Security Measures
In accordance with legal requirements and considering the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, securing the confidentiality, integrity, and availability of data through controls over physical access to the data as well as access, input, transmission, ensuring availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also take into account the protection of personal data during the development or selection of hardware, software, and processes, in accordance with the principle of data protection by design and by default.

---

Collaboration with Processors, Joint Controllers, and Third Parties
If we disclose, transmit, or otherwise grant access to data to other persons and companies (processors, joint controllers, or third parties) in the course of our processing, this is done only on the basis of a legal permission (e.g., if a transmission of data to third parties, such as payment service providers, is necessary for contract fulfillment), user consent, a legal obligation, or our legitimate interests (e.g., when using agents, web hosts, etc.).
If we disclose, transmit, or otherwise grant access to data to other companies within our corporate group, this is done for administrative purposes as a legitimate interest and otherwise on a basis that complies with legal requirements.

---

Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation) or if this occurs in the context of using third-party services or disclosing, transmitting, or granting access to data to other persons or companies, this is only done if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to explicit consent or contractual necessity, we process or allow the processing of data only in third countries with a recognized level of data protection, such as US processors certified under the “Privacy Shield,” or based on special guarantees such as contractual obligations under so-called standard protection clauses of the EU Commission, certifications, or binding internal data protection rules (Articles 44 to 49 GDPR, EU Commission information page).

---

Rights of Data Subjects
You have the right to request confirmation of whether data concerning you is being processed, to obtain information about such data, and to access additional information and a copy of the data, in accordance with legal requirements.
You have the right to request the completion of data concerning you or the correction of inaccurate data concerning you, in accordance with legal requirements.
You have the right to demand the immediate deletion of data concerning you or, alternatively, to request a restriction of the processing of the data, in accordance with legal requirements.
You have the right to request that data concerning you, which you have provided to us, be received and transmitted to other controllers, in accordance with legal requirements.
Furthermore, you have the right to file a complaint with the competent supervisory authority, in accordance with legal requirements.

---

Right of Withdrawal
You have the right to revoke consent granted with effect for the future.

---

Right to Object
You can object to the future processing of data concerning you at any time, in accordance with legal requirements. In particular, you may object to processing for direct marketing purposes.

---

Cookies and Right to Object in Direct Marketing
“Cookies” are small files stored on users’ devices. Various types of information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer. Temporary cookies, also known as “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offer and closes their browser. For instance, the contents of a shopping cart in an online shop or a login status can be stored in such a cookie. Permanent or “persistent” cookies are those that remain stored even after the browser is closed. For example, the login status can be saved if users revisit the site after several days. Similarly, user preferences can be stored in such cookies for reach measurement or marketing purposes. “Third-party cookies” are cookies provided by providers other than the controller operating the online offer (otherwise, if only the controller’s cookies are used, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies and will provide details of this in our privacy policy.
If we request users’ consent for the use of cookies (e.g., in the context of cookie consent), the legal basis for this processing is Article 6(1)(a) GDPR. Otherwise, users’ personal cookies are processed based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offer as per Article 6(1)(f) GDPR) or, if the use of cookies is necessary for the provision of our contractual services, pursuant to Article 6(1)(b) GDPR, or if required for the performance of a task in the public interest or in the exercise of official authority, pursuant to Article 6(1)(e) GDPR.
If users do not want cookies to be stored on their device, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Disabling cookies may result in limited functionality of this online offer.
A general objection to the use of cookies for online marketing purposes can be declared for a variety of services, particularly in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in the browser settings. Please note that not all functions of this online offer may be available if cookies are disabled.

---

Deletion of Data
The data processed by us will be deleted or their processing restricted in accordance with legal requirements. Unless expressly stated within this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose, and no legal retention obligations conflict with its deletion.
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means the data will be locked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

---

Changes and Updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you when changes require your participation (e.g., consent) or other individual notifications.

---

External Payment Service Providers
We use external payment service providers through whose platforms users and we can carry out payment transactions. These payment service providers may include, with links to their privacy policies:

• PayPal (Privacy Policy)
• Klarna (Privacy Policy)
• Skrill (Privacy Policy)
• Giropay (Privacy Policy)
• Visa (Privacy Policy)
• Mastercard (Privacy Policy)
• American Express (Privacy Policy)
• Stripe (Privacy Policy)

In the context of fulfilling contracts, we use payment service providers based on Article 6(1)(b) GDPR. Otherwise, we use external payment service providers based on our legitimate interests pursuant to Article 6(1)(f) GDPR to provide our users with effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract-related, total, and recipient-related information. This information is necessary to carry out the transactions. However, the data entered is processed and stored only by the payment service providers. This means we do not receive account or credit card information but only information confirming or rejecting the payment. In some circumstances, the data may be transmitted by the payment service providers to credit agencies. This transmission serves to check identity and creditworthiness. For this, we refer to the general terms and privacy policies of the payment service providers.

For payment transactions, the terms and conditions and privacy policies of the respective payment service providers apply, which are accessible within the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information, and other data subject rights.

---

Registration Function
Users can create a user account. During registration, the required mandatory information will be communicated to users and processed based on Article 6(1)(b) GDPR for the purpose of providing the user account. The processed data includes, in particular, login information (name, password, and an email address). The data entered during registration will be used for the purposes of utilizing the user account and its functions.

Users may be informed by email of information relevant to their user account, such as technical changes. If users have terminated their user account, their data related to the user account will be deleted, subject to legal retention requirements. It is the users’ responsibility to secure their data before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.

As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and the users’ interest in protection against misuse and unauthorized use. These data are not disclosed to third parties unless it is necessary for the enforcement of our claims or there is a legal obligation pursuant to Article 6(1)(c) GDPR. IP addresses are anonymized or deleted at the latest after seven days.

---

Comments and Contributions
When users leave comments or other contributions, their IP addresses may be stored for seven days based on our legitimate interests in accordance with Article 6(1)(f) GDPR. This is done for our security, in case someone leaves unlawful content in comments and contributions (e.g., insults, prohibited political propaganda, etc.). In such cases, we may be held liable for the comment or contribution and are therefore interested in the author’s identity.

Furthermore, based on our legitimate interests under Article 6(1)(f) GDPR, we reserve the right to process users’ information for spam detection.

On the same legal basis, we reserve the right to store users’ IP addresses during surveys for their duration and to use cookies to prevent multiple voting.

The information provided within the comments and contributions, such as personal information, contact information, and website information, as well as the content, will be permanently stored by us until the user objects.

---

Comment Subscriptions
Users can subscribe to follow-up comments with their consent pursuant to Article 6(1)(a) GDPR. Users will receive a confirmation email to verify that they are the owner of the entered email address. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will include instructions on how to revoke consent. To demonstrate users’ consent, we store the subscription timestamp along with the users’ IP address and delete this information when users unsubscribe from the subscription.
You can cancel your subscription at any time, i.e., revoke your consent. We may retain unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of previously given consent. The processing of this data is limited to the purpose of potential defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed.

---

Akismet Anti-Spam Check
Our online service uses the “Akismet” service offered by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. The use is based on our legitimate interests pursuant to Article 6(1)(f) GDPR. This service distinguishes real comments from spam comments. To do so, all comment information is sent to a server in the USA, where it is analyzed and stored for comparison purposes for four days. If a comment is classified as spam, the data is stored beyond this period. This data includes the entered name, email address, IP address, comment content, referrer, browser and computer system information, and the time of the entry.
Further details on data collection and usage by Akismet can be found in Automattic’s privacy policy: https://automattic.com/privacy/.
Users may use pseudonyms or refrain from providing their name or email address. You can prevent the transmission of data entirely by not using our comment system. While this is regrettable, we currently see no equally effective alternatives.

---

Fetching Profile Pictures via Gravatar
We use the “Gravatar” service from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, on our online offering, particularly in our blog.
Gravatar allows users to register and link profile pictures to their email addresses. When users leave posts or comments on other online platforms (especially blogs) with the respective email address, their profile pictures can be displayed alongside these posts or comments. For this purpose, the email address provided by users is transmitted to Gravatar, encrypted, to verify whether a profile is linked to it. This is the sole purpose of transmitting the email address, and it is not used for any other purposes and is subsequently deleted.
The use of Gravatar is based on our legitimate interests pursuant to Article 6(1)(f) GDPR, as it enables authors of posts and comments to personalize their contributions with a profile picture.
Displaying images allows Gravatar to learn users’ IP addresses, as this is necessary for communication between a browser and an online service. Further details on data collection and usage by Gravatar can be found in Automattic’s privacy policy: https://automattic.com/privacy/.
If users do not want their Gravatar-linked profile picture to appear in comments, they should use an email address not linked to Gravatar when commenting. Additionally, users can use an anonymous or no email address to prevent their email from being transmitted to Gravatar. Users can entirely avoid data transmission by not using our comment system.

---

Fetching Emojis and Smilies
Our WordPress blog uses graphical emojis (or smilies), i.e., small graphical files that express emotions, fetched from external servers. The providers of these servers collect users’ IP addresses to deliver the emoji files to users’ browsers. The emoji service is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Automattic’s privacy policy: https://automattic.com/privacy/. The server domains used are s.w.org and twemoji.maxcdn.com, which, to the best of our knowledge, are content delivery networks (CDNs) designed solely to deliver files quickly and securely and delete users’ personal data after transmission.
The use of emojis is based on our legitimate interests, i.e., the interest in an attractive design of our online offering pursuant to Article 6(1)(f) GDPR.

---

SoundCloud
Our podcasts are stored on the “SoundCloud” platform, provided by SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany, and are played from this platform.
For this purpose, we integrate SoundCloud widgets into our website. These are playback tools that allow users to play the podcasts. SoundCloud can measure which podcasts are listened to and to what extent, processing this information pseudonymously for statistical and business purposes. Cookies may be stored in users’ browsers and used to create user profiles, e.g., to display ads aligned with users’ potential interests. For users registered with SoundCloud, the listening information may be linked to their profiles.
The use is based on our legitimate interests, i.e., the interest in providing a secure, efficient, and optimized audio offering pursuant to Article 6(1)(f) GDPR.
Further information and options for objection can be found in SoundCloud’s privacy policy: https://soundcloud.com/pages/privacy.

---

Contacting Us
When contacting us (e.g., via contact form, email, telephone, or social media), the user’s information is processed to handle and respond to the contact inquiry pursuant to Article 6(1)(b) GDPR (in the context of contractual or pre-contractual relationships) and Article 6(1)(f) GDPR (for other inquiries). The user’s information may be stored in a Customer Relationship Management (CRM) system or similar inquiry organization.
We delete inquiries when they are no longer necessary. We review their necessity every two years; furthermore, statutory archiving obligations apply.

---

Newsletter
With the following information, we inform you about the contents of our newsletter, the registration, dispatch, and statistical evaluation process, and your rights to object. By subscribing to our newsletter, you agree to receive it and to the described procedures.

---

Newsletter Content:
We send newsletters, emails, and other electronic notifications containing promotional information (hereinafter referred to as “newsletter”) only with the consent of the recipients or a legal authorization. If the contents of the newsletter are specifically described during registration, they are decisive for the user’s consent. Otherwise, our newsletters include information about our services and us.

---

Double Opt-In and Logging:
Registration for our newsletter follows a so-called double opt-in process. This means you will receive an email asking you to confirm your registration after signing up. This confirmation is necessary to prevent others from registering with your email address. The newsletter registrations are logged to comply with legal requirements. This includes saving the time of registration and confirmation as well as the IP address. Changes to your data stored with the newsletter service provider are also logged.

---

Registration Data:
To sign up for the newsletter, it is sufficient to provide your email address. Optionally, we ask for a name to personalize the newsletter.

---

Legal Basis:
The dispatch of the newsletter and its performance measurement are based on the recipient’s consent pursuant to Article 6(1)(a) and Article 7 GDPR in conjunction with §7(2)(3) UWG (German Act Against Unfair Competition) or, if consent is not required, on our legitimate interests in direct marketing pursuant to Article 6(1)(f) GDPR in conjunction with §7(3) UWG.
The logging of the registration process is based on our legitimate interests pursuant to Article 6(1)(f) GDPR. Our interest lies in using a user-friendly and secure newsletter system that serves our business interests, meets user expectations, and allows us to prove consent.

---

Cancellation/Withdrawal:
You can cancel the receipt of our newsletter at any time, i.e., withdraw your consent. A link to cancel the newsletter is included at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove prior consent. The processing of this data is restricted to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed.

---

Newsletter – Mailchimp
The newsletter is dispatched using the service provider “MailChimp,” a newsletter dispatch platform of the US-based Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The service provider’s privacy policy can be viewed here: https://mailchimp.com/legal/privacy/.
Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection standards (Privacy Shield certification). The service provider is used based on our legitimate interests pursuant to Article 6(1)(f) GDPR and a data processing agreement pursuant to Article 28(3)(1) GDPR.

The service provider may process recipient data in pseudonymized form (i.e., without assigning it to a user) to optimize or improve its services, e.g., for technical optimization of the dispatch and presentation of newsletters or for statistical purposes. However, the service provider does not use the data of our newsletter recipients to contact them directly or share it with third parties.

---

Newsletter – Performance Measurement
The newsletters contain a so-called “web beacon,” a pixel-sized file that is retrieved from our server or, if we use a service provider, from their server when the newsletter is opened. During this retrieval, technical information is collected, such as information about your browser and system, your IP address, and the time of retrieval.
This information is used to improve the technical performance of the services based on technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. Statistical evaluations also include determining whether newsletters are opened, when they are opened, and which links are clicked. Although this information can technically be assigned to individual newsletter recipients, it is neither our aim nor, if used, that of the service provider to observe individual users. The evaluations serve to identify reading habits of our users and adapt our content to them or send different content based on their interests.

A separate revocation of performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled.

---

Hosting and Email Dispatch
The hosting services we utilize provide the following: infrastructure and platform services, computing capacity, storage space, database services, email dispatch, security services, and technical maintenance services that we use to operate this online offering.
In this process, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta, and communication data from customers, prospective clients, and visitors of this online offering based on our legitimate interests in providing this online offering efficiently and securely pursuant to Article 6(1)(f) GDPR in conjunction with Article 28 GDPR (data processing agreement).

---

Google Tag Manager
Google Tag Manager is a solution that allows us to manage website tags via an interface (e.g., integrating Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process personal user data. For the processing of users’ personal data, refer to the respective information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

---

Google Analytics
We use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offering by users is usually transferred to a Google server in the USA and stored there.
Google processes this information on our behalf to evaluate users’ use of our online offering, compile reports on activities within the online offering, and provide us with additional services related to the use of this online offering and the internet. Pseudonymous user profiles may be created from the processed data.
We use Google Analytics with IP anonymization enabled, meaning users’ IP addresses are shortened by Google within EU member states or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software settings. Users can also prevent the collection of data generated by the cookie related to their use of the online offering and the processing of this data by Google by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=de.
If we ask users for consent (e.g., in the context of cookie consent), the legal basis for this processing is Article 6(1)(a) GDPR. Otherwise, users’ personal data is processed based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering pursuant to Article 6(1)(f) GDPR).
When data is processed in the USA, note that Google is certified under the Privacy Shield Agreement, ensuring compliance with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
For more information about how Google uses data, settings, and opt-out options, see Google’s Privacy Policy: https://policies.google.com/privacy, and settings for ads: https://adssettings.google.com/authenticated.
Users’ personal data is deleted or anonymized after 14 months.

---

Google Universal Analytics
We use Google Analytics as “Universal Analytics.” This method enables user analysis based on a pseudonymous user ID, creating a pseudonymous profile of the user across multiple devices (so-called “cross-device tracking”).

---

Audience Targeting with Google Analytics
We use Google Analytics to display ads within Google’s and its partners’ advertising services only to users who have shown interest in our online offering or who exhibit specific characteristics (e.g., interests in specific topics or products identified from visited websites) that we transmit to Google (“remarketing” or “Google Analytics Audiences”). Remarketing Audiences ensure our ads align with potential user interests.

---

Jetpack (WordPress Stats)
We use the Jetpack plugin (specifically the “WordPress Stats” sub-function), a tool for the statistical evaluation of visitor traffic, provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses so-called “cookies,” text files stored on your computer, which enable an analysis of your use of the website.

The information generated by the cookie about your use of this online offering is stored on a server in the USA. User profiles can be created from the processed data; these are used exclusively for analysis and not for advertising purposes. Further information is available in Automattic’s privacy policy: https://automattic.com/privacy/ and Jetpack’s cookie information: https://jetpack.com/support/cookies/.

If we ask users for consent (e.g., in the context of cookie consent), the legal basis for this processing is Article 6(1)(a) GDPR. Otherwise, users’ personal data is processed based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering pursuant to Article 6(1)(f) GDPR).

---

Facebook Pixel, Custom Audiences, and Facebook Conversion
Within our online offering, the so-called “Facebook Pixel” of the social network Facebook, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used.

The Facebook Pixel enables Facebook to identify visitors to our online offering as a target audience for displaying ads (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel to show the Facebook Ads we place only to Facebook users who have shown an interest in our online offering or who display certain characteristics (e.g., interests in specific topics or products, determined based on the websites they visit) that we transmit to Facebook (so-called “Custom Audiences”). Using the Facebook Pixel, we also aim to ensure that our Facebook Ads match users’ potential interests and are not annoying. Additionally, the Facebook Pixel allows us to track the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

Data processing by Facebook is carried out under Facebook’s Data Use Policy. For general information on the display of Facebook Ads, refer to Facebook’s Data Use Policy: https://www.facebook.com/policy. Detailed information about the Facebook Pixel and its functionality can be found in Facebook’s Help Center: https://www.facebook.com/business/help/651294705016616.

If we ask users for consent (e.g., as part of cookie consent), the legal basis for this processing is Article 6(1)(a) GDPR. Otherwise, users’ personal data is processed based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering pursuant to Article 6(1)(f) GDPR).

Facebook is certified under the Privacy Shield Agreement, ensuring compliance with European data protection law: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

You can object to the collection of your data by the Facebook Pixel and its use for displaying Facebook Ads. To configure the types of ads shown to you on Facebook, visit the page provided by Facebook and follow the instructions for settings related to usage-based advertising: https://www.facebook.com/settings?tab=ads. These settings apply across platforms, meaning they will be applied to all your devices, such as desktop computers or mobile devices.

You can also object to the use of cookies for reach measurement and advertising purposes via the opt-out page of the Network Advertising Initiative: http://optout.networkadvertising.org/, as well as on the US website: http://www.aboutads.info/choices or the European website: http://www.youronlinechoices.com/uk/your-ad-choices/.

---

Social Media Presences
We maintain online presences on social networks and platforms to communicate with customers, prospects, and users active there and to inform them about our services.

We note that user data may be processed outside the European Union. This could pose risks for users, such as making it harder to enforce their rights. Regarding US providers certified under the Privacy Shield, we highlight that they are committed to adhering to EU data protection standards.

Additionally, user data is generally processed for market research and advertising purposes. For instance, user profiles can be created based on usage behavior and inferred interests. These profiles may then be used to display advertisements inside and outside the platforms that likely align with users’ interests. For these purposes, cookies are typically stored on users’ devices, storing their usage behavior and interests. Furthermore, data in these profiles can be stored independently of the devices used (particularly if users are members of the respective platforms and logged in).

The processing of users’ personal data is based on our legitimate interests in effectively informing and communicating with users pursuant to Article 6(1)(f) GDPR. If users are asked for consent to the described data processing by the respective platform providers, the legal basis is Article 6(1)(a), Article 7 GDPR.

For a detailed overview of the respective processing activities and opt-out options, please refer to the links provided by the platform providers below.

In cases of information requests and the assertion of user rights, we also note that these are most effectively addressed directly with the providers. Only the providers have access to the user data and can take appropriate actions or provide information. If you still need assistance, you can contact us.

• Facebook, Pages, Groups (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) based on an agreement on the joint processing of personal data – Privacy Policy, specifically for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
• Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Privacy Policy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
• Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/Opt-Out.
• Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
• Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Policy/Opt-Out.
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
• Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy Policy/Opt-Out.
• Wakelet (Wakelet Limited, 76 Quay Street, Manchester, M3 4PR, United Kingdom) – Privacy Policy/Opt-Out.
• SoundCloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany) – Privacy Policy/Opt-Out.

---

Integration of Third-Party Services and Content

We integrate content or service offerings from third-party providers within our online offering based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1)(f) GDPR), such as videos or fonts (hereinafter uniformly referred to as “content”).

This always requires that the third-party providers of this content process the users’ IP addresses, as they cannot send the content to their browsers without the IP address. The IP address is therefore necessary for displaying this content. We endeavor to use only content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes. Pixel tags allow for evaluating information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on users’ devices and include, among other things, technical information about the browser and operating system, referring websites, visit times, and other details about the use of our online offering, and may be linked with similar information from other sources.

---

YouTube

We embed videos from the platform “YouTube,” provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

---

Google Fonts

We integrate the “Google Fonts” offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. According to Google, the users’ data is used solely for displaying the fonts in their browsers. Integration is based on our legitimate interests in the technical security, maintenance-free, and efficient use of fonts, their uniform display, and compliance with potential licensing restrictions for integration.
Privacy Policy: https://www.google.com/policies/privacy/.

---

Google ReCaptcha

We integrate the “ReCaptcha” function to detect bots, e.g., when filling out online forms, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

---

Use of Facebook Social Plugins

We use social plugins (“plugins”) of the social network Facebook, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1)(f) GDPR).

These plugins may include content such as images, videos, or text and buttons that allow users to share content from this online offering within Facebook. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement, ensuring compliance with European data protection laws: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

When a user accesses a function of this online offering containing such a plugin, their device establishes a direct connection with Facebook’s servers. The content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the online offering. This may allow Facebook to create user profiles based on the processed data. We have no control over the extent of the data Facebook collects using this plugin and inform users based on our knowledge.

Through the integration of plugins, Facebook receives information that a user has accessed the corresponding page of our online offering. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for instance, by pressing the “Like” button or leaving a comment, the corresponding information is transmitted directly from their device to Facebook and stored there. If a user is not a Facebook member, there is still a possibility that Facebook will collect and store their IP address. According to Facebook, only anonymized IP addresses are stored in Germany.

For the purpose and scope of data collection, further processing and use of data by Facebook, and related user rights and privacy protection settings, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their Facebook member data, they must log out of Facebook before using our online offering and delete their cookies. Further settings and objections to the use of data for advertising purposes can be made within Facebook profile settings: https://www.facebook.com/settings?tab=ads, or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Settings are platform-independent, meaning they apply to all devices, such as desktop computers or mobile devices.

---

Instagram

Functions and content of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated into our online offering. This may include content such as images, videos, or text and buttons that allow users to share content from this online offering within Instagram. If users are members of the Instagram platform, Instagram can assign interactions with the above-mentioned content and functions to their Instagram profiles. Instagram’s Privacy Policy: http://instagram.com/about/legal/privacy/.