Data protection

Privacy Policy

Introduction and Overview

We have drafted this privacy policy (version May 2026) to explain to you in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short data) we as the data controllers – and the processors commissioned by us (e.g., providers) – process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral.

Scope

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR such as name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

all online presences (websites, online shops) that we operate
Social Media Presence and Email Communication

Legal grounds

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, that is, the legal bases of the General Data Protection Regulation, which enable us to process personal data.
Regarding EU law, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course read this EU General Data Protection Regulation online at EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:

Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
Contract (Article 6 paragraph 1 lit. b GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
Legal obligation (Article 6 paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Further conditions such as the exercise of recordings in the public interest and the exercise of public authority as well as the protection of vital interests do not usually occur with us. If such a legal basis should be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), abbreviated DSG.
In Germany, the Federal Data Protection Act, abbreviated BDSG, applies.

If further regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible party

If you have questions about data protection, you will find the contact details of the responsible person or authority below:

The cool tool GmbH
Manfred Heindl
Fabriksgasse 15
2340 Mödling
Austria

Email: shop@thecooltool.com
Phone: +432236892666
Imprint: https://shop.thecooltool.com/pages/impressum

Retention period

We store personal data only as long as it is absolutely necessary for the provision of our services and products, which is a general criterion for us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally required to retain certain data even after the original purpose has ceased, for example for accounting purposes (according to §132 BAO - 7 years in Austria).

If you wish to delete your data or revoke your consent to data processing, the data will be deleted as quickly as possible and as far as there is no obligation to retain it.

We will inform you about the specific duration of the respective data processing further down, provided we have more information on this.

Rights under the General Data Protection Regulation

According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent processing of data:

According to Article 15 of the GDPR, you have the right to know whether we process data about you. If that is the case, you have the right to receive a copy of the data and to learn the following information:
- for what purpose we carry out the processing;
- the categories, that is, the types of data that are processed;
- who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
- how long the data will be stored;
- the existence of the right to rectification, deletion, or restriction of processing and the right to object to processing;
- that you can file a complaint with a supervisory authority (links to these authorities can be found further down);
- the source of the data, if we did not collect it from you;
- whether profiling is carried out, meaning whether data is evaluated automatically to create a personal profile of you.
According to Article 16 of the GDPR, you have the right to rectification of data, which means that we must correct data if you find errors.
According to Article 17 of the GDPR, you have the right to deletion ("right to be forgotten"), which specifically means that you may request the deletion of your data.
According to Article 18 of the GDPR, you have the right to restrict processing, which means that we may only store the data but not further use it.
According to Article 19 of the GDPR, you have the right to data portability, which means that we must provide your data in a commonly used format upon request.
According to Article 21 of the GDPR, you have the right to object, which will lead to a change in processing once enforced.
- If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you can lodge an objection to the processing. We will check as quickly as possible whether we can legally comply with this objection.
- If data is used for direct marketing, you can object to this type of data processing at any time. We may no longer use your data for direct marketing afterwards.
- If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling afterwards.
According to Article 22 of the GDPR, you have the right, under certain circumstances, not to be subject to a decision based solely on automated processing (such as profiling).

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can file a complaint with the supervisory authority. This is the Data Protection Authority for Austria, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, it is legally required, or contractually necessary, and in any case only to the extent that it is generally permitted.

Since the Adequacy Decision of the EU Commission on July 10, 2023, there is an adequate level of protection for transfers to the USA under the EU-US Data Privacy Framework (DPF), provided that the respective US recipient is certified under the DPF. Shopify, Google, and Meta (Facebook) are certified under the DPF. For non-certified recipients, we use standard contractual clauses approved by the EU Commission (Art. 46 para. 2 lit. c GDPR). We point out that the DPF could be challenged in the future by the US Supreme Court or political decisions. We inform you in the respective sections about specific transfers to third countries.

We explicitly point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. Additionally, collected data may be linked with data from other services of the same provider, if you have a corresponding user account. We try to use server locations within the EU whenever possible, if offered.

We inform you at the appropriate points in this privacy policy about data transfer to third countries, if applicable.

Data Processing Security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to draw personal information from our data.

Art. 25 GDPR refers to "data protection by design and by default" and means that one always considers security in both software (e.g., forms) and hardware (e.g., access to the server room) and implements appropriate measures. Below, we will address specific measures if necessary.

TLS encryption with https

We use HTTPS (the Hypertext Transfer Protocol Secure) to transmit data securely over the internet. This means that the complete transmission of all data from your browser to our web server is secured. You can recognize this by the lock symbol in the upper left of the browser and the use of "https" as part of our internet address.

Communication

When you contact us and communicate via phone, email, or online form, it may involve the processing of personal data.

The data is processed for the handling and processing of your inquiry and the related business transaction. The data will be stored as long as necessary or as long as required by law.

Affected persons

All those affected are those who seek contact with us through the communication channels we provide.

Phone

When you call us, the call data is pseudonymized and stored on the respective device and with the telecommunications provider used. Additionally, data such as name and phone number may be sent via email afterwards and stored for responding to inquiries. The data will be deleted as soon as the business case is completed and legal requirements allow.

Email

When you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone,…) and data is stored on the email server. The data will be deleted as soon as the business case is completed and legal requirements allow.

Online forms

When you communicate with us via online form, data is stored on our web server and may be forwarded to an email address of ours. The data will be deleted as soon as the business case is completed and legal requirements allow.

Legal grounds

The processing of data is based on the following legal grounds:

You give us your consent to store your data and use it further for business-related purposes;
6 para. 1 lit. b GDPR (Contract): There is a need for the fulfillment of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer,;
6 para. 1 lit. f GDPR (Legitimate interests): We want to handle customer inquiries and business communication in a professional manner. Certain technical facilities such as email programs, exchange servers, and mobile network operators are necessary to operate communication efficiently.

Cookies

What are cookies?

Our website uses HTTP cookies to store user-specific data. Cookies are small text files that are stored on your computer by our website. They store certain user data, such as language or personal page settings. There are both first-party cookies and third-party cookies (e.g., from analytics or advertising services).

What types of cookies are there?

The question of which cookies we specifically use depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly address the different types of HTTP cookies.

One can distinguish 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing on other pages, and later goes to checkout. These cookies prevent the shopping cart from being deleted, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. Additionally, these cookies also measure the loading time and behavior of the website in different browsers.

Goal-oriented cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes, or form data are stored.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver personalized advertising to the user. This can be very practical, but also very annoying.

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. More details can be found further down or from the manufacturer of the software that sets the cookie.

Which data is processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Storage duration of cookies

The storage duration depends on the respective cookie and will be specified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time through your browser (see also below "Right to object"). Furthermore, cookies based on consent will be deleted at the latest after you withdraw your consent, while the legality of the storage remains unaffected until then.

Right to object – how can I delete cookies?

How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Deleting, enabling, and managing cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Deleting cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and Managing Cookies

Microsoft Edge: Deleting and Managing Cookies

If you generally do not want cookies, you can set your browser to always inform you when a cookie is to be set. This way, you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It is best to search for instructions on Google using the search terms “Delete cookies Chrome” or “Disable cookies Chrome” in the case of a Chrome browser.

Legal Basis

Since 2009, there have been so-called "Cookie Guidelines." These state that storing cookies requires consent (Article 6(1)(a) GDPR) from you. However, there are still very different reactions to these guidelines within EU countries. In Austria, the implementation of this directive occurred in § 96(3) of the Telecommunications Act (TKG). In Germany, the Cookie Guidelines were not implemented as national law. Instead, the implementation of this directive largely took place in § 15(3) of the Telemedia Act (TMG).

For strictly necessary cookies, even if no consent is given, there are legitimate interests (Article 6(1)(f) GDPR), which are mostly of an economic nature. We want to provide visitors to the website with a pleasant user experience, and for that, certain cookies are often strictly necessary.

As long as non-essential cookies are used, this only occurs with your consent. The legal basis in this regard is Article 6(1)(a) GDPR.

In the following sections, you will be informed in more detail about the use of cookies, provided that the software used employs cookies.

Web Analytics

What is Web Analytics?

We use software on our website to evaluate the behavior of website visitors, referred to as web analytics or web analysis. Data is collected that the respective analytics tool provider (also called tracking tool) stores, manages, and processes. With the help of the data, analyses of user behavior on our website are created and made available to us as website operators. Additionally, most tools offer various testing options. For example, we can test which offers or content are most appealing to our visitors. For this, we show you two different offers for a limited time period. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics methods, user profiles can also be created, and the data can be stored in cookies.

Why do we conduct web analytics?

With our website, we have a clear goal in mind: we want to provide the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting selection on one hand, and on the other hand, ensure that you feel completely comfortable on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our web offering for you and us accordingly. For example, we can determine the average age of our visitors, where they come from, when our website is most visited, or which content or products are particularly popular. All this information helps us optimize the website and thus tailor it perfectly to your needs, interests, and wishes.

Which data is processed?

The exact data that is stored depends on the analysis tools used. However, in general, for example, it is stored which content you view on our website, which buttons or links you click, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you visit the website with, or which computer system you are using. If you agreed to the collection of location data, this can also be processed by the web analysis tool provider.

Additionally, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in a pseudonymized form (i.e., in an unrecognizable and shortened format). For the purposes of testing, web analysis, and web optimization, no direct data, such as your name, age, address, or email address, is generally stored. All this data, if collected, is stored in a pseudonymized manner. This way, you cannot be identified as a person.

How long the respective data is stored always depends on the provider. Some cookies store data only for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of data processing further down, if we have more information on this. In general, we only process personal data as long as it is absolutely necessary for providing our services and products. If it is legally required, as in the case of accounting, this storage duration may also be exceeded.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis

The use of web analytics requires your consent, which we obtained with our cookie popup. This consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools, according to Art. 6 para. 1 lit. a GDPR (Consent).

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offerings technically and economically. With the help of web analytics, we identify errors on the website, can detect attacks, and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We only use the tools to the extent that consent has been granted.

Since web analytics tools use cookies, we also recommend reading our general privacy policy regarding cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Information about specific web analytics tools can be found – if available – in the following sections.

Google Consent Mode v2

We use the Google Consent Mode v2 on our website. This system technically transmits the status of your consent (accepted / rejected) to Google services (Google Analytics, Google Ads) as soon as you make a selection in our cookie banner.

Without your consent, Google will not collect complete tracking data. Instead, anonymized modeling data ("Conversion Modeling") may be transmitted, which does not allow any conclusions about your person. The Google Consent Mode v2 has been mandatory for all merchants in the European Economic Area since March 2024, who use Google Ads with remarketing or conversion tracking.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent) and legitimate interest according to Art. 6 para. 1 lit. f GDPR for technical operation.

Facebook Pixel Privacy Policy

We use the Facebook Pixel from Meta on our website. The service provider is the American company Meta Platforms, Inc. For the European area, Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible.

The Facebook Pixel is a JavaScript code that can track user actions if you arrived at our website via Facebook ads. For example, if you purchase a product on our website, the Facebook Pixel is triggered and saves your actions in one or more cookies.

Note on data transfer to third countries: Meta Platforms, Inc. has been certified under the EU-US Data Privacy Framework (DPF) since July 2023. Data transfer to the USA is based on this adequacy decision and additionally on the basis of standard contractual clauses (Art. 46 para. 2 lit. c GDPR).

https://www.facebook.com/ads/preferences/ change. Learn more about Meta's data protection at https://www.facebook.com/privacy/policy/.

We use the Facebook Pixel from Facebook on our website. For this, we have implemented a code on our website. The Facebook Pixel is a snippet of JavaScript code that loads a collection of functions that allow Facebook to track your user actions if you arrived at our website via Facebook ads. For example, if you purchase a product on our website, the Facebook Pixel is triggered and saves your actions on our website in one or more cookies. These cookies enable Facebook to match your user data (customer data such as IP address, user ID) with the data from your Facebook account. Facebook then deletes this data again. The collected data is anonymous to us and not visible, and can only be used in the context of advertising placements. If you are a Facebook user and are logged in, your visit to our website will automatically be associated with your Facebook user account.

We want to show our services or products only to those people who are genuinely interested. With the help of the Facebook Pixel, our advertising measures can be better tailored to your wishes and interests. This way, Facebook users (if they have allowed personalized advertising) will see relevant ads. Furthermore, Facebook uses the collected data for analysis purposes and its own advertisements.

Below we show you the cookies that were set by integrating the Facebook Pixel on a test page. Please note that these are only example cookies. Depending on interaction on our website, different cookies will be set.

Name: _fbp
Value: fb.1.1568287647279.257405483-6111841788-7
Purpose: This cookie is used by Facebook to display advertising products.
Expiration date: after 3 months

Name: fr
Value: 0aPf312HOS5Pboo2r..Bdeiuf…1.0.Bdeiuf.
Purpose: This cookie is used to ensure that Facebook Pixel functions properly.
Expiration date: after 3 months

Name: comment_author_50ae8267e2bdf1253ec1a5769f48e062111841788-3
Value: Name of the author
Purpose: This cookie stores the text and name of a user who leaves a comment, for example.
Expiration date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062
Value: https%3A%2F%2Fwww.testseite…%2F (URL of the author)
Purpose: This cookie stores the URL of the website that the user enters in a text field on our website.
Expiration date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062
Value: Email address of the author
Purpose: This cookie stores the user's email address, provided they have disclosed it on the website.
Expiration date: after 12 months

Note: The cookies mentioned above relate to individual user behavior. Specifically, when using cookies, changes at Facebook can never be ruled out.

If you are logged into Facebook, you can adjust your ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen change it yourself. If you are not a Facebook user, you can go to http://www.youronlinechoices.com/de/praferenzmanagement/ essentially manage your usage-based online advertising. There you have the option to deactivate or activate providers.

We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing is essentially carried out by Facebook Pixel. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also occur that this data is linked with data from other Facebook services where you have a user account.

If you want to learn more about Facebook's privacy, we recommend the company's own data policies at https://www.facebook.com/policy.php.

Facebook Automatic Advanced Matching Privacy Policy

We have also activated automatic advanced matching as part of the Facebook Pixel feature. This function of the pixel allows us to send hashed emails, names, gender, city, state, postal code, and date of birth or phone number as additional information to Facebook, provided you have given us this data. This activation allows us to tailor advertising campaigns on Facebook even more accurately to people who are interested in our services or products.

Facebook Conversions API

https://www.facebook.com/privacy/policy/

Facebook Custom Audiences

https://www.facebook.com/privacy/policy/

Email marketing

What is email marketing?

To keep you always up to date, we also use the option of email marketing. If you have agreed to receive our emails or newsletters, your data will also be processed and stored. Email marketing is a subfield of online marketing. In this process, news or general information about a company, products, or services is sent via email to a specific group of people who are interested in it.

If you want to participate in our email marketing (mostly via newsletter), you usually just need to register with your email address. For this, you fill out an online form and submit it. However, it may also happen that we ask you for your salutation and your name so that we can address you personally.

In principle, signing up for newsletters works with the help of the so-called “double opt-in procedure.” After you have registered for our newsletter on our website, you will receive an email through which you confirm the newsletter registration. This ensures that the email address belongs to you and that no one has registered with someone else's email address. We or a notification tool we use logs each individual registration. This is necessary so that we can also prove the legally correct registration process. Typically, the time of registration, the time of confirmation, and your IP address are stored. Additionally, it is also logged when you make changes to your stored data.

Why do we use email marketing?

We naturally want to stay in touch with you and always present you with the most important news about our company. For this, we use email marketing – often referred to simply as “newsletter” – as an essential part of our online marketing. If you agree to this or it is legally permitted, we will send you newsletters, system emails, or other notifications via email. When we use the term “newsletter” in the following text, we mainly mean regularly sent emails. Of course, we do not want to bother you with our newsletters in any way. That’s why we are always striving to provide only relevant and interesting content. For example, you will learn more about our company, our services, or products. Since we are always improving our offerings, you will also always find out about news or special, lucrative promotions through our newsletter. If we engage a service provider that offers a professional mailing tool for our email marketing, we do this to provide you with fast and secure newsletters. The purpose of our email marketing is fundamentally to inform you about new offers and also to get closer to our business goals.

Which data is processed?

When you become a subscriber to our newsletter through our website, you confirm your membership in an email list via email. In addition to your IP address and email address, your salutation, name, address, and phone number may also be stored. However, this is only if you agree to this data storage. The data marked as such is necessary for you to participate in the offered service. Providing this information is voluntary, but not providing it will result in you being unable to use the service. Additionally, information about your device or your preferred content on our website may also be stored. You can find more about data storage when you visit a website in the section "Automatic Data Storage." We record your consent declaration so that we can always prove that it complies with our laws.

Duration of data processing

If you unsubscribe your email address from our email/newsletter distribution list, we may store your address for up to three years based on our legitimate interests, so that we can still prove your previous consent. We may only process this data if we need to defend against any claims.

However, if you confirm that you have given us consent for the newsletter subscription, you can submit an individual deletion request at any time. If you permanently object to the consent, we reserve the right to store your email address on a blacklist. As long as you voluntarily subscribed to our newsletter, we will of course also retain your email address.

Right of objection

You can cancel your newsletter subscription at any time. To do this, you only need to revoke your consent to the newsletter subscription. This usually takes just a few seconds or one or two clicks. Most of the time, you will find a link at the end of each email to cancel the newsletter subscription. If the link in the newsletter is really not to be found, please contact us by email and we will promptly cancel your newsletter subscription.

Legal Basis

The sending of our newsletter is based on your consent (Article 6 para. 1 lit. a GDPR). This means we may only send you a newsletter if you have actively signed up for it beforehand. If applicable, we may also send you advertising messages based on § 7 para. 3 UWG, provided you have become our customer and have not objected to the use of your email address for direct advertising.

Information about specific email marketing services and how they process personal data can be found – if available – in the following sections.

Facebook Conversions API Privacy Policy

We use Facebook Conversions API on our website, a server-side event tracking tool. The service provider is the American company Facebook Inc. For the European region, the company responsible is Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Facebook Conversions API processes data, among other places, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or for data transfer to those countries, Facebook Conversions API uses standard contractual clauses approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR). These clauses require Facebook Conversions API to maintain the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

You can learn more about the data processed through the use of Facebook Conversions API in the Privacy Policy at https://www.facebook.com/about/privacy.

Facebook Custom Audiences Privacy Policy

We use Facebook Custom Audiences on our website, a server-side event tracking tool. The service provider is the American company Facebook Inc. For the European region, the company responsible is Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Facebook processes data, among other places, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or for data transfer to those countries, Facebook uses standard contractual clauses approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR). These clauses require Facebook to maintain the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

You can learn more about the data processed through the use of Facebook Custom Audiences in the Privacy Policy at https://www.facebook.com/about/privacy.

Blogs and publication media

What are blogs and publication media?

We use blogs or other communication means on our website, which allow us to communicate with you on one hand and you to communicate with us on the other. In this process, data from you may also be stored and processed by us. This may be necessary so that we can present content accordingly, ensure communication works, and increase security. In our privacy text, we generally address which data from you may be processed. Exact details about data processing always depend on the tools and functions used. In the privacy notices of the individual providers, you will find precise information about data processing.

Why do we use blogs and publication media?

Our main concern with our website is to provide you with interesting and exciting content, and at the same time, your opinions and content are important to us. Therefore, we want to create a good interactive exchange between us and you. With various blogs and publication opportunities, we can achieve just that. For example, you can write comments on our content, comment on other comments, or in some cases, even write your own contributions.

Which data is processed?

The exact data processed always depends on the communication functions we use. Very often, IP address, username, and the published content are stored. This primarily happens to ensure security protection, prevent spam, and to take action against illegal content. Cookies may also be used for data storage. These are small text files that are stored with information in your browser. More details about the collected and stored data can be found in our individual sections and in the privacy policy of the respective provider.

Duration of data processing

We will inform you about the duration of data processing further down, as long as we have more information on this. For example, contribution and comment functions store data until you revoke the data storage. In general, personal data is only stored as long as it is absolutely necessary for providing our services.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party communication tools at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since cookies may also be used in publication media, we recommend that you read our general privacy policy regarding cookies. To find out which data about you is stored and processed, you should read the privacy policies of the respective tools.

Legal Basis

We primarily use the communication tools based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in having quick and good communication with you or other customers, business partners, and visitors. To the extent that the use serves the processing of contractual relationships or their initiation, the legal basis is also Art. 6 para. 1 sentence 1 lit. b GDPR.

Certain processing activities, particularly the use of cookies as well as the use of comment or messaging functions, require your consent. If and to the extent that you have consented to your data being processed and stored by integrated publication media, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the communication functions we use set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

You can find information about specific tools – if available – in the following sections.

Cookie Consent Management Platform

What is a cookie consent management platform?

We use a Consent Management Platform (CMP) software on our website that facilitates the correct and secure handling of used scripts and cookies for both us and you. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides a legally necessary cookie consent for you, and helps us and you keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. You as a website visitor then decide whether and which scripts and cookies you allow or do not allow.

Why do we use a cookie management tool?

Our goal is to provide you with the best possible transparency in the area of data protection. We are also legally obligated to do so. We want to inform you as thoroughly as possible about all tools and all cookies that can store and process data from you. It is also your right to decide which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we are aware of all cookies and can provide you with information in compliance with GDPR. Through the consent system, you can then accept or reject cookies.

Which data is processed?

As part of our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. Your consent declaration will be stored so that we do not have to ask you again on each new visit to our website, and we can also prove your consent if legally required. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent may vary. Usually, this data (such as pseudonymous user ID, consent timestamp, details about cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing further down, if we have more information on this. In general, we only process personal data as long as it is absolutely necessary for providing our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted immediately after leaving the website, while others may be stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should expect a storage duration of several years. In the respective privacy policies of the individual providers, you will usually find precise information about the duration of data processing.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Information about specific cookie management tools can be found in the following sections, if available.

Legal Basis

If you consent to cookies, personal data about you will be processed and stored through these cookies. If we are allowed to use cookies through your consent (Article 6 para. 1 lit. a GDPR), this consent also serves as the legal basis for the use of cookies and the processing of your data. To manage consent to cookies and enable you to give consent, a cookie consent management platform software is used. The use of this software allows us to operate the website in a legally compliant manner efficiently, which represents a legitimate interest (Article 6 para. 1 lit. f GDPR).

Payment provider

What is a payment provider?

We use online payment systems on our website that enable a secure and smooth payment process for both us and you. Among other things, personal data may be sent to, stored, and processed by the respective payment provider. Payment providers are online payment systems that allow you to place an order via online banking. The payment processing is carried out by the payment provider you have chosen. We then receive information about the completed payment. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks that do not offer or accept such payment methods anymore.

Why do we use payment providers on our website?

We naturally want to provide the best possible service with our website and our integrated online shop, so that you feel comfortable on our site and can take advantage of our offers. We know that your time is precious and that payment processing must work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual manner.

Which data is processed?

Which data is processed depends, of course, on the respective payment provider. However, in principle, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are stored. These are necessary data to be able to carry out a transaction at all. In addition, any contract data and user data, such as when you visit our website, which content you are interested in, or which subpages you click on, may also be stored. Your IP address and information about your used computer are also stored by most payment providers.

The data is usually stored and processed on the servers of the payment providers. We as the website operators do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, it may happen that payment providers forward data to the appropriate authority. The terms and conditions and data protection principles of the respective provider always apply to all payment transactions. Therefore, please also always check the general terms and conditions and the privacy policy of the payment provider. You also have the right at any time to have data deleted or corrected, for example. Please contact the respective service provider regarding your rights (right of withdrawal, right to information, and right to be affected).

Duration of data processing

We will inform you about the duration of data processing further down if we have more information on this. In general, we only process personal data as long as it is absolutely necessary for the provision of our services and products. If it is legally required, as in the case of accounting, this storage duration may also be exceeded. Thus, we retain documents related to a contract (invoices, contracts, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they arise.

Right of objection

You always have the right to access, correct, and delete your personal data. If you have questions, you can also contact the responsible parties of the payment provider used at any time. Contact details can be found either in our specific privacy policy or on the website of the respective payment provider.

Cookies that payment providers use for their functions can be deleted, disabled, or managed in your browser. Depending on which browser you use, this works in different ways. However, please note that the payment process may not function properly then.

Legal Basis

Therefore, for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR), we offer, in addition to traditional banks/credit institutions, other payment service providers. The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay, or Discover) provide you with a detailed overview of data processing and data storage. Additionally, you can always contact the responsible parties with questions regarding data protection issues.

Information about the specific payment providers can be found – if available – in the following sections.

Apple Pay Privacy Policy

We use Apple Pay on our website, a service for online payment methods. The service provider is the American company Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.

Apple processes data, among other things, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or for data transfer to those countries, Apple uses standard contractual clauses approved by the EU Commission (= Art. 46, para. 2 and 3 GDPR). These clauses require Apple to maintain the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other things, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

Learn more about the data processed through the use of Apple Pay in the Privacy Policy at https://www.apple.com/legal/privacy/de-ww/.

eps transfer Privacy Policy

We use eps transfer on our website, a service for online payment methods. The service provider is the Austrian company Stuzza GmbH, Frankgasse 10/8, 1090 Vienna, Austria. Learn more about the data processed through the use of eps transfer in the Privacy Policy at https://eservice.stuzza.at/de/datenschutzerklaerung.html.

Google Pay Privacy Policy

We use the online payment provider Google Pay on our website. The service provider is the American company Google Inc. For the European area, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland).

Google processes data, among other places, in the USA. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or a data transfer to those countries, Google uses standard contractual clauses approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR). These clauses require Google to maintain the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

Learn more about the data processed through the use of Google Pay in the Privacy Policy at https://policies.google.com/privacy.

Master Card Privacy Policy

We use the payment service provider Mastercard on our website. The service provider is the American company Mastercard Inc. For the European area, the company responsible is Mastercard Europe SA (Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium).

Mastercard processes data, among other things, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or for data transfer to those countries, Mastercard uses standard contractual clauses approved by the EU Commission (= Art. 46, para. 2 and 3 GDPR). These clauses require Mastercard to maintain the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other things, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

Learn more about the data processed through the use of Mastercard in the Privacy Policy at https://www.mastercard.de/de-de/datenschutz.html.

PayPal Privacy Policy

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. For the European region, the company responsible is PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg).

PayPal processes data, among other places, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or for data transfer to such countries, PayPal uses standard contractual clauses approved by the EU Commission (= Art. 46, para. 2 and 3 GDPR). These clauses require PayPal to maintain the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among others, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

Learn more about the data processed through the use of PayPal in the Privacy Policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Shop Pay Privacy Policy

We use Shop Pay on our website, a service for online payment solutions. The service provider is the American company Shopify Inc. For the European region, the company responsible is Shopify International Limited (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland).

We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing is primarily carried out by Shop Pay. This may result in data not being processed and stored anonymously. Furthermore, U.S. government authorities may have access to individual data. It may also occur that this data is linked with data from other possible services of Shop Pay where you have a user account.

Learn more about the data processed through the use of Shop Pay in the Privacy Policy at https://www.shopify.de/legal/datenschutz.

Visa Privacy Policy

We use Visa on our website, a global payment provider. The service provider is the American company Visa Inc. For the European region, the company responsible is Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, United Kingdom).

Visa processes data, among other places, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or for data transfer there, Visa uses standard contractual clauses approved by the EU Commission (= Art. 46, para. 2 and 3 GDPR). These clauses require Visa to maintain the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

Learn more about the data processed through the use of Visa in the Privacy Policy at https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Social media

What is social media?

In addition to our website, we are also active on various social media platforms. Data from users can be processed so that we can specifically address users who are interested in us through social networks. Furthermore, elements of a social media platform can also be directly embedded in our website. This is the case, for example, when you click on a so-called social button on our website and are directly redirected to our social media presence. Websites and apps that allow registered members to produce content, exchange content openly or in specific groups, and connect with other members are referred to as social media.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. With our social media presence, we can bring our products and services closer to interested parties. The social media elements integrated on our website help you switch quickly and without complications to our social media content.

The data that is stored and processed through your use of a social media channel primarily serves the purpose of conducting web analytics. The goal of these analyses is to develop more accurate and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, suitable conclusions about your interests can be drawn from the evaluated data, and so-called user profiles can be created. This also allows the platforms to present you with tailored advertisements. Usually, cookies are set in your browser for this purpose, which store data about your usage behavior.

We generally assume that we remain responsible for data protection, even when using services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us in the sense of Art. 26 GDPR. If this is the case, we will point this out separately and work based on a corresponding agreement. The essence of the agreement is then summarized further down at the affected platform.

Please note that when using social media platforms or our embedded elements, data about you may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may make it more difficult for you to assert or enforce your rights regarding your personal data.

Which data is processed?

Which data is specifically stored and processed depends on the respective provider of the social media platform. But usually, it involves data such as phone numbers, email addresses, data you enter in a contact form, user data such as which buttons you click, whom you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the visited social media channel and are logged in, data can be linked to your profile.

All data collected through a social media platform is also stored on the servers of the providers. Thus, only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly which data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the respective privacy policy of the company. Even if you have questions about data storage and data processing or want to assert corresponding rights, we recommend that you contact the provider directly.

Duration of data processing

We will inform you about the duration of data processing further down, if we have more information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. Customer data that is matched with its own user data is deleted within two days. In general, we process personal data only as long as it is absolutely necessary for providing our services and products. If it is legally required, such as in the case of accounting, this storage duration may also be exceeded.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since cookies may be used with social media tools, we also recommend our general privacy policy regarding cookies. To find out exactly what data about you is stored and processed, you should read the privacy policies of the respective tools.

Legal Basis

If you have consented to the processing and storage of your data by embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in having quick and good communication with you or other customers and business partners, provided that consent is given. We will only use the tools to the extent that you have granted consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

Information about specific social media platforms can be found – if available – in the following sections.

Facebook Privacy Policy

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network of the company Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. With these tools, we can offer you and people interested in our products and services the best possible deal.

If data about you is collected and forwarded through our embedded Facebook elements or our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for it. Facebook alone is responsible for the further processing of this data. Our joint obligations have also been outlined in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum anchored. It states that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are integrated into our website in compliance with data protection laws. Facebook, on the other hand, is responsible for the data security of Facebook products. If you have any questions regarding data collection and processing by Facebook, you can contact the company directly. If you direct the question to us, we are obliged to forward it to Facebook.

Below, we provide an overview of the various Facebook tools, what data is sent to Facebook, and how you can delete this data.

In addition to many other products, Facebook also offers the so-called "Facebook Business Tools." This is the official designation from Facebook. However, since the term is not widely known, we have decided to simply call them Facebook tools. Among them are:

Facebook Pixel
social plug-ins (such as the "Like" or "Share" button)
Facebook Login
Account Kit
APIs (application programming interface)
SDKs (collection of programming tools)
Platform integrations
Plugins
Codes
Specifications
Documentation
Technologies and services

Through these tools, Facebook expands its services and has the ability to obtain information about user activities outside of Facebook.

Why do we use Facebook tools on our website?

We want to show our services and products only to people who are genuinely interested in them. With the help of advertisements (Facebook Ads), we can reach exactly these people. However, for users to be shown relevant ads, Facebook needs information about people's desires and needs. Thus, the company is provided with information about user behavior (and contact details) on our website. This allows Facebook to collect better user data and display relevant ads about our products or services to interested individuals. The tools thus enable tailored advertising campaigns on Facebook.

Data about your behavior on our website is referred to by Facebook as "event data." This data is also used for measurement and analytics services. Facebook can create "campaign reports" on the effectiveness of our advertising campaigns on our behalf. Furthermore, through analysis, we gain better insights into how you use our services, website, or products. This allows us to optimize your user experience on our website with some of these tools. For example, you can share content from our site directly on Facebook using social plug-ins.

What data is stored by Facebook tools?

By using individual Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number, and IP address may be transmitted.

Facebook uses this information to match the data with the data it has from you (if you are a Facebook member). Before customer data is transmitted to Facebook, a so-called "hashing" occurs. This means that a dataset of any size is transformed into a string of characters. This also serves to encrypt data.

In addition to contact details, "event data" is also transmitted. "Event data" refers to the information we receive about you on our website. For example, which subpages you visit or which products you purchase from us. Facebook does not share the received information with third parties (such as advertisers), unless the company has explicit permission or is legally required to do so. "Event data" can also be linked with contact details. This allows Facebook to offer better personalized advertising. After the aforementioned matching process, Facebook deletes the contact details again.

To optimize ad delivery, Facebook uses event data only when it has been aggregated with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development, and research purposes. Many of these data are transmitted to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, different numbers of cookies are created in your browser. In the descriptions of the individual Facebook tools, we go into detail about specific Facebook cookies. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.

How long and where is the data stored?

In principle, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers distributed around the world where its data is stored. However, customer data is deleted within 48 hours after it has been matched with its own user data.

How can I delete my data or prevent data storage?

According to the General Data Protection Regulation, you have the right to access, rectify, transfer, and delete your data.

A complete deletion of the data only occurs if you completely delete your Facebook account. Here’s how to delete your Facebook account:

On the right side, click on Settings in Facebook.

Then click on "Your Facebook Information" in the left column.

3) Now click “Deactivation and Deletion.”

4) Now select “Delete Account” and then click “Continue and Delete Account”

5) Now enter your password, click “Continue,” and then click “Delete Account”

The storage of data that Facebook receives through our site occurs, among other things, via cookies (e.g., with social plug-ins). In your browser, you can disable, delete, or manage individual or all cookies. Depending on which browser you use, this works in different ways. The following instructions show how to manage cookies in your browser:

Chrome: Deleting, enabling, and managing cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Deleting cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and Managing Cookies

Microsoft Edge: Deleting and Managing Cookies

If you generally do not want cookies, you can set your browser to always inform you when a cookie is to be set. This way, you can decide whether to allow each individual cookie or not.

Legal Basis

If you have consented to the processing and storage of your data by integrated Facebook tools, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in quick and effective communication with you or other customers and business partners. We only use the tools to the extent that you have given consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review Facebook's privacy policy or cookie guidelines.

We hope we have provided you with the most important information about the use and data processing by Facebook tools. If you want to learn more about how Facebook uses your data, we recommend you check the data policies at https://www.facebook.com/about/privacy/update.

Facebook Social Plug-ins Privacy Policy

Our website includes so-called social plug-ins from Facebook Inc. You can recognize these buttons by the classic Facebook logo, such as the “Like” button (the hand with the raised thumb) or a distinct “Facebook plug-in” label. A social plug-in is a small part of Facebook that is integrated into our site. Each plug-in has its own function. The most commonly used functions are the well-known “Like” and “Share” buttons.

The following social plug-ins are offered by Facebook:

“Save” button
“Like” button, Share, Send, and Quote
Page plug-in
Comments
Messenger plug-in
Embedded posts and video player
Group plug-in

On https://developers.facebook.com/docs/plugins you will receive more information on how the individual plugins are used. We use the social plugins to provide you with a better user experience on our site, and also because Facebook can optimize our ads through this.

if you have a Facebook account or facebook.com if you have visited before, Facebook has already set at least one cookie in your browser. In this case, your browser sends information to Facebook via this cookie as soon as you visit our page or interact with social plugins (e.g., the "Like" button).

The information received will be deleted or anonymized within 90 days. According to Facebook, this data includes your IP address, which webpage you visited, the date, the time, and other information related to your browser.

To prevent Facebook from collecting a lot of data during your visit to our website and linking it with Facebook data, you need to log out of Facebook during your visit to the website.

If you are not logged into Facebook or do not have a Facebook account, your browser sends less information to Facebook because you have fewer Facebook cookies. However, data such as your IP address or which webpage you visit may still be transmitted to Facebook. We would like to explicitly point out that we do not know the exact contents of the data. However, we try to inform you as well as possible about data processing based on our current knowledge. You can also find out how Facebook uses the data in the company's data policy at https://www.facebook.com/about/privacy/update read more.

The following cookies are set in your browser at a minimum when you visit a webpage with Facebook's social plugins:

Name: dpr
Value: no information
Purpose: This cookie is used to ensure that the social plugins on our website work.
Expiration date: after session ends

Name: fr
Value: 0jieyh4111841788c2GnlufEJ9..Bde09j…1.0.Bde09j
Purpose: This cookie is also necessary for the plugins to function properly.
Expiration date: after 3 months

Note: These cookies were set after a test, even if you are not a Facebook member.

If you are logged into Facebook, you can adjust your ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen change it yourself. If you are not a Facebook user, you can go to http://www.youronlinechoices.com/de/praferenzmanagement/essentially manage your usage-based online advertising. There you have the option to deactivate or activate providers.

If you want to learn more about Facebook's privacy, we recommend the company's own data policies at https://www.facebook.com/policy.php.

Instagram Privacy Policy

What is Instagram?

We have integrated Instagram features on our website. Instagram is a social media platform of Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Facebook Inc. since 2012 and is part of the Facebook products. The embedding of Instagram content on our website is called embedding. This allows us to show you content like buttons, photos, or videos from Instagram directly on our website. When you visit pages of our web presence that have an integrated Instagram feature, data is transmitted to Instagram, stored, and processed. Instagram uses the same systems and technologies as Facebook. Your data is thus processed across all Facebook companies.

In the following, we want to give you a closer insight into why Instagram collects data, what data is involved, and how you can largely control the data processing. Since Instagram belongs to Facebook Inc., we obtain our information from Instagram's policies on one hand, and from Facebook's data policies on the other.

Instagram is one of the most well-known social media networks worldwide. Instagram combines the advantages of a blog with the benefits of audiovisual platforms like YouTube or Vimeo. You can upload photos and short videos on "Insta" (as many users casually call the platform), edit them with various filters, and share them on other social networks. And if you don't want to be active yourself, you can simply follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really taken off in recent years. And of course, we have reacted to this boom as well. We want you to feel as comfortable as possible on our website. Therefore, a varied presentation of our content is a matter of course for us. With the embedded Instagram features, we can enrich our content with helpful, fun, or exciting material from the Instagram world. Since Instagram is a subsidiary of Facebook, the collected data can also be useful for personalized advertising on Facebook. This way, our ads reach only people who are genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive aggregated statistics and gain more insight into your wishes and interests. It is important to mention that these reports do not personally identify you.

What data is stored by Instagram?

When you encounter one of our pages that has Instagram features (such as Instagram images or plugins) embedded, your browser automatically connects to Instagram's servers. Data is sent, stored, and processed by Instagram, regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, advertisements you see, and how you use our offerings. Furthermore, the date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that this is exactly the case at Instagram as well. Customer data includes, for example, name, address, phone number, and IP address. This customer data will only be transmitted to Instagram once you have been "hashed" beforehand. Hashing means that a data record is transformed into a string of characters. This allows contact details to be encrypted. Additionally, the aforementioned "event data" is also transmitted. "Event data" refers to data about your user behavior, as understood by Facebook – and consequently also Instagram. It may also happen that contact data is combined with event data. The collected contact data is matched with the data that Instagram already has about you.

Through small text files (cookies), which are usually set in your browser, the collected data is transmitted to Facebook. Depending on the Instagram features used and whether you have your own Instagram account, different amounts of data are stored.

We assume that data processing at Instagram works the same way as at Facebook. This means: if you have an Instagram account or www.instagram.com visited, Instagram has at least set one cookie. If that is the case, your browser sends information to Instagram via the cookie as soon as you interact with an Instagram feature. At the latest after 90 days (after reconciliation), this data will be deleted or anonymized. Although we have dealt intensively with Instagram's data processing, we cannot say exactly which data Instagram collects and stores.

Below we show you cookies that are at least set in your browser when you click on an Instagram feature (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged into Instagram, significantly more cookies will be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent request forgery. However, we could not find out more precisely.
Expiration date: after one year

Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimize its services and offerings on and off Instagram. The cookie establishes a unique user ID.
Expiration date: at the end of the session

Name: fbsr_111841788124024
Value: no information
Purpose: This cookie stores the login request for users of the Instagram app.
Expiration date: at the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiration date: at the end of the session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe111841788”
Purpose: This cookie serves Instagram's marketing purposes.
Expiration date: at the end of the session

Note: We cannot claim completeness here. Which cookies are set in individual cases depends on the embedded features and your use of Instagram.

How long and where is the data stored?

Instagram shares the information received among Facebook companies with external partners and with people you connect with worldwide. Data processing is carried out in accordance with its own data policy. Your data is, among other things for security reasons, distributed across Facebook servers around the world. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to access, portability, correction, and deletion of your data. In the Instagram settings, you can manage your data. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how the deletion of the Instagram account works:

First, open the Instagram app. On your profile page, scroll down and click on "Help Center." You will now be directed to the company's website. Click on "Managing Your Account" and then on "Delete Your Account."

If you completely delete your account, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and will therefore not be deleted.

As mentioned above, Instagram primarily stores your data through cookies. You can manage, disable, or delete these cookies in your browser. Depending on your browser, the management always works a little differently. Here we show you the instructions for the most important browsers.

Chrome: Deleting, enabling, and managing cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Deleting cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and Managing Cookies

Microsoft Edge: Deleting and Managing Cookies

You can also generally set your browser to always be informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal Basis

If you have consented to your data being processed and stored by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in quick and effective communication with you or other customers and business partners. We only use the integrated social media elements to the extent that you have given consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

Instagram and Facebook also process data, among other places, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

We have tried to provide you with the most important information about data processing by Instagram. At https://help.instagram.com/519522125107875
you can take a closer look at Instagram's data policies.

Vimeo Privacy Policy

What is Vimeo?

We also use videos from Vimeo on our website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in, we can display interesting video material directly on our website. Certain data from you may be transmitted to Vimeo. In this privacy policy, we will show you what data is involved, why we use Vimeo, and how you can manage or prevent your data and the data transmission.

Vimeo is a video platform that was founded in 2004 and has allowed streaming of videos in HD quality since 2007. Since 2015, streaming in 4k Ultra HD has also been possible. The use of the portal is free, but paid content can also be published. Compared to the market leader YouTube, Vimeo primarily values high-quality content. The portal offers many artistic contents such as music videos and short films, as well as informative documentaries on various topics.

Why do we use Vimeo on our website?

The goal of our web presence is to provide you with the best possible content. And as easily accessible as possible. Only when we have achieved this are we satisfied with our service. The video service Vimeo helps us achieve this goal. Vimeo gives us the opportunity to present high-quality content directly on our website. Instead of just giving you a link to an interesting video, you can watch the video right here with us. This expands our service and makes it easier for you to access interesting content. Thus, we offer video content in addition to our texts and images.

What data is stored on Vimeo?

When you visit a page on our website that has an embedded Vimeo video, your browser connects to the servers of Vimeo. This results in data transmission. This data is collected, stored, and processed on Vimeo's servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, your operating system, or basic device information. Furthermore, Vimeo stores information about which website you are using the Vimeo service on and what actions (web activities) you perform on our website. These web activities include session duration, bounce rate, or which button you clicked on our website with the embedded Vimeo feature. Vimeo can track and store these actions using cookies and similar technologies.

If you are logged in as a registered member of Vimeo, more data can usually be collected, as more cookies may have already been set in your browser. Additionally, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while “browsing” our website.

Below we show you cookies that are set by Vimeo when you are on a webpage with integrated Vimeo functionality. This list is not exhaustive and assumes that you do not have a Vimeo account.

Name: player
Value: “”
Purpose: This cookie stores your settings before you play an embedded Vimeo video. This way, the next time you watch a Vimeo video, you will have your preferred settings again.
Expiration date: after one year

Name: vuid
Value: pl1046149876.614422590111841788-4
Purpose: This cookie collects information about your actions on webpages that have embedded a Vimeo video.
Expiration date: after 2 years

Note: These two cookies are always set as soon as you are on a webpage with an embedded Vimeo video. If you watch the video and click the button to “share” or “like” the video, additional cookies will be set. These also include third-party cookies such as _ga or _gat_UA-76641-8 from Google Analytics or _fbp from Facebook. The exact cookies that are set here depend on your interaction with the video.

The following list shows a selection of possible cookies that are set when you interact with the Vimeo video:

Name: _abexps
Value: %5B%5D
Purpose: This Vimeo cookie helps Vimeo remember the settings you have made. This may include a preset language, a region, or a username, for example. In general, the cookie stores data about how you use Vimeo.
Expiration date: after one year

Name: continuous_play_v3
Value: 1
Purpose: This cookie is a first-party cookie from Vimeo. The cookie collects information on how you use the Vimeo service. For example, the cookie stores when you pause or play a video.
Expiration date: after one year

Name: _ga
Value: GA1.2.1522249635.1578401280111841788-7
Purpose: This cookie is a third-party cookie from Google. By default, analytics.js uses the cookie _ga to store the user ID. Essentially, it serves to distinguish website visitors.
Expiration date: after 2 years

Name: _gcl_au
Value: 1.1.770887836.1578401279111841788-3
Purpose: This third-party cookie from Google AdSense is used to improve the efficiency of advertisements on websites.
Expiration date: after 3 months

Name: _fbp
Value: fb.1.1578401280585.310434968
Purpose: This is a Facebook cookie. This cookie is used to display advertisements or advertising products from Facebook or other advertisers.
Expiration date: after 3 months

Vimeo uses this data, among other things, to improve its service, to communicate with you, and to implement its own targeted advertising measures. Vimeo emphasizes on its website that only first-party cookies (i.e., cookies from Vimeo itself) are used with embedded videos as long as you do not interact with the video.

How long and where is the data stored?

Vimeo is headquartered in White Plains, New York (USA). However, the services are offered worldwide. The company uses computer systems, databases, and servers in the USA and also in other countries. Your data may therefore also be stored and processed on servers in America. The data will be stored by Vimeo as long as the company has an economic reason for storage. Then the data will be deleted or anonymized.

How can I delete my data or prevent data storage?

You always have the option to manage cookies in your browser according to your preferences. For example, if you do not want Vimeo to set cookies and collect information about you, you can delete or disable cookies in your browser settings at any time. Depending on the browser, this works a little differently. Please note that after disabling/deleting cookies, various functions may no longer be fully available. The following instructions show how to manage or delete cookies in your browser.

Chrome: Deleting, enabling, and managing cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Deleting cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and Managing Cookies

Microsoft Edge: Deleting and Managing Cookies

If you are a registered Vimeo member, you can also manage the cookies used in the settings at Vimeo.

Legal Basis

If you have consented to your data being processed and stored by embedded Vimeo elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in having quick and good communication with you or other customers and business partners. We only use the embedded Vimeo elements to the extent that you have given consent. Vimeo also sets cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

Vimeo processes data, among other places, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or a data transfer to such countries, Vimeo uses standard contractual clauses approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR). These clauses require Vimeo to maintain the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among others, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

Learn more about the use of cookies at Vimeo at https://vimeo.com/cookie_policy, information on data protection at Vimeo can be found at https://vimeo.com/privacy read more.

YouTube Privacy Policy

What is YouTube?

We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our page. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. Various data is transmitted (depending on settings). For all data processing in the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible.

In the following, we want to explain to you in more detail which data is processed, why we have embedded YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the past few years, YouTube has become one of the most important social media channels worldwide. In order to display videos on our website, YouTube provides a code snippet that we have embedded on our page.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to provide you with the best possible user experience on our website. And of course, interesting videos should not be missing. With our embedded videos, we provide you with additional helpful content alongside our texts and images. Additionally, our website is more easily found on the Google search engine due to the embedded videos. Even when we run ads through Google Ads, Google – thanks to the collected data – can really only show these ads to people who are interested in our offers.

What data is stored by YouTube?

As soon as you visit one of our pages that has an embedded YouTube video, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually associate your interactions on our website with your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information like browser type, screen resolution, or your internet provider. Additional data may include contact information, any ratings, sharing content via social media, or adding to your favorites on YouTube.

If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier linked to your device, browser, or app. For example, your preferred language setting is retained. However, many interaction data cannot be stored as fewer cookies are set.

In the following list, we show cookies that were set in a test in the browser. On one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim completeness because user data always depends on interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y111841788-1
Purpose: This cookie registers a unique ID to store statistics of the viewed video.
Expiration date: after session ends

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics about how you use YouTube videos on our website through PREF.
Expiration date: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track the GPS location.
Expiration date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts to estimate the user's bandwidth on our websites (with embedded YouTube video).
Expiration date: after 8 months

Other cookies that are set when you are logged in with your YouTube account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7111841788-
Purpose: This cookie is used to create a profile about your interests. The data is used for personalized advertisements.
Expiration date: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user's consent to the use of different Google services. CONSENT also serves security purposes to verify users and protect user data from unauthorized attacks.
Expiration date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile about your interests. This data helps to display personalized advertisements.
Expiration date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: This cookie stores information about your login data.
Expiration date: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile about your interests.
Expiration date: after 2 years

Name: SID
Value: oQfNKjAsI111841788-
Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.
Expiration date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the website and which advertisements you may have seen before visiting our site.
Expiration date: after 3 months

How long and where is the data stored?

The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. Under https://www.google.com/about/datacenters/inside/locations/?hl=de see exactly where the Google data centers are located. Your data is distributed across the servers. This makes the data more quickly accessible and better protected against manipulation.

The data collected is stored by Google for varying lengths of time. Some data can be deleted at any time, while others are automatically deleted after a limited time, and still others are stored by Google for longer periods. Some data (such as items from "My Activity," photos, or documents, products) stored in your Google account remain stored until you delete them. Even if you are not signed in to a Google account, you can delete some data linked to your device, browser, or app.

How can I delete my data or prevent data storage?

In principle, you can manually delete data in your Google account. With the automatic deletion feature for location and activity data introduced in 2019, information is stored for either 3 or 18 months depending on your choice and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. Depending on which browser you use, this works in different ways. The following instructions show how to manage cookies in your browser:

Chrome: Deleting, enabling, and managing cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Deleting cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and Managing Cookies

Microsoft Edge: Deleting and Managing Cookies

If you generally do not want cookies, you can set your browser to always inform you when a cookie is to be set. This way, you can decide whether to allow each individual cookie or not.

Legal Basis

If you have consented to the processing and storage of your data by embedded YouTube elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in quick and effective communication with you or other customers and business partners. We only use the embedded YouTube elements to the extent that you have given consent. YouTube also sets cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

YouTube processes data, among other things, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or for data transfer to such countries, YouTube uses standard contractual clauses approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR). These clauses require YouTube to maintain the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend the privacy policy at https://policies.google.com/privacy?hl=de.

Google Analytics Privacy Policy

This website uses the service "Google Analytics," which is offered by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyze website usage by users. The service uses "cookies" – text files that are stored on your device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.

Google LLC is certified under the EU-US Data Privacy Framework (DPF). Data transfer to the USA is based on this adequacy decision and additionally on the basis of standard contractual clauses.

https://tools.google.com/dlpage/gaoptout?hl=de

Legal basis: Art. 6 para. 1 lit. a GDPR (consent via cookie banner).

This website uses IP anonymization. The IP address of users is shortened within the member states of the EU and the European Economic Area. This shortening removes the personal reference of your IP address. As part of the data processing agreement that the website operators have concluded with Google Inc., Google creates an evaluation of website usage and website activity using the collected information and provides services related to internet usage.

You have the option to prevent the storage of cookies on your device by making the appropriate settings in your browser. It is not guaranteed that you will be able to access all features of this website without restrictions if your browser does not allow cookies.

Additionally, you can prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. by using a browser plugin. The following link will take you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=en
Here you can find more information about data usage by Google Inc.: https://support.google.com/analytics/answer/6004245?hl=en

Google Maps Privacy Policy

What is Google Maps?

We use Google Maps from Google Inc. on our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps, we can show you locations better and thus tailor our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google servers. Here we want to go into more detail about what Google Maps is, why we use this Google service, what data is stored, and how you can prevent this.

Google Maps is an internet mapping service from Google. With Google Maps, you can search online for exact locations of cities, attractions, accommodations, or businesses using a PC, tablet, or app. When businesses are represented on Google My Business, additional information about the company is displayed alongside the location. To show the route, map snippets of a location can be embedded in a website using HTML code. Google Maps displays the Earth's surface as a road map or as an aerial or satellite image. Thanks to the Street View images and high-quality satellite images, very accurate representations are possible.

Why do we use Google Maps on our website?

All our efforts on this page aim to provide you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. You can see at a glance where our company headquarters is located. The directions always show you the best or fastest way to us. You can retrieve the route for driving, public transport, walking, or cycling. For us, providing Google Maps is part of our customer service.

What data is stored by Google Maps?

In order for Google Maps to fully provide its service, the company must collect and store data from you. This includes, among other things, the search terms you enter, your IP address, and also the latitude and longitude coordinates. If you use the route planner function, the entered starting address is also stored. However, this data storage occurs on the Google Maps websites. We can only inform you about this, but we cannot influence it. Since we have integrated Google Maps into our website, Google sets at least one cookie (Name: NID) in your browser. This cookie stores data about your user behavior. Google primarily uses this data to optimize its own services and provide you with individual, personalized advertising.

The following cookie is set due to the integration of Google Maps in your browser:

Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ111841788-5
Purpose: NID is used by Google to tailor advertisements to your Google searches. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interactions with ads. This way, you always receive customized advertisements. The cookie contains a unique ID that Google uses to collect your personal settings for advertising purposes.
Expiration date: after 6 months

Note: We cannot guarantee completeness regarding the stored data. Especially with the use of cookies, changes can never be ruled out. To identify the cookie NID, a dedicated test page was created, which only included Google Maps.

How long and where is the data stored?

The Google servers are located in data centers around the world. However, most servers are located in America. For this reason, your data is increasingly stored in the USA. Here you can read exactly where the Google data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de

Google distributes data across various storage devices. This makes the data more quickly accessible and better protected against potential manipulation attempts. Each data center also has special emergency programs. For example, if there are issues with Google hardware or a natural disaster disrupts the servers, the data remains fairly secure.

Some data is stored by Google for a specified period. For other data, Google only provides the option to delete it manually. Furthermore, the company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.

How can I delete my data or prevent data storage?

With the automatic deletion feature for location and activity data introduced in 2019, information regarding location determination and web/app activity will be stored for either 3 or 18 months, depending on your choice, and then deleted. Additionally, you can manually delete this data from the history at any time via your Google account. If you want to completely prevent location tracking, you need to pause the "Web and App Activity" section in your Google account. Click on "Data and Personalization" and then on the "Activity Settings" option. Here you can turn activities on or off.

In your browser, you can also disable, delete, or manage individual cookies. Depending on which browser you use, this works slightly differently. The following instructions show how to manage cookies in your browser:

Chrome: Deleting, enabling, and managing cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Deleting cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and Managing Cookies

Microsoft Edge: Deleting and Managing Cookies

If you generally do not want cookies, you can set your browser to always inform you when a cookie is to be set. This way, you can decide whether to allow each individual cookie or not.

Please note that when using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are currently considered unsafe under European data protection law. Data may not simply be transferred to unsafe third countries, stored, and processed there unless there are appropriate guarantees (such as EU standard contractual clauses) between us and the non-European service provider.

Legal Basis

If you have consented to the use of Google Maps, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent serves as the legal basis for the processing of personal data, as may occur during the collection by Google Maps.

We also have a legitimate interest in using Google Maps to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We only use Google Maps to the extent that you have given consent.

If you want to learn more about Google’s data processing, we recommend the company’s own privacy policy at https://policies.google.com/privacy?hl=de.

Google reCAPTCHA Privacy Policy

What is reCAPTCHA?

Our primary goal is to secure and protect our website as best as possible for you and for us. To ensure this, we use Google reCAPTCHA from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA, we can determine whether you are indeed a human being and not a robot or other spam software. By spam, we mean any unwanted information that comes to us electronically without being requested. In classic CAPTCHAs, you usually had to solve text or image puzzles for verification. With Google’s reCAPTCHA, we usually do not have to bother you with such puzzles. In most cases, it is sufficient for you to simply check a box to confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don’t even have to check a box anymore. You will learn how this works and especially which data is used for it in the course of this privacy policy.

reCAPTCHA is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. This service is most commonly used when you fill out forms on the internet. A captcha service is a type of automated Turing test that is meant to ensure that an action on the internet is performed by a human and not by a bot. In the classic Turing test (named after computer scientist Alan Turing), a human determines the distinction between bot and human. In the case of captchas, this is also done by the computer or a software program. Classic captchas work with small tasks that are easy for humans to solve but pose significant difficulties for machines. With reCAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk techniques to distinguish humans from bots. Here, you only need to check the text box "I am not a robot," or with Invisible reCAPTCHA, even that is no longer necessary. In reCAPTCHA, a JavaScript element is embedded in the source code, and then the tool runs in the background and analyzes your user behavior. From these user actions, the software calculates a so-called captcha score. Google calculates with this score even before the captcha input how likely it is that you are a human. reCAPTCHA or captchas in general are used whenever bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

Why do we use reCAPTCHA on our website?

We only want to welcome people made of flesh and blood on our site. Bots or spam software of all kinds can comfortably stay at home. That’s why we are taking all measures to protect ourselves and offer you the best possible user experience. For this reason, we use Google reCAPTCHA from Google. This way, we can be quite sure that we remain a "bot-free" website. By using reCAPTCHA, data is transmitted to Google to determine whether you are really a human. So, reCAPTCHA serves the security of our website and consequently also your security. For example, without reCAPTCHA, it could happen that during a registration, a bot registers as many email addresses as possible to subsequently "spam" forums or blogs with unwanted advertising content. With reCAPTCHA, we can avoid such bot attacks.

What data is stored by reCAPTCHA?

reCAPTCHA collects personal data from users to determine whether actions on our website are truly performed by humans. Therefore, the IP address and other data that Google requires for the reCAPTCHA service may be sent to Google. IP addresses are almost always truncated within the member states of the EU or other contracting states of the Agreement on the European Economic Area before the data lands on a server in the USA. The IP address is not combined with other data from Google unless you are logged into your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already placed in your browser. Then, reCAPTCHA sets an additional cookie in your browser and captures a snapshot of your browser window.

The following list of collected browser and user data does not claim to be exhaustive. Rather, these are examples of data that, to our knowledge, are processed by Google.

Referrer URL (the address of the page from which the visitor comes)
IP address (e.g., 256.123.123.1)
Information about the operating system (the software that enables the operation of your computer. Known operating systems are Windows, Mac OS X, or Linux)
Cookies (small text files that store data in your browser)
Mouse and keyboard behavior (every action you perform with the mouse or keyboard is stored)
Date and language settings (which language or date you have preset on your PC is stored)
All JavaScript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under a name)
Screen resolution (indicates how many pixels the image representation consists of)

It is undisputed that Google uses and analyzes this data even before you click the checkbox "I am not a robot." In the Invisible reCAPTCHA version, even the checkbox is omitted, and the entire recognition process runs in the background. How much and what data Google exactly stores is not detailed by Google.

The following cookies are used by reCAPTCHA: We refer to the Google reCAPTCHA demo version at https://www.google.com/recaptcha/api2/demoAll these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set in the demo version:

Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-111841788-8
Purpose: This cookie is set by the company DoubleClick (also owned by Google) to register and report a user's actions on the website in relation to advertisements. This allows the effectiveness of the advertising to be measured and appropriate optimization measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiration date: after one year

Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Furthermore, the cookie can prevent a user from seeing the same advertisement more than once.
Expiration date: after one month

Name: ANID
Value: U7j1v3dZa1118417880xgZFmiqWppRWKOr
Purpose: We could not find many details about this cookie. In Google's privacy policy, the cookie is mentioned in connection with "advertising cookies" such as "DSID", "FLC", "AID", "TAID". ANID is stored under the domain google.com.
Expiration date: after 9 months

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user's consent to the use of different Google services. CONSENT also serves security purposes to verify users, prevent credential fraud, and protect user data from unauthorized attacks.
Expiration date: after 19 years

Name: NID
Value: 0WmuWqy111841788zILzqV_nmt3sDXwPeM5Q
Purpose: NID is used by Google to tailor advertisements to your Google searches. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interactions with ads. This way, you always receive tailored advertisements. The cookie contains a unique ID to collect personal user settings for advertising purposes.
Expiration date: after 6 months

Name: DV
Value: gEAABBCjJMXcI0dSAAAANbqc111841788-4
Purpose: Once you have checked the "I am not a robot" box, this cookie is set. The cookie is used by Google Analytics for personalized advertising. DV collects information in an anonymized form and is further used to make user distinctions.
Expiration date: after 10 minutes

Note: This list cannot claim completeness, as Google tends to change its choice of cookies repeatedly.

How long and where is the data stored?

By inserting reCAPTCHA, data from you is transmitted to the Google server. Google does not clearly state where exactly this data is stored, even after repeated inquiries. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website, or language settings are stored on European or American Google servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. The differing data protection regulations of Google apply.

How can I delete my data or prevent data storage?

If you do not want any data about you and your behavior to be transmitted to Google, you must completely log out of Google and delete all Google cookies before visiting our website or using the reCAPTCHA software. In principle, data is automatically transmitted to Google as soon as you access our site. To delete this data, you must contact Google support at https://support.google.com/?hl=de&tid=111841788 contact.

Therefore, by using our website, you agree that Google LLC and its representatives automatically collect, process, and use data.

Legal Basis

If you have consented to the use of Google reCAPTCHA, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent serves as the legal basis for the processing of personal data, as may occur during collection by Google reCAPTCHA.

We also have a legitimate interest in using Google reCAPTCHA to optimize and secure our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We only use Google reCAPTCHA to the extent that you have given consent.

You can learn more about reCAPTCHA on Google's web developer page at https://developers.google.com/recaptcha/. Google does provide more details on the technical development of reCAPTCHA, but precise information about data storage and data protection-related topics is also hard to find there. A good overview of the basic use of data at Google can be found in the company's own privacy policy at https://www.google.com/intl/de/policies/privacy/.

Shopify (shop software + web analytics)

a) Shopify shop software

To host our shop system and to present our offers and contract processing, we use "Shopify".

The legal basis is Art. 6 para. 1 lit. b) GDPR (Contract initiation/Contract processing).

"Shopify" is a service of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify processes data as a processor according to Art. 28 GDPR; a data processing agreement (DPA) has been concluded.

Shopify's infrastructure (Google Cloud Platform, Cloudflare) has been certified under the EU-US Data Privacy Framework (DPF) since 2024. Data transfers to the USA are based on this adequacy decision and additionally on the basis of standard contractual clauses (Art. 46 para. 2 GDPR).

Shopify processes the following data on our behalf: name, billing and possibly shipping address, email address, payment information, possibly company name, possibly phone number, IP address, information about orders, as well as information about your device and your internet browser.

https://www.shopify.de/legal/datenschutz

Shopify processes the following data on our behalf:

Name, billing and possibly delivery address, email address, payment data, possibly company name, possibly phone number, IP address, information about orders, information about the merchant shops supported by Shopify that you visit, as well as information about your device and your internet browser.

In addition, Shopify offers under

https://www.shopify.de/legal/datenschutz

further data protection information.

b) Shopify Web Analytics

To the extent that we also use the web analytics service of Shopify on our online presence, Shopify stores cookies on your device via your internet browser. Through these cookies, further information, such as location, time, or frequency of your visit to our online presence, is transmitted to and evaluated by a Shopify server.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis and optimization of our online presence.

If you do not agree with this processing, you have the option to prevent the storage of cookies by adjusting a setting in your internet browser. More information on this can be found above under "Cookies".

Shopify Payments

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered through the payment service provider Shopify Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process along with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data takes place exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. More information on the data protection of Shopify Payments can be found at the following internet address: https://www.shopify.com/legal/privacyYou can find data protection information about Stripe Payments Europe Ltd. here: https://stripe.com/de/privacy.

California Consumer Privacy Act (CCPA)

You can make privacy settings under this link if you are from California.

https://shop.thecooltool.com/pages/ccpa-opt-out

As of June 28, 2025, the Accessibility Strengthening Act (BFSG) applies to online shops in the EU. We are working to make our shop accessible in accordance with the requirements of the EU Directive 2019/882 (European Accessibility Act). If you have questions or comments regarding accessibility, please contact: shop@thecooltool.com.

All texts are protected by copyright.

Source: Privacy Generator by AdSimple®”

Item added to your cart

Data protection

Web Analytics

What is Web Analytics?

Why do we conduct web analytics?

Which data is processed?

Duration of data processing

Right of objection

Legal Basis

Google Consent Mode v2

Facebook Conversions API

Facebook Custom Audiences

Country/region

Language