Privacy policy

With the following privacy policy, we would like to explain to you what types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Status: 29 February 2024

Mark Weisgerber
Reschstr. 10
82418 Murnau am Staffelsee, Germany

E-mail address: info@fellow.dog

Imprint: https://www.fellow.dog/imprint

The website data is hosted securely in Germany.
All data is transmitted in encrypted form via SSL.

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Inventory data.
• Contact data.
• Content data.
• Usage data.
• Meta, communication and process data.

Categories of data subjects

• Communication partners.
• Users.

Purposes of the processing

• Provision of contractual services and customer service.
• Contact requests and communication.
• Security measures.
• Managing and responding to requests.
• Feedback.
• Provision of our online services and user-friendliness.
• Information technology infrastructure.

Users' passwords are not stored in plain text. We use advanced technologies so that they are useless to outsiders in the event of loss.

The user can optionally transmit their exact location to the browser. This only happens locally on the user's device and is not transmitted to us. We process coordinates requested by the user into location data (trash cans, etc.) and discard them immediately so that we never know where a user is.

Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or several specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GD PR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GD PR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. The data protection laws of the individual federal states may also apply.

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a full IP address is not required, the IP address is truncated (also known as "IP masking"). The last two digits or the last part of the IP address after a dot are removed or replaced by placeholders. The purpose of shortening the IP address is to prevent or make it much more difficult to identify a person by their IP address.

TLS encryption (https): In order to protect your data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data will only be transferred if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), express consent or in the case of contractual or legally required transfer (Art. 49 para. 1 GDPR). In addition, we will inform you of the basis for third country transfers with the individual providers from the third country, whereby the adequacy decisions take precedence. Information on third country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure as part of the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. As part of the data protection information, we will inform you which service providers we use are certified under the Data Privacy Framework.

Rights of data subjects under the GDPR: You, as a data subject, have various rights under the GDPR, particularly arising from Articles 15 to 21 of the GDPR:

• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw your consent at any time.
• Right to information: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and further information and a copy of the data according to legal requirements.
• Right to rectification: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you or the completion of incomplete personal data concerning you according to legal requirements.
• Right to erasure and restriction of processing: Subject to legal requirements, you have the right to request the erasure of personal data concerning you without undue delay or alternatively, to request restriction of processing according to legal requirements.
• Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller according to legal requirements.
• Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Cookies are small text files or other storage mechanisms that store information on your device and retrieve information from your device. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the functions used in an online offering. Cookies can also be used for various purposes, such as for the functionality, security, and convenience of online offerings as well as for creating analyses of visitor flows.

Consent Information: We use cookies in accordance with legal regulations. Therefore, we obtain your prior consent unless it is not legally required. Consent is not required, in particular, if the storage and retrieval of information, including cookies, are absolutely necessary to provide you with a telemedia service expressly requested by you (i.e., our online offering). Cookies that are absolutely necessary usually include cookies with functions related to the display and functionality of the online offering, load balancing, security, storage of user preferences and choices, or similar purposes related to the provision of the main and ancillary functions of the online offering requested by you. The revocable consent is clearly communicated to you and contains information about the respective cookie usage.

Information about Data Protection Legal Bases: The data protection legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If you consent, the legal basis for processing your data is the declared consent. Otherwise, data processed using cookies are based on our legitimate interests (e.g., in the economical operation of our online offering and improving its usability) or, if it is necessary to fulfill our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We will inform you about the purposes for which we process cookies during this privacy policy or as part of our consent and processing processes.

Storage Period: Regarding the storage period, the following types of cookies are distinguished:

• Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after you leave an online offering and close your device (e.g., browser or mobile application).
• Persistent Cookies: Persistent cookies remain stored even after closing the device. For example, the login status can be stored or preferred content can be displayed directly when you revisit a website. Likewise, the data collected using cookies can be used for reach measurement. If we do not provide explicit information about the type and storage period of cookies (e.g., as part of obtaining consent), you should assume that cookies are permanent and the storage period can be up to two years.

General Information on Revocation and Objection (so-called "Opt-Out"): You can revoke the consents you have given at any time and object to the processing in accordance with legal requirements. To do so, you can restrict the use of cookies in your browser settings (which may also restrict the functionality of our online offering). Objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com.

• Legal Bases: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR). Consent (Art. 6 para. 1 p. 1 lit. a) GDPR).

Further Information on Processing Processes, Procedures, and Services: 

• Processing of Cookie Data Based on Consent: We use a consent management solution to obtain user consent for the use of cookies or for the procedures and providers mentioned as part of the consent management solution. This procedure is used to obtain, log, manage, and revoke consents, especially with regard to the use of cookies and similar technologies used to store, read, and process information on users' devices. As part of this process, user consents for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management process, are obtained. Users also have the option to manage and revoke their consents. The consent declarations are stored to avoid repeated queries and to be able to provide evidence of consent in accordance with legal requirements. Storage is done server-side and/or in a cookie (so-called opt-in cookie) or similar technologies to associate consent with a specific user or device. If there are no specific details about the providers of consent management services, the following general information applies: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information about the scope of consent (e.g., relevant categories of cookies and/or service providers), and information about the browser, system, and device used; Legal Basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR).

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

• Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status); content data (e.g. entries in online forms).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web host"); legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Collection of access data and log files: Access to our online offering is recorded in the form of so-called "server log files". The server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used for security purposes, e.g. to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and to ensure server utilization and stability; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
• Sending and hosting emails: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, emails are encrypted in transit, but not on the servers from which they are sent and received (unless an end-to-end encryption method is used). We can therefore assume no responsibility for the transmission path of the emails between the sender and receipt on our server; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Users can create a user account. As part of the registration process, users are informed of the necessary mandatory information and processed for the purpose of providing the user account based on contractual performance. The processed data includes, in particular, the login information (username, password, and an email address).

As part of the use of our registration and login functions as well as the use of the user account, we store the IP address and the timestamp of the respective user action. Storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. In principle, these data are not disclosed to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed via email about transactions relevant to their user account, such as technical changes.

• Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected Persons: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Management and response to inquiries. Provision of our online offering and user-friendliness.
• Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Further Information on Processing Processes, Procedures, and Services:

• Registration with Pseudonyms: Users may use pseudonyms instead of real names as usernames; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).
• User Profiles are Public: User profiles are publicly visible and accessible.
• Adjustment of Profile Visibility: Users can determine through settings the extent to which their profiles are visible or accessible to the public or only to specific groups of people; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).
• No Data Retention Obligation: Users are responsible for securing their data upon termination before the end of the contract. We are entitled to irrevocably delete all data stored during the contract period of the user; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).

The community features we provide allow users to engage in conversations or other exchanges with each other. Please note that the use of community features is only permitted in compliance with applicable laws, our terms and policies, as well as the rights of other users and third parties.

• Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected Persons: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations. Security measures.
• Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).

Further Information on Processing Processes, Procedures, and Services:

• User Contributions are Public: User-generated contributions and content are publicly visible and accessible; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).
• Adjustment of Contribution Visibility: Users can determine through settings the extent to which their contributions and content are visible or accessible to the public or only to specific individuals or groups; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).
• Storage of Data for Security Purposes: User contributions and other inputs are processed for the purposes of community and conversation functions and, subject to legal obligations or permissions, not disclosed to third parties. An obligation to disclose may arise, in particular, in the case of unlawful contributions for the purpose of legal prosecution. We would like to point out that, in addition to the content of the contributions, their time and the IP address of the users are also stored. This is done in order to be able to take appropriate measures to protect other users and the community; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).
• Limited Deletion of Conversation Contributions: Out of consideration for other users, conversation contributions of the user remain stored even after termination and account deletion so that conversations, comments, advice, or similar communications between and among users do not lose their meaning or reverse. Usernames are deleted or pseudonymized, unless they already represented pseudonyms. Users can request the complete deletion of conversation contributions from us at any time; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).
• Protection of Own Data: Users decide themselves which data they disclose about themselves within our online offering. For example, when users provide information about themselves or participate in conversations. We ask users to protect their data and to only publish personal data thoughtfully and only to the extent necessary. In particular, we ask users to note that they must protect their access data very carefully and use secure passwords (i.e., especially as long and random combinations of characters); Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data is only processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers or for security reasons. For further information, please refer to the information on the processing of visitors to our publication medium in this data protection notice.

• Processed data types: Inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of Processing: Provision of contractual services and customer support; Feedback (e.g. collecting feedback via online form); Provision of our online services and usability; Contact requests and communication; Managing and responding to inquiries; Security measures.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing processes, procedures and services:

• Comments and contributions: If users leave comments or other contributions, their IP addresses may be stored on the basis of our legitimate interests. This is done for our security in case someone leaves illegal content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves may be prosecuted for the comment or post and are therefore interested in the identity of the author. Furthermore, we reserve the right to process user data for the purpose of spam detection on the basis of our legitimate interests. On the same legal basis, we reserve the right to store users' IP addresses for the duration of surveys and to use cookies in order to avoid multiple votes. The personal information provided in the context of comments and contributions, any contact and website information as well as the content information will be stored permanently by us until the user objects; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Comment subscriptions: Users can subscribe to the follow-up comments with their consent. Users will receive a confirmation email to verify that they are the owner of the email address entered. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will contain information on how to unsubscribe. For the purposes of proving the user's consent, we store the time of registration together with the user's IP address and delete this information when users unsubscribe from the subscription. You can cancel your subscription at any time, i.e. revoke your consent. We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time; legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

When contacting us (e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relationships, the information of the inquiring persons is processed insofar as this is necessary to answer the contact inquiries and any requested measures.

• Processed data types: Contact data (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
• Data subjects: Communication partners.
• Purposes of Processing: Contact requests and communication; Managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online services and usability.
• Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

Further information on processing processes, procedures and services:

• Contact form: If users contact us via our contact form, e-mail or other communication channels, we process the data provided to us in this context to process the communicated request; legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

We only send newsletters, emails, and other electronic notifications (hereinafter "newsletter") with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described within the scope of registration, they are decisive for the consent of the users. In general, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal address in the newsletter, or further information if necessary for the purposes of the newsletter.

Double Opt-In Procedure: The registration for our newsletter generally takes place in a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with foreign email addresses. Newsletter registrations are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the shipping service provider are also logged.

Deletion and Restriction of Processing: We may store deregistered email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of possible defense of claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration procedure is based on our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send emails, this is based on our legitimate interests in an efficient and secure delivery system.

Contents:

Information about us, our services, promotions, and offers.

• Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected Persons: Communication partners.
• Purposes of Processing: Direct marketing (e.g., by email or post).
• Legal Bases: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR).
• Opt-Out Option: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You can find a link to unsubscribe from the newsletter either at the end of each newsletter or you can use one of the contact options provided above, preferably email, for this purpose.

We process personal data for the purpose of advertising communication, which can be carried out via various channels, such as email, telephone, post, or fax, in accordance with legal requirements.

Recipients have the right to revoke any consent given at any time or to object to advertising communication at any time.

After revocation or objection, we store the data necessary to prove the previous authorization for contact or sending for up to three years after the end of the year of revocation or objection, based on our legitimate interests. The processing of this data is limited to the purpose of possible defense of claims. Based on the legitimate interest of permanently observing the revocation or objection of users, we also store the data necessary to prevent further contact (e.g., depending on the communication channel, the email address, telephone number, name).

• Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers).
• Affected Persons: Communication partners.
• Purposes of Processing: Direct marketing (e.g., by email or post).
• Legal Bases: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

We process personal data of participants in competitions and contests only in compliance with the relevant data protection regulations, to the extent that the processing is contractually necessary for the provision, execution, and handling of the competition, the participants have consented to the processing, or the processing serves our legitimate interests (e.g., in the security of the competition or the protection of our interests against abuse by possible capture of IP addresses when submitting competition entries).

If contributions of participants are published as part of the competitions (e.g., as part of a vote or presentation of competition entries or winners, or reporting on the competition), we would like to point out that the names of the participants may also be published in this context. Participants can object to this at any time.

If the competition takes place within an online platform or social network (e.g., Facebook or Instagram, hereinafter referred to as the "online platform"), the terms of use and data protection regulations of the respective platforms also apply. In these cases, we would like to point out that we are responsible for the information provided by the participants as part of the competition and inquiries regarding the competition should be directed to us.

The data of the participants will be deleted as soon as the competition or contest is ended and the data are no longer necessary to inform the winners or because no further inquiries about the competition are to be expected. In principle, the data of the participants will be deleted no later than 6 months after the end of the competition. Data of the winners may be retained longer, for example, to answer inquiries about the prizes or to fulfill the prize services; in this case, the retention period depends on the nature of the prize and may be, for example, up to three years for goods or services to be able to process warranty cases. Furthermore, the data of the participants may be stored longer, for example, in the form of reporting on the competition in online and offline media.

If data were also collected for other purposes as part of the competition, their processing and retention period are governed by the data protection notices for this use (e.g., in the case of newsletter registration as part of a competition).

• Processed data types: Master data (e.g., names, addresses); Content data (e.g., entries in online forms); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Persons concerned: Participants in competitions and contests.
• Purposes of processing: Conducting competitions and contests.
• Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).

We conduct surveys and questionnaires to collect information for the respective communicated survey or questionnaire purpose. The surveys and questionnaires (hereinafter "surveys") conducted by us are evaluated anonymously. Processing of personal data only takes place to the extent necessary for the provision and technical execution of the surveys (e.g., processing of the IP address to display the survey in the user's browser or enabling the resumption of the survey using a cookie).

• Processed data types: Contact details (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Persons concerned: Communication partners. Participants.
• Purposes of processing: Feedback (e.g., collecting feedback via online form).
• Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Web analysis (also referred to as "reach measurement") is used to evaluate the visitor flows of our online offering and can include behavior, interests, or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offering or its functions or content are most frequently used or invite reuse. Likewise, we can trace which areas need optimization.

In addition to web analysis, we may also use test procedures to, for example, test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles may be created for these purposes, i.e., data summarized for a usage process, and information may be stored in a browser or on an end device and read from it. The information collected includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the operating system used, and information about usage times. If users have consented to the collection of their location data to us or to the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect the users. In general, no clear data of the users (such as email addresses or names) are stored within the scope of web analysis, A/B testing, and optimization, but rather pseudonyms. That means, neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

• Processed data types: Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Persons concerned: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR). Consent (Art. 6 para. 1 p. 1 lit. a) GDPR).

Further notes on processing procedures, procedures, and services:

• Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It serves to assign analysis information to an end device in order to recognize which content users have accessed within one or more usage processes, which search terms they have used, accessed again, or interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users referring to our online offering and technical aspects of their end devices and browsers.
  Pseudonymous user profiles with information from the use of different devices are created, cookies may be used. Google Analytics does not log and store individual IP addresses for EU users. However, Analytics provides rough geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. They are not logged, not accessible, and not used for further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); Website:https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy Policy:https://policies.google.com/privacy; Data Processing Terms:https://business.safety.google/adsprocessorterms/; Basis for third country transfers: Data Privacy Framework (DPF); Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying ads: https://myadcenter.google.com/personalizationoff. Further information:https://business.safety.google/adsservices/ (Types of processing and processed data).
• Google Tag Manager: Google Tag Manager is a solution that allows us to manage so-called website tags via an interface and thus integrate other services into our online offering (for further information, please refer to additional information in this privacy policy). The Tag Manager itself (which implements the tags) does not create user profiles or store cookies. Google only knows the IP address of the user, which is necessary to execute the Google Tag Manager; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); Website:https://marketingplatform.google.com; Privacy Policy:https://policies.google.com/privacy; Data Processing Terms: 
  https://business.safety.google/adsprocessorterms. Basis for third country transfers: Data Privacy Framework (DPF).
• Matomo (without cookies): Matomo is a privacy-friendly web analysis software that is used without cookies, and the recognition of returning users is done using a so-called "digital fingerprint" that is stored anonymously and changed every 24 hours; With the "digital fingerprint," user movements within our online offering are recorded using pseudonymized IP addresses combined with user-side browser settings in such a way that conclusions about the identity of individual users are not possible. The data of users collected within the scope of the use of Matomo are processed only by us and not shared with third parties; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR). Website:https://matomo.org/.

We process personal data for the purposes of online marketing, including the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on potential user interests and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which information relevant to the user for the display of the aforementioned content is stored. This information may include, for example, viewed content, visited websites, online networks used, as well as communication partners and technical information such as the browser used, the operating system used, and information about usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect the users. In general, no clear data of the users (such as email addresses or names) are stored within the scope of online marketing procedures, but rather pseudonyms. That means, neither we nor the providers of the online marketing procedures know the actual identity of the users, only the information stored in their profiles.

The information in the profiles is typically stored in cookies or similar procedures. These cookies can later generally be read out on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, supplemented with additional data, and stored on the server of the online marketing procedure provider.

Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if users are members of a social network whose online marketing procedure we use and the network links the users' profiles with the aforementioned information. Please note that users may make additional agreements with the providers, for example by giving consent during registration.

In principle, we only have access to aggregated information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract conclusion with us. The conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

• Processed data types: Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Persons concerned: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Tracking (e.g., interest-/behavior-based profiling, use of cookies); Marketing. Profiles with user-related information (creation of user profiles).
• Security measures: IP masking (pseudonymization of the IP address).
• Opt-out option: Please refer to the data protection notices of the respective providers and the opt-out options provided for the providers (so-called "opt-out"). If no explicit opt-out option has been specified, there is the possibility, on the one hand, to disable cookies in your browser settings. However, this may restrict the functionality of our online offering. We therefore recommend the following opt-out options, which are offered in summary for the respective areas: 
  
  a) Europe: https://www.youronlinechoices.eu. 
  b) Canada: https://www.youradchoices.ca/choices. 
  c) USA: https://www.aboutads.info/choices. 
  d) Cross-region: https://optout.aboutads.info.

In our online offering, we include so-called affiliate links or other references (which may include, for example, search masks, widgets, or discount codes) to the offers and services of third-party providers (collectively referred to as "affiliate links"). If users follow the affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third-party providers (collectively referred to as "commission").

In order to track whether users have taken advantage of the offers of an affiliate link used within our online offering, it is necessary for the respective third-party providers to know that users have followed an affiliate link used within our online offering. The allocation of affiliate links to the respective business transactions or other actions (e.g., purchases) serves solely the purpose of commission settlement and will be revoked once it is no longer necessary for the purpose.

For the purposes of the aforementioned allocation of affiliate links, the affiliate links can be supplemented with certain values, which are part of the link or can be stored elsewhere, e.g., in a cookie. The values may include, in particular, the referring website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer, and an online identifier of the user.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, the data of users is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

• Processed data types: Contract data (e.g., contract object, term, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedure data (e.g., IP addresses, time information, identification numbers, consent status).
• Persons affected: Users (e.g., website visitors, users of online services).
• Purposes of processing: Affiliate tracking.
• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing procedures, procedures, and services:

• Awin partner program: Affiliate marketing partner program; Service provider: AWIN AG, Otto-Ostrowski-Straße 1A, 10249 Berlin, Germany; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:www.awin.com. Privacy Policy:https://privacy.awin.com/

We maintain online presences within social networks and process user data within this framework to communicate with active users there or to provide information about us.

We would like to point out that user data may be processed outside the European Union in this context. This may entail risks for users because, for example, the enforcement of user rights could be made more difficult.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user behavior and resulting interests of users can be used to create usage profiles. These usage profiles can in turn be used to, for example, display advertisements within and outside the networks that presumably correspond to the interests of users. For these purposes, cookies are usually stored on users' computers, in which user behavior and interests are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if users are members of the respective platforms and are logged in).

For a detailed description of the respective processing methods and options for objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

Also in the case of information requests and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need assistance, you can contact us.

• Processed data types: Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedure data (e.g., IP addresses, time information, identification numbers, consent status); Inventory data (e.g., names, addresses).
• Persons affected: Users (e.g., website visitors, users of online services).
• Purposes of processing: Contact inquiries and communication; Feedback (e.g., collecting feedback via online form); Marketing; Provision of our online offering and user-friendliness. Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)).
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, procedures, and services

• Instagram: Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:https://www.instagram.com; Privacy Policy:https://instagram.com/about/legal/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).
• Facebook Pages: Profiles within the social network Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:https://www.facebook.com; Privacy Policy:https://www.facebook.com/about/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further information: We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or actions they take (see "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytical services, so-called "Page Insights," to page operators so that they can understand how people interact with their pages and the associated content. We have entered into a special agreement with Facebook ("Page Insights Information," https://www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates the security measures Facebook must observe and in which Facebook has agreed to fulfill data subject rights (i.e., users can, for example, address requests for information or deletion directly to Facebook). The rights of users (especially to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Page Insights Information" (https://www.facebook.com/legal/terms/information_about_page_insights_data). The joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, especially with regard to the transmission of data to the parent company Meta Platforms, Inc. in the USA.
• Pinterest: Social network; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:https://www.pinterest.com. Privacy Policy:https://policy.pinterest.com/de/privacy-policy.
• Threads: Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:https://www.threads.net/. Privacy Policy:https://help.instagram.com/515230437301944.
• X: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Privacy Policy:https://twitter.com/privacy, (Settings: https://twitter.com/personalization).
• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy:https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Objection possibility (opt-out):https://myadcenter.google.com/personalizationoff.

We integrate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or maps (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content or functions. We endeavor to use only those contents whose respective providers use the IP address solely for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may contain technical information about the browser and operating system, referring websites, visit time, as well as other information about the use of our online offering, and may also be linked to such information from other sources.

• Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedure data (e.g., IP addresses, time information, identification numbers, consent status); Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms).
• Persons affected: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness.
• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, procedures, and services:

• OpenStreetMap: We integrate the maps of the "OpenStreetMap" service, which are offered on the basis of the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation (OSMF). OpenStreetMap uses user data exclusively for the purpose of displaying map functions and caching selected settings. This data may include, in particular, IP addresses and location data of users, which, however, are not collected without their consent (usually within the settings of their end devices or browsers); Service provider: OpenStreetMap Foundation (OSMF); Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:https://www.openstreetmap.de. Privacy Policy:https://osmfoundation.org/wiki/Privacy_Policy.
• YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website:https://www.youtube.com; Privacy Policy:https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Objection possibility (Opt-Out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertising: https://myadcenter.google.com/personalizationoff.

In this section, you will receive an overview of the terminology used in this privacy policy. Insofar as the terms are legally defined, their legal definitions apply. The following explanations are primarily intended to aid understanding.

• Affiliate Tracking: In the context of affiliate tracking, links that refer users to websites with product or other offers are logged. The operators of the linking websites may receive a commission if users follow these so-called affiliate links and subsequently avail themselves of the offers (e.g., purchase goods or use services). For this purpose, it is necessary for the providers to track whether users who are interested in certain offers subsequently avail themselves of them on the initiative of the affiliate links. Therefore, for the functionality of affiliate links, it is necessary to supplement them with certain values that become part of the link or are otherwise stored, e.g., in a cookie. These values include, in particular, the referring website (referrer), the timestamp, an online identifier of the operators of the website where the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as, for example, advertising material ID, partner ID, and categorizations.
• Personal Data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• User Profile Information: The processing of "user profile information" or simply "profiles" includes any kind of automated processing of personal data that involves using this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information regarding demographics, behavior, and interests, such as interaction with websites and their content, etc.). For profiling purposes, cookies and web beacons are frequently used.
• Reach Measurement: Reach measurement (also referred to as web analytics) serves to evaluate the visitor flows of an online offering and can include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, operators of online offerings, for example, can recognize when users visit their websites and what content they are interested in. This allows them, for example, to better adapt the content of the websites to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis purposes to recognize recurring visitors and obtain more precise analyses of the usage of an online offering.
• Tracking: "Tracking" refers to the tracking of user behavior across multiple online offerings. Typically, behavioral and interest information is stored in cookies or on servers of the providers of the tracking technologies (so-called profiling) with regard to the online offerings used. This information can then, for example, be used to display users advertisements that are likely to correspond to their interests.
• Controller: The "controller" is the natural or legal person, authority, institution, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.
• Processing: "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.