1. Introduction
This website is operated by: isla Studio Teichmann.
It is very important to us to handle our website visitors’ data confidentially and to protect it in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR.
Below we explain how we process your data on our website. We use language that is as clear and transparent as possible so that you really understand what happens to your data.
2. General information
2.1 Processing of personal data and other terms
Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when ‘something happens to it’. Here, for example, the IP is transmitted from the browser to our provider and automatically stored there. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).
These and other legal definitions can be found in Art. 4 GDPR.
2.2 Applicable regulations/laws – GDPR, BDSG and TDDDG
The scope of data protection is regulated by law. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.
In addition, the TDDDG supplements the provisions of the GDPR as far as the use of cookies is concerned.
2.3 The person responsible
The controller within the meaning of the GDPR is responsible for data processing on this website. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
You can reach the person responsible at:
isla Studio Teichmann
Marcus-Heinemann-Str. 34 21337 Lüneburg Germany
hello@citelayer.ai
2.4 How data is generally processed on this website
As we have already established, there is data (e.g. IP address) that is collected automatically. This data is mainly required for the technical provision of the website. If we also use personal data or collect other data, we will inform you of this or ask for your consent.
You consciously provide us with other personal data.
You will find detailed information on this below.
2.5 Your rights
The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the rectification, blocking or erasure of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke your consent at any time.
You can find out what these rights look like in detail and how to exercise them in the last section of this Privacy Policy.
2.6 Data protection – Our view
Data protection is more than just a chore for us! Personal data has great value and careful handling of this data should be a matter of course in our digitalized world. As a website visitor, you should also be able to decide for yourself what “happens” to your data, when and by whom. That is why we are committed to complying with all legal regulations, only collect the data that is necessary for us and, of course, treat it confidentially.
2.7 Forwarding and deletion
The transfer and deletion of data are also important and sensitive issues. We would therefore like to briefly inform you in advance about our general approach to this.
Data will only be passed on on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called Data Processor and a Data Processing Agreement has been concluded in accordance with Art. 28 GDPR.
We delete your data when the purpose and legal basis for processing no longer apply and the deletion does not conflict with any other legal obligations. Art. 17 GDPR also provides a ‘good’ overview of this.
For further information, please refer to this Privacy Policy and contact the controller if you have any specific questions.
2.8 Hosting
2.9 Legal basis
The processing of personal data always requires a legal basis. The GDPR provides the following possibilities in Art. 6 para. 1 sentence 1:
a) The data subject has given their consent to the processing of their personal data for one or more specific purposes;
b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) The processing is necessary for compliance with a legal obligation to which the controller is subject;
d) Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e) The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) Processing is necessary for the purposes of the legitimate interests pursued by the controller(s) or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
In the following sections, we will provide you with the specific legal basis for the respective processing.
3. What happens on our website
When you visit our website, we process your personal data.
We use SSL or TLS encryption to provide the best possible protection against unauthorized access by third parties. You can recognize this encrypted connection by the https:// or lock symbol in the address bar of your browser.
Below you can find out what data is collected when you visit our website, for what purpose this is done and on what legal basis.
3.1 Data collection when accessing the website
When you visit the website, information is automatically stored in so-called server log files. This is the following information:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address
This data is required temporarily in order to be able to display our website to you permanently and without any problems. In particular, this data is used for the following purposes:
• System security of the website
• System stability of the website
• Troubleshooting on the website
• Establishing a connection to the website
• Presentation of the website
Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular our interest in the functionality of the website and its security.
Where possible, this data is stored in pseudonymized form and deleted once the respective purpose has been achieved.
If the server log files make it possible to identify the data subject, the data is stored for a maximum period of 14 days. An exception is made if a security-relevant event occurs. In this case, the server log files are stored until the security-relevant event has been resolved and finally clarified.
Otherwise, no merging with other data takes place.
3.2 Cookies
3.2.1 General information
This website uses so-called cookies. This is a data record, information that is stored in the browser of your end device and is related to our website.
The use of cookies can make it easier for visitors to navigate the website.
In our cookie consent tool, you will find all information about the cookies that we use on our website (if applicable, with your consent).
3.2.2 Rejecting cookies
You can manage all cookies that are not technically necessary directly via our cookie consent tool.
You can prevent cookies from being set by adjusting your browser settings.
Here you will find the corresponding links to frequently used browsers:
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=Cookies+l%C3%B6schen&redirectlocale=en
Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de
Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac.
If you are using a different browser, we recommend that you enter the name of your browser and ‘delete and manage cookies’ in a search engine and follow the official link to your browser.
Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.
However, we must point out that a comprehensive blocking/deletion of cookies can lead to impairments in the use of the website.
3.2.3 Technically necessary cookies
We use technically necessary cookies on this website to ensure that our website functions correctly and in accordance with the applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.
The legal basis for this is Art. 6 para. 1 lit. b, c and/or f GDPR, depending on the individual case.
3.2.4 Technically not necessary cookies
We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of the website visitor or to offer functions of the website that are not technically necessary.
The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Technically unnecessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.
3.3 Data processing through user input
3.3.1 Use of AI
Personal data of visitors to this website may be processed using artificial intelligence (e.g. for the automatic evaluation of contact forms, by means of an AI chatbot or to optimize internal processes).
In particular, contact data and form or chat content may be recorded and analyzed by AI models. The legal basis for this is Art. 6 para. 1 lit. a GDPR (if consent has been given) or Art. 6 para. 1 lit. f GDPR (legitimate interest in increasing efficiency). Data is only transferred to third parties (e.g. CRM providers or external AI service providers) if this is necessary to achieve the stated purposes. The tools used are listed in this Privacy Policy in the context of their functionality and details are provided.
3.3.2 Own data collection
We offer the following (service) on our website: Support.
We collect the following data for this purpose:
• Name
• E-mail address
The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.
The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.
3.3.3 Contact us
a) e-mail
When you contact us by email, we process your email address and any other data contained in the email. This data is stored on the mail server and in some cases on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.
b) Telephone
If you contact us by telephone, the call data may be stored in pseudonymized form on the respective end device and with the telecommunications provider used. Personal data collected during the telephone call will only be processed in order to process your request. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.
c) Contact form
External services
We use external services to provide certain functions. Detailed information will follow shortly.
Fluent Forms
This website uses the Fluent Forms service, which is operated by WPManageNinja LLC, 2035 Sunset Lake Road, Suite B-2, Newark, DE 19702, USA, to provide and manage contact forms. Fluent Forms provides functions for creating and integrating forms that users can use to submit contact requests, support requests, newsletter subscriptions, feedback or other information. The personal data requested in the respective form, such as name, e-mail address, telephone number, address data, content entered by the user, uploaded files, payment information (for payment forms) and any metadata on form use are processed. The purpose of data processing is to process and respond to incoming inquiries, carry out support processes, send newsletters, manage surveys, registration processes or process payments. Depending on the use case, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR (consent, e.g. for newsletter registration), Art. 6 para. 1 lit. b GDPR (performance of a contract or implementation of pre-contractual measures in the context of support/enquiries) and Art. 6 para. 1 lit. f GDPR due to the legitimate interest in efficient and secure communication. Insofar as consent is given to the use of technically unnecessary cookies, Section 25 (1) TDDDG is also relevant. Fluent Forms may set functional cookies to ensure form processes and spam protection (e.g. with anti-spam integrations). Analysis and marketing cookies are only used with express consent, the use and purpose of which are made transparent in the cookie banner in individual cases. The basis is Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG; required cookies are used in accordance with § 25 para. 2 no. 2 TDDDG. Personal data may be transferred to WPManageNinja LLC in the USA. The standard contractual clauses adopted by the EU Commission are used as suitable guarantees for the level of data protection. The transmitted data will be stored until the final processing of the request or until a revocation of consent is received, provided that there are no further legal storage obligations. Further information can be found in the WPManageNinja privacy policy: https://wpmanageninja.com/privacy-policy/
d) Chat
Tawk.to
We use the chat service Tawk.to on our website to provide a live chat for real-time communication with website visitors and to support customer inquiries and sales. Tawk.to is provided by tawk.to inc, 187 East Warm Springs Rd, SB298, Las Vegas, Nevada, 89119, United States. Tawk.to enables interactive communication via a chat window that provides visitors with various functions such as making contact, assisting with purchases, providing feedback and submitting inquiries. During use, communication content (chat histories), contact information (e.g. e-mail address, if provided), IP address, technical browser and device data and usage information (pages viewed, time spent, search terms in the knowledge base) are typically processed. The purpose of data processing is direct communication with visitors, professional processing of requests, increasing customer satisfaction, sales support and analysis and optimization of services. The legal basis is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in efficient support communication and in improving the website. Insofar as consent is given, in particular when filling out forms or sending messages, the processing is based on Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG. Tawk.to may use functional cookies to provide the chat function and analysis cookies to evaluate usage. Analysis and marketing cookies are only set with the prior consent of the user. Functional cookies are required to provide the chat function. The legal basis for technically necessary cookies is Art. 6 para. 1 lit. f GDPR, for cookies requiring consent Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG. Personal data is transferred to the USA. Tawk.to provides suitable guarantees in accordance with Art. 46 GDPR, in particular the conclusion of EU standard contractual clauses. Data is deleted as soon as it is no longer required to achieve the purpose, consent has been revoked or statutory retention periods have expired. Further information can be found at: https://www.tawk.to/legal/
3.4 Cookie Consent Tool
Real Cookie Banner
The Real Cookie Banner consent management tool from devowl.io GmbH, Neidenburger Straße 43, 28207 Bremen, Germany, is used on our website. The tool is used to obtain and manage the consent of website visitors regarding the setting of cookies and the use of certain services as well as to implement legal requirements for transparency and verification obligations. Real Cookie Banner enables individual cookie consents to be given, cookie types to be selected according to purpose and consent banners to be customized; scripts and third-party cookies (such as analysis and marketing services) are also blocked until consent is given. Information on the consent status, selected cookie preferences, technical logs for the consent decision, time stamps and log data of the consents given or revoked are processed. The purpose of data processing is the management and legally compliant documentation of consent as well as the fulfillment of legal obligations to provide evidence in accordance with the GDPR and the ePrivacy Directive. The legal bases are Art. 6 para. 1 lit. c GDPR (fulfillment of legal obligations), Art. 6 para. 1 lit. f GDPR (legitimate interest in legally compliant website design) and – for the storage and reading of information on the end device – § 25 para. 2 no. 2 TDDDG, unless consent is required. Real Cookie Banner sets technically necessary cookies and may use the local memory of the browser to store consent preferences; analysis, marketing or third-party cookies are only stored after active consent has been given; Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG. Processing takes place exclusively on servers in the EU; the service does not transfer personal data to third countries. The data will be deleted as soon as the purpose of storage no longer applies, statutory retention obligations exist or consent has been withdrawn. Further information can be found at https://devowl.io/privacy-policy/.
3.5 Analysis and tracking tools
Google Analytics
We use the analysis service Google Analytics on our website to evaluate visitor behavior and to optimize our online services. Google Analytics is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics collects and analyzes information about the interaction of users with our website, including page views, length of stay, clicks, navigation, geographical origin (at city and state level), device and browser information used and the origin of traffic. In addition, technical identifiers such as the anonymized IP address, cookie IDs, client IDs or user IDs are processed. If activated, demographic characteristics and interests may also be included. Processing is carried out for the purpose of measuring reach, analyzing user behavior, improving the website and checking the success of marketing measures. The legal basis for the use of Google Analytics is consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG. Processing only begins after active consent has been given by the website visitor. Google Analytics uses cookies that are stored on the end device and read out corresponding information. These are analysis cookies that are used exclusively on the basis of consent. The transfer of personal data to a third country (e.g. the USA) cannot be ruled out. Insofar as data is processed outside the EU/EEA, Google uses the standard contractual clauses approved by the EU Commission as guarantees for compliance with the European level of data protection. The storage periods of Google Analytics can be configured and are 2 to 14 months by default. Collected data is deleted as soon as it is no longer required for the processing purposes or if consent is withdrawn, provided that there is no legal obligation to retain it. Further information can be found at: https://policies.google.com/privacy?hl=de
3.5.1 Google Consent Mode
We use Google Consent Mode on our website to customize the use of Google services based on your consent. This means that, depending on your consent, we either use the full functionality of these services or only carry out limited data collection.
Google Consent Mode allows a certain amount of data processing, even if consent is denied, but in anonymized form.
We use the basic consent mode. This enables us to continue collecting aggregated data even if you have not consented to certain cookies. IP addresses may be transmitted to Google. The processing serves to improve our website and to analyze conversion events in anonymized form. This enables us to better assess the performance of our marketing measures.
The processing is carried out in our legitimate interest in being able to better control and use certain functions of the Google services used on the website that require consent. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
Further information on Google Consent Mode can be found at: https://support.google.com/analytics/answer/9976101.
3.6 Social media profiles
In addition to our website, our company is also present on social networks. Here we want to present our company and create the opportunity to get in touch with us.
We also use the opportunity to place advertisements and job advertisements on social media.
In the following, we provide information about which data we and the respective social network process when you visit and interaction with our profile.
We operate a LinkedIn profile on https://www.linkedin.com/. This social network is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Interaction with our company profile
When you visit our LinkedIn profile and interact with us, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our LinkedIn profile. Insofar as a request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.
Page Insights
LinkedIn provides us with aggregated statistics and insights (called Page Insights) that tell us how people interact with our Company Page. Among other things, we receive information about the number of profiles that view, comment on or otherwise interact with our posts, as well as aggregated demographic and other information that helps us learn about the interaction with our page or LinkedIn profile. Page Insights provided to us by LinkedIn consist of aggregated data, and LinkedIn does not provide us with any personally identifiable information about members in relation to Page Insights. We also have no way of linking Page Insights to individual members. When placing ads, LinkedIn provides us with information about the types of people who see our ads and the success of our ads. Personal data is only passed on to us if this person has consented to such processing. We also receive information from LinkedIn that allows us to understand which of our ads led to a purchase being made or an action being taken. This data is processed for the purpose of analyzing our reach and adapting our content and ads to user interests. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target-group-specific content and place advertisements in order to better market our company and our services. The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. When processing personal data in the course of the so-called Page Insights, the processing is carried out in joint responsibility with LinkedIn in accordance with Art. 26 para. 1 GDPR. We have concluded a corresponding agreement with LinkedIn for this purpose, which can be viewed [here](https://legal.linkedin.com/pages-joint-controller-addendum). LinkedIn’s contact details are as follows: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For LinkedIn, you can contact the data protection officer at the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
Processing by LinkedIn
By visiting our company profile, LinkedIn may also process additional personal data. In this case, the processing is carried out under the sole responsibility of LinkedIn and without our knowledge. More information from LinkedIn on this: https://de.linkedin.com/legal/privacy-policy.
External services
We use external services to provide certain functions. Detailed information will follow shortly.
3.6.1 LinkedIn Ads
We also integrate the functions of LinkedIn Ads on our website.
With the help of LinkedIn Ads, we can easily create effective ads that can be seen by a large audience on LinkedIn.
LinkedIn collects personal data for this purpose using cookies. This is used to evaluate the behavior of the users in order to analyze the effectiveness of the advertising measures and to adapt them for future campaigns in a more user-oriented manner.
These cookies are only set with consent. Consent can be withdrawn at any time. The legal basis for this is Art. 6 para. 1 lit. a GDPR.
Otherwise, the legal basis for the processing of data by LinkedIn Ads is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in expanding and optimizing our advertising presence on the LinkedIn platform.
3.7 Third-party content
TranslatePress
On our website, we use the translation function of TranslatePress, a service for the multilingual display and translation of websites, operated by SC Reflection Media SRL, Str. Armoniei, nr 23A, Ap. 46, Timisoara City, Timis County, Romania. TranslatePress enables the website to be displayed in several languages, provides a language switcher and allows all content to be translated in real time directly in the front end. According to the provider, no personal data of visitors is processed through the use of the plugin; all translations and settings are only stored locally in the website’s WordPress database. No IP addresses, browser information or other personal data is transferred to third parties via the plugin or logged externally. The purpose of using the plugin is to make the website accessible in various target languages and to improve the user experience for international visitors. The legal basis for the provision of the function and the associated data processing is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in the multilingual presentation and easier accessibility of the website. TranslatePress does not set any cookies and does not collect any technical or marketing-related information when visitors use the service. There is no transfer of personal data to third countries through the use of TranslatePress, as all data remains stored within our own infrastructure. Data remains stored as long as it is required for the functionality of the translation service or until it is deleted by the website administration. The general deletion periods of the WordPress installation apply. Further information on data processing by the service can be found at https://translatepress.com/privacy-policy/
Embedded third-party content
We integrate content from external providers to provide you with enhanced functions and content. Detailed information on the services used will follow shortly.
Rank Math SEO
We use the Rank Math SEO service for search engine optimization on our website, operated by ONE.COM INDIA PRIVATE LIMITED, G-58, FIRST FLOOR, REAR PORTION EAST OF KAILASH, South Delhi, India, Pin: 110065. Rank Math SEO provides functions for on-page SEO analysis, for generating schema markup for rich snippets, for managing local SEO data, for integrating search analysis services, for optimizing e-commerce content and for performing automated website audits. No personal data of website visitors is processed by the service itself as part of its use. If the optional anonymized usage statistics have been activated by the administrators, only plugin usage data as well as license information and anonymized settings of administrator accounts are processed. Rank Math SEO does not collect content, communication or tracking data from website visitors. The purpose of data processing is to optimize the website in terms of search engine findability and to improve the technical and structural SEO parameters. The legal basis for the processing (if activated) is Art. 6 para. 1 lit. f GDPR on the basis of a legitimate interest in optimizing the website and the traceability of license usage. User statistics are only processed if explicitly activated. In the event of any integration of analysis or marketing services such as Google Analytics via Rank Math SEO, the respective information and consent obligations of these third-party providers apply separately. Rank Math SEO itself does not set any cookies and does not collect any tracking data from website visitors. If third-party services are configured via Rank Math SEO during integration, the specific cookie and legal basis notices of the respective services apply. Rank Math SEO does not currently transfer personal data to third countries, as no personal user data is processed. The data processed in connection with license management and optional anonymized plugin use will be deleted as soon as it is no longer required for the purposes mentioned or a corresponding setting is revoked, provided that this does not conflict with statutory retention requirements. Further information can be found at: https://rankmath.com/privacy-policy/
Bunny Fonts
We integrate Bunny Fonts on our website, a web font service provided by BunnyWay d.o.o., a company based in the European Union. The service enables the privacy-friendly integration of web fonts as an alternative to other font CDNs and provides fonts via a global content delivery network. No personal data such as IP addresses, browser information or other usage data is collected, stored or passed on by Bunny Fonts when the fonts are retrieved, as the service pursues a consistent zero-logging and zero-tracking policy. The purpose of data processing is the provision and optimal presentation of web fonts for the uniform and appealing design of the website. The legal basis is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in a technically secure and visually optimized presentation. Bunny Fonts does not use cookies or similar technologies. There is no transfer of personal data to third countries, as all processing takes place exclusively within the European Union. It is not necessary to store or delete personal data, as no such data is processed through the use of Bunny Fonts. Further information can be found in Bunny Fonts’ Privacy Policy at https://bunny.net/privacy/.
Cloudflare Turnstile
The anti-bot solution Cloudflare Turnstile, a service for preventing spam and abuse and securing forms, is integrated on our website. The provider is Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare Turnstile analyzes interactions of website visitors to detect automated access and enable legitimate access. Turnstile is primarily used to protect forms, such as logins, registrations and contacts, without using traditional CAPTCHAs. Among other things, the IP address, the user agent, browser and device-specific signals for identification, TLS fingerprints, the site key used and the origin of the request are processed. The data is processed for the purpose of preventing misuse, spam protection and ensuring the functionality and security of the website. The legal basis for the use is Art. 6 para. 1 lit. f GDPR due to the legitimate interest in the technical security of the website as well as § 25 para. 2 no. 2 TDDDG, insofar as information is processed in the end device that is necessary for secure operation. Cloudflare Turnstile itself does not use any tracking or marketing cookies; only technically necessary cookies are used, the use of which is necessary for the protection of the website. The legal basis for this is Art. 6 para. 1 lit. f GDPR i. V. m. § 25 para. 2 TDDDG. Personal data may be transferred to third countries, in particular to the USA. The standard contractual clauses of the EU Commission pursuant to Art. 46 para. 2 lit. c GDPR are used as a suitable guarantee for this transfer. Personal data is stored for as long as it is required for the stated purposes or for as long as statutory retention periods apply. In the event of revocation or discontinuation of the processing purpose, the data will be deleted, provided that there are no other legal obligations to the contrary. Further information can be found in Cloudflare’s Privacy Policy at https://www.cloudflare.com/privacypolicy/ and in the Turnstile-specific data protection notice at https://www.cloudflare.com/de-de/cloudflare-customer-dpa/addendum-turnstile/.
Germanized for WooCommerce
Our website uses the Germanized for WooCommerce plugin, developed and offered by vendidero GmbH, Schillerstraße 36, 12207 Berlin, Germany. The plugin extends WooCommerce with functions for the legally compliant design of online stores in accordance with German and European law, for example by displaying legally required information on delivery times, basic prices, VAT and by supporting legally required documents such as invoices, shipping labels and delivery bills. Personal data that is already processed via WooCommerce, such as names, email addresses and billing and shipping addresses of customers, is processed. The plugin itself does not collect or store any other personal data and does not set its own cookies. The purposes of the processing are the implementation of legal requirements, the optimization of the ordering process and the proof of legally compliant processes in the online store. The legal basis is Art. 6 para. 1 lit. c GDPR for the fulfillment of legal obligations and Art. 6 para. 1 lit. b GDPR for the execution of contractual relationships. Germanized for WooCommerce does not use its own cookies. The plugin itself does not transfer personal data to third countries; processing takes place exclusively within the European Union. The storage and deletion of the data collected in the context of WooCommerce is based on the specifications defined in the store; data is deleted after the purpose has ceased to apply, upon request or after the expiry of statutory retention obligations. Further information can be found in the provider’s terms of use with data protection information: https://vendidero.com/terms-and-conditions
3.8 Audio and video conferencing
Google Meet
The Google Meet service is used on our website to conduct audio and video conferences. Google Meet is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Meet enables virtual meetings, audio and video conferences and functions such as screen sharing, live subtitling, chat and collaboration in real time. In particular, we process participants’ identity data (such as name and email address), attendance data (e.g. joining and leaving times, roles in the meeting), device information and technical metrics (device type, network data such as latency and packet loss for audio/video), location data, meeting events (e.g. presentations, surveys, reports of abuse), meeting artifacts (recordings, transcripts, if activated) as well as browser and network analysis data. The data processing is carried out for the purpose of organizing and conducting online conferences and virtual collaboration, including the provision, safeguarding and analysis of the technical functionality of the meetings. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR for contractual and pre-contractual purposes and Art. 6 para. 1 lit. f GDPR based on our legitimate interest in efficient, secure and modern communication. If functions such as recording or extended analyses are used, additional consent may be required in accordance with Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Google Meet may use functional and analytical cookies to ensure the stability of the connection and to analyze performance. These cookies are only set with prior consent. The legal basis for this is Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG. A transfer of personal data to third countries, in particular to the USA, cannot be ruled out in the context of support or maintenance processes. Google guarantees compliance with an appropriate level of data protection by concluding EU standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR. The data will be deleted as soon as the purpose of the processing no longer applies, consent has been revoked or statutory retention periods have expired. Further information can be found in Google’s Privacy Policy: https://policies.google.com/privacy?hl=de
3.9 Payment services
Stripe
The Stripe payment service is integrated on the website to enable the secure and efficient processing of online payments and subscriptions. Stripe Payments Europe, Limited, 3 Dublin Landings, North Wall Quay, Dublin 1, D01 C4E0, Ireland, is responsible for the service in Europe. Stripe provides various payment functions, such as payment by credit card, direct debit, instant bank transfer or digital wallets, as well as automated invoicing and fraud prevention. In the context of use, Stripe processes personal data such as name, e-mail address, telephone number, billing and delivery address, credit card and account data, IP address, device and browser information, usage and transaction data and, if applicable, documents to confirm identity. The processing is carried out for the purpose of payment processing, contract execution, fraud prevention and compliance with legal requirements. The legal basis is Art. 6 para. 1 lit. b GDPR for contractual or pre-contractual measures, if applicable Art. 6 para. 1 lit. f GDPR due to legitimate interests in secure payment processing and § 25 para. 2 no. 2 TDDDG for technically necessary cookies and technologies. Stripe uses technically necessary cookies as part of the payment process, including authentication and security cookies as well as session IDs for fraud prevention and payment processing. These cookies are absolutely necessary for operation and are processed without consent (Section 25 (2) No. 2 TDDDG). Analytical or marketing cookies, on the other hand, are only used with consent in accordance with Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. Personal data may be transferred to third countries (in particular the USA) as part of payment processing. Stripe uses the standard contractual clauses approved by the EU Commission in accordance with Art. 46 para. 2 lit. c GDPR as suitable guarantees. Personal data is generally deleted as soon as it is no longer required for the purposes for which it was collected and there are no statutory retention obligations. If consent is withdrawn or after expiry of statutory periods, the data will be deleted, provided there are no other statutory retention periods to the contrary. Further information on data processing by Stripe is available at: https://stripe.com/privacy
3.10 Cloud backups
Hetzner Storage Box
Our website uses Hetzner Storage Box, a service provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, for cloud backup purposes. The Hetzner Storage Box enables the secure and scalable storage of backups, such as automated offsite backups and the synchronization or replication of data via protocols such as FTP, SFTP, rsync, Samba/CIFS or WebDAV. During use, user upload files and backup data, anonymized IP addresses in server logs, account and billing data and connection metadata (such as protocol, timestamp, use of subaccounts) are typically processed. The data processing serves to carry out and ensure regular backups of website or server data, for recoverability and to protect against data loss. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR, as it is necessary for the fulfillment of contractual or pre-contractual obligations, and Art. 6 para. 1 lit. f GDPR due to our legitimate interest in secure and reliable data storage as well as § 25 para. 2 no. 2 TDDDG, insofar as logging cookies that are absolutely necessary for operation are set, whereby no marketing or analysis cookies are set as part of the backup. There is no transfer of personal data to third countries; all data is stored exclusively in data centers within the European Economic Area. The storage period is based on contractual or statutory retention periods; backup data is deleted as soon as the purpose of storage no longer applies or the deletion is triggered in the customer account, provided that there are no legal obligations to the contrary. Further information can be found in Hetzner’s Privacy Policy: https://www.hetzner.com/legal/privacy-policy/
4. What else is important
Finally, we would like to inform you in detail about your rights and how you will be informed about changes to data protection requirements.
4.1 Your rights in detail
4.1.1 Right to information in accordance with Art. 15 GDPR
You can request information about whether your personal data is being processed. If this is the case, you can request further information on the type and manner of processing. A detailed list can be found in Art. 15 para. 1 lit. a to h GDPR.
4.1.2 Right to rectification in accordance with Art. 16 GDPR
This right includes the correction of incorrect data and the completion of incomplete personal data.
4.1.3 Right to erasure in accordance with Art. 17 GDPR
This so-called ‘right to be forgotten’ gives you the right, under certain conditions, to request the deletion of your personal data by the controller. This is generally the case if the purpose of the data processing no longer applies, if consent has been withdrawn or the initial processing took place without a legal basis. A detailed list of reasons can be found in Art. 17 para. 1 lit. a to f GDPR. This “right to be forgotten” also corresponds to the controller’s obligation under Art. 17 para. 2 GDPR to take reasonable steps to ensure that the data is generally erased.
4.1.4 Right to restriction of processing in accordance with Art. 18 GDPR
This right is subject to the conditions set out in Art. 18 para. 1 lit. a to d.
4.1.5 Right to data portability in accordance with Art. 20 GDPR
This regulates the basic right to receive your own data in a commonly used form and to transfer it to another controller. However, this only applies to data processed on the basis of consent or a contract in accordance with Art. 20 (1) (a) and (b) and insofar as this is technically feasible.
4.1.6 Right to object pursuant to Art. 21 GDPR
In principle, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling.
4.1.7 Right to “individual decision-making” pursuant to Art. 22 GDPR
In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. However, this right is also restricted and supplemented by Art. 22 (2) and (4) GDPR.
4.1.8 Further rights
The GDPR contains comprehensive rights to inform third parties about whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, this only applies insofar as this is possible or feasible with reasonable effort.
We would like to take this opportunity to draw your attention once again to your right to withdraw your consent in accordance with Art. 7 (3) GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.
We would also like to draw your attention to your rights under §§ 32 ff. BDSG, which, however, are largely congruent with the rights just described.
4.1.9 Right to lodge a complaint pursuant to Art. 77 GDPR
You also have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data relating to you infringes this Regulation.
5. What if the GDPR is abolished tomorrow or other changes take place?
The current status of this Privacy Policy is 05.03.2026. From time to time it is necessary to adapt the content of the Privacy Policy in order to react to actual and legal changes. We therefore reserve the right to amend this Privacy Policy at any time. We will publish the amended version in the same place and recommend that you read the Privacy Policy regularly.
Created with the kind support of Dieter macht den Datenschutz