Privacy Policy

With this privacy policy, we aim to inform you about the nature, scope, and purpose of the processing of personal data (referred to as “data” below) by us. Personal data refers to all data that has a personal reference to you, such as your name, address, email address, or your user behavior. This privacy policy applies to all data processing activities carried out by us, both in the context of our core activities and for the online media we maintain.

Who is responsible for data processing with us

Responsible for data processing is:

TerraTale Owner: Jonathan Witt
Jonathan Witt
Schloßstr. 11
16356 Ahrensfelde
Germany
[email protected]
https://waldquest.com/en/imprint/

Contact details of our data protection officer

You can reach our data protection officer by email at [email protected] or at our postal address with the additional note “to the data protection officer.”

Processing of your data in the context of our company’s core activities

If you are our customer or business partner or have an interest in our services, the nature, scope, and purpose of processing your data are determined by the contractual or pre-contractual relationships between us. In this context, the data processed by us includes all data that you provide or have provided for the purpose of using contractual or pre-contractual services and that are required for processing your request or the contract between us. Unless otherwise stated in the further information in this privacy policy, the processing of your data and its disclosure to third parties are limited to data that is necessary and appropriate for answering your inquiries and/or fulfilling the contract concluded between you and us, safeguarding our rights, and fulfilling legal obligations. We will inform you which data is required for this purpose before or as part of the data collection. If we use third-party providers to provide our services, the data protection notices of the respective third-party providers apply.

Affected data:

Inventory data (e.g., names, addresses) Payment data (e.g., bank account information, invoices) Contact data (e.g., email address, phone number, postal address) Contract data (e.g., contract subject, contract duration)

Data subjects: Interested parties, business and contract partners

Purpose of processing: Execution of contractual services, communication and response to contact inquiries, office and organizational procedures

Legal basis: Contract fulfillment and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Your rights under the GDPR

Under the GDPR, you have the following rights, which you can exercise at any time with the controller mentioned in Section 1 of this privacy policy:

Right to information: You have the right to request information from us about whether and which data we process about you. Right to rectification: You have the right to request the correction of inaccurate or completion of incomplete data. Right to erasure: You have the right to request the erasure of your data. Right to restriction: In certain cases, you have the right to request that we only process your data to a limited extent. Right to data portability: You have the right to request that we provide you or another controller with your data in a structured, commonly used, and machine-readable format. Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible is the supervisory authority of your usual place of residence, your place of work, or our company headquarters.

Right to withdraw consent

You have the right to withdraw your consent to data processing at any time.

Right to object

You have the right to object at any time to the processing of your data, which we base on our legitimate interests according to Art. 6 para. 1 lit. f GDPR. If you exercise your right to object, we ask you to provide reasons. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests and rights.

Regardless of the above, you have the right to object at any time to the processing of your personal data for advertising and data analysis purposes.

Please direct your objection to the contact address of the controller mentioned above.

When do we delete your data?

We delete your data when we no longer need it or when you instruct us to do so. This means that, unless otherwise specified in the individual data protection notices in this privacy policy, we will delete your data:

when the purpose of data processing no longer applies, and thus, the respective legal basis mentioned in the individual data protection notices no longer exists, e.g., after termination of the contractual or membership relationship between us (Art. 6 para. 1 lit. a GDPR) or after our legitimate interest in further processing or storage of your data has ceased (Art. 6 para. 1 lit. f GDPR), when you exercise your right of withdrawal and no other legal basis for processing within the meaning of Art. 6 para. 1 lit. b-f GDPR applies, when you exercise your right of objection, and there are no compelling legitimate reasons for processing that outweigh your interests.

However, if we (certain parts of) your data still need to be retained for other purposes, such as tax retention periods (usually 6 years for business correspondence or 10 years for accounting records), or the assertion, exercise, or defense of legal claims arising from contractual relationships (up to four years), or the data is needed to protect the rights of another natural or legal person, we will only delete (the part of) your data after these deadlines have expired. Until these deadlines expire, we will limit the processing of this data to these purposes (fulfillment of retention obligations).

Cloud services

We use cloud services, in particular, for:

storing and processing documents, sending documents by email or exchanging files of any kind, our calendar management, preparation and execution of presentations and spreadsheets, publishing files of any kind, internal and external communication via chats, audio, and video conferences.

The software applications we use for these purposes are provided to us by the providers listed below on their servers. We access these servers via the internet. If you transmit your data to us in the course of communication with us or in other processes explained by us in this privacy policy, we process this data in the cloud service we use. This means that your data is stored on the servers of the third-party cloud service provider. The third-party providers process usage and metadata to secure their servers and optimize their services. In particular, we process and store your contact, customer, and contract data.

If we publicly provide files of any kind via our internet presence using the cloud service we use, the respective third-party cloud service provider may store cookies on your computer system when you access these files. The service provider may process the data collected in this way to analyze your usage behavior or browser settings.

We would like to point out that depending on the country of residence of the service provider mentioned below, the data mentioned in more detail below may be transferred and processed on servers outside the European Union. In this case, there is a risk that the level of data protection required by the GDPR will not be met, and the enforcement of your rights may be hindered or only possible with difficulty. If the service provider we use only offers data processing within the EU, we intend to process your data exclusively there, if not already implemented.

Affected data:

Inventory data (e.g., names, addresses) Contact data (e.g., email addresses, phone numbers) Content data (e.g., photos, videos, texts) Usage data (e.g., access times, visited websites, interest in content) Metadata (e.g., IP addresses, computer system information)

Data subjects: Interested parties, communication partners, customers, employees (e.g., applicants, current and former employees)

Purpose of processing: Organization of office and administrative tasks

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, contract fulfillment and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Cloud service providers:

Google Cloud Services

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Website: https://cloud.google.com/ Privacy policy: https://www.google.com/policies/privacy

Cookies

Our website uses cookies. Cookies are small text files consisting of a series of numbers and letters that are placed and stored on the device you use. Cookies primarily serve to exchange information between the device you use and our website. This includes, among other things, language settings on a website, login status, or the point at which a video was watched.

When you visit our websites, two types of cookies are used:

Temporary cookies (session cookies): These store a so-called session ID, which allows various requests from your browser to be assigned to the same session. Session cookies are deleted when you log out or close your browser. Persistent cookies: Persistent cookies remain stored even after closing your browser. This allows our website to recognize your computer when you return to our website. These cookies can store information such as language settings or login information. Additionally, your browsing behavior can be documented and stored with these cookies. This data can be used for statistical, marketing, and personalization purposes. In addition to the above classification, cookies can also be differentiated based on their purpose:

Necessary cookies: These are cookies that are absolutely necessary for the operation of our website, for example, to store logins or shopping carts for the duration of your session, or cookies that are set for security reasons. Statistics, marketing, and personalization cookies: These are cookies used for analysis purposes or to measure reach. “Tracking” cookies, in particular, can store information about entered search terms or the frequency of page views. Furthermore, the browsing behavior of an individual user (e.g., viewing specific content, using functions, etc.) can be stored in a user profile. Such profiles are used to display content to users that corresponds to their potential interests. If we use services that store cookies on your device for statistical, marketing, and personalization purposes, we will inform you separately in the following sections of our privacy policy or as part of obtaining your consent.

Affected data:

Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address).

Data subjects: Users of our online services

Purpose of processing: Displaying our web pages, ensuring the operation of our web pages, improving our online offering, communication, and marketing

Legal basis:

Legitimate interest, Art. 6 para. 1 lit. f GDPR If we do not obtain your consent to set cookies, we base the processing of your data on our legitimate interest in improving the quality and user-friendliness of our website, especially its content and features. You have the option to object to the use of cookies set by us within the security settings of your browser. There, you can specify whether you do not accept cookies at all or only on request, or whether cookies are deleted after closing your browser. If cookies are disabled for our website, some functions of the website may not be fully available.

Consent, Art. 6 para. 1 lit. a GDPR If we ask you for your consent to set certain cookies on your device before your visit to our website and you give your consent, the legal basis is the consent you have granted. We will inform you about the specific cookies we set as part of your consent. If you do not grant this consent, only technically necessary cookies, which are required for the proper operation of our websites and their display in your browser, will be set. If you have given your consent to the setting of cookies, you can revoke this consent at any time.

Web hosting

To provide our website, we use a hosting provider whose servers store our website and make it available for retrieval on the internet (hosting). In this process, the provider can process all the data transferred via your browser when using our website. This includes, in particular, your IP address, which the provider needs to deliver our online offering to the browser you are using, as well as all inputs you make through our website. In addition, the provider we use may collect the following data:

Date and time of access to our website Time zone difference to Greenwich Mean Time (GMT) Access status (HTTP status) Amount of data transmitted Internet service provider of the accessing system Type and version of the browser used by you Operating system used by you The website from which you may have come to our website The pages or subpages you visit on our website. The data mentioned above is stored as log files on the servers of our provider. This is necessary to ensure the stability and security of the operation of our website.

Affected data:

Content data (e.g., posts, photos, videos) Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Data subjects: Users of our website

Purpose of processing: Displaying our web pages, ensuring the operation of our web pages

Legal basis: Legitimate interest, Art. 6 para. 1 lit. f GDPR

Web hosting provider:

Cloudways by Digital Ocean

Service provider: Cloudways by Digital Ocean Website: Junction Business Centre, 1st Floor Sqaq Lourdes, St Julians STJ3334, Malta Privacy policy: https://www.cloudways.com/

Content Delivery Network (CDN)

We use a Content Delivery Network (CDN) to deliver our web pages. A CDN is a network of regionally distributed servers connected over the internet. The CDN provides scalable storage and delivery capacity, optimizing loading times for our web pages and ensuring optimal data throughput even during high traffic periods. User requests on our web pages are routed through CDN servers. Statistics are generated from this data flow. This serves two purposes: detecting potential threats to our websites from malware early and continuously improving our offerings, making our websites more user-friendly for you.

Please note that depending on the location of the service provider mentioned below, the data collected through the service may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be met, and the enforcement of your rights may be difficult or impossible.

Affected data:

Content data (e.g., posts, photos, videos) Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Purpose of processing: Technical optimization of the website, analysis of errors and user behavior

Legal basis: Legitimate interest, Art. 6 para. 1 lit. f GDPR

CDN service provider:

Cloudflare

Service provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA Website: https://www.cloudflare.com/ Privacy policy: https://www.cloudflare.com/privacypolicy/ Scope of data collection: https://blog.cloudflare.com/what-cloudflare-logs/

Contact

If you contact us via email, social media, telephone, fax, post, our contact form, or any other means, and provide us with personal data such as your name, telephone number, or email address, or provide additional information about yourself or your concern, we process this data to respond to your request within the framework of our existing pre-contractual or contractual relationships.

Affected data:

Inventory data (e.g., names, addresses) Contact data (e.g., email address, telephone number, postal address) Content data (text, photos, videos) Contract data (e.g., contract subject, contract duration)

Data subjects: Interested parties, customers, business and contract partners

Purpose of processing: Communication and response to contact inquiries, office and organizational procedures

Legal basis: Contract performance and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Registration, Login, and User Account

You have the option to register on our online platform to create a user account. To do this, it is necessary to provide personal data as requested in the input form. This data typically includes your name, email address, a username, and a password. We store and process this data to set up a user account for you and to enable (repeated) login. The data can be changed or deleted by you at any time. The data is not shared with third parties unless it is necessary for the technical and organizational execution of the user agreement between us. To protect you and us against abusive registrations, we store the IP address assigned to you at the time of registration, as well as the date and time of registration.

Affected data:

Inventory data (e.g., names, addresses) Contact data (e.g., email address, telephone number, postal address) Contract data (e.g., contract subject, contract duration) Payment data (e.g., bank account information, invoices) Content data (e.g., posts, photos, videos) Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Purpose of processing: Execution of contractual services, communication, and response to contact inquiries, security measures

Legal basis: Contract performance and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Deletion: Please refer to the section “When do we delete your data?” for more information. Additionally, please note that we will delete the data collected during registration, as well as the content data stored in the account, once you delete your account, subject to any conflicting legal retention obligations. Therefore, if you wish to access or preserve the content data in your account after deleting your account, please secure it elsewhere before deleting your account.

Your Comments or Reviews

You have the option to comment on our posts, express your opinion, or contribute content in the designated areas of our website. Since we may be held liable for illegal content in your comments (such as insults, defamation, incitement to hatred, or prohibited depictions of violence), we store your IP address for a period of 7 days to potentially identify your identity.

Legal basis: Art. 6 para. 1 lit. f GDPR

Affected data:

Inventory data (e.g., names, addresses) Content data (e.g., posts, photos, videos) Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Purpose of processing: Fulfillment of contractual obligations, communication, processing of inquiries, obtaining feedback, security measures.

Processing of Your Data when Ordering in Our Online Shop

If you place orders through our online shop, we process the information you provide during the ordering process to fulfill your order. This includes your name, address, electronic contact information, information for processing the payment, and details of your specific order. We will inform you about the data we require in detail during the ordering process.

If it is necessary to fulfill the contract between us, protect your vital interests, or comply with legal requirements, we may transfer your data to third parties, such as the logistics company responsible for delivery, payment service providers for payment processing, and our tax advisor. If we use third-party providers to provide our services, the data protection notices of the respective third-party providers apply.

User Accounts: You can voluntarily create a user account where you can view and manage your orders. If you delete your account, your data will be deleted. It is your responsibility to secure your data before deleting your account. We use transient cookies (see the Cookies section above) to store the contents of your shopping cart and persistent cookies (see the Cookies section above) to store your login status. When you place an order, register for a user account, or log in again, we store your IP address and the time of the respective user action. The purpose of this storage is our legitimate interests as well as your legitimate interests in protecting against misuse and unauthorized use.

Advertising Measures: We may also use the data you provide to inform you about similar, interesting products, and/or services by mail or email after you have placed an order.

Information About the Shop System We Use

We use the shop system of a third-party provider to process orders and payments, as well as to manage our inventory. If you place an order in our online shop, we will provide the name, address, electronic contact information, payment processing information, and specific order details to the provider of the shop system to process the order and payment transactions.

Affected data:

Inventory data (e.g., names, addresses) Payment data (e.g., bank account information, invoices) Contact data (e.g., email address, telephone number, postal address) Contract data (e.g., contract subject, contract duration) Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Data subjects: Customers, interested parties, business, and contract partners

Purpose of processing: Processing of orders, communication, and potentially marketing, responding to inquiries, data security, office and organizational procedures

Legal basis: Contract performance and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Shopify

Service provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland Parent company: Shopify Inc., 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada Website: https://www.shopify.de/ Privacy policy: https://www.shopify.de/legal/datenschutz

Payment Service Providers

In accordance with our legal obligations and our legitimate interests in efficient, secure, and customer-oriented payment processing, individuals who have entered into a contract or other legal relationship with us may use both banks and credit institutions, as well as other payment service providers, for payments. The payment service providers we offer process inventory data in this context, including name, address, and bank data such as account/credit card numbers, passwords, TANs (Transaction Authentication Numbers), verification numbers, as well as information about the concluded contract and information about the payment recipient.

The data collected in this context is necessary for the payment processing by the payment service provider. Only the payment service provider commissioned by us collects and processes this personal information. We do not receive any information about your account or credit card connection at any time. We are informed by our payment service provider whether payment from our customers has been received or not. Our payment service providers may transmit customer data to credit reporting agencies to check the identity and creditworthiness of the payer. In this regard, we refer to the data protection declaration and terms and conditions of our payment service providers.

The terms and conditions and data protection provisions of the respective payment service provider apply. You can find these notices on the website of the respective service provider or in the transaction application. For further information and to exercise your rights regarding revocation and information, we refer to the provisions of the respective service provider.

Affected data:

Inventory data (e.g., name, address) Usage data (e.g., visited websites, interest in certain topics, access times) Payment data (e.g., bank details, invoices, payment history) Business transaction data (e.g., term, customer category, contract object) Communication and metadata (e.g., IP address, device information)

Purpose of processing: Efficient, secure, and customer-oriented payment services and payment processing in accordance with contractual agreements

Legal basis: Contract performance and fulfillment of pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR

Revocation options: You can revoke your consent to the use of personal data at any time with the respective payment service provider. Despite revocation, the payment service provider may still be entitled to process, use, and transmit the personal data that is absolutely necessary for contractual payment processing. Regarding the storage and timely deletion of personal data, we refer to the respective data protection regulations of the payment service provider.

We use the following payment service providers:

Mastercard

Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium Website: https://www.mastercard.de/de-de.html Privacy policy: https://www.mastercard.de/de-de/datenschutz.html

PayPal

Service provider: PayPal (Europe) S.à.r.l. et Cie., S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg Website: https://www.paypal.com/de/webapps/mpp/home Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full#

Visa

Service provider: Visa Europe Management Services Ltd., German Branch, Neue Mainzer Strasse 66-68, 60311 Frankfurt am Main Website: https://www.visa.de/ Privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

Review Seals

To give you an initial impression of the quality of our products and services, we display a selection of customer reviews and the overall rating formed from all reviews using a review seal (also known as a review widget) integrated on our website. When you click on the widget, you will be redirected to the website of the respective provider. There, you can access all reviews of our products and services. You also have the opportunity to leave a review.

The seal of the provider integrated on our website is played from the server of the respective provider via an interface. To do this, when you visit our website, a data connection is established to the server of the provider. The provider receives certain data necessary to display the contents of the widget in your browser. This includes your IP address and other access data.

Affected data:

Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Data subjects: Customers, users of our website

Purpose of processing: Obtaining customer feedback, as well as interest and behavior-based marketing

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR

We use the following review seals:

ProvenExpert

Service provider: Expert Systems AG, Quedlinburger Strasse 1, 10589 Berlin Website: https://www.provenexpert.com/de-de/ Privacy policy: https://www.provenexpert.com/de-de/datenschutzbestimmungen/

Newsletter

We regularly send a newsletter to inform our customers, business partners, and interested parties about our offers and related news. You have the option to subscribe to our newsletter on our website and to consent to receiving the newsletter during registration. When you subscribe to our newsletter, providing your email address is mandatory. We store the email address to send you the newsletter. Providing additional information such as salutation or name is voluntary and is used to address you personally. Once you have subscribed to our newsletter, you will receive a confirmation email to the email address provided during registration in the double-opt-in process. This email contains a link. By clicking on this link, you confirm that you want to receive the newsletter. This ensures that your email address has not been abused by a third party during registration. For the same reason, we also store the date and time of registration and the IP address assigned to you at the time of registration. We do not share the above-mentioned data with third parties.

Evaluation of User Behavior

If you have consented to this, we evaluate your user behavior when sending the newsletter. For this purpose, our newsletter contains tracking pixels and tracking links. This allows us to see whether and when you opened the newsletter and which links you clicked on in the newsletter.

Purpose: We evaluate the newsletter as described above in order to measure a statistical evaluation of the success or failure of our newsletter.

Legal basis: The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR.

Prevention: You can revoke your consent to receive the newsletter at any time using the options provided above.

Deletion: We delete your data after revocation.

Affected data:

Content data (e.g., posts, photos, videos) Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Data subjects: Users of our website

Purpose of processing: Playing our website, ensuring the operation of our website

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Deletion: The email address is deleted either if you have not clicked on the confirmation link in the double-opt-in process one month after sending the confirmation email or immediately after you have unsubscribed from our newsletter.

Revocation: You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter subscription. We offer the following options for declaring your revocation:

Click on the link provided in the newsletter for this purpose.

SendinBlue

Service provider: SendinBlue SAS, 55, rue d’Amsterdam, 75008 Paris, France Website: https://de.sendinblue.com/ Privacy policy: https://www.sendinblue.com/legal/privacypolicy/

Funnelcockpit – Denis Hoeger Caballero

Service provider: Nobelstr- 3-5, 41189 Mönchengladbach Website: https://funnelcockpit.com/ Privacy policy: https://funnelcockpit.com/datenschutz/

Email, Mail, and Telephone Marketing

For our promotional communication via email, mail, or telephone, we process personal data. You can object to receiving our marketing communications at any time or revoke your prior consent to receive our promotional communication at any time. To be able to prove that your consent was given even after your objection or revocation, we may store your data for up to 4 years after your objection/revocation. We will not use your data for other purposes after your objection/revocation. If you want us to delete your data earlier, we will do so after you confirm that you originally gave us consent.

Affected data:

Contact details (e.g., email, phone number, postal address) Inventory data (e.g., names, addresses)

Data subjects: Communication partners

Purpose of processing: Direct marketing measures (marketing) via email, mail, or telephone

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR

Affiliate Programs and Affiliate Links

We use affiliate links and/or other types of affiliate references on our website, such as search masks, widgets, or discount codes. These links and references lead you to offers and services from third-party providers. If you click on one of these links or take advantage of one of these offers, we receive a commission or other benefit from the respective third-party provider.

To receive our commission, the relevant third-party providers must be informed that you have used an affiliate link on our website. To do this, the affiliate links used must be tracked back and assigned to the respective transactions or other actions, such as purchases. This process is necessary to settle our commission with the third-party provider. The data collected by us in the course of this process is stored until the final settlement.

To ensure an association between the affiliate link, transaction, and you as a user, the affiliate links we use may be supplemented with certain information. This information can be stored in the link itself or in a cookie. This information may include the referring website (referrer), the online identification code of our website, an online identification code of the respective offer, the type of affiliate link used, the type of offer, an online identification code of the respective user, and the time of using the link.

Affected data:

Usage data (e.g., previously visited websites, usage times, interest in content) Business transaction data (e.g., term, customer category, contract object) Communication and metadata (e.g., IP address, device information)

Purpose of processing: Capturing which affiliate links embedded on our website were used by our visitors

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, contract performance, and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR

Revocation options: You have the option to disable interest-based advertising by adjusting your settings at http://www.aboutads.info/choices. Furthermore, you can prevent the storage of cookies by adjusting your browser settings. Already set cookies can be deleted by you at any time.

We use the following affiliate service providers:

AWIN Partner Program (formerly Zanox and Affilinet)

Service provider: AWIN AG, Eichhornstraße 3, 10785 Berlin Website: https://www.awin.com/de Privacy policy: https://www.awin.com/de/datenschutzerklarung

Amazon Partner Program

Service provider: Amazon Europe Core S.à.r.l., Amazon EU S.á.r.l., and Amazon Media EU S.á.r.l., 38, avenue John. F. Kennedy, L-1855, Luxembourg, and Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich Website: https://partnernet.amazon.de/ Privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010

Digistore24 Partner Program

Service provider: Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim Website: https://www.digistore24.com/de/home/ Privacy policy: https://www.digistore24.com/page/privacy

Web Analysis and Statistics

To capture visitor flows on our website and statistically evaluate them, we use web analytics services. Such services capture data about how you reached our website (referrer), which pages of our website you accessed, how long you visited our pages, and what interactions you made there. In addition, data about the browser, computer system, and type of device you used is collected. Furthermore, depending on the provider, demographic information such as age or gender can be collected as pseudonymous values if you have consented to the collection of your location data, they can also be processed.

To capture and store this data, the web analytics service we use typically places a cookie on the end device you are using, which also collects your associated IP address. However, this IP address is shortened using an IP masking procedure so that it can no longer be associated with your visit to our website. Furthermore, no clear data such as names or email addresses are stored. Neither we nor the service we use knows the identity of the visitors to our website.

We would like to point out that depending on the location of the service provider mentioned below, the data collected by the service may be transmitted and processed outside the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be met, and the enforcement of your rights may not or only be difficult to achieve.

Affected data:

Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Data subjects: Users of our online offerings

Purpose of processing: Measuring reach, campaign success monitoring, remarketing, and interest- and behavior-based marketing

Legal basis: If we have asked for your consent before using the respective service, this is the legal basis, Art. 6 para. 1 lit. a GDPR. Otherwise, we use the respective service based on our legitimate interest in analyzing visitor flows to our websites to continuously improve the functions, offers, and user experience, Art. 6 para. 1 lit. f GDPR.

We use the following web analytics services:

Google Analytics

Service provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA EU-based entity: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland Website: https://marketingplatform.google.com/intl/de/about/analytics/ Privacy policy: https://policies.google.com/privacy?hl=de Opt-out option: If you do not want your data to be used by Google Analytics, you can set an opt-out plugin that prevents data from being collected from you on our website in the future. You can get this plugin here: https://tools.google.com/dlpage/gaoptout?hl=de

VG Wort

Service provider: VG Wort (Verein kraft Verleihung), Untere Weidenstraße 5, 81543 Munich Website: https://www.vgwort.de/startseite Privacy policy: https://www.vgwort.de/hilfsseiten/datenschutz.html Additional information about functionality and data collected: To capture the likelihood of texts being copied on our websites, we use “session cookies” from VG Wort. The session cookie (see above for the term) stores your activities on our website in the memory of the device you are using. The information obtained in this way is evaluated as part of the Scalable Central Measurement Method (SZM) by Katar Germany GmbH to remunerate the copyright claims of authors and publishers with rights to these texts according to their legal claims. We do not collect any personal data using the session cookie. Your identity remains protected at all times.

Third-Party Plugins We Use

We have embedded plugins in the form of “Social Media Buttons” from the providers we use on our website. You can identify which plugin belongs to which provider by the respective logo with which the plugin is marked. We have deactivated the social media plugins on our website by default, so data is not automatically transferred to the provider of the plugin when you visit our pages. To achieve this, we use the so-called Shariff solution. Only when you click on the “Social Media Button” of the respective provider is the collection of information and its transfer to the provider triggered. If you click on one of these buttons, data can still be sent to the operator of the social network even if you do not have an account there or if you have an account but are not logged in at the time of visiting our website.

We would like to point out that depending on the location of the service provider mentioned below, the data mentioned in more detail below may be transmitted and processed on servers outside the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be met, and the enforcement of your rights may not or only be difficult to achieve.

Affected data:

Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Data subjects: Users of our website

Purpose of processing: Presentation of our website, provision of content, ensuring the operation of our website

Legal basis: Consent via cookie consent banner, Art. 6 para. 1 lit. a GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR

We use the following plugins:

Our Online Presence on Social Networks

We maintain online presences within the social networks listed below. When you visit one of these presences, the data specified below is collected and processed by the respective provider. These data are usually collected for advertising and market research purposes and used to create usage profiles. Usage profiles can store data independently of the device you use, especially if you are a member of the respective platform and are logged in there. The usage profiles can be used by the providers to display interest-based advertising to you. You have the right to object to the creation of user profiles. To exercise this right, you must contact the respective provider.

If you have an account with one of the providers listed below and are logged in when you visit our website, the respective provider may collect data about your usage behavior on our website. To prevent such a link between your data and the provider, you can log out of the provider’s service before visiting our site.

You can find information about the purpose and scope of data collection by the provider in the privacy policies provided by the respective providers as linked below.

We would like to point out that depending on the location of the provider mentioned below, the data collected via their platform may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be met, and the enforcement of your rights may not or only be difficult to achieve.

Affected data:

Master and contact data (e.g., name, address, phone number, email address) Content data (e.g., posts, photos, videos) Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Purpose of processing: Communication and marketing, tracking and analysis of user behavior

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR

Options for objection: For information on the respective options for objection (opt-out), please refer to the linked information provided by the providers.

We maintain online presences on the following social networks:

Facebook

Service provider: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA EU-based entity: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Website: https://www.facebook.com/ Privacy policy: https://www.facebook.com/about/privacy/ Privacy policy for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data

Instagram

Service provider: Instagram Inc., 1601 Willow Road, Menlo Park CA 94025, USA Parent company: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA EU-based entity: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland Website: https://www.instagram.com/ Privacy policy: http://instagram.com/about/legal/privacy

Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA EU-based entity: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland Website: https://www.pinterest.de/ Privacy policy: https://about.pinterest.com/de/privacy-policy

TikTok

Service provider: musical.ly Inc., 10351 Santa Monica Boulevard #310, Los Angeles, 90025 California, USA EU-based entity: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland Website: https://www.tiktok.com/de/ Privacy policy: https://www.tiktok.com/de/privacy-policy

Twitter

Service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA Website: https://twitter.com/?lang=de Privacy policy: https://twitter.com/de/privacy

Messenger Services

We communicate via messenger services. Messenger services are chat programs that allow text messages to be sent over the Internet in real-time between users, as well as image or video files. In addition, messenger services can also be used to send emoticons, electronic greeting cards, and contacts. To transmit messages, participants must be connected to each other with a computer program (called a client) via a network like the Internet, either directly or through a server. Messages can usually be sent even if the conversation partner is not online – the message is then cached by the service’s server and delivered to the recipient later when they are reachable again. Finally, these services can also be used for screen sharing and online games.

If the service uses end-to-end encryption for the content sent (texts, attachments), only the selected communication partners, but not third parties or the service provider itself, can view the message. Therefore, we recommend regularly updating the service to ensure the encryption of the contents. However, the service provider has the ability to access the metadata of the communication. This includes the time and (depending on settings) location of the communication, as well as the device you used.

We would like to point out that depending on the location of the provider mentioned below, the data collected through their platform may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be met, and the enforcement of your rights may not or only be difficult to achieve.

Affected data:

Master and contact data (e.g., name, phone number, email address) Content data (e.g., posts, photos, videos) Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Purpose of processing: Communication and marketing

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR

Options for objection: You can revoke your consent to use the messenger service mentioned below at any time. You can also object to communication via the messenger service at any time.

We use the following messenger services:

Facebook Messenger

Service provider: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA EU-based entity: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Website: https://www.facebook.com Privacy policy: https://www.facebook.com/about/privacy

Online Meetings, Video Conferences, and Screen Sharing

We use third-party services to facilitate online meetings, video and/or audio conferences, and online seminars among employees as well as with interested parties or customers. When you communicate with us through such a service, the data collected during this communication process is processed both by us and by the third-party provider. The data that can arise in such a communication process includes your registration and contact information, chat messages, your video and audio contributions, as well as shared screen content. The data processed by the third-party provider we use primarily includes user data and metadata (e.g., IP address, computer system information). Typically, these third-party providers process this data to verify and ensure the security of their service. Additionally, insights from data processing may be used to optimize the third-party provider’s offerings and conduct corresponding marketing activities. Please refer to the privacy policies of the third-party provider for more information in this regard.

We would like to inform you that depending on the location of the service provider mentioned below, the data collected through the service may be transferred and processed outside the European Union. In such cases, there is a risk that the level of data protection required by the GDPR may not be met, and the enforcement of your rights may be difficult or limited.

Affected data:

Master data (e.g., names, addresses) Contact information (e.g., email address, phone number) Shared content (e.g., photos, videos, texts, audio recordings) User data (e.g., access times, visited websites, interest in content) Meta and communication data (e.g., IP address, computer system information)

Data subjects: Interested parties, customers, communication partners

Purpose of processing: Processing contact requests, internal and external communication with employees, interested parties, and customers, fulfillment of our contractual services, service offering

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, contract fulfillment and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR

Services We Use:

Discord

Services offered: Video conferences, instant messaging, chat, voice conferences Service provider: Discord Inc., 444 De Haro St, Suite 200, San Francisco, California 94107, USA Website: https://discord.com/new Privacy policy: https://discord.com/new/privacy

Google Meet (formerly Google Hangouts)

Services offered: Video conferences, chats, instant messaging Service provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland Parent company: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Website: https://gsuite.google.com/intl/de/ Privacy policy: https://policies.google.com/privacy?hl=de

Content Services

We use certain services to deliver specific content or graphics (videos, images, music, fonts, maps) through our website. The services we use process your IP address associated with your visit to our website so that the respective content can be displayed in your browser. Additionally, the providers of these services may set additional cookies on your device to collect information about your usage behavior, interests, the device you use, the browser you use, as well as the timing and duration of your session. Providers regularly use this data for analysis, statistics, and marketing purposes. Furthermore, this information may also be combined with information from other sources, particularly if you have an account with the service provider and are logged in during your session on our website.

Affected data:

Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address)

Data subjects: Users of our website

Purpose of processing: Displaying our website, providing content, ensuring the operation of our website

Legal basis: Consent via cookie consent banner, Art. 6 para. 1 lit. a GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR

Content Services We Use:

YouTube

We use components of YouTube on this website to embed videos that can be played through your web browser when you visit our website. During your visit to our website, both YouTube and Google are informed about which page or subpage you accessed by transmitting your IP address to Google’s external servers in the United States. This information is transmitted regardless of whether the displayed videos are actually viewed or clicked, or whether you are logged into your YouTube or Google account. If you are logged into your account when you visit our website, this information is collected and associated with your Google account.

Service provider: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA Website: https://www.youtube.com/ Privacy policy: https://policies.google.com/privacy Opt-out option: https://tools.google.com/dlpage/gaoptout?hl=de

Security Measures

Furthermore, we implement technical and organizational security measures according to the state of the art to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties.