Privacy Policy

Preamble

This privacy policy applies to the processing of personal data by SOS-Kinderdorf (Liechtenstein) e.V. (‘SOS-Kinderdorf’ or ‘we’) within the scope of its website (www.sos-kinderdorf.li). For websites of other providers, e.g. those referred to via links, the privacy policies and declarations applicable to those websites apply. We process personal data exclusively in accordance with the EU General Data Protection Regulation (‘GDPR’) and the Liechtenstein Data Protection Act (“DSG”).

With the following privacy policy, we would like to inform you about the types of personal data (hereinafter also referred to as ‘data’) we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as ‘online offering’).

The terms used are not gender-specific.

As of 16 June 2025

Responsible

SOS-Kinderdorf (Liechtenstein) e.V.

Zollstrasse 13

9494 Schaan

Telephone: +423 222 01 01

info@gemeinnuetzig.li

Website: www.sos-kinderdorf.li

Email address: www.gemeinnuetzig.li

Telephone: +423 222 01 01

Legal notice: https://www.gemeinnuetzig.li/de/impressum

Overview of processing

The following overview summarises the types of data processed and the purposes for which they are processed, and refers to the data subjects.

Types of data processed

  • Inventory data.

  • Payment data.

  • Contact data.

  • Content data.

  • Contract data.

  • Usage data.

  • Meta, communication and procedural data.

  • Log data.

  • Member data.

Categories of data subjects

  • Service recipients and clients.

  • Prospective customers.

  • Communication partners.

  • Users.

  • Members.

  • Business and contractual partners.

  • Donors.

  • Third parties.

Purposes of processing

  • Provision of contractual services and fulfilment of contractual obligations.

  • Communication.

  • Security measures.

  • Direct marketing.

  • Reach measurement.

  • Tracking.

  • Conversion measurement.

  • Target group formation.

  • Organisational and administrative procedures.

  • Feedback.

  • Marketing.

  • Profiles with user-related information.

  • Provision of our online offering and user-friendliness.

  • Information technology infrastructure.

  • Donation collection/fundraising.

  • Public relations and information purposes.

  • Public relations.

  • Business processes and business management procedures.

Relevant legal basis

Relevant legal bases under the GDPR: The following is an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or registered office. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.

  • Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

  • Membership agreement (statutes) (Art. 6 para. 1 sentence 1 lit. b) GDPR).

National data protection regulations in Lichtenstein: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Lichtenstein. These include, in particular, the Data Protection Act (DSG) and the Data Protection Ordinance (DSV).

Security measures

We take appropriate technical and organisational measures in accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transfer, security of availability and separation of the data. Furthermore, we have established procedures to ensure that data subjects can exercise their rights, that data is deleted and that responses are provided in the event of a threat to the data. Furthermore, we take the protection of personal data into account during the development and selection of hardware, software and procedures in accordance with the principle of data protection, through technical design and data protection-friendly default settings.

Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies we use and the processing of a complete IP address is not necessary, the IP address is shortened (also known as ‘IP masking’). In this case, the last two digits or the last part of the IP address after a dot are removed or replaced by placeholders. The purpose of shortening the IP address is to prevent or significantly impede the identification of a person based on their IP address.

Securing online connections through TLS/SSL encryption technology (HTTPS): We use TLS/SSL encryption technology to protect user data transmitted via our online services from unauthorised access. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorised access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transmission of personal data

In the course of our processing of personal data, it may happen that this data is transferred to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure that your data is protected.

Data transfer within the organisation: We may transfer personal data to other departments or units within our organisation or grant them access to it. If the data is transferred for administrative purposes, this is based on our legitimate business and economic interests or is necessary to fulfil our contractual obligations or if the data subject has given their consent or if we have legal permission to do so.

International data transfers

Data processing in third countries: If we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies (which can be identified by the postal address of the respective provider or if the data protection declaration expressly refers to the transfer of data to third countries), this is done in accordance with the provisions of the GDPR. transferring data to other persons, bodies or companies (which can be identified by the postal address of the respective provider or if the privacy policy expressly refers to the transfer of data to third countries), this is always done in accordance with the legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of the EU Commission on 10 July 2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations for the protection of your data.

This double safeguard ensures comprehensive protection of your data: The DPF forms the primary level of protection, while the standard contractual clauses serve as additional security. Should changes arise within the framework of the DPF, the standard contractual clauses will serve as a reliable fallback option. In this way, we ensure that your data remains adequately protected even in the event of political or legal changes.

We will inform you whether individual service providers are certified under the DPF and whether standard contractual clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

Appropriate security measures, in particular standard contractual clauses, express consent or transfers required by law, apply to data transfers to other third countries. Information on transfers to third countries and applicable adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consent is revoked or there are no further legal grounds for processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule apply if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection information contains additional information on the storage and deletion of data that applies specifically to certain processing operations.

If there are several specifications regarding the storage period or deletion periods for a piece of data, the longest period shall always apply.

If a period does not expressly begin on a specific date and is at least one year, it shall automatically commence at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the period shall be the date on which the termination or other termination of the legal relationship takes effect.

Data that is no longer required for the originally intended purpose but is retained due to legal requirements or other reasons will be processed by us exclusively for the reasons that justify its retention.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

  • Right to withdraw consent: You have the right to withdraw your consent at any time.

  • Right to information: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with the legal requirements.

  • Right to rectification: In accordance with the legal requirements, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be deleted immediately or, alternatively, in accordance with legal requirements, to request that the processing of the data be restricted.

  • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller in accordance with legal requirements.

  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Performance of tasks pursuant to statutes or rules of procedure

We process the data of our members, supporters, interested parties, business partners or other persons (collectively referred to as ‘data subjects’) if we have a membership or other business relationship with them and perform our tasks and are recipients of services and benefits. Otherwise, we process the data of data subjects on the basis of our legitimate interests, e.g. in the case of administrative tasks or public relations work.

The data processed in this context, the type, scope and purpose of the processing and the necessity of the processing are determined by the underlying membership or contractual relationship, which also determines the necessity of any data provided (we will otherwise indicate which data is required).

We delete data that is no longer required for the fulfilment of our statutory and business purposes. This is determined in accordance with the respective tasks and contractual relationships. We store the data for as long as it may be relevant for business transactions and with regard to any warranty or liability obligations based on our legitimate interest in their regulation. The necessity of storing the data is reviewed regularly; otherwise, the statutory retention obligations apply.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); contract data (e.g. subject matter of the contract, term, customer category); membership data (e.g. personal data such as name, age, gender, contact details (e-mail address, telephone number), membership number, information about membership fees, participation in events, etc.). Payment data (e.g. bank details, invoices, payment history).

  • Data subjects: Members; interested parties; donors. Third parties.

  • Purposes of processing: Communication; organisational and administrative procedures; fundraising. Public relations and information purposes.

  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Membership agreement (statutes) (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing operations, procedures and services:

  • Donation collection and fundraising: Procedures include planning and implementing donation collection campaigns, managing donor data and communicating with donors and potential sponsors. Planning campaigns involves developing strategies, setting goals and selecting channels for fundraising. Campaigns are carried out by initiating and implementing specific fundraising activities, collecting donations via online platforms, events and direct contact. The management of donor data includes the collection, updating and analysis of data to optimise future campaigns. Communication with donors and potential sponsors takes place via personalised messages, thank-you letters and regular updates on project successes and the use of funds. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), membership agreement (statutes) (Art. 6(1)(b) GDPR).

Payment procedures

Within the framework of contractual and other legal relationships, based on legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use additional service providers (collectively referred to as ‘payment service providers’) for this purpose in addition to banks and credit institutions.

The data processed by the payment service providers includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. The information is necessary to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. This means that we do not receive any account or credit card information, but only information confirming or denying the payment. Under certain circumstances, the data may be transferred by the payment service providers to credit agencies. The purpose of this transfer is to verify identity and creditworthiness. For more info, check out the payment service providers' terms and conditions and privacy policies.

Payment transactions are subject to the terms and conditions and privacy policies of the respective payment service providers, which can be found on their websites or in the transaction apps. We also refer you to these for further info and to exercise your rights of withdrawal, information and other rights as a data subject.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject matter of the contract, term, customer category); usage data (e. e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved).

  • Data subjects: Service recipients and clients; business and contractual partners. Interested parties.

  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations. Business processes and business procedures.

  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.

  • Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Mastercard: Payment services (technical connection of online payment methods); Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal basis: Fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.mastercard.de/de-de.html. Privacy policy: https://www.mastercard.de/de-de/datenschutz.html.

  • Visa: Payment services (technical connection of online payment methods); Service provider: Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, GB; Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.visa.de. Privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

  • Crypto: Providing your email address is voluntary and constitutes the only processing of personal data.

  • LiPay: Liechtensteinische Landesbank (LLB) processes data during the transaction. For more information, please visit: https://llb.li/de/datenschutz

Provision of online services and web hosting

We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

  • Types of data processed: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved); log data (e.g. log files relating to logins or the retrieval of data or access times). Content data (e.g. textual or pictorial messages and contributions, as well as information relating to them, such as details of authorship or time of creation).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of processing: Provision of our online offering and user-friendliness; IT infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)). Security measures.

  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Provision of online services on rented storage space: To provide our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from an appropriate server provider (also known as a ‘web host’); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Collection of access data and log files: Access to our online offering is logged in the form of so-called ‘server log files’. The server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to prevent server overload (especially in the case of malicious attacks, known as DDoS attacks), and to ensure server utilisation and stability. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data that must be retained for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

  • Email dispatch and hosting: The web hosting services we use also include the sending, receiving and storage of emails. For these purposes, the addresses of the recipients and senders as well as further information relating to the sending of emails (e.g. the providers involved) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails sent via the Internet are generally not encrypted. As a rule, emails are encrypted during transmission, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We therefore cannot accept any responsibility for the transmission of emails between the sender and the recipient on our server; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Data collection when visiting our website

Each time the website www.gemeinnuetzig.li is accessed, data and information from the computer system of the accessing computer are automatically collected. The following data is collected:

  • Full IP address of the requesting computer

  • Date and time of access

  • Name of the requested file

  • Page from which the file was requested

  • Access status (file transferred, file not found, etc.)

  • Web browser and operating system used

  • Amount of data transferred

We cannot draw any conclusions about individual persons from this data. The information is stored for a maximum of three months. Storage serves the purpose of data security (e.g. to defend against attack attempts) and to ensure stable and reliable operation.

Our website is hosted by Vercel Inc. (USA), with a data centre in Frankfurt am Main. Vercel is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection in accordance with Art. 45 GDPR.

We use Storyblok, a content management system based in Austria, to manage our content. Editorial content, images and files are stored there. When this content is accessed, technically necessary access data (e.g. IP address and time) is transmitted to Storyblok. Processing is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR) and on the basis of a data processing agreement in accordance with Art. 28 GDPR.

Use of cookies

The term ‘cookies’ refers to functions that store information on users' end devices and read it from them. Cookies can also be used for various purposes, such as to ensure the functionality, security and convenience of online services and to analyse visitor traffic. We use cookies in accordance with legal requirements. To do so, we obtain the consent of users in advance, where necessary. If consent is not necessary, we rely on our legitimate interests. This applies if the storage and retrieval of information is essential in order to provide expressly requested content and functions. This includes, for example, the storage of settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about the scope of cookies and which cookies are used.

Information on the legal basis for data protection: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage duration: With regard to the storage duration, a distinction is made between the following types of cookies:

  • Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes their end device (e.g. browser or mobile application).

  • Permanent cookies: Permanent cookies remain stored even after the end device is closed. This allows, for example, the login status to be stored and preferred content to be displayed directly when the user visits a website again. The user data collected using cookies may also be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g. when obtaining consent), they should assume that these are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to the processing in accordance with the legal requirements, including through the privacy settings of their browser.

  • Types of data processed: Meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing processes, procedures and services:

  • Processing of cookie data based on consent: We use a consent management solution that obtains the consent of users for the use of cookies or for the procedures and providers specified in the consent management solution. This procedure serves to obtain, log, manage and revoke consent, in particular with regard to the use of cookies and similar technologies that are used to store, read and process information on users' end devices. As part of this procedure, users' consent is obtained for the use of cookies and the associated processing of information, including the specific processing and providers specified in the consent management procedure. Users also have the option of managing and revoking their consent. The declarations of consent are stored in order to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. Storage takes place on the server side and/or in a cookie (known as an opt-in cookie) or using comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information about the providers of consent management services is available, the following general information applies: The consent is stored for up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information about the scope of consent (e.g. categories of cookies and/or service providers concerned) and information about the browser, the system and the end device used; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Blogs and publication media

We use blogs or similar means of online communication and publication (hereinafter referred to as ‘publication media’). Readers' data is only processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers or for security reasons. For further information, please refer to the information on the processing of visitors to our publication medium in this privacy policy.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or pictorial messages and contributions as well as information relating to them, such as information on authorship or time of creation); usage data (e. e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of processing: Feedback (e.g. collection of feedback via online form). Provision of our online offering and user-friendliness.

  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Contact and enquiry management

When you contact us (e.g. by post, contact form, email, telephone or social media) and within the scope of existing user and business relationships, the information provided by the enquirer will be processed to the extent necessary to respond to the contact enquiry and any requested measures.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or pictorial messages and posts, as well as information relating to them, such as information about authorship or the time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved).

  • Data subjects: Communication partners.

  • Purposes of processing: Communication; organisational and administrative procedures; feedback (e.g. collection of feedback via online form). Provision of our online offering and user-friendliness.

  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing processes, procedures and services:

  • Contact form: When you contact us via our contact form, by email or other means of communication, we process the personal data you provide to respond to and process your enquiry. This usually includes information such as your name, contact details and, if applicable, other information that you provide and that is necessary for the proper processing of your enquiry. We use this data exclusively for the stated purpose of establishing contact and communication; Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Newsletter and electronic notifications

We send newsletters, emails and other electronic notifications (hereinafter referred to as ‘newsletters’) only with the consent of the recipient or on the basis of a legal basis. If the content of the newsletter is specified during registration, this content is decisive for the consent of the user. To subscribe to our newsletter, it is usually sufficient to provide your email address. However, in order to provide you with a personalised service, we may ask you to provide your name so that we can address you personally in the newsletter, or for further information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store the email addresses that have been unsubscribed for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently comply with objections, we reserve the right to store the email address in a block list (so-called ‘block list’) for this purpose only.

The registration process is logged on the basis of our legitimate interests for the purpose of proving that it has been carried out correctly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure delivery system.

Content:

Information about us, our services, promotions and offers.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved). Usage data (e.g. page views and duration of visit, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).

  • Data subjects: Communication partners.

  • Purposes of processing: Direct marketing (e.g. by email or post).

  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

  • Right to object (opt-out): You can unsubscribe from our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Further information on processing, procedures and services:

  • Measurement of opening and click rates: The newsletters contain a so-called ‘web beacon’, i.e. a pixel-sized file that is retrieved from our server or, if we use a mailing service provider, from their server when the newsletter is opened. During this retrieval, technical information such as information about your browser and your system, as well as your IP address and the time of retrieval, are initially collected. This information is used to improve the technical performance of our newsletter based on technical data or the target groups and their reading behaviour based on their access locations (which can be determined using the IP address) or access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The information is assigned to the individual newsletter recipients and stored in their profiles until deletion. The evaluations serve to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of opening and click rates and the storage of the measurement results in the user profiles - This text area must be unlocked with a Premium licence. -

  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Web analysis, monitoring and optimisation

Web analysis (also known as ‘reach measurement’) is used to evaluate visitor flows to our online offering and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify at what times our online offering or its functions or content are used most frequently, or invite users to reuse them. It also enables us to identify areas that require optimisation.

In addition to web analysis, we may also use test procedures to test and optimise different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarised for a usage process, may be created for these purposes and information may be stored in a browser or on a device and then read. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, the processing of location data is also possible.

In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored in the context of web analysis, A/B testing and optimisation, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Information on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.

  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’. Storage of cookies for up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of two years).

  • Security measures: IP masking (pseudonymisation of the IP address).

  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Google Analytics: We use Google Analytics to measure and analyse the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a terminal device in order to recognise which content users have accessed within one or more usage sessions, which search terms they have used, whether they have accessed them again or interacted with our online offering. The time of use and duration of use are also stored, as well as the sources of users who refer to our online offering and technical aspects of their end devices and browsers. Pseudonymous user profiles are created using information from the use of various devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based equivalents). For EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being deleted immediately. It is not logged, is not accessible and is not used for any other purpose. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before traffic is forwarded to Analytics servers for processing; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymisation of the IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms), Data Privacy Framework (DPF) standard contractual clauses ( https://business.safety.google/adsprocessorterms); Right to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).

  • Google Tag Manager: We use Google Tag Manager, a Google software that allows us to centrally manage so-called website tags via a user interface. Tags are small code elements on our website that are used to record and analyse visitor activity. This technology helps us to improve our website and the content offered on it. Google Tag Manager itself does not create user profiles, store cookies with user profiles or carry out independent analyses. Its function is limited to simplifying and making the integration and management of tools and services that we use on our website more efficient. Nevertheless, when using Google Tag Manager, the IP address of the user is transmitted to Google, which is necessary for technical reasons in order to implement the services we use. Cookies may also be set in the process. However, this data processing only takes place if services are integrated via Tag Manager. For more detailed information about these services and their data processing, please refer to the further sections of this privacy policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms. Basis for transfers to third countries: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms), Data Privacy Framework (DPF) Standard Contractual Clauses ( https://business.safety.google/adsprocessorterms).

Online marketing

We process personal data for the purpose of online marketing, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as ‘content’) based on the potential interests of users and the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called ‘cookie’) or similar procedures are used to store information about the user that is relevant for the presentation of the aforementioned content. This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used, and information on usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

In addition, the IP addresses of users are stored. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored as part of the online marketing process, but rather pseudonyms. This means that neither we nor the providers of the online marketing processes know the actual identity of the users, but only the information stored in their profiles.

The statements in the profiles are usually stored in cookies or using similar methods. These cookies can generally also be read later on other websites that use the same online marketing process, analysed for the purpose of displaying content, supplemented with further data and stored on the server of the online marketing process provider.

In exceptional cases, it is possible to assign clear data to profiles, primarily if the users are members of a social network whose online marketing method we use and the network links the user profiles with the aforementioned information. Please note that users can enter into additional agreements with the providers, for example by giving their consent during registration.

We generally only have access to aggregated information about the success of our advertisements. However, we can use conversion measurements to determine which of our online marketing methods have led to a conversion, i.e. to a contract being concluded with us. Conversion measurements are used solely to analyse the success of our marketing measures.

Unless otherwise stated, please assume that cookies are stored for a period of two years.

Legal basis: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Information on revocation and objection:

We refer you to the privacy policies of the respective providers and the options for objection (so-called ‘opt-out’) specified by the providers. If no explicit opt-out option has been provided, you may disable cookies in your browser settings. However, this may restrict the functionality of our online offering. We therefore recommend the following additional opt-out options, which are summarised and grouped by region:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-regional: https://optout.aboutads.info.

  • Types of data processed: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behaviour-based profiling, use of cookies); target group formation; marketing; profiles with user-related information (creation of user profiles). Conversion measurement (measurement of the effectiveness of marketing measures).

  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’. Storage of cookies for up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of two years).

  • Security measures: IP masking (pseudonymisation of the IP address).

  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Google Ads and conversion measurement: Online marketing process for the purpose of placing content and advertisements within the service provider's advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who are likely to be interested in the advertisements. In addition, we measure the conversion of the ads, i.e. whether users have taken the opportunity to interact with the ads and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF), Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing conditions between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms.

Presence on social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users, for example because it may make it more difficult to enforce user rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behaviour and resulting interests of users. The latter may in turn be used to place advertisements within and outside the networks that are likely to correspond to the interests of users. For this reason, cookies are usually stored on users' computers, in which the usage behaviour and interests of users are stored. In addition, data may also be stored in the user profiles independently of the devices used by users (in particular if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

In the event of requests for information and the assertion of data subject rights, we would also like to point out that these can be most effectively asserted with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. However, if you require assistance, please contact us.

  • Types of data processed: Contact details (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and posts, as well as information relating to them, such as details of authorship or time of creation). Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of processing: Communication; feedback (e.g. collection of feedback via online form). Public relations.

  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

  • Instagram: Social network that allows users to share photos and videos, comment on and like posts, send messages, and subscribe to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy policy: https://privacycenter.instagram.com/policy/. Legal basis for transfers to third countries: Data Privacy Framework (DPF), Data Privacy Framework (DPF).

  • Facebook pages: Profiles within the Facebook social network – Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not the further processing) of data from visitors to our Facebook page (known as a ‘fan page’). This data includes information about the types of content users view or interact with, or the actions they take (see ‘Things you and others do and provide’ in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices users use (e.g. IP addresses, operating system, browser type, language settings, cookie data; see ‘Device Information’ in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under ‘How do we use this information?’, Facebook also collects and uses information to provide analytics services, known as ‘Page Insights’, to page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook (‘Information about Page Insights’, https://www.facebook.com/legal/terms/page_controller_addendum) which specifically regulates the security measures Facebook must observe and in which Facebook has agreed to comply with the rights of data subjects (i.e. users can, for example, submit information or deletion requests directly to Facebook). The rights of users (in particular the right to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the ‘Information on Page Insights’ (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular with regard to the transfer of data to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/. Basis for transfers to third countries: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum), Data Privacy Framework (DPF) Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).

  • LinkedIn: Social network – Together with LinkedIn Ireland Unlimited Company, we are responsible for the collection (but not the further processing) of visitor data used to generate the ‘Page Insights’ (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as the actions they take. Details about the devices used are also collected, such as IP addresses, operating system, browser type, language settings and cookie data, as well as information from user profiles, such as job title, country, industry, hierarchy level, company size and employment status. Information on data protection relating to the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.We have entered into a special agreement with LinkedIn Ireland (‘Page Insights Joint Controller Addendum’, https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures that LinkedIn must observe and in which LinkedIn has agreed to fulfil the rights of data subjects (i.e. users can, for example, submit requests for information or deletion directly to LinkedIn). The rights of users (in particular the right to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular with regard to the transfer of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa), Data Privacy Framework (DPF) Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

  • YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF), Data Privacy Framework (DPF). Opt-out option: https://myadcenter.google.com/personalizationoff.

Plug-ins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as ‘third-party providers’). These may include graphics, videos or city maps (hereinafter referred to uniformly as ‘content’).

The integration always requires that the third-party providers of this content process the IP address of the users, as they would not be able to send the content to their browsers without the IP address. The IP address is therefore necessary for the display of this content or these functions. We endeavour to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, but may also be linked to such information from other sources.

Information on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of processing: Provision of our online offering and user-friendliness; measurement of reach (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest-based/behavioural profiling, use of cookies); target group formation. Marketing.

  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’. Storage of cookies for up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of two years).

  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF), Data Privacy Framework (DPF). Right to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://myadcenter.google.com/personalizationoff.

  • YouTube videos: Videos stored on YouTube are embedded within our online offering. These YouTube videos are integrated via a special domain using the ‘youtube-nocookie’ component in the so-called ‘extended data protection mode’. In ‘extended data protection mode’, only information that your IP address, browser and device information may be stored on your device in cookies or using similar methods that YouTube requires for the display, control and optimisation of the video ad until the video is started. As soon as you play the videos, additional information may be processed by YouTube for the purpose of analysing usage behaviour, storing it in the user profile and personalising content and advertisements. The storage period for the cookies can be up to two years; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF), Data Privacy Framework (DPF). Further information: https://support.google.com/youtube/answer/171780?hl=de-DE#zippy=%2Cturn-on-privacy-enhanced-mode%2Cerweiterten-datenschutzmodus-aktivieren.

Advertising communication via email, post, fax or telephone

We process personal data for the purposes of advertising communication, which may take place via various channels, such as email, telephone, post or fax, in accordance with the legal requirements.

The recipients have the right to revoke their consent at any time or to object to advertising communication at any time.

After revocation or objection, we will store the data necessary to prove the previous authorisation for contact or sending up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defence against claims. On the basis of the legitimate interest in permanently observing the revocation or objection of users, we also store the data necessary to avoid renewed contact (e.g. depending on the communication channel, the email address, telephone number, name).

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers). Content data (e.g. textual or pictorial messages and posts, as well as information relating to them, such as details of authorship or time of creation).

  • Data subjects: Communication partners.

  • Purposes of processing: Direct marketing (e.g. by email or post); marketing. Sales promotion.

  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.

  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Eye-Able

Eye-Able® is software from Web Inclusion GmbH that ensures barrier-free access to information on the Internet for all people. The necessary files, such as JavaScript, style sheets and images, are loaded from an external server. When functions are activated, Eye-Able uses the browser's local storage to save the settings. All settings are only stored locally and are not transferred further.

To ward off attacks and provide our service in near real time, Eye-Able® uses the Content Delivery Network (CDN) from BunnyWay d.o.o. (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia). This is done for the purpose of fulfilling our contract with our customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR). All transmitted data and servers remain within the EU at all times to enable data processing in accordance with the GDPR. Web Inclusion GmbH does not collect or analyse personal user behaviour or other personal data at any time.

To ensure data processing in accordance with data protection regulations, Web Inclusion GmbH has concluded data processing agreements with our hosting providers IONOS and BunnyWay.

Further information can be found in the privacy policies:

https://eye-able.com/datenschutz/

https://bunny.net/privacy

Data security

When you visit our website, we use the widely used SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser. You can recognise whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the address bar of your browser.

In addition, we use other appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

General disclaimer

We are not liable in any way for any direct or indirect damage or consequential damage resulting from the use of software, information and materials from our websites or from access via links to other websites. We do not guarantee that information, software, documents or other data available via one of the websites are free of viruses or other harmful components.

Disclaimer for links and their content

Our website may provide links to other websites or resources. As we have no influence over these websites, we cannot accept any liability for their availability, nor can we recommend or accept any responsibility or liability for the content, advertising, products or other materials available on or through such websites or resources. Furthermore, we accept no direct or indirect responsibility or liability for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods or services available on or through any such external websites or resources.

Applicable version

This privacy policy is currently valid and was last updated in June 2025. Due to the further development of our website or changes in legal or regulatory requirements, it may be necessary to amend this privacy policy. The current privacy policy can be accessed and printed out at any time on our website.