Privacy Policy

Preamble

With the following privacy policy we want to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Last updated: 16 April 2026

Table of Contents

• Preamble
• Controller
• Overview of Processing Activities
• Relevant Legal Bases
• Security Measures
• Transmission of Personal Data
• International Data Transfers
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Payment Procedures
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Blogs and Publication Media
• Contact and Inquiry Management
• Newsletter and Electronic Notifications
• Web Analytics, Monitoring and Optimisation
• Online Marketing
• Presence on Social Networks (Social Media)
• Plug-ins and Embedded Functions and Content
• Changes and Updates
• Definitions of Terms

Controller

HM Consulting Rühe
Buchenweg 18
5036 Oberentfelden, Switzerland

Authorised representatives: Henrik Rühe

Email: info@engpassradar.ch

Imprint: https://engpassradar.ch/impressum

Overview of Processing Activities

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

• Master data.
• Payment data.
• Contact data.
• Content data.
• Contract data.
• Usage data.
• Meta, communication and procedural data.
• Event data (Facebook).
• Log data.

Categories of Data Subjects

• Service recipients and clients.
• Prospective customers.
• Communication partners.
• Users.
• Business and contractual partners.

Purposes of Processing

• Provision of contractual services and fulfilment of contractual obligations.
• Communication.
• Security measures.
• Direct marketing.
• Reach measurement.
• Tracking.
• Remarketing.
• Conversion tracking.
• Audience building.
• Organisational and administrative procedures.
• Feedback.
• Marketing.
• Profiles with user-related information.
• Provision of our online offering and user-friendliness.
• Information technology infrastructure.
• Public relations.
• Business processes and economic procedures.

Relevant Legal Bases

Relevant legal bases under the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection ("Swiss FADP"). Unlike, for example, the GDPR, the Swiss FADP generally does not require that a legal basis for the processing of personal data be cited and that the processing of personal data be carried out in good faith, lawfully and proportionately (Art. 6 para. 1 and 2 Swiss FADP). In addition, personal data is only collected by us for a specific purpose recognisable to the data subject and only processed in a manner compatible with this purpose (Art. 6 para. 3 Swiss FADP).

Security Measures

In accordance with the legal requirements, we take appropriate technical and organisational measures, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances and purposes of processing, as well as the varying probability of occurrence and severity of the risks to the rights and freedoms of natural persons, in order to guarantee a level of protection appropriate to the risk.

The measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing of availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subjects' rights, the deletion of data and responses to data threats. We also take the protection of personal data into account during the development and selection of hardware, software and procedures in accordance with the principle of data protection by design and by default.

Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies used, and the processing of a complete IP address is not necessary, the IP address is shortened (also known as "IP masking"). The last two digits, or the last part of the IP address after a dot, are removed or replaced with placeholders. The shortening of the IP address is intended to prevent or significantly hinder the identification of a person on the basis of their IP address.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorised access. TLS, as the further developed and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signalled by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transmission of Personal Data

In the course of our processing of personal data, it may happen that the data is transmitted to or disclosed to other entities, companies, legally independent organisational units or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks, or providers of services and content embedded in a website. In such cases, we observe the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Disclosure of personal data abroad: In accordance with the Swiss FADP, we only disclose personal data abroad if adequate protection of the data subjects is guaranteed (Art. 16 Swiss FADP). If the Federal Council has not determined that adequate protection exists (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures.

For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of Switzerland on 15 September 2024. In addition, we have concluded standard data protection clauses with the respective providers, which have been approved by the Federal Data Protection and Information Commissioner (FDPIC) and establish contractual obligations to protect your data.

This dual safeguard ensures comprehensive protection of your data: the DPF forms the primary layer of protection, while the standard data protection clauses serve as an additional safeguard. Should changes occur within the DPF framework, the standard data protection clauses kick in as a reliable fallback. This way, we ensure that your data remains adequately protected even in the event of any political or legal changes.

For each individual service provider, we inform you whether they are certified under the DPF and whether standard data protection clauses are in place. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, corresponding security measures apply, including international treaties, specific guarantees, standard data protection clauses approved by the FDPIC, or binding corporate rules pre-approved by the FDPIC or a competent data protection authority of another country.

General Information on Data Storage and Deletion

We delete personal data we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal grounds for processing exist. This applies in cases where the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist when legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons, must be archived accordingly.

Our privacy notice contains additional information on the retention and deletion of data that applies specifically to certain processing operations.

Where there are multiple specifications regarding the retention period or deletion deadlines for a piece of data, the longest period is always decisive. Data that is no longer retained for the originally intended purpose, but due to legal requirements or other reasons, will only be processed for the reasons that justify its retention.

Retention and deletion of data: The following general periods apply to retention and archiving under Swiss law:

• 10 years — Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting records and invoices, as well as all required work instructions and other organisational documents (Art. 958f of the Swiss Code of Obligations (CO)).
• 10 years — Data necessary to consider potential damage claims or similar contractual claims and rights, as well as for processing related inquiries based on previous business experience and standard industry practices, are stored for the duration of the statutory limitation period of ten years, unless a shorter period of five years is decisive, which applies in certain cases (Art. 127, 130 CO).

Period beginning at year-end: If a period does not begin expressly on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the time of effective termination or other ending of the legal relationship.

Rights of Data Subjects

Rights of data subjects under the Swiss FADP:

As a data subject, you have the following rights under the Swiss FADP:

• Right of access: You have the right to request confirmation as to whether personal data concerning you is being processed, and to receive the information necessary to exercise your rights under this law and to ensure transparent data processing.
• Right to data portability: You have the right to request the release of your personal data that you have provided to us in a common electronic format.
• Right to rectification: You have the right to request the rectification of inaccurate personal data concerning you.
• Right to object, deletion and destruction: You have the right to object to the processing of your data and to request that the personal data concerning you be deleted or destroyed.

Payment Procedures

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use additional service providers in addition to banks and credit institutions for this purpose (collectively "payment service providers"). Payment transactions are carried out in accordance with the state of the art exclusively via encrypted connections, so that the data entered is protected from unauthorised access during transmission.

The data processed by the payment service providers includes master data such as name and address, banking data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by and stored with the payment service providers. That is, we do not receive any account- or credit-card-related information, but only information confirming or denying the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit reference agencies. The purpose of this transmission is identity and credit checks. We refer to the terms and conditions and privacy notices of the payment service providers in this regard.

The terms and conditions and privacy notices of the respective payment service providers, which are available on the respective websites or transaction applications, apply to payment transactions. We also refer to these for further information and the assertion of withdrawal, information and other data subject rights.

• Types of data processed: Master data; payment data; contract data; usage data; meta, communication and procedural data.
• Data subjects: Service recipients and clients; business and contractual partners; prospective customers.
• Purposes of processing and legitimate interests: Provision of contractual services and fulfilment of contractual obligations; business processes and economic procedures.
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".

Further notes on processing operations, procedures and services:

• Stripe: Payment services (technical integration of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal bases: Performance of contract and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b GDPR); Website: https://stripe.com; Privacy policy: https://stripe.com/de/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).

Provision of the Online Offering and Web Hosting

We process the data of users to be able to provide them with our online services. To this end, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

• Types of data processed: Usage data; meta, communication and procedural data; log data; content data.
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Provision of our online offering and user-friendliness; information technology infrastructure; security measures.
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".

Further notes on processing operations, procedures and services:

• Provision of online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web host"); Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR).
• Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". Server log files may include the address and name of the websites and files accessed, date and time of access, data volumes transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure server utilisation and stability; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further retention is necessary for evidentiary purposes is excluded from deletion until the relevant incident has been finally clarified.
• Email sending and hosting: The web hosting services we use also include the sending, receipt and storage of emails. For these purposes, the addresses of the recipients and senders, as well as further information regarding the email transmission (e.g. the providers involved) and the contents of the respective emails, are processed. The aforementioned data may also be processed for the purposes of detecting SPAM; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR).
• Content delivery network: We use a "content delivery network" (CDN). A CDN is a service that allows content of an online offering, especially large media files such as graphics or programme scripts, to be delivered faster and more securely with the help of regionally distributed servers connected via the internet; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR).
• Vercel: We use the Vercel service for the provision and hosting of our online offering. Vercel operates our website on server infrastructure in the USA and Europe (Edge Network). With each request, Vercel processes technical access data (IP address, timestamp, requested URL, HTTP status codes) in the form of server log files; Service provider: Vercel Inc., 340 Pine Street, Suite 701, San Francisco, CA 94104, USA; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR); Website: https://vercel.com; Privacy policy: https://vercel.com/legal/privacy-policy; Basis for third-country transfers: Standard contractual clauses.
• Supabase: We use Supabase as a database service for storing and managing application data (drug shortages, scrape logs, product data). Supabase operates PostgreSQL databases on AWS infrastructure. No personal user data is stored in this database; only anonymised access log data may be generated; Service provider: Supabase Inc., 970 Trestle Glen Rd, Oakland, CA 94610, USA; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR); Website: https://supabase.com; Privacy policy: https://supabase.com/privacy; Basis for third-country transfers: Standard contractual clauses.

Use of Cookies

The term "cookies" refers to functions that store information on users' devices and read it from them. Cookies can also be used in connection with various concerns, e.g. for purposes of functionality, security and convenience of online services as well as the creation of analyses of visitor flows. We use cookies in accordance with legal requirements. To this end, we obtain the prior consent of users where necessary. If consent is not required, we rely on our legitimate interests. This applies if the storage and reading of information is essential to be able to provide expressly requested content and functions. These include, for example, the storage of settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about its scope and which cookies are used.

Notes on legal bases under data protection law: Whether we process personal data with the help of cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage duration: With regard to the storage duration, the following types of cookies are distinguished:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their device (e.g. browser or mobile application).
• Persistent cookies: Persistent cookies remain stored even after the device is closed. For example, the login status can be saved and preferred content can be displayed directly when the user revisits a website. Likewise, user data collected with the help of cookies can be used for reach measurement. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), they should assume that these are persistent and the storage duration can be up to two years.

General notes on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also object to the processing in accordance with legal requirements, including via the privacy settings of their browser.

• Types of data processed: Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, persons involved).
• Data subjects: Users (e.g. website visitors, users of online services).

Further notes on processing operations, procedures and services:

• Processing of cookie data on the basis of consent: We use a consent management solution by which the consent of users to the use of cookies, or to the procedures and providers mentioned in the consent management solution, is obtained. This procedure serves the purpose of obtaining, logging, managing and revoking consent, in particular with regard to the use of cookies and comparable technologies that are used to store, read and process information on users' devices; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data is processed for the purposes of the publication medium only to the extent necessary for its presentation and the communication between authors and readers, or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publication medium in this privacy notice.

• Types of data processed: Master data; contact data; content data; usage data; meta, communication and procedural data.
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Feedback; provision of our online offering and user-friendliness; security measures; organisational and administrative procedures.
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".

Further notes on processing operations, procedures and services:

• Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored on the basis of our legitimate interests. This is for our security in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves can be held liable for the comment or contribution and are therefore interested in the identity of the author. The information about the person, any contact and website information, and the content provided in connection with the comments and contributions are stored by us permanently until the user objects; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR).

Contact and Inquiry Management

When you contact us (e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to answer the contact inquiries and any requested measures.

• Types of data processed: Contact data; content data; meta, communication and procedural data.
• Data subjects: Communication partners.
• Purposes of processing and legitimate interests: Communication; organisational and administrative procedures; feedback; provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".

Further notes on processing operations, procedures and services:

• Contact form: When you contact us via our contact form, by email or other means of communication, we process the personal data transmitted to us to answer and process the respective request. This usually includes information such as name, contact details and any further information provided to us that is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication; Legal bases: Performance of contract and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails and other electronic notifications (hereinafter "newsletter") only with the consent of the recipients or on the basis of a legal basis. If the contents are mentioned during registration for the newsletter, those contents are decisive for the user's consent. To register for our newsletter, providing your email address is normally sufficient. To offer you a personalised service, however, we may ask for your name for personal address in the newsletter or for further information if necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual deletion request is possible at any time, provided that the previous existence of consent is also confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address in a blocklist solely for this purpose.

The logging of the registration procedure is carried out on the basis of our legitimate interests for the purpose of proving its proper conduct. If we commission a service provider with the sending of emails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.

Information about us, our services, promotions and offers.

• Types of data processed: Master data; contact data; meta, communication and procedural data; usage data.
• Data subjects: Communication partners.
• Purposes of processing and legitimate interests: Direct marketing (e.g. by email or post).
• Right to object (opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You can find a link to cancel the newsletter either at the end of each newsletter or otherwise use one of the contact options listed above, preferably email.

Further notes on processing operations, procedures and services:

• Measurement of opening and click rates: The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, are first collected. This information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behaviour; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR).
• Encharge (email marketing): We use Encharge for sending our newsletter and for measuring and analysing email interactions (opens, clicks). For this purpose, your email address is stored and the interaction behaviour with our emails is recorded (e.g. whether and when an email was opened or a contained link was clicked). Processing is based on your express consent (double opt-in). Unsubscription is possible at any time via the unsubscribe link at the end of every email; Service provider: Encharge Inc., 2093 Philadelphia Pike #1764, Claymont, DE 19703, USA; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR); Website: https://encharge.io; Privacy policy: https://encharge.io/privacy-policy/; Basis for third-country transfers: Standard contractual clauses (SCC); Right to object (opt-out): Unsubscribe link in every email sent.

Web Analytics, Monitoring and Optimisation

Web analytics (also referred to as "reach measurement") serves to evaluate the visitor flows of our online offering and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognise at what time our online offering or its functions or content are most frequently used, or invite reuse. We are also able to understand which areas need optimisation.

In addition to web analytics, we may also use testing procedures, e.g. to test and optimise different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarised for a usage process, may be created for these purposes, and information may be stored in a browser or device and then read out. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used and information on usage times.

In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) are stored as part of web analytics, A/B testing and optimisation, but rather pseudonyms.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests.

• Types of data processed: Usage data; meta, communication and procedural data.
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Reach measurement; profiles with user-related information; remarketing; provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years.
• Security measures: IP masking (pseudonymisation of the IP address).

Further notes on processing operations, procedures and services:

• Google Analytics: We use Google Analytics to measure and analyse the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It serves to assign analytical information to a device in order to recognise which content users have accessed within one or several usage processes, which search terms they have used, have accessed again or have interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users that refer to our online offering and technical aspects of their devices and browsers. Google Analytics does not log or store individual IP addresses for EU users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third-country transfers: Data Privacy Framework (DPF), standard contractual clauses; Right to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for ad personalisation: https://myadcenter.google.com/personalizationoff.
• Google Tag Manager: We use Google Tag Manager, a software from Google that allows us to manage so-called website tags centrally via a user interface. Tags are small code elements on our website that are used to record and analyse visitor activities. Google Tag Manager itself does not create user profiles, does not store cookies with user profiles and does not perform any independent analyses; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF), standard contractual clauses.
• Matomo: Matomo is software used for the purposes of web analytics and reach measurement. As part of the use of Matomo, cookies are generated and stored on the user's device. The user data collected as part of the use of Matomo is only processed by us and not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR). Deletion of data: The cookies have a storage period of a maximum of 13 months.

Online Marketing

We process personal data for the purpose of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on the potential interests of users, as well as the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called "cookie") or similar procedures are used, by means of which the information about the user relevant for the display of the aforementioned content is stored.

In principle, we only have access to summarised information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e. for example to the conclusion of a contract with us.

Unless otherwise stated, please assume that the cookies used are stored for a period of two years.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests.

Notes on revocation and objection:

We refer to the privacy notices of the respective providers and the objection options indicated for the providers (so-called "opt-out"). If no explicit opt-out option has been indicated, on the one hand it is possible for you to disable cookies in your browser settings. We therefore recommend the following additional opt-out options:

a) Europe: https://www.youronlinechoices.eu

b) Canada: https://youradchoices.ca/

c) USA: https://optout.aboutads.info/

d) Cross-territorial: https://optout.aboutads.info

• Types of data processed: Usage data; meta, communication and procedural data.
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Reach measurement; tracking; audience building; marketing; profiles with user-related information; conversion tracking.
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years.
• Security measures: IP masking (pseudonymisation of the IP address).

Further notes on processing operations, procedures and services:

• Google Ads and conversion tracking: Online marketing procedures for the purpose of placing content and advertisements within the service provider's advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the advertisements. However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF).
• Google AdSense with personalised ads: We integrate the Google AdSense service, which makes it possible to place personalised advertisements within our online offering. Google AdSense analyses user behaviour and uses this data to deliver targeted advertising tailored to the interests of our visitors. We receive financial compensation for each ad placement or other use of these ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF).
• Google AdSense with non-personalised ads: We use the Google AdSense service to display non-personalised ads in our online offering. These ads are not based on individual user behaviour but are selected based on general characteristics such as the content of the page or your approximate geographic location. We receive compensation for the display or other use of these ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF).
• LinkedIn Insight Tag: Code that is loaded when a user visits our online offering and tracks the user's behaviour and conversions and stores them in a profile; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: Data Privacy Framework (DPF), standard contractual clauses; Right to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Presence on Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with active users there or to offer information about us.

We point out that user data may be processed outside the European Union. This may result in risks for users, because, for example, the enforcement of user rights could be made more difficult.

Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on user behaviour and the resulting interests.

For a detailed description of the respective processing forms and objection options (opt-out), we refer to the privacy policies and information of the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we also point out that these can be most effectively asserted with the providers. Only the latter have access to user data and can directly take appropriate measures and provide information. If you nevertheless need help, you can contact us.

• Types of data processed: Contact data; content data; usage data; meta, communication and procedural data.
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Communication; feedback; public relations.
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".

Further notes on processing operations, procedures and services:

• Instagram: Social network, allows sharing of photos and videos, commenting on and favouriting posts, sending messages, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR); Website: https://www.instagram.com; Privacy policy: https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Data Privacy Framework (DPF).
• Facebook pages: Profiles within the Facebook social network — The controller is jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data of visitors to our Facebook page ("fan page"). Facebook also uses this data to provide us with statistical evaluations via the "Page Insights" service, which provide information on how people interact with our page and its content; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: Data Privacy Framework (DPF), standard contractual clauses.
• LinkedIn: Social network — We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of data from visitors used to create the "Page Insights" (statistics) of our LinkedIn profiles; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: Data Privacy Framework (DPF), standard contractual clauses; Right to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR); Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Right to object (opt-out): https://myadcenter.google.com/personalizationoff.

Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").

Integration always requires that the third-party providers of this content process the IP address of users, as without an IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content or functions. We endeavour to use only such content whose respective providers use the IP address only to deliver the content.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests.

• Types of data processed: Usage data; meta, communication and procedural data; event data (Facebook).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Provision of our online offering and user-friendliness; reach measurement; tracking; audience building; marketing; profiles with user-related information.
• Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years.

Further notes on processing operations, procedures and services:

• Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online offering that we retrieve from the servers of other providers (e.g. function libraries that we use for the display or user-friendliness of our online offering). The respective providers collect the IP address of users and may process this for the purposes of transmitting the software to the user's browser, as well as for security and for the evaluation and optimisation of their offering; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR).
• Facebook plug-ins and content: Facebook social plug-ins and content — These can include, for example, content such as images, videos or texts and buttons that allow users to share content of this online offering within Facebook. The list and appearance of the Facebook social plug-ins can be viewed here: https://developers.facebook.com/docs/plugins/; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: Data Privacy Framework (DPF).
• Google Fonts (served from Google's server): Sourcing of fonts (and symbols) for the purpose of technically secure, maintenance-free and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform display and consideration of possible licensing restrictions. The IP address of the user is communicated to the provider of the fonts so that the fonts can be made available in the user's browser; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR); Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF).
• Instagram plug-ins and content: Instagram plug-ins and content — These can include, for example, content such as images, videos or texts and buttons that allow users to share content of this online offering within Instagram; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR); Website: https://www.instagram.com. Privacy policy: https://privacycenter.instagram.com/policy/.
• LinkedIn plug-ins and content: LinkedIn plug-ins and content — These can include, for example, content such as images, videos or texts and buttons that allow users to share content of this online offering within LinkedIn; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: Data Privacy Framework (DPF), standard contractual clauses; Right to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Right to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for ad personalisation: https://myadcenter.google.com/personalizationoff.

Changes and Updates

We ask you to inform yourself regularly about the content of our privacy policy. We adapt the privacy policy as soon as the changes in our data processing make this necessary. We will inform you as soon as the changes require an action on your part (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organisations in this privacy policy, please note that addresses may change over time and we ask you to verify the information before contacting us.

Definitions of Terms

This section provides an overview of the terms used in this privacy policy. Where the terms are legally defined, their statutory definitions apply. The following explanations are intended primarily for understanding.

• Master data: Master data includes essential information necessary for the identification and management of contractual partners, user accounts, profiles and similar assignments.
• Content data: Content data includes information generated in the course of the creation, editing and publication of content of all kinds. This category of data may include texts, images, videos, audio files and other multimedia content.
• Contact data: Contact data is essential information that enables communication with persons or organisations. It includes, among other things, telephone numbers, postal addresses and email addresses.
• Conversion tracking: Conversion tracking (also referred to as "visit action evaluation") is a procedure used to determine the effectiveness of marketing measures.
• Meta, communication and procedural data: Meta, communication and procedural data are categories that contain information about the way data is processed, transmitted and managed.
• Usage data: Usage data refers to information that records how users interact with digital products, services or platforms.
• Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject").
• Profiles with user-related information: The processing of "profiles with user-related information" includes any kind of automated processing of personal data that consists of using such personal data to analyse, evaluate or predict certain personal aspects.
• Log data: Log data is information about events or activities that have been logged in a system or network.
• Reach measurement: Reach measurement (also referred to as web analytics) serves to evaluate the visitor flows of an online offering.
• Remarketing: "Remarketing" or "retargeting" refers to noting, e.g. for advertising purposes, which products a user has been interested in on a website in order to remind the user of these products on other websites.
• Tracking: "Tracking" refers to the ability to trace the behaviour of users across multiple online offerings.
• Controller: The "controller" is the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: "Processing" is any operation or set of operations performed with or without automated procedures in connection with personal data.
• Contract data: Contract data is specific information relating to the formalisation of an agreement between two or more parties.
• Payment data: Payment data includes all information required to process payment transactions between buyers and sellers.
• Audience building: Audience building (English "custom audiences") refers to the determination of target groups for advertising purposes, e.g. for the display of advertisements.

Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke