Privacy policy

Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

Last updated: March 8, 2026

Table of Contents

Controller

Alexander Mettke
Am Rathausring 5
74889, Sinsheim
Germany

Authorized representative: Alexander Mettke

Email address: info@schneidemesser.eu

Legal notice: https://schneidemesser.eu/policies/legal-notice

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • Master data.
  • Payment data.
  • Location data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Event data (Facebook).
  • Log data.

Categories of Data Subjects

  • Service recipients and clients.
  • Employees.
  • Interested parties.
  • Communication partners.
  • Users.
  • Business and contractual partners.
  • Participants.
  • Third parties.
  • Customers.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organizational procedures.
  • Conversion tracking.
  • Target audience formation.
  • Organizational and administrative procedures.
  • Content Delivery Network (CDN).
  • Feedback.
  • Surveys and questionnaires.
  • Marketing.
  • User-related profiles.
  • Provision of our online offering and user-friendliness.
  • IT infrastructure.
  • Financial and payment management.
  • Public relations.
  • Sales promotion.
  • Business processes and economic procedures.

Applicable Legal Bases

Applicable legal bases under the GDPR: The following provides an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the GDPR provisions, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases are relevant in individual cases, we will inform you of these in this privacy policy.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at the request of the data subject.
  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject do not override those interests.

National data protection regulations in Germany: In addition to the GDPR, national data protection laws apply in Germany, particularly the Federal Data Protection Act (BDSG).

Applicable legal bases under Swiss data protection law: If you are located in Switzerland, we process your data based on the Swiss Federal Act on Data Protection (FADP).

Note on applicability of GDPR and Swiss FADP: These privacy notices serve both GDPR and Swiss FADP requirements.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the risk to individuals.

These measures include safeguarding confidentiality, integrity, and availability of data, as well as procedures for handling data subject rights and data breaches.

SSL/TLS encryption (HTTPS): We use SSL/TLS encryption to protect data transmitted via our online services.

Transfer of Personal Data

As part of our processing of personal data, data may be transferred to or disclosed to other entities or service providers. In such cases, we comply with legal requirements and conclude appropriate agreements.

International Data Transfers

Data transfers to third countries are carried out in compliance with legal requirements.

For transfers to the United States, we primarily rely on the Data Privacy Framework (DPF).

Further information: https://www.dataprivacyframework.gov/

General Information on Data Storage and Deletion

We delete personal data in accordance with legal requirements once it is no longer necessary.

  • 10 years – accounting records.
  • 8 years – invoices and receipts.
  • 6 years – business correspondence.
  • 3 years – limitation periods.

Rights of Data Subjects

  • Right to object
  • Right to withdraw consent
  • Right of access
  • Right to rectification
  • Right to erasure and restriction
  • Right to data portability
  • Right to lodge a complaint

Business Services

We process personal data of contractual partners to fulfill contractual obligations.

  • Data types: Master, contact, contract, payment, usage data.
  • Purposes: Contract fulfillment, communication, security.
  • Legal bases: Art. 6(1)(b), (c), (f) GDPR.

Business Processes and Procedures

Personal data is processed to support business operations such as customer management, accounting, and marketing.

  • Data types: Master, payment, contact, content, usage, log data.
  • Purposes: Business operations, marketing, IT infrastructure.
  • Legal bases: Art. 6(1)(b), (c), (f) GDPR.

Use of Online Platforms for Offering and Sales Purposes

We offer our services on online platforms operated by other service providers. In this context, in addition to our privacy notices, the privacy policies of the respective platforms apply. This applies in particular with regard to the execution of payment transactions and the procedures used on the platforms for reach measurement and interest-based marketing.

  • Types of data processed: Master data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); contract data (e.g., subject matter of the contract, duration, customer category); usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Categories of data subjects: Service recipients and clients; business and contractual partners; interested parties.
  • Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations; marketing; business processes and economic procedures; conversion tracking (measuring the effectiveness of marketing measures); provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
  • Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

Service Providers and Services Used in the Course of Business Activities

Within the scope of our business activities, we use additional services, platforms, interfaces, or plugins from third-party providers (hereinafter "services") in compliance with legal requirements. Their use is based on our interest in a proper, lawful, and efficient operation of our business and internal organization.

  • Types of data processed: Master data; payment data; contact data; content data; contract data; usage data; meta, communication, and procedural data.
  • Categories of data subjects: Service recipients and clients; interested parties; business and contractual partners; communication partners; users.
  • Purposes of processing and legitimate interests: Contract performance; organizational procedures; business processes; direct marketing; provision of our online offering; communication.
  • Storage and deletion: Deletion in accordance with the section "General Information on Data Storage and Deletion".
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

Payment Methods

Within contractual relationships, we offer secure payment methods via payment service providers.

  • Types of data processed: Master, payment, contract, usage, meta, and contact data.
  • Categories of data subjects: Customers, contractual partners, interested parties.
  • Purposes: Payment processing and business operations.
  • Legal bases: Art. 6(1)(b), (f) GDPR.

Further services:

Provision of the Online Offering and Web Hosting

We process user data to provide our online services, including IP addresses required for delivery.

  • Types of data processed: Usage, log, content, and meta data.
  • Categories of data subjects: Users.
  • Purposes: IT infrastructure, security, and service provision.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further services:

Use of Cookies

The term “cookies” refers to functions that store information on users’ devices and read it from them. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online services, as well as creating analyses of visitor flows. We use cookies in accordance with legal regulations. Where required, we obtain users’ consent in advance. If consent is not necessary, we rely on our legitimate interests. This applies when storing and reading information is essential to provide expressly requested content and functions. This includes, for example, storing settings and ensuring the functionality and security of our online offering. Consent can be withdrawn at any time. We clearly inform about its scope and which cookies are used.

Notes on legal bases under data protection law: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage duration: With regard to storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, login status can be saved and preferred content displayed directly when the user revisits a website. Likewise, user data collected using cookies may be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that they are permanent and that the storage duration can be up to two years.

General notes on withdrawal and objection (opt-out): Users can withdraw their consent at any time and also object to processing in accordance with legal requirements, including via their browser’s privacy settings.

Cookie settings / objection option:

https://schneidemesser.eu/pages/gdpr-compliance

  • Types of data processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Processing of cookie data based on consent: We use a consent management solution in which users’ consent to the use of cookies or to the procedures and providers specified within the consent management solution is obtained. This procedure serves to obtain, log, manage, and withdraw consents, particularly in relation to the use of cookies and comparable technologies used to store, read, and process information on users’ devices. Within this procedure, users’ consents are obtained for the use of cookies and the associated processing of information, including the specific processing operations and providers named in the consent management process. Users also have the option to manage and withdraw their consents. Consent declarations are stored to avoid repeated requests and to provide proof of consent in accordance with legal requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or via comparable technologies in order to assign the consent to a specific user or their device. Unless specific information about the providers of consent management services is available, the following general information applies: The storage duration of consent is up to two years. A pseudonymous user identifier is created and stored together with the time of consent, information on the scope of consent (e.g., relevant cookie categories and/or service providers), as well as information about the browser, system, and device used; legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Service provider: iSenseLabs
    Professor Georgie Bradistilov Street 4
    Sofia

    EU Registration number: 112660079; Website: https://www.consentmo.com/. Privacy policy: https://www.consentmo.com/privacy-policy-terms-of-service/en.
  • Consentmo GDPR: We use a consent management solution in which users’ consent to the use of cookies or to the procedures and providers specified within the consent management solution is obtained. This procedure serves to obtain, log, manage, and withdraw consents, particularly in relation to the use of cookies and comparable technologies used to store, read, and process information on users’ devices. Within this procedure, users’ consents are obtained for the use of cookies and the associated processing of information, including the specific processing operations and providers named in the consent management process. Users also have the option to manage and withdraw their consents. Consent declarations are stored to avoid repeated requests and to provide proof of consent in accordance with legal requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or via comparable technologies in order to assign the consent to a specific user or their device. Unless specific information about the providers of consent management services is available, the following general information applies: The storage duration of consent is up to two years. A pseudonymous user identifier is created and stored together with the time of consent, information on the scope of consent (e.g., relevant cookie categories and/or service providers), as well as information about the browser, system, and device used; legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Service provider: Consentmo
    Prof. Georgi Bradistilov Str. No.4
    1700 Sofia, Bulgaria; Website: https://www.consentmo.com/. Privacy policy: https://www.consentmo.com/privacy-policy-terms-of-service/en.

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). The data of readers is processed for the purposes of the publication medium only insofar as it is necessary for its presentation and communication between authors and readers or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publication medium within these privacy notices.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and posts and related information such as authorship or time of creation); usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing and legitimate interests: Feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, telephone, or via social media) and within existing user and business relationships, the details of the inquiring persons are processed insofar as this is necessary to respond to contact inquiries and any requested measures.

  • Types of data processed: Contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and posts and related information such as authorship or time of creation); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matter, term, customer category). Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data subjects: Communication partners; service recipients and clients; interested parties. Business and contractual partners.
  • Purposes of processing and legitimate interests: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form); provision of our online offering and user-friendliness; performance of contractual services and fulfillment of contractual obligations; conversion measurement (measuring the effectiveness of marketing measures). Marketing.
  • Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Further information on processing operations, procedures, and services:

  • Contact form: When contacting us via our contact form, by email, or other communication channels, we process the personal data transmitted to us in order to respond to and handle the respective request. This generally includes details such as name, contact information, and, if applicable, further information provided to us that is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Etsy: Online marketplace for e-commerce; Service provider: Etsy, Inc., 55 Washington Street, Suite 712, Brooklyn, NY 11201, USA; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.etsy.com/de. Privacy policy: https://www.etsy.com/de/legal/privacy/?ref=ftr.
  • kleinanzeigen: Online marketplace for e-commerce; Service provider: kleinanzeigen.de GmbH, Albert-Einstein-Ring 26, 14532 Kleinmachnow, Germany; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.kleinanzeigen.de/. Privacy policy: https://themen.kleinanzeigen.de/datenschutzerklaerung/.
  • eBay: Online marketplace for e-commerce; Service provider: eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.ebay.de/; Privacy policy: https://www.ebay.de/help/policies/member-behavior-policies/datenschutzerklrung?id=4260. Data processing agreement: Provided by the service provider.

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter “newsletter”) only with the consent of the recipients or based on a legal basis. If the contents of the newsletter are described when registering, these contents are decisive for the users’ consent. Normally, providing your email address is sufficient to subscribe to our newsletter. However, in order to offer you a personalized service, we may ask for your name for personal addressing in the newsletter or for additional information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper execution. If we commission a service provider to send emails, this is based on our legitimate interests in an efficient and secure sending system.

Content:

Information about us, our services, promotions, and offers.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data subjects: Communication partners.
  • Purposes of processing and legitimate interests: Direct marketing (e.g., by email or post).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Opt-out option: You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe can be found at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Further information on processing operations, procedures, and services:

  • Measurement of open and click rates: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our server or, if we use a shipping service provider, from their server when the newsletter is opened. As part of this retrieval, technical information such as details about the browser and your system, as well as your IP address and the time of retrieval, are initially collected. This information is used to technically improve our newsletter based on technical data or target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether and when newsletters are opened and which links are clicked. The collected information is assigned to individual newsletter recipients and stored in their profiles until deletion. On this basis, user profiles are created in which usage behavior and user characteristics are stored. The measurement of open and click rates as well as the storage of the measurement results in user profiles and their further processing are carried out on the basis of user consent. A separate withdrawal of performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
  • Reminder emails for the ordering process: If users do not complete an ordering process, we may remind them by email about the ordering process and send them a link to continue it. This function can be useful, for example, if the purchase process could not be continued due to a browser crash, mistake, or forgetfulness. Sending is based on consent, which users can withdraw at any time; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
  • Sending via SMS: The electronic notifications may also be sent as SMS text messages (or exclusively via SMS if the authorization for sending, e.g., consent, only covers SMS); Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
  • CleverReach: Email sending and automation services; Service provider: CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.cleverreach.com/de; Privacy policy: https://www.cleverreach.com/de/datenschutz/. Data processing agreement: Provided by the service provider.

Advertising Communication via Email, Post, Fax, or Telephone

We process personal data for the purposes of advertising communication, which may take place via various channels such as email, telephone, post, or fax in accordance with legal requirements.

Recipients have the right to withdraw granted consents at any time or to object to advertising communication at any time free of charge using the contact options listed above.

After withdrawal or objection, we store the data required to prove the previous authorization for contact or sending for up to three years from the end of the year of withdrawal or objection based on our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. Based on the legitimate interest in permanently observing the withdrawal or objection of users, we also store the data necessary to avoid renewed contact (e.g., depending on the communication channel, the email address, phone number, name).

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and posts and related information such as authorship or time of creation); usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Communication partners.
  • Purposes of processing and legitimate interests: Direct marketing (e.g., by email or post); marketing; sales promotion.
  • Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • CleverReach: Email sending and automation services; Service provider: CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.cleverreach.com/de; Privacy policy: https://www.cleverreach.com/de/datenschutz/. Data processing agreement: Provided by the service provider.

Surveys and Questionnaires

We conduct surveys and questionnaires to collect information for the respective communicated survey or questionnaire purpose. The surveys and questionnaires conducted by us (hereinafter "surveys") are evaluated anonymously. Personal data is only processed to the extent necessary to provide and technically carry out the surveys (e.g., processing the IP address to display the survey in the user's browser or using a cookie to enable resuming the survey).

  • Types of data processed: Master data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and contributions and related information such as authorship or time of creation). Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data subjects: Participants.
  • Purposes of processing and legitimate interests: Feedback (e.g., collecting feedback via online forms). Surveys and questionnaires (e.g., surveys with input options, multiple-choice questions).
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Judge.me: enables merchants to collect and display product reviews and customer feedback; Service provider: Buckworths (Ireland) Limited, c/o Workhub, 77 Lower Camden Street, Dublin SO2 XE80; Website: https://judge.me/. Privacy Policy: https://judge.me/privacy.

Web Analytics, Monitoring, and Optimization

Web analytics (also referred to as "reach measurement") is used to evaluate visitor flows to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offering or its functions or content are most frequently used or invite reuse. Likewise, we are able to identify which areas require optimization.

In addition to web analytics, we may also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles (i.e., data summarized for a usage process) may be created for these purposes and information may be stored in a browser or on a device and subsequently read. The collected information includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, location data may also be processed.

Furthermore, users' IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored within the scope of web analytics, A/B testing, and optimization, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing and legitimate interests: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); tracking (e.g., interest/behavior-based profiling, use of cookies); conversion measurement (measurement of the effectiveness of marketing measures); target group formation; marketing. Provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion". Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • 1&1 IONOS WebAnalytics: Reach measurement and web analytics; Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/datenschutzerklaerung/; Data processing agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/vereinbarung-zur-auftragsverarbeitung-avv-mit-ionos-abschliessen/; Further information: Data is collected either via a pixel or a log file without the use of cookies; the IP address of visitors is transmitted when a page is accessed, anonymized immediately after transmission, and processed further without personal reference. Data processing is carried out on the basis of a data processing agreement.
  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It is used to assign analysis information to a device in order to recognize which content users have accessed within one or multiple usage processes, which search terms they have used, accessed again, or interacted with. The time and duration of use are also stored, as well as the sources of users referring to our online offering and technical aspects of their devices and browsers.
    Pseudonymous user profiles are created using information from the use of different devices, and cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and derived latitude and longitude), continent, country, region, subcontinent (and ID-based counterparts). For EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, accessible, or used for other purposes. When Google Analytics collects measurement data, all IP queries are carried out on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms), Switzerland – Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms); Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, ad settings: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).
  • Google Tag Manager: We use Google Tag Manager, a software by Google that allows us to centrally manage so-called website tags via a user interface. Tags are small code elements on our website used to record and analyze visitor activity. This technology helps us improve our website and the content offered on it. Google Tag Manager itself does not create user profiles, does not store cookies with user profiles, and does not perform independent analyses. Its function is limited to facilitating and making more efficient the integration and management of tools and services we use on our website. Nevertheless, when using Google Tag Manager, users' IP addresses are transmitted to Google, which is technically necessary to implement the services we use. Cookies may also be set. However, this data processing only occurs if services are integrated via the Tag Manager. For more detailed information about these services and their data processing, please refer to the respective sections of this privacy policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms; Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms), Switzerland – Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms).

Online Marketing

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on users' potential interests, as well as measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called "cookie") or similar methods are used, by means of which the information relevant for displaying the aforementioned content is stored. This may include, for example, content viewed, websites visited, online networks used, as well as communication partners and technical information such as the browser used, the computer system used, and information about usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

Users' IP addresses are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored within online marketing procedures, but rather pseudonyms. This means that neither we nor the providers of online marketing procedures know the actual user identity, but only the information stored in their profiles.

The information in the profiles is generally stored in cookies or by similar methods. These cookies can later generally also be read on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, supplemented with additional data, and stored on the server of the online marketing procedure provider.

In exceptional cases, it is possible to assign clear data to the profiles, primarily if users are, for example, members of a social network whose online marketing procedures we use and the network links the user profiles with the aforementioned information. We ask you to note that users may enter into additional agreements with the providers, e.g., by giving consent during registration.

As a rule, we only receive access to aggregated information about the success of our advertisements. However, within the framework of so-called conversion measurement, we can check which of our online marketing procedures have led to a conversion, i.e., for example, to a contract being concluded with us. Conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, please assume that cookies used are stored for a period of two years.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Notes on withdrawal and objection:

We refer to the privacy notices of the respective providers and the opt-out options specified by them. If no explicit opt-out option is specified, you have the option to disable cookies in your browser settings. However, this may restrict functions of our online offering. We therefore also recommend the following opt-out options, which are offered collectively for respective regions:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://youradchoices.ca/.

c) USA: https://optout.aboutads.info/.

d) Cross-region: https://optout.aboutads.info.

  • Types of data processed: Content data (e.g., textual or visual messages and contributions and related information such as authorship or time of creation); usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, persons involved). Event data (Facebook) ("event data" refers to information transmitted to Meta via Meta Pixel (whether via apps or other channels) and relates to persons or their actions. This includes details about website visits, interactions with content and functions, app installations, and product purchases. Event data is processed for the purpose of creating target audiences for content and advertising messages (custom audiences). It is important to note that event data does not include actual content such as comments written, login information, or contact information such as names, email addresses, or phone numbers. Event data is deleted by Meta after a maximum of two years, and the audiences created from it disappear when our Meta user accounts are deleted.).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing and legitimate interests: Reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest/behavior-based profiling, use of cookies); conversion measurement (measurement of the effectiveness of marketing measures); target group formation; marketing; profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion". Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Amazon: Marketing of advertising materials and advertising space; Service provider: Amazon EU S.à r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://www.amazon.de; Privacy Policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010. Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF).
  • Meta Pixel and audience creation (Custom Audiences): Using the Meta Pixel (or comparable functions for transmitting event data or contact information via interfaces in apps), Meta is able to determine visitors to our online offering as a target group for displaying ads ("Meta Ads"). Accordingly, we use the Meta Pixel to display Meta Ads placed by us only to users on Meta platforms and within the services of partners cooperating with Meta (so-called "Audience Network" https://www.facebook.com/audiencenetwork/) who have also shown an interest in our online offering or who have certain characteristics (e.g., interest in specific topics or products evident from visited websites) that we transmit to Meta ("Custom Audiences"). With the help of the Meta Pixel, we also want to ensure that our Meta Ads correspond to users' potential interests and are not perceived as intrusive. The Meta Pixel also enables us to track the effectiveness of Meta Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta Ad ("conversion measurement"); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/; Data processing agreement: https://www.facebook.com/legal/terms/dataprocessing; Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), standard contractual clauses (https://www.facebook.com/legal/EU_data_transfer_addendum), Switzerland – Data Privacy Framework (DPF), standard contractual clauses (https://www.facebook.com/legal/EU_data_transfer_addendum); Further information: Event data of users (i.e., behavioral and interest information) is processed for targeted advertising and audience creation based on the joint controllership agreement ("Controller Addendum", https://www.facebook.com/legal/controller_addendum). Joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, particularly the transfer of data to the parent company Meta Platforms, Inc. in the USA (based on standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
  • Google Ad Manager: We use the "Google Ad Manager" service to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). Google Ad Manager is characterized by displaying ads in real time based on presumed user interests. This allows us to display ads for our online offering to users who may have a potential interest in our offering or have previously shown interest, as well as to measure the success of the ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/; data processing terms for Google advertising products and standard contractual clauses for third-country transfers: https://business.safety.google/adscontrollerterms; if Google acts as a processor: https://business.safety.google/adsprocessorterms.
  • Google Ads and conversion measurement: Online marketing procedure for placing content and advertisements within the service provider's advertising network (e.g., in search results, in videos, on websites, etc.), so that they are displayed to users who are presumed to have an interest in the advertisements. In addition, we measure the conversion of the ads, i.e., whether users have taken them as an opportunity to interact with the ads and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/; data processing terms and standard contractual clauses: https://business.safety.google/adscontrollerterms.

Customer Reviews and Rating Procedures

We participate in review and rating procedures in order to evaluate, optimize, and promote our services. If users rate us or otherwise provide feedback via the participating review platforms or procedures, the general terms and conditions or terms of use and the providers’ privacy policies also apply. As a rule, submitting a review also requires registration with the respective providers.

To ensure that the reviewing persons have actually used our services, we transmit, with the consent of the customers, the necessary data regarding the customer and the service used to the respective review platform (including name, email address, and order number or item number). This data is used solely to verify the authenticity of the user.

  • Types of data processed: Contract data (e.g., subject matter of the contract, term, customer category); usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, persons involved).
  • Data subjects: Service recipients and clients. Users (e.g., website visitors, users of online services).
  • Purposes of processing and legitimate interests: Feedback (e.g., collecting feedback via online forms). Marketing.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Judge.me: enables merchants to collect and display product reviews and customer feedback; Service provider: Buckworths (Ireland) Limited, c/o Workhub, 77 Lower Camden Street, Dublin SO2 XE80; Website: https://judge.me/. Privacy Policy: https://judge.me/privacy.
  • Rating Widget: We integrate so-called "rating widgets" into our online offering. A widget is a functional and content element embedded in our online offering that displays dynamic information. It can be displayed, for example, in the form of a seal or a comparable element, sometimes also referred to as a "badge." Although the corresponding content of the widget is displayed within our online offering, it is retrieved at that moment from the servers of the respective widget provider. This is the only way to always display up-to-date content, especially the current rating. For this purpose, a data connection must be established from the website accessed within our online offering to the server of the widget provider, and the widget provider receives certain technical data (access data, including the IP address) necessary to deliver the widget content to the user's browser. Furthermore, the widget provider receives information that users have visited our online offering. This information may be stored in a cookie and used by the widget provider to recognize which online offerings participating in the rating procedure have been visited by the user. The information may be stored in a user profile and used for advertising or market research purposes; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Trustami: Review platform; Service provider: Trustami GmbH, Schröderstraße 5, 10115 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.trustami.com. Privacy Policy: https://www.trustami.com/datenschutz/.

Presences in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to provide information about us.

We point out that user data may be processed outside the European Union. This may result in risks for users, for example because the enforcement of user rights could be made more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on usage behavior and resulting user interests. These profiles may in turn be used to place advertisements within and outside the networks that presumably correspond to the users' interests. For this purpose, cookies are generally stored on users' computers in which usage behavior and interests are stored. In addition, data independent of the devices used by users may also be stored in the usage profiles (especially if users are members of the respective platforms and logged in).

For a detailed description of the respective forms of processing and the opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

In the case of information requests and the assertion of data subject rights, we also point out that these can be most effectively asserted with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. If you still need assistance, you can contact us.

  • Types of data processed: Contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and contributions and related information such as authorship or time of creation); usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, persons involved); master data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matter of the contract, term, customer category).
  • Data subjects: Users (e.g., website visitors, users of online services); service recipients and clients; interested parties; business and contractual partners.
  • Purposes of processing and legitimate interests: Communication; feedback (e.g., collecting feedback via online forms); public relations; marketing; provision of our online offering and user-friendliness; performance of contractual services and fulfillment of contractual obligations; conversion measurement (measurement of the effectiveness of marketing measures).
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Further information on processing operations, procedures, and services:

  • Markt.de: markt.de is an online classifieds portal in Germany; Service provider: Markt.de GmbH & Co. KG,
    Nymphenburger Straße 14,
    80335 Munich,
    Germany; Website: https://www.markt.de/. Privacy Policy: https://www.markt.de/datenschutzerklaerung.htm.
  • Etsy: Online marketplace for e-commerce; Service provider: Etsy, Inc., 55 Washington Street, Suite 712, Brooklyn, NY 11201, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.etsy.com/de. Privacy Policy: https://www.etsy.com/de/legal/privacy/?ref=ftr.
  • eBay: Online marketplace for e-commerce; Service provider: eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.ebay.de/; Privacy Policy: https://www.ebay.de/help/policies/member-behavior-policies/datenschutzerklrung?id=4260. Data processing agreement: Provided by the service provider.
  • Amazon: Online marketplace for e-commerce; Service provider: Amazon EU S.à r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.amazon.de/; Privacy Policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010. Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF).
  • hood.de: Online marketplace for e-commerce; Service provider: Hood Media GmbH, Hämmerchensgäßchen 2A, 52349 Düren, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.hood.de/. Privacy Policy: https://www.hood.de/datenschutz.htm.
  • Quoka.de: Quoka is a German online portal for free classified ads where users can buy and sell products and services; Service provider: QUOKA SRL, Bulevardul Dacia nr 34, Oradea, Romania; Website: https://www.quoka.de/. Privacy Policy: https://hilfebereich.quoka.de/dse/.
  • Instagram: Social network enabling the sharing of photos and videos, commenting and liking posts, messaging, and subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF).
  • Facebook Pages: Profiles within the social network Facebook – The controller is jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data of visitors to our Facebook page ("fan page"). This includes, in particular, information about user behavior (e.g., content viewed or interacted with, actions taken) as well as device information (e.g., IP address, operating system, browser type, language settings, cookie data). Further details can be found in the Facebook data policy: https://www.facebook.com/privacy/policy/. Facebook also uses this data to provide us with statistical analyses via the "Page Insights" service, which provide information about how people interact with our page and its content. This is based on an agreement with Facebook ("Page Insights Information": https://www.facebook.com/legal/terms/page_controller_addendum), which also regulates security measures and the exercise of data subject rights. Further information can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data. Users can therefore direct requests for information or deletion directly to Facebook. Users' rights (in particular access, deletion, objection, and complaint to a supervisory authority) remain unaffected. Joint controllership is limited exclusively to the collection of data by Meta Platforms Ireland Limited (EU). Further processing, including possible transfer to Meta Platforms Inc. in the USA, is the sole responsibility of Meta Platforms Ireland Limited; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), standard contractual clauses (https://www.facebook.com/legal/EU_data_transfer_addendum), Switzerland – Data Privacy Framework (DPF), standard contractual clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).
  • Pinterest: Social network enabling the sharing of photos, commenting, liking, and curating posts, messaging, and subscribing to profiles; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.pinterest.com. Privacy Policy: https://policy.pinterest.com/de/privacy-policy.
  • TikTok: Social network enabling the sharing of photos and videos, commenting and liking posts, messaging, and subscribing to accounts; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de. Data processing agreement: Provided by the service provider.
  • TikTok Business: Social network enabling the sharing of photos and videos, commenting and liking posts, messaging, and subscribing to accounts – We and TikTok are jointly responsible for the collection and transmission of event data as well as for the measurement and creation of insight reports (statistics) for profile owners. This event data includes information about the types of content users view or interact with, or actions they take, as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data) and information from user profiles such as country or location. Data protection information regarding the processing of user data by TikTok can be found in TikTok’s privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de. We have concluded a specific joint controllership agreement with TikTok, which in particular regulates which security measures TikTok must observe and in which TikTok has agreed to fulfill data subject rights (i.e., users can, for example, send access or deletion requests directly to TikTok). Users' rights (in particular access, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with TikTok. The joint controllership agreement can be found in TikTok’s "Jurisdiction Specific Terms": https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de. Basis for third-country transfers: EU/EEA – standard contractual clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms), Switzerland – standard contractual clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).
  • YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF). Opt-out option: https://myadcenter.google.com/personalizationoff.
  • kleinanzeigen: Online marketplace for e-commerce; Service provider: kleinanzeigen.de GmbH, Albert-Einstein-Ring 26, 14532 Kleinmachnow, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.kleinanzeigen.de/. Privacy Policy: https://themen.kleinanzeigen.de/datenschutzerklaerung/.

Plug-ins and Embedded Features and Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as “content”).

The integration always requires that the third-party providers of this content process the users' IP address, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the display of this content or functions. We strive to use only such content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users' devices and may include, among other things, technical information about the browser and operating system, referring websites, visit times, and further details about the use of our online offering, but may also be combined with such information from other sources.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); location data (information on the geographical position of a device or person). Event data (Facebook) (“event data” are information that are sent, for example, via Meta Pixel (whether via apps or other channels) to the provider Meta and relate to persons or their actions. These data include, for example, details about website visits, interactions with content and functions, app installations, and product purchases. The processing of event data serves the purpose of creating target groups for content and advertising messages (custom audiences). It is important to note that event data do not include actual content such as written comments, login information, or contact information such as names, email addresses, or phone numbers. “Event data” are deleted by Meta after a maximum of two years, and the audiences created from them disappear when our Meta user accounts are deleted.).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing and legitimate interests: Provision of our online offering and user-friendliness; reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest/behavior-based profiling, use of cookies); target group formation; marketing; provision of contractual services and fulfillment of contractual obligations. Profiles with user-related information (creation of user profiles).
  • Retention and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.” Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of two years).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Facebook plug-ins and content: Facebook social plug-ins and content – This may include content such as images, videos, or texts and buttons that allow users to share content from this online offering within Facebook. The list and appearance of Facebook social plug-ins can be viewed here: https://developers.facebook.com/docs/plugins/ – Together with Meta Platforms Ireland Limited, we are jointly responsible for the collection or receipt (but not the further processing) of “event data” that Facebook collects via Facebook social plug-ins (and embedding functions for content) executed on our online offering or receives as part of a transmission for the following purposes: a) displaying content and advertising information that correspond to the presumed interests of users; b) delivering commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) improving ad delivery and personalization of functions and content (e.g., improving the recognition of which content or advertising information presumably correspond to users’ interests). We have concluded a special agreement with Facebook (“Controller Addendum,” https://www.facebook.com/legal/controller_addendum), which in particular regulates which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill data subject rights (i.e., users can, for example, send information or deletion requests directly to Facebook). Note: If Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e., do not contain information about individual users and are anonymous for us), this processing is not carried out within the framework of joint responsibility but on the basis of a data processing agreement (“Data Processing Terms,” https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and with regard to processing in the USA on the basis of standard contractual clauses (“Facebook EU Data Transfer Addendum,” https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF).
  • Google Fonts (hosted on own server): Provision of font files for a user-friendly presentation of our online offering; Service provider: Google Fonts are hosted on our server; no data is transmitted to Google; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Google Fonts (retrieved from Google server): Retrieval of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform presentation, and consideration of possible licensing restrictions. The user’s IP address is transmitted to the provider of the fonts so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for providing the fonts depending on the devices used and the technical environment. These data may be processed on a server of the font provider in the USA – When visiting our online offering, users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the cascading style sheets (CSS) of Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of website visitors, as well as the referring URL (i.e., the webpage on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referring URL). Access to these data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. These data are logged so that Google can determine how often a particular font family is requested. In the Google Fonts Web API, the user agent must adjust the font generated for the respective browser type. The user agent is primarily logged and used for debugging and to generate aggregated usage statistics used to measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referring URL is logged so that the data can be used for production maintenance and to generate an aggregated report on the top integrations based on the number of font requests. According to Google, none of the information collected by Google Fonts is used to create profiles of end users or to display targeted advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.
  • Font Awesome (hosted on own server): Display of fonts and symbols; Service provider: The Font Awesome icons are hosted on our server; no data is transmitted to the provider of Font Awesome; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Google Maps: We integrate maps from the “Google Maps” service provided by Google. The processed data may in particular include users’ IP addresses and location data; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF).
  • Instagram plug-ins and content: Instagram plug-ins and content – This may include content such as images, videos, or texts and buttons that allow users to share content from this online offering within Instagram. – Together with Meta Platforms Ireland Limited, we are jointly responsible for the collection or receipt (but not the further processing) of “event data” that Facebook collects via Instagram functions (e.g., embedding functions for content) executed on our online offering or receives as part of a transmission for the following purposes: a) displaying content and advertising information that correspond to the presumed interests of users; b) delivering commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) improving ad delivery and personalization of functions and content (e.g., improving the recognition of which content or advertising information presumably correspond to users’ interests). We have concluded a special agreement with Facebook (“Controller Addendum,” https://www.facebook.com/legal/controller_addendum), which in particular regulates which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill data subject rights (i.e., users can, for example, send information or deletion requests directly to Facebook). Note: If Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e., do not contain information about individual users and are anonymous for us), this processing is not carried out within the framework of joint responsibility but on the basis of a data processing agreement (“Data Processing Terms,” https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and with regard to processing in the USA on the basis of standard contractual clauses (“Facebook EU Data Transfer Addendum,” https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.instagram.com. Privacy Policy: https://privacycenter.instagram.com/policy/.
  • Pinterest plug-ins and content: Pinterest plug-ins and content – This may include content such as images, videos, or texts and buttons that allow users to share content from this online offering within Pinterest; Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.pinterest.com. Privacy Policy: https://policy.pinterest.com/de/privacy-policy.
  • reCAPTCHA: We integrate the “reCAPTCHA” function to determine whether entries (e.g., in online forms) are made by humans and not by automated machines (so-called “bots”). The processed data may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, duration of visits to websites, previously visited websites, interactions with reCAPTCHA on other websites, possibly cookies, and results from manual recognition processes (e.g., answering questions or selecting objects in images). The data processing is carried out on the basis of our legitimate interest in protecting our online offering from abusive automated crawling and spam; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.google.com/recaptcha/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://cloud.google.com/terms/data-processing-addendum (effective 04/02/2026). Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), standard contractual clauses (https://cloud.google.com/terms/sccs/eu-c2p (effective 04/02/2026)), Switzerland – Data Privacy Framework (DPF), standard contractual clauses (https://cloud.google.com/terms/sccs/eu-c2p (effective 04/02/2026)).
  • YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF). Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, ad display settings: https://myadcenter.google.com/personalizationoff.

Management, Organization, and Support Tools

We use services, platforms, and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organization, administration, planning, and the provision of our services. When selecting third-party providers and their services, we comply with legal requirements.

In this context, personal data may be processed and stored on the servers of the third-party providers. This may include various types of data that we process in accordance with this privacy policy. In particular, this may include master data and contact data of users, data relating to processes, contracts, other procedures, and their content.

If users are referred to third-party providers or their software or platforms in the context of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore ask you to observe the privacy notices of the respective third-party providers.

  • Types of data processed: Content data (e.g., textual or visual messages and posts and the information relating to them, such as details of authorship or time of creation); usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); master data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); contract data (e.g., subject matter of the contract, term, customer category).
  • Data subjects: Communication partners; users (e.g., website visitors, users of online services); service recipients and clients; business and contractual partners.
  • Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures.
  • Retention and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.”
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Easybill: Online software for invoicing, accounting, banking, and tax filing with document storage; Service provider: easybill GmbH, Düsselstr. 21, 41564 Kaarst, Germany; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.easybill.de; Privacy Policy: https://www.easybill.de/datenschutz. Data processing agreement: Provided by the service provider.

Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and we ask you to verify the information before contacting them.