and rights (e.g. for the involvement oftelecommunications, transport and other auxiliary services as well assubcontractors, banks, tax and legal advisors, payment service providers or taxauthorities). Within the framework of applicable law, we only disclose the dataof contractual partners to third parties to the extent that this is necessaryfor the aforementioned purposes or to fulfill legal obligations. Contractualpartners will be informed about further forms of processing, e.g. for marketingpurposes, within the framework of this data protection declaration. We inform the contractualpartners which data is required for the aforementioned purposes before or inthe course of data collection, e.g. in online forms, by special marking (e.g.colors) or symbols (e.g. asterisks or similar), or in person. We delete the data afterthe expiry of legal warranty and comparable obligations, i.e., in principleafter 4 years, unless the data is stored in a customer account, e.g., as longas it must be retained for legal archiving reasons. The statutory retentionperiod is ten years for documents relevant under tax law as well as forcommercial books, inventories, opening balances, annual financial statements,the work instructions required to understand these documents and otherorganizational documents and accounting records, and six years for receivedcommercial and business letters and reproductions of sent commercial andbusiness letters. The period begins with the end of the calendar year in whichthe last entry was made in the book, the inventory, the opening balance sheet,the annual financial statements or the management report was prepared, thecommercial or business letter was received or sent, or the accounting documentwas created, furthermore the recording was made or the other documents werecreated. Insofar as we usethird-party providers or platforms to provide our services, the terms andconditions and data protection notices of the respective third-party providersor platforms shall apply in the relationship between the users and theproviders. Types of data processed: inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. e-mail, telephone numbers); contract data (e.g. subject matter of contract, term, customer category). Affected persons: Interested parties; business and contractual partners; customers. Purposes of processing: provision of contractual services and customer service; contact requests and communication; office and organizational procedures; management and response to requests. Legal basis: Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO); Legal obligation (Art. 6 para. 1 p. 1 lit. c) DSGVO); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Further guidance onprocessing operations, procedures and services: Agency Services: We process our customers' data as part of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services; legal basis: contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO). Consulting: We process the data of our clients, customers as well as interested parties and other clients or contractual partners (uniformly referred to as "clients") in order to be able to provide them with our consulting services. The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and client relationship. we disclose or transfer client data to third parties or agents, such as authorities, subcontractors or in the area of IT, office or comparable services, in compliance with the requirements of professional law; legal basis: contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO). Artistic and literary services: We process the data of our clients in order to enable them to select, purchase or commission the selected services or works as well as related activities as well as their payment and delivery or execution or performance.The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for delivery and billing as well as contact information in order to be able to hold any consultations; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO). Project and development services: We process the data of our customers as well as clients (hereinafter uniformly referred to as "customers") in order to enable them to select, acquire or commission the selected services or works as well as related activities as well as their payment and provision or execution or performance.The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the performance of services and billing as well as contact information in order to be able to hold any consultations. Insofar as we obtain access to information of the end customers, employees or other persons, we process this in accordance with the legal and contractual requirements; legal basis: contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO). Management consulting: We process the data of our customers, clients as well as interested parties and other clients or contractual partners (uniformly referred to as "customers") in order to be able to provide them with our contractual or pre-contractual services, in particular consulting services. The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and business relationship. a consent of the customers is available, we disclose or transmit the data of the customers in compliance with the requirements of professional law to third parties or agents, such as authorities, courts or in the field of IT, office or comparable services; legal basis: contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO). Providers and services used in the course of business As part of our businessoperations, we use additional services, platforms, interfaces or plug-ins fromthird-party providers (in short, "services") in compliance with legalrequirements. Their use is based on our interests in the proper, lawful andeconomic management of our business operations and our internal organization. Types of data processed: inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., e-mail, telephone numbers); content data (e.g., entries in online forms); contract data (e.g., subject matter of contract, term, customer category); usage data (e.g., websites visited, interest in content, access times); meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status). Data subjects: Customers; prospective customers; users (e.g., website visitors, users of online services); business and contractual partners. Purposes of processing: provision of contractual services and customer service; office and organizational procedures. Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Further guidance onprocessing operations, procedures and services: Moco: acquisition, time recording, billing and invoice management, personnel management, contact management, project management and company management, company reports, individual reports, project reports; service provider: hundertzehn GmbH, Aeschstrasse 131F, 8123 Ebmatingen, Switzerland; legal basis: legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); website: https://www.mocoapp.com/; privacy policy: https://www.mocoapp.com/unternehmen/datenschutz; order processing contract: https://www.mocoapp.com/cloud-software/dsgvo. Provision of the online offer and webhosting We process the users'data in order to provide them with our online services. For this purpose, weprocess the user's IP address, which is necessary to transmit the content andfunctions of our online services to the user's browser or terminal device. Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status); content data (e.g. entries in online forms). Data subjects: Users (e.g., website visitors, users of online services). Purposes of processing: provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.).); security measures. Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Further guidance onprocessing operations, procedures and services: Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web hoster"); Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Provision of online offer on own/ dedicated server hardware: For the provision of our online offer, we use server hardware operated by us as well as the associated storage space, computing capacity and software; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files". The server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.The server log files may be used for security purposes, for example, to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Deletion of data: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident. E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding the e-mail dispatch (e.g. the providers involved) and the contents of the respective e-mails are processed. The aforementioned data may also be processed for SPAM detection purposes. Please note that e-mails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and the reception on our server; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Content Delivery Network: We use a "content delivery network" (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or program scripts, can be delivered more quickly and securely with the help of regionally distributed servers connected via the Internet; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Hetzner: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.hetzner.com; Privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz; Order processing agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/. Webflow: Creation, management and hosting of websites, online forms and other web elements; Service provider: Webflow, Inc. 208 Utah, Suite 210, San Francisco, CA 94103, USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://webflow.com; Privacy policy: https://webflow.com/legal/eu-privacy-policy; Order processing agreement: https://webflow.com/legal/sign-dpa; Standard contractual clauses (ensuring level of data protection for processing in third countries): https://webflow.com/legal/sign-dpa. Contact and request management When contacting us (e.g.by mail, contact form, e-mail, telephone or via social media) as well as in thecontext of existing user and business relationships, the information of theinquiring persons is processed to the extent necessary to respond to thecontact requests and any requested measures. Types of data processed: contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status); inventory data (e.g. names, addresses); contract data (e.g. subject matter of contract, term, customer category). Affected persons: Communication partners; customers; interested parties; business and contractual partners. Purposes of processing: contact inquiries and communication; managing and responding to inquiries; feedback (e.g., collecting feedback via online form); providing our online services and user experience; providing contractual services and customer service; office and organizational procedures; marketing. Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO). Further guidance onprocessing operations, procedures and services: Contact form: If users contact us via our contact form, e-mail or other communication channels, we process the data communicated to us in this context for the purpose of processing the communicated request; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) DSGVO), Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO). Zammad: Management of contact requests, service tickets and communication; Service provider: Zammad GmbH, Marienstraße 18, 10117 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://zammad.com/de/; Privacy policy: https://zammad.com/de/unternehmen/datenschutz. Communication via messenger We use messengers forcommunication purposes and therefore ask you to observe the followinginformation on the functionality of the messengers, on encryption, on the useof the metadata of the communication and on your objection options. You can also contact usby alternative means, e.g. via telephone or e-mail. Please use the contactoptions provided to you or the contact options specified within our onlineoffer. In the case of end-to-endencryption of content (i.e., the content of your message and attachments),please note that the communication content (i.e., the content of the messageand attached images) is encrypted from end to end. This means that the contentof the messages cannot be viewed, not even by the messenger providersthemselves. You should always use an up-to-date version of Messenger withencryption enabled to ensure that message content is encrypted. However, we additionallypoint out to our communication partners that the providers of the messengerscannot view the content, but can learn that and when communication partnerscommunicate with us as well as technical information about the device used bythe communication partners and, depending on the settings of their device, alsolocation information (so-called metadata) is processed. Notes on legal basis: If we ask communication partners for permissionbefore communicating with them via Messenger, the legal basis for ourprocessing of their data is their consent. Otherwise, if we do not ask forconsent and they contact us on their own initiative, for example, we useMessenger in relation to our contractual partners and in the context ofcontract initiation as a contractual measure and, in the case of otherinterested parties and communication partners, on the basis of our legitimateinterests in fast and efficient communication and meeting the needs of ourcommunication partners in communication via Messenger. Furthermore, we wouldlike to point out that we do not transmit the contact data provided to us tothe messenger for the first time without your consent. Revocation, objectionand deletion: You may revoke anyconsent given and object to communication with us via Messenger at any time. Inthe case of communication via Messenger, we delete the messages in accordancewith our general deletion guidelines (i.e., e.g., as described above, after theend of contractual relationships, in the context of archiving requirements,etc.) and otherwise as soon as we can assume that we have answered anyinformation provided by the communication partners, if no reference to aprevious conversation is to be expected and the deletion does not conflict withany statutory retention obligations. Reservation of referenceto other communication channels: Finally, we would like to point out that, for reasons of your security, wereserve the right not to answer inquiries via Messenger. This is the case if,for example, contractual internals require special confidentiality or an answervia Messenger does not meet formal requirements. Insuch cases, we will refer you to more adequate communication channels. Types of data processed: contact data (e.g. e-mail, telephone numbers); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status); content data (e.g. entries in online forms). Affected persons: Communication partners. Purposes of processing: contact requests and communication; direct marketing (e.g. by e-mail or postal mail). Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) DSGVO); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Further guidance on processing operations, procedures and services: Signal: Signal Messenger with end-to-end encryption; Service provider: Privacy Signal Messenger, LLC 650 Castro Street, Suite 120-223 Mountain View, CA 94041, USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://signal.org/de; Privacy policy: https://signal.org/legal/. Telegram Broadcasts: Telegram Broadcasts - Messenger with end-to-end encryption; Service provider: Telegram, Dubai; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://telegram.org/; Privacy policy: https://telegram.org/privacy. WhatsApp: WhatsApp Messenger with end-to-end encryption; Service provider: WhatsApp Ireland Limited, 4 Grand Canal Quay, Dublin 2, D02 KH28, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.whatsapp.com/; Privacy policy: https://www.whatsapp.com/legal. Chatbots and chat functions We offer online chats andchatbot functions (collectively referred to as "chat services") as acommunication option. A chat is an online conversation conducted with sometimeliness. A chatbot is software that answers users' questions or notifiesthem of messages. When you use our chat features, we may process your personaldata. If you use our chatservices within an online platform, your identification number will also bestored within the respective platform. We may also collect information aboutwhich users interact with our chat services and when. Furthermore, we store thecontent of your conversations via the chat services and log registration andconsent processes in order to be able to prove them according to legalrequirements. We would like to pointout to users that the respective platform provider can find out that and whenusers communicate with our chat services as well as collect technicalinformation about the device used by the users and, depending on the settingsof their device, also location information (so-called metadata) for the purposeof optimizing the respective services and for security purposes. Likewise, themetadata of the communication via chat services (i.e., e.g., information aboutwho communicated with whom) may be used by the respective platform providers inaccordance with their terms and conditions, to which we refer for furtherinformation, for marketing purposes or to display advertising tailored tousers. If users agree with achatbot to activate information with regular messages, they have the option tounsubscribe from the information at any time in the future. The chatbotinstructs users how and with which terms they can unsubscribe from themessages. Unsubscribing from chatbot messages deletes users' data from the listof message recipients. We use the aforementionedinformation to operate our chat services, e.g., to personally address users, torespond to their inquiries, to deliver any requested content, and also toimprove our chat services (e.g., to "teach" chatbots answers tofrequently asked questions or to recognize unanswered inquiries). Notes on legal basis: We use chat services on the basis of consent if wehave previously obtained users' permission to process their data as part of ourchat services (this applies to cases where users are asked for consent, e.g.,for a chatbot to send them messages on a regular basis). If we use chatservices to answer users' inquiries about our services or our company, this isdone for contractual and pre-contractual communication. Otherwise, we use chatservices based on our legitimate interests in optimizing the chat services,their operational efficiency, and increasing the positive user experience. Revocation, objectionand deletion: You can revoke agiven consent or object to the processing of your data within the scope of ourchat services at any time. Types of data processed: contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status); inventory data (e.g. names, addresses); contract data (e.g. subject matter of contract, term, customer category). Affected persons: Communication partners; customers; interested parties; business and contractual partners. Purposes of processing: contact inquiries and communication; direct marketing (e.g. by e-mail or postal mail); provision of contractual services and customer service; office and organizational procedures; marketing. Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) DSGVO); Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Further guidance onprocessing operations, procedures and services: Zammad: Management of contact requests, service tickets and communication; Service provider: Zammad GmbH, Marienstraße 18, 10117 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://zammad.com/de/; Privacy policy: https://zammad.com/de/unternehmen/datenschutz. tawk.to: Management of contact requests, service tickets and communication; Service provider: tawk.to inc., 187 East Warm Springs Rd, SB298 Las Vegas, NV, 89119 Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.tawk.to/; Privacy Declaration: https://www.tawk.to/data-protection/gdpr-2/. Application procedure The application processrequires applicants to provide us with the data required for their assessmentand selection. The information required can be found in the job description or,in the case of online forms, in the details provided there. Basically, the requiredinformation includes personal information such as the name, address, a means ofcontact and proof of the qualifications required for a position. Upon request,we will be happy to provide additional information about which details arerequired. If provided, applicantscan submit their applications to us using an online form. The data istransmitted to us in encrypted form in accordance with the state of the art.Applicants can also send us their applications by e-mail. Please note, however,that e-mails sent via the Internet are generally not encrypted. As a rule,e-mails are encrypted in transit, but not on the servers from which they aresent and received. We can therefore not assume any responsibility for thetransmission path of the application between the sender and the reception onour server. For the purposes ofapplicant search, submission of applications and selection of applicants, wemay use applicant management or recruitment software and platforms and servicesof third-party providers in compliance with legal requirements. Applicants are welcome tocontact us regarding the method of application submission or to send us theapplication by mail. Processing of specialcategories of data: Insofaras special categories of personal data within the meaning of Article 9 (1) ofthe GDPR (e.g. health data, such as severely disabled status or ethnic origin)are requested from applicants in the context of the application process so thatthe controller or the data subject can exercise the rights accruing to him orher under employment law and social security and social protection law andfulfill his or her obligations in this regard, their processing is carried outin accordance with Article 9 (2) b. DSGVO, in case of protection of vitalinterests of the applicants or other persons according to Art. 9 para. 2 lit.c. DSGVO or for the purposes of preventive health care or occupationalmedicine, for the assessment of the employee's ability to work, for medicaldiagnostics, for care or treatment in the health or social sector or for themanagement of systems and services in the health or social sector pursuant toArt. 9 para. 2 lit. h. DSGVO. In the case of notification of the specialcategories of data based on voluntary consent, their processing is based onArt. 9 para. 2 lit. a. DSGVO. Deletion of data: The data provided by applicants may be furtherprocessed by us for the purposes of the employment relationship in the event ofa successful application. Otherwise, if the application for a job offer isunsuccessful, the applicants' data will be deleted. Applicants' data will alsobe deleted if an application is withdrawn, which applicants are entitled to doat any time. Subject to a justified withdrawal by the applicants, the deletionwill take place at the latest after the expiry of a period of six months sothat we can answer any follow-up questions about the application and meet ourobligations to provide evidence under the regulations on equal treatment ofapplicants. Invoices for any reimbursement of travel expenses will be archivedin accordance with tax law requirements. Inclusion in anapplicant pool: Inclusion in anapplicant pool, if offered, is based on consent. Applicants are informed that theirconsent to inclusion in the talent pool is voluntary, has no influence on thecurrent application process and that they can revoke their consent at any timefor the future. Duration of dataretention in the applicant pool in months: 12 Types of data processed: inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, curriculum vitae, certificates, as well as other information provided with regard to a specific position or voluntarily by applicants regarding their person or qualifications). Affected Persons: Applicants. Purposes of the processing: application procedure (establishment and possible subsequent implementation as well as possible subsequent termination of the employment relationship). Legal basis: Application procedure as a pre-contractual or contractual relationship (Art. 6 para. 1 lit. b) DSGVO). Newsletter and electronic notifications We send newsletters,e-mails and other electronic notifications (hereinafter "newsletter")only with the consent of the recipients or a legal permission. Insofar as thecontents of the newsletter are specifically described in the context of aregistration, they are decisive for the consent of the users. Otherwise, ournewsletters contain information about our services and us. To subscribe to ournewsletters, it is generally sufficient to provide your e-mail address.However, we may ask you to provide a name, for the purpose of personal addressin the newsletter, or further details, if these are required for the purposesof the newsletter. Double opt-inprocedure: Registration for ournewsletter is always carried out in a so-called double opt-in process. Thismeans that after registration you will receive an e-mail in which you are askedto confirm your registration. This confirmation is necessary so that no one canregister with other e-mail addresses. The registrations for the newsletter arelogged in order to be able to prove the registration process according to thelegal requirements. This includes the storage of the registration andconfirmation time as well as the IP address. Likewise, the changes to your datastored with the shipping service provider are logged. Deletion andrestriction of processing: We maystore unsubscribed email addresses for up to three years based on ourlegitimate interests before deleting them in order to be able to prove consentformerly given. The processing of this data will be limited to the purpose of apossible defense against claims. An individual request for deletion is possibleat any time, provided that the former existence of consent is confirmed at thesame time. In the event of obligations to permanently observe objections, wereserve the right to store the e-mail address in a block list (so-called"block list") for this purpose alone. The logging of theregistration process takes place on the basis of our legitimate interests forthe purpose of proving its proper course. If we commission a service providerto send e-mails, this is done on the basis of our legitimate interests in anefficient and secure sending system. Contents: Information about us, ourservices, sporadic information on special occasions Types of data processed: inventory data (e.g., names, addresses); contact data (e.g., e-mail, telephone numbers); meta, communication, and procedural data (e.g., IP addresses, time data, identification numbers, consent status); usage data (e.g., websites visited, interest in content, access times). Affected persons: Communication partners. Purposes of processing: direct marketing (e.g. by e-mail or postal mail); reach measurement (e.g. access statistics, recognition of returning visitors). Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) DSGVO); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Option to object (opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the above contact options, preferably e-mail, for this purpose. Further guidance onprocessing operations, procedures and services: Mailchimp: Email sending and email marketing platform; Service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://mailchimp.com; Privacy policy: https://mailchimp.com/legal/; Order processing contract: https://mailchimp.com/legal/; Standard contractual clauses (ensuring level of data protection for processing in third countries): Inclusion in the order processing contract; Further information: Special security measures: https://mailchimp.com/help/Mailchimp-european-data-transfers/. Brevo: Email marketing platform; Service provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.brevo.com/; Privacy policy: https://www.brevo.com/legal/privacypolicy/; Order processing agreement: Provided by the service provider. Web analysis, monitoring and optimization Web analytics (alsoreferred to as "reach measurement") is used to evaluate the flow ofvisitors to our online offering and may include behavior, interests or demographicinformation about visitors, such as age or gender, as pseudonymous values. Withthe help of reach analysis, we can, for example, recognize at what time ouronline offer or its functions or content are most frequently used or invitere-use. Likewise, we can understand which areas require optimization. In addition to webanalytics, we may also use testing procedures, for example, to test andoptimize different versions of our online offering or its components. Unless otherwise statedbelow, profiles, i.e. data summarized for a usage process, can be created forthese purposes and information can be stored in a browser or in a terminaldevice and read from it. The information collected includes, in particular,websites visited and elements used there, as well as technical information suchas the browser used, the computer system used, and information on usage times.If users have agreed to the collection of their location data from us or fromthe providers of the services we use, location data may also be processed. The IP addresses of theusers are also stored. However, we use an IP masking procedure (i.e.,pseudonymization by shortening the IP address) to protect users. Generally, inthe context of web analysis, A/B testing and optimization, no clear data of theusers (such as e-mail addresses or names) are stored, but pseudonyms. Thismeans that we, as well as the providers of the software used, do not know theactual identity of the users, but only the information stored in their profilesfor the purposes of the respective procedures. Types of data processed: Usage data (e.g. web pages visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status). Data subjects: Users (e.g., website visitors, users of online services). Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Security measures: IP masking (pseudonymization of the IP address). Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) DSGVO); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Further guidance onprocessing operations, procedures and services: Matomo (without cookies): Matomo is a privacy-friendly web analytics software that is used without cookies and in which the recognition of returning users takes place with the help of a so-called "digital fingerprint", which is stored anonymously and changed every 24 hours; With the "digital fingerprint", user movements within our online offering are recorded with the help of pseudonymized IP addresses in combination with user-side browser settings in such a way that conclusions about the identity of individual users are not possible. The user data collected as part of the use of Matomo is only processed by us and is not shared with third parties; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://matomo.org/. Matomo: Matomo is software that is used for the purposes of web analysis and reach measurement. As part of the use of Matomo, cookies are generated and stored on the end device of the user. The user data collected as part of the use of Matomo is only processed by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal basis: consent (Art. 6 para. 1 p. 1 lit. a) DSGVO); Deletion of data: The cookies have a maximum storage period of 13 months. Matomo Cloud: Hosting of the reach measurement and web analytics software Matomo; Service provider: InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand; website: https://matomo.org/matomo-cloud/; privacy policy: https://matomo.org/matomo-cloud-privacy-policy/; order processing agreement: https://matomo.org/matomo-cloud-dpa/. Presence in social networks (socialmedia) We maintain onlinepresences within social networks and process user data in this context in orderto communicate with users active there or to offer information about us. We would like to pointout that user data may be processed outside the European Union. This may resultin risks for the users because, for example, the enforcement of the users'rights could be made more difficult. Furthermore, user data isusually processed within social networks for market research and advertisingpurposes. For example, usage profiles can be created based on the usagebehavior and resulting interests of the users. The usage profiles can in turnbe used, for example, to place advertisements within and outside the networksthat presumably correspond to the interests of the users. For these purposes,cookies are usually stored on the users' computers, in which the usage behaviorand interests of the users are stored. Furthermore, data independent of the devicesused by the users may also be stored in the usage profiles (especially if theusers are members of the respective platforms and are logged in to them). For a detailedpresentation of the respective forms of processing and the options to object(opt-out), we refer to the privacy statements and information provided by theoperators of the respective networks. In the case of requestsfor information and the assertion of data subject rights, we would also like topoint out that these can be asserted most effectively with the providers. Onlythe providers have access to the users' data and can take appropriate measuresand provide information directly. If you still need help, you can contact us. Types of data processed: contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status). Data subjects: Users (e.g., website visitors, users of online services). Purposes of processing: contact requests and communication; feedback (e.g. collecting feedback via online form); marketing. Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Further guidance onprocessing operations, procedures and services: Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy. Facebook pages: Profiles within the Facebook social network - We are jointly responsible with Meta Platforms Ireland Limited for collecting (but not further processing) data from visitors to our Facebook page (known as a "Fan Page"). This data includes information about the types of content users view or interact with, or the actions they take (see under "Things You and Others Do and Provide" in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called "Page Insights," to Page operators to provide them with insights into how people interact with their Pages and with content associated with them. We have entered into a special agreement with Facebook ("Page Insights Information," https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the data subject rights (i.e., users can, for example, direct information or deletion requests to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority), are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data); service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 (1) p. 1 lit. f) DSGVO); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Standard contractual clauses (ensuring level of data protection for processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Further information: Shared Responsibility Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. Joint accountability is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.). LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Order processing agreement: https://legal.linkedin.com/dpa; Standard contractual clauses (ensuring level of data protection for processing in third countries): https://legal.linkedin.com/dpa; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Pinterest: Social network; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.pinterest.com; Privacy policy: https://policy.pinterest.com/de/privacy-policy; Further information: Pinterest Data Sharing Annex (ANNEX A): https://business.pinterest.com/de/pinterest-advertising-services-agreement/. Twitter: social network; service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Privacy policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization). YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Privacy policy: https://policies.google.com/privacy; Opt-out: https://adssettings.google.com/authenticated. Plugins and embedded functions andcontent We integrate functionaland content elements into our online offer that are obtained from the serversof their respective providers (hereinafter referred to as "third-partyproviders"). These can be, for example, graphics, videos or city maps(hereinafter uniformly referred to as "content"). The integration alwaysrequires that the third-party providers of this content process the IP addressof the user, since without the IP address they could not send the content totheir browser. The IP address is thus required for the display of this contentor function. We strive to use only such content whose respective providers usethe IP address only for the delivery of the content. Third-party providers mayalso use so-called pixel tags (invisible graphics, also known as "webbeacons") for statistical or marketing purposes. The "pixeltags" can be used to analyze information such as visitor traffic on thepages of this website. The pseudonymous information may also be stored incookies on the user's device and may contain, among other things, technicalinformation about the browser and operating system, referring websites, time ofvisit and other information about the use of our online offer, as well as belinked to such information from other sources. Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status); inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms). Data subjects: Users (e.g., website visitors, users of online services). Purposes of processing: provision of our online offer and user-friendliness; provision of contractual services and customer service. Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Further guidance onprocessing operations, procedures and services: Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online offering that we retrieve from servers of other providers (e.g., function libraries that we use for the purpose of displaying or making our online offering user-friendly). In doing so, the respective providers collect the IP address of the user and may process this for the purpose of transmitting the software to the user's browser and for security purposes, as well as for the evaluation and optimization of their offer. - We integrate software into our online offer that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of display or user-friendliness of our online offer). In doing so, the respective providers collect the IP address of the users and may process this for the purpose of transmitting the software to the users' browsers and for security purposes, as well as for the evaluation and optimization of their offer; legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). OpenStreetMap: We incorporate the maps of the service "OpenStreetMap", which are offered on the basis of the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation (OSMF). User data is used by OpenStreetMap solely for the purposes of displaying the map functions and for caching the selected settings. This data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually executed within the settings of their mobile devices); Service Provider: OpenStreetMap Foundation (OSMF); Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.openstreetmap.de; Privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy. YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Opt-out: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de; Ad Display Settings: https://adssettings.google.com/authenticated. YouTube videos: Video content; YouTube videos are embedded via a special domain (recognizable by the component "youtube-nocookie") in the so-called "Enhanced Privacy Mode", whereby no cookies are collected on user activities in order to personalize video playback. Nevertheless, information on user interaction with the video (e.g. remembering the last playback point), may be stored; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy. Webflow: Creation, management and hosting of websites, online forms and other web elements; Service provider: Webflow, Inc. 208 Utah, Suite 210, San Francisco, CA 94103, USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://webflow.com; Privacy policy: https://webflow.com/legal/eu-privacy-policy; Order processing agreement: https://webflow.com/legal/sign-dpa; Standard contractual clauses (ensuring level of data protection for processing in third countries): https://webflow.com/legal/sign-dpa. Management, organization and auxiliarytools We use services, platformsand software from other providers (hereinafter referred to as "third-partyproviders") for the purposes of organizing, managing, planning andproviding our services. When selecting third-party providers and theirservices, we observe the legal requirements. In this context, personaldata may be processed and stored on the servers of the third-party providers.This may involve various data that we process in accordance with this privacypolicy. This data may include, in particular, master data and contact data ofusers, data on transactions, contracts, other processes and their contents. If users are referred tothird-party providers or their software or platforms in the course ofcommunication, business or other relationships with us, the third-party providersmay process usage data and metadata for security purposes, service optimizationor marketing purposes. We therefore ask you to observe the data protectionnotices of the respective third-party providers. Types of data processed: Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status); Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Payment data (e.g. bank details, invoices, payment history); Contractual data (e.g. subject matter of contract, term, customer category). Data subjects: Communication partners; users (e.g. website visitors, users of online services); business and contractual partners; customers; interested parties. Purposes of processing: provision of contractual services and customer service; office and organizational procedures; direct marketing (e.g. by e-mail or postal mail); marketing. Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Further guidance onprocessing operations, procedures and services: ChatGPT: AI-based service designed to understand and generate natural language and related input and data, analyze information, and make predictions ("AI", i.e. "Artificial Intelligence", is to be understood in the applicable legal sense of the term); Service Provider: OpenAI OpCo, LLC, 3180 18th St., San Francisco, CA 94110 USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://openai.com/product; Privacy policy: https://openai.com/policies/privacy-policy; Opt-out: https://docs.google.com/forms/d/e/1FAIpQLSevgtKyiSWIOj6CV6XWBHl1daPZSOcIWzcUYUXQ1xttjBgDpA/viewform. AI Software (on its own server): Use of "artificial intelligence" in the applicable legal sense of the term, i.e., software based primarily on certain logic and essentially autonomous to understand and generate natural language or other input as well as data, analyze information and make predictions; Service Provider: Execution on servers and/or computers under our data protection responsibility without transferring data to other recipients; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Midjourney: AI-based image processing service designed to understand and generate natural language and related input and data, analyze information, and make predictions ("AI", i.e. "Artificial Intelligence", to be understood in the applicable legal sense of the term); Service Provider: Midjourney, Inc, 795 Folsom Street, 1st Floor, San Francisco, CA 94107 USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.midjourney.com/; Privacy policy: https://docs.midjourney.com/docs/privacy-policy. Miro: Online whiteboard and collaboration platform; Service provider: Realtimeboard Inc. dba Miro, 201 Spear Street Suite 1100, San Francisco, California 94105, USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://miro.com/; Privacy policy: https://miro.com/legal/privacy-policy/. Moco: acquisition, time recording, billing and invoice management, personnel management, contact management, project management and company management, company reports, individual reports, project reports; service provider: hundertzehn GmbH, Aeschstrasse 131F, 8123 Ebmatingen, Switzerland; legal basis: legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); website: https://www.mocoapp.com/; privacy policy: https://www.mocoapp.com/unternehmen/datenschutz; order processing contract: https://www.mocoapp.com/cloud-software/dsgvo. Zapier: Automation of processes, merging of various services, import and export of personal and contact data, and analyses of these processes; Service provider: Zapier, Inc., 548 Market St #62411, San Francisco, California 94104, USA; Legal Grounds: Legitimate Interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://zapier.com; Privacy Policy: https://zapier.com/privacy; Standard Contractual Clauses (ensuring level of data protection for processing in third countries): https://zapier.com/tos (part of the GTC). Modification and update of the privacypolicy We ask you to regularlyinform yourself about the content of our privacy policy. We adapt the dataprotection declaration as soon as the changes in the data processing carriedout by us make this necessary. We will inform you as soon as the changesrequire an act of cooperation on your part (e.g. consent) or other individualnotification. If we provide addressesand contact information of companies and organizations in this privacystatement, please note that the addresses may change over time and please checkthe information before contacting us. Rights of the data subjects As a data subject, youare entitled to various rights under the GDPR, which arise in particular fromArt. 15 to 21 GDPR: Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. Right of revocation for consents: You have the right to revoke any consent you have given at any time. Right of access: You have the right to request confirmation as to whether data in question is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with the legal requirements. Right to rectification: In accordance with the law, you have the right to request that data concerning you be completed or that inaccurate data concerning you be rectified. Right to erasure and restriction of processing: You have the right, in accordance with the law, to request that data relating to you be erased immediately or, alternatively, to request restriction of the processing of the data in accordance with the law. Right to data portability: You have the right to receive data relating to you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transferred to another controller. Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the requirements of the GDPR. Definitions This section provides you with an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined primarily in Art. 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are sorted alphabetically. Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, includes any type of automated processing of personal data that consists of using such personal data to analyze, evaluate or to predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behavior and interests, such as interaction with websites and their content, etc.) (e.g., interests in certain content or products, click behavior on a website or location). Cookies and web beacons are often used for profiling purposes. Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can include visitors' behavior or interests in certain information, such as website content. With the help of reach analysis, website owners can see, for example, at what time visitors visit their website and what content they are interested in. This enables them, for example, to better adapt the content of the website to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyses of the use of an online offer. Controller: a "controller" is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Processing: "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data, be it collection, analysis, storage, transmission or deletion.