Privacy Policy

Below you will first find an overview of the types of data processed and the persons affected by the processing.

Types of processed data

We divide the processed data into the following types:

1. Usage data: This includes, in particular, websites visited and interests in content.

2. Metadata: This means the data generated during the communication process, such as IP addresses, browser identification and device details.

3. Content data: These mean those data that are provided when using our services themselves (texts, images, forms).

4. Contact details: This includes e-mail addresses, telephone numbers and the postal address.

5. Contract data: The data necessary for the conclusion of the contract, such as the subject of the contract and the parties concluding it.

6. Inventory data: This is the existing core data such as names and addresses.

7. Geodata: This includes, for example, the own location or the location targeted within a route.

8. Payment data: Data on payment methods.

9. Special personal data: Special personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data, or data concerning sex life or sexual orientation.

Categories of data subjects

We divide the persons concerned by the data processing into the following categories:

1. Users: Visitors to our websites and online services.

2. Applicant: People who apply to us.

3. Interested parties: People who are interested in our services and contact us through this.

4. Communication partner: People who establish communication with us.

5. Customers: People who use our services as clients.

6. Contractors: Persons with whom we have contractual relationships without them being customers.

Purposes for the pursuit of which the processing is carried out

In general, the processing of personal data is carried out for the following purposes:

1. Provision of our online offer: We process data in order to be able to provide our online offer at all.

2. Improvement of the user-friendliness of our online offer: We process data in order to improve the user-friendliness of our offer. We achieve this in particular by analyzing visits to our online offering.

3. Analysis of the behavior of visitors to our online offer: Analysis of accessed pages, e.g. by recording click paths and bounce rates.

4. Obtaining feedback: Request and evaluate feedback on services and performance.

5. Interest-based and behavioral (re-)marketing: Marketing tailored to the interests of users, which in turn is derived from their behavior.

6. Conversion measurement: Measurement of the effectiveness of marketing measures

7. Security measures: Measures to protect our technical infrastructure

8. Contact requests and communication: Processing of contact requests, etc.

9. Office organization: Measures to organize the office, e.g. scheduling, division of tasks, etc.

10. Direct marketing: Direct marketing to customers, especially via individual letters by mail.

11. Provision of contractual services: Processing of data during the execution and initiation of contracts.

12. Implementation of the application process: In the case of an application procedure, the data the data processed within the procedure.

13. Implementation of the employment relationship: Data processing for the purpose of implementation, management and termination of the employment relationship.

Overview and explanation of the legal basis

In the following, we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. In addition to the regulations of the DSGVO, national regulations of the respective user's country of residence or domicile may apply.

1. Legitimate interests (Art. 6 para. 1 p.1 lit. f DSGVO): The processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

2. Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO): The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.

3. Legal obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO): The processing is necessary for compliance with a legal obligation to which the controller is subject.

4. Protection of vital interests (Art. 6 para. 1 p. 1 lit. d. DSGVO): The processing is necessary to protect the vital interests of the data subject or another natural person.

5. Application procedure as a pre-contractual or contractual relationship (Art. 9 para. 1 p. 1 lit. b DSGVO): (Insofar as special categories of personal data within the meaning of Article 9 (1) of the GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants in the context of the application process so that the controller or the data subject can exercise the rights accruing to him or her under labor law and social security and social protection law and fulfill his or her obligations in this regard, their processing shall be carried out in accordance with Article 9 (2) b. DSGVO, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of communication of special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. DSGVO.).

6. Data processing for the purposes of the employment relationship (§ 26 BDSG): We process (special) types of personal data in the employment relationship on the basis of the statutory provision for the purpose of establishing, implementing and terminating the employment relationship.

7. Consent (if requested) (Art. 6 para. 1 p. 1 lit. a DSGVO): The data subject has given his/her consent to the processing of personal data concerning him/her for a specific purpose or purposes.

8. Storage of information in the end user's terminal equipment with the end user's consent (§ Section 25 (1) sentence 1 TTDSG): We use memory areas of the terminal equipment of our users for certain functions with the explicit and informed consent of the same.

9. Storage of information in the end user's terminal equipment due to necessity (§ 25 Ab. 2 No. 2 TTDSG): Unless we have asked for your permission when you visit our website or use individual functions, we use the memory of your terminal device for the technical presentation and delivery of our telemedia service if this is technically absolutely necessary.

10. Processing for the exercise of a public interest (Art. 6 para. 1 lit. e DSGVO): To the extent that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk, Article 32 GDPR. The security measures we take include, in particular, the following.

- Secure Sockets Layer | Transport Layer Security (SSL): We use SSL / TLS for encrypted transmission of data between the end devices of our visitors and our server. In this way, the risk of unauthorized viewing of the transmitted data is significantly reduced.

Transfer and disclosure of personal data to third parties

In the course of our processing of personal data, it may happen that the data is transferred to or data is disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include in particular:

- IT service provider: This includes service providers for the provision of hosting, mail services and server technology

- Payment service provider: Service providers who cooperate with us to process payments.

- Shipping service provider: Service providers who perform logistics tasks for us. These include parcel service providers in particular.

- Authorities: Government agencies with which we exchange data for the purpose of fulfilling orders or for legal reasons.

In such a case, we ensure the protection of personal data by concluding contracts or agreements with the respective third parties that serve to adequately protect the data. We carefully and conscientiously select third parties to whom we disclose data. Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers. 

Data processing in third countries

Insofar as we process data in a third country, i.e. a country outside the European Union or the European Economic Area, or the processing is carried out by third parties outside this area, this processing is only carried out in accordance with the applicable legal provisions. Subject to the express consent of the data subjects or legally required transfers, we only process data or have data processed in third countries with an adequate level of protection. This includes, in particular, countries that process on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO).

General note on the deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent to its processing has been revoked or other permissions (e.g. legitimate interests, legal obligations, etc.) cease to apply. If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. Further information on the deletion of personal data is provided, where applicable, under the individual points of this data protection declaration. 

A "cookie" is a small text file that is stored on the visitor's computer at the request of our systems and if the browser setting of our visitor allows it. This has a key and a value and is used to identify the end device beyond a request-response cycle (perpetuation of the session). The key and value of the cookie are processed by the setting system for each request. Below you will find a list of the cookies we use and the associated information.

Technically necessary cookies

We send the request to set the following cookies to our visitors' system the first time they visit a page.

Name / Domain: CookiePreferences | epaimages.com

User / Party: the local responsible 

Explanation / Details: Requesting consent for the use of third-party cookies. A session cookie is a form of cookie that is deleted as soon as the user closes the browser after his session. As a rule, such a session cookie does not store any information that serves to identify the user, but only a session identifier (session ID).

Retention period: 364T, 23H

Name / Domain: ASP.NET_SessionId | epaimages.com

User / Party: the local responsible

Explanation / Details: This is only used to assign several requests of a user on a page to his session. If you visit an online store in a browser in two windows, the store recognizes from the session cookie that both calls are your session and can, for example, make the same shopping cart available in both windows.

Retention period: End of session

If you do not agree with the setting of the above-mentioned cookies, you can configure your browser to refuse their installation. Under certain circumstances, this can lead to our website no longer functioning properly.

Types of data processed: Usage data, meta and communication data

Affected persons: Users of our website.

Legal basis: Der Einsatz dieser Cookies ist zum Betrieb der Webseite zwingend notwendig und folgt auf Grundlage unseres berechtigten Interesses an der effektiven Auslieferung unseres Onlineangebotes, Art. 6 Abs. 1 S.1 lit. f DSGVO und § 25 Abs. 2 Nr. 2 TTDSG.

Optional Cookies

We only set the following cookies after the user has given us their consent to do so. The legal basis for the processing is the consent of the user (Art. 6 para. 1 p. 1 lit. a DSGVO).

Name / Domain: _ga | .epaimages.com

User / Party: Google LLC

Explanation / Details: This cookie is used by Google Analytics for the long-term recognition of a visitor to the website.

Information about function: Web analytics: In order to further improve our website, understand our users' interests and expectations, identify problems with click paths on our website, and evaluate the performance of individual pages and our site as a whole, we use web analytics services. For this purpose, we collect and process data about the end device used by the user, the pages called up, the time spent calling up and staying on the respective pages, the user's origin (referrer) and, as far as possible, his geographical position. Insofar as we do this exclusively by evaluating the HTTP requests (see above), the processing is based on our legitimate interest. If we use additional services, this will only be done with your consent. Legal basis: Legitimate interests (Art. 6 para. 1 p.1 lit. f DSGVO) , Consent (if requested) (Art. 6 para. 1 p. 1 lit. a DSGVO).

Retention period: 729T, 23H

Name / Domain: _ga_XQ9GVYLRWC | .epaimages.com 

User / Party: Goggle LLC 

Explanation / Details: Information about function: Web analytics: In order to further improve our website, understand our users' interests and expectations, identify problems with click paths on our website, and evaluate the performance of individual pages and our site as a whole, we use web analytics services. For this purpose, we collect and process data about the end device used by the user, the pages called up, the time spent calling up and staying on the respective pages, the user's origin (referrer) and, as far as possible, his geographical position. Insofar as we do this exclusively by evaluating the HTTP requests (see above), the processing is based on our legitimate interest. If we use additional services, this will only be done with your consent. Legal basis: Legitimate interests (Art. 6 para. 1 p.1 lit. f DSGVO), Consent (if requested) (Art. 6 para. 1 p. 1 lit. a DSGVO).

Retention Period: 729T, 23H

Types of data processed: Usage data, meta and communication data

Affected persons: Users of our website.

Legal basis: Consent of the users (Art. 6 para. 1 p. 1 lit. a DSGVO).

Opposition: You can revoke consent for the future by using the consent tool on this website.

Name / Domain: _CLCK_CLSK | .epaimages.com

User / Party: Microsoft Corporation

Explanation / Details: Information about function: Microsoft Clarity and Microsoft Advertising is implemented to capture how our user operate and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, this information is used for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses data, visit the Microsoft Privacy Statement. Legal basis: Legitimate interests (Art. 6 para. 1 p.1 lit. f DSGVO), Consent (if requested) (Art. 6 para. 1 p. 1 lit. a DSGVO).

Retention Period: 395T

Types of data processed: Usage data, meta and communication data

Affected persons: Users of our website.

Legal basis: Consent of the users (Art. 6 para. 1 p. 1 lit. a DSGVO).

Opposition: You can revoke consent for the future by using the consent tool on this website.

Data processing (internal)

Data processing by external service providers and processors

Google LLC

Google Tag Manager

After approval

Function

Embedding tools

We use external services to simplify the integration and handling of further solutions in our website.

The use is either in the context of our legitimate interest in the safe, uncomplicated integration of external resources or with the consent of our users.

Processed data: Usage data, Metadata

Affected persons: Users

Legal basis of processing: Legitimate interests, Consent (if requested)

Legitimate Interests: Maintenance-free: Our legitimate interest in using technology that is low-maintenance or maintenance-free for us. This ensures, as it were, a constantly high level of security for the services.; Development Outsourcing: Our legitimate interest in not having to develop all services ourselves and instead relying on highly complex services operated by third parties.; High availability: Our legitimate interest in using a highly available service.

Affected domains: www.googletagmanager.com (incl. subdomains)

Google Marketing Platform

After approval

Function

Marketing: We process personal data for online marketing purposes. This includes, in particular, the presentation of advertising content that corresponds to the potential interests of the user. For this purpose, we use the advertising network "Google Ads". For this purpose, so-called user profiles are created and assigned to the user's terminal device by means of a cookie (see above). These cookies can later be read and analyzed on websites that use the same marketing provider. Profiling may include, in particular, data such as websites visited, content viewed and online networks used. However, it is also possible to record communication partners and - if the user enables this - the user's location

The IP addresses of the user are also stored, again using so-called IP masking.

Processed data: Usage data, Metadata, Geodata

Affected persons: Users

Legal basis of processing: Consent (if requested)

Affected domains: www.google.com.ua, doubleclick.net (incl. subdomains), www.google.de

Google Analytics

After approval

Function

Web analytics

In order to further improve our website, understand our users' interests and expectations, identify problems with click paths on our website, and evaluate the performance of individual pages and our site as a whole, we use web analytics services. For this purpose, we collect and process data about the end device used by the user, the pages called up, the time spent calling up and staying on the respective pages, the user's origin (referrer) and, as far as possible, his geographical position. Insofar as we do this exclusively by evaluating the HTTP requests (see above), the processing is based on our legitimate interest. If we use additional services, this will only be done with your consent.

Processed data: Usage data, Metadata

Affected persons: Users

Legal basis of processing: Legitimate interests, Consent (if requested)

Legitimate Interests: Optimization user interface: Our legitimate interest in the optimization of our user interface and thus the effective design of our services.; Power measurement: Our legitimate interest in measuring the performance of our website and individual pages.

Affected domains: analytics.google.com, region1.analytics.google.com, www.google-analytics.com (incl. subdomains)

Google Storage

Information and description

We use cloud storage from Google on our website to host the images provided by our photographers. This is where previews and the images for sale themselves are kept. Due to the size of the images and the associated data volume, local hosting is not possible.

Function

Content Delivery Network, Optimized Image and File Delivery (CDN)

We use external service providers to optimize the delivery and integration of files in terms of performance and compatibility. If necessary, they store the files we require on servers in different geographical regions in order to reduce retrieval times.

In this case, corresponding request data is generated by the respective providers.

Processed data: Usage data, Metadata

Affected persons: Users

Legal basis of processing: Legitimate interests

Legitimate Interests: Maintenance-free: Our legitimate interest in using technology that is low-maintenance or maintenance-free for us. This ensures, as it were, a constantly high level of security for the services.; High availability: Our legitimate interest in using a highly available service.

Affected domains: storage.googleapis.com

Provider information

Google LLC; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Tochterunternehmen in der Europäischen Union: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, https://policies.google.com/privacy

This provider may process data outside the scope of the European Union.

There are so-called SCCs (standard contractual clauses) between the above-mentioned responsible person and the operator. 

ISRG (Internet Security Research Group)

Let''s Encrypt

Information and description

Let's Encrypt provides SSL certificates as a free certificate authority. The validity of such a certificate is limited in time before it has to be renewed. Such a certificate can also be recalled and "devalidated".

"r3.o.lencr.org" is one of the security servers of the Let's Encrypt organization, through which data about revoked certificates is published.

We use certificate verification for your security. Your browser checks whether our certificate is still validated at the time of connection.

Function

Front-end security technology

We use best security techniques to protect our website (especially forms) and other parts of our infrastructure from unauthorized access, spam and automated access.

Processed data: Usage data, Metadata

Affected persons: Users

Legal basis of processing: Legitimate interests

Legitimate Interests: Maintenance-free: Our legitimate interest in using technology that is low-maintenance or maintenance-free for us. This ensures, as it were, a constantly high level of security for the services.; Development Outsourcing: Our legitimate interest in not having to develop all services ourselves and instead relying on highly complex services operated by third parties.; Security: Our legitimate interest in securing our offers against unauthorized and damaging access.

Affected domains: r3.o.lencr.org

Provider information

ISRG (Internet Security Research Group); 548 Market St PMB 77519 San Francisco CA 94104-5401 USA, https://letsencrypt.org/privacy/

This provider may process data outside the scope of the European Union.

Let's Encrypt is a free, automated and open certificate authority for SSL certificates, among others, which increase the security of the website through encryption. An SSL certificate is used to securely transfer website data when it is called up by the browser. SSL stands for "Secure Sockets Layer". This means that there is a protocol between the web server and the client (user) that encrypts the data.

Picture Pack

Picture Pack - Website

Information and description

Picture Pack offers hosting and website building kits as a service.

Function

Server and network infrastructure

We use the services of a specialized and reputable company to operate and maintain our server and network infrastructure (data centers).

Processed data: Usage data, Metadata, Content data, Contact details, Contract data

Affected persons: Users

Legal basis of processing: Legitimate interests

Legitimate Interests: Maintenance-free: Our legitimate interest in using technology that is low-maintenance or maintenance-free for us. This ensures as it were, a constantly high level of security for the services.; High availability: Our legitimate interest in using a highly available service.

Affected domains: epaimages.com, assets.picturepack.com, picturepackcdn-ck2zxqzonq-ey.a.run.app

Provider information

Picture Pack; Picture Pack | iMedia bv Zwaardstraat 16 2584 TX Den Haag t +31(0)70 221 01 44 info@picturepack.com, https://www.picturepack.com/downloads/privacy_statement.pdf

Social media regularly analyze the behavior of their users for marketing purposes. In doing so, they create far-reaching profiles about the interests and usage behavior of their users in order to be able to display personalized advertising to them. By setting cookies and integrating them into third-party sites, information can also be collected that goes beyond the direct use of the social network

In particular, information about the terminal device used, the Internet connection (IP address) and, if applicable, the location of the user may also be collected. 

Twitter

We operate an account on the social network Twitter.

We would like to point out that you use the Twitter short message service offered here and its functions on your own responsibility. This applies in particular to the use of the interactive functions (for example, sharing or rating).

Information on what data is processed by Twitter and for what purposes can be found in the privacy policy of Twitter https://twitter.com/de/privacy

Information collected by the cookies of this provider is usually sent to a server in the USA and stored there. In the event that the data is transferred to the USA, the data transfer is based on the existence of standard contractual clauses.

We have no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this respect.

With the use of Twitter, your personal data is collected, transferred, stored, disclosed and used by Twitter Inc. and thereby transferred to the United States, Ireland and any other country in which Twitter Inc. does business, and stored and used there, regardless of your place of residence.

Twitter processes on the one hand your voluntarily entered data such as name and user name, e-mail address, telephone number or the contacts of your address book when you upload or synchronize it.

On the other hand, Twitter also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users, and can determine your location using GPS data, wireless network information or your IP address in order to send you advertising or other content.

In addition, Twitter collects and analyzes other log data about your visits.

For more information about data collection, data processing, and how to limit what we do, please visit the following resources

https://support.twitter.com/articles/105576

https://help.twitter.com/de/forms/fragments/privacy-helpful-articles

https://support.twitter.com/articles/20172711

https://twitter.com/settings/your_twitter_data

https://twitter.com/personalization

We do not collect data on your visits on twitter on our selfs.

However, the data you enter on Twitter, in particular your username and the content published under your account, are processed by us insofar as we may re-tweet or reply to your tweets or also compose tweets from us that refer to your account. The data freely published and disseminated by you on Twitter is thus included by us in our offer and made available to our followers.

Provider information

Twitter International Company, Twitter International Company One Cumberland Place Fenian Street Dublin 2 D02 AX07 Ireland, https://twitter.com/de/privacy

Cookies information: https://help.twitter.com/de/rules-and-policies/twitter-cookies

Privacy settings: https://help.twitter.com/de/safety-and-security/privacy-controls-for-tailored-ads

Usage

We use this platform to perform the following functions.

Social media

In order to be able to communicate effectively with our (potential) customers and other interested persons and to offer them an obvious point of contact and information, we maintain presences in some social media.

Our website may display elements whose click leads users to the respective presence on social media (icon links, etc.).

Processed data: Usage data, Metadata, Content data, Contact details, Inventory data, Geodata

Affected persons: Users, Communication partner

Legal basis of processing: Legitimate interests

Legitimate Interests:

Customer communication and support: Our legitimate interest in a direct, simple communication with our (potential) customers; possibly also in an environment used by them anyway, as well as our legitimate interest in being able to offer customer-oriented support at this point. 

Facebook

We operate a presence on the social network Facebook.

We would like to point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating)

Alternatively, you can also access the information offered via this page on our website.

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information in the

form of cookies on your PC. This information is used to provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page.

Facebook provides more detailed information on this at the following URL

http://de-de.facebook.com/help/pages/insights. Data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union.

Facebook describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Facebook and on the settings options for advertisements. The data usage guidelines are available at the following URL

http://de-de.facebook.com/about/privacyDie You can find Facebook's complete data policy here

https://de-de.facebook.com/full_data_use_policyDie data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union in the process.

If you visit one of our presences in social media (e.g. Facebook), you trigger a processing of your personal data during such a visit.

In this case, we are jointly responsible with the operator of the respective social network for the data processing operations within the meaning of Art. 26 DSGVO, provided that we actually make a joint decision with the operator of the social network about the data processing and we also have an influence on the data processing.

As far as possible, we have concluded joint responsibility agreements with the operators of the social networks pursuant to Art. Art. 26 DSGVO, so in particular the so-called "Page Controller Addendums" of Facebook Ireland Ltd.

Your rights (right to information pursuant to Art. 15 DSGVO, right to rectification pursuant to Art. 16 DSGVO, right to erasure pursuant to Art. 17 DSGVO, right to restriction of processing pursuant to Art. 18 DSGVO, right to data portability pursuant to Art. 20 DSGVO and right to lodge a complaint pursuant to Art. 77 DSGVO ) can in principle be asserted both against us and against the operator of the respective social network (e.g. Facebook).

Please note that despite the joint responsibility pursuant to Art. 26 DSGVO with the operators of social networks, we have no full influence on the data processing of the individual social networks. The corporate policy of the respective provider has a significant influence on our options.

In the event of the assertion of data subject rights, we could only forward these requests to the operator of the social network.

In what way Facebook uses data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, is not conclusively and clearly stated by Facebook and is not known to us.

When you access a Facebook page, the IP address assigned to your terminal device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for "German" IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (for example, as part of the "login notification" function); this may allow Facebook to assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your end device. This may enable Facebook to track that you have visited this page and how you have used it (for example, through a referrer header).

If you want to avoid that Facebook draws these conclusions or want to avoid that Facebook assigns the visit of our Facebook presence to your profile, you can use, for example, a private window of your browser, because in this no cookies are pre-set.

We, as the provider of the information service, do not collect and process any data from your use of our service beyond this. You can find this privacy policy in its current version under the item "Data Policy" on our Facebook page.

Provider information

Meta Platforms Ireland Limited, Meta Platforms Ireland Limited 4 Grand Canal Square Dublin 2 Irland Handelsregisternummer: 462932, http://de-de.facebook.com/about/privacy

Subsidiaries of the:

Meta Platforms, Inc.

One Hacker Way

Menlo Park, CA 94025

USA

Usage

We use this platform to perform the following functions.

Social media

In order to be able to communicate effectively with our (potential) customers and other interested persons and to offer them an obvious point of contact and information, we maintain presences in some social media.

Our website may display elements whose click leads users to the respective presence on social media (icon links, etc.).

Processed data: Usage data, Metadata, Content data, Contact details, Inventory data, Geodata

Affected persons: Users, Communication partner

Legal basis of processing: Legitimate interests

Legitimate Interests:

Customer communication and support: Our legitimate interest in a direct, simple communication with our (potential) customers; possibly also in an environment used by them anyway, as well as our legitimate interest in being able to offer customer-oriented support at this point.

Instagram

We operate a page on the social network Instagram.

We would like to point out that you use this Instagram page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (for example, commenting or rating).

When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as operators of the Instagram pages, with statistical information about the use of the Instagram page.

The data collected about you in this context is processed by Instagram Inc. and may be transferred to countries outside the European Union in the process.

What information Instagram receives and how it is used is described in general terms by Instagram in its privacy policy. There you will also find information about contact options to Instagram as well as further options to make settings regarding the playout of targeted advertising.

https://help.instagram.com/519522125107875 . In which way Instagram uses the data from the visit of Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Instagram stores this data and whether data from a visit to the Instagram page is passed on to third parties, is not conclusively and clearly stated by Instagram and is not known to us.

When accessing an Instagram page, the IP address assigned to your end device is transmitted to Instagram. According to Instagram, this IP address is anonymized (after the processing operation) (for "German" IP addresses) and deleted after 90 days. Instagram also stores information about the end devices of its users (for example, as part of the "registration notification" function); if necessary, Instagram is thus able to assign IP addresses to individual users.

If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is located on your end device. This enables Instagram to track that you have visited this page and how you have used it. This also applies to all other Instagram pages.

Instagram may also be able to associate your visit to our website with your profile, for example by reading the so-called "referrer header".

If you want to avoid this, you must adjust the cookie settings of your browser or delete the corresponding cookies of the provider. Alternatively, you can increase the protection against tracking by using a private window of your browser.

We, as the provider of the information service, do not collect or process any data from your use of our service beyond this.

You can find this privacy policy in the respective applicable version under the item "Data Policy" on and the respective Instagram page.

Provider information

Meta Platforms Ireland Limited, Meta Platforms Ireland Limited 4 Grand Canal Square Dublin 2 Irland Handelsregisternummer: 462932, http://de-de.facebook.com/about/privacy

Subsidiaries of the:

Meta Platforms, Inc.

One Hacker Way

Menlo Park, CA 94025

USA

Usage

We use this platform to perform the following functions.

Social media

In order to be able to communicate effectively with our (potential) customers and other interested persons and to offer them an obvious point of contact and information, we maintain presences in some social media.

Our website may display elements whose click leads users to the respective presence on social media (icon links, etc.).

Processed data: Usage data, Metadata, Content data, Contact details, Inventory data, Geodata

Affected persons: Users, Communication partner

Legal basis of processing: Legitimate interests

Legitimate Interests:

Customer communication and support: Our legitimate interest in a direct, simple communication with our (potential) customers; possibly also in an environment used by them anyway, as well as our legitimate interest in being able to offer customer-oriented support at this point.

The data subjects are entitled to rights, which we inform you about below.

- Right of objection (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

- Right to information (Art. 15 GDPR): You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with the legal requirements.

- Right to rectification (Art. 16 GDPR): In accordance with the legal requirements, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.

- Right to erasure and restriction of processing (Art. 17, 18 DSGVO): In accordance with the statutory provisions, you have the right to demand that data relating to you be deleted immediately or, alternatively, to demand restriction of the processing of the data in accordance with the statutory provisions.

- Right to data portability (Art. 20 GDPR): You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to request that it be transferred to another responsible party.

- Complaint to supervisory authority (Art. 77 GDPR): You also have the right, in accordance with the law, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data relating to you infringes the GDPR.

- Right of withdrawal for consents (Art. 7 para.3 DSGVO): You have the right to revoke any consent you have given to the person responsible at any time.

If you contact by email or via our contact form, all data you provide will be used for the purpose of answering your request.

Without this data an answer to your inquiry is not possible at all.

The legal basis for this data processing is Art. 6 I (1) lit. f.) GDPR. Our legitimate interests lie in the communication with you referring to your inquiry.

The legal basis may also be Art.6 I (1) lif. b.) GDPF if your inquiry leads to an order or contract.

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

On our websites we give you the opportunity to create a customer account. You can do this via our registration form.

We will use the data you entered during registration (e.g. your name, your address, or your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide customer care (e.g. to provide you with an overview of your previous orders or to be able to offer you a wishlist function).

We store your IP address as well as date and time of your registration.

During the registration process, we ask you to give us your consent for this processing of your data, with reference made to this privacy policy.

If you give us your consent the legal basis for this processing is Art. 6 I (1) lit. a.) GDPR.

If the opening of the customer account is also intended to lead to the initiation of a contractual relationship with us, legal basis will also be Art. 6 I (1) lit. b.) GDPR.

You may revoke your prior consent at any time with future effect. All you have to do is inform us that you are revoking your consent.

The data previously collected will then be deleted as soon as processing is no longer necessary. However, we must observe any retention periods required under tax and commercial law.

On our website, we offer the opportunity to apply for jobs within our company. If you apply, we collect your application data electronically in order to process your application.

If your application is successful, we will store the data you provide during the application process in your personnel file for the purpose of the usual organizational and administrative process, naturally in compliance with further legal obligations.

The legal basis for these types of processing is §26 I (1) BDSG in conjunction with Art. 88 I GDPR.

If your application is not successful, we will automatically delete the data submitted to us two months after the final decision is made. We will not delete the data, however, if we must store the data for legal reasons such as evidence of equal treatment of applicants, until any legal action is concluded, or four months.

The legal basis in that case is Art. 6 I (1) lit. f.) GDPR and §24 I Nr. 2 BDSG. Our legitimate interest lies in our legal defense against legal claims.

If you consent to a longer storage of your data, for your inclusion in a database of applicants or interested parties, the data will be processed on the basis of your consent according to Art. 6 I (1) lit. a.) GDPR. You may withdraw your consent at any time with future effect.