Imprint/Privacy policy

Imprint/
Privacy policy

Imprint

Privacy policy

Table of contents

Introduction and overview

We have drawn up this privacy policy in order to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller – and the processors (e.g., providers) commissioned by us – process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral. In short, we provide you with comprehensive information about the data we process about you. If you still have any questions, please contact the controller named below or in the legal notice, follow the links provided and view further information on third-party websites.
To the table of contents

Contact details of the person responsible

If you have any questions about data protection or the processing of personal data, you will find the contact details of the person or body responsible below:

TWINS
c/o Postflex #3130
Emsdettener Str. 10
48268 Greven
Germany

Imprint: https://www.schwarzertiger.com/imprint-privacy-policy/

Area of application

This privacy policy applies to all personal data processed by us and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person’s name, email address and postal address. The scope of this privacy policy includes the website as well as all social media presences and email communication.
To the table of contents

In the following data protection declaration, we provide you with transparent information on the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation, which enable us to process personal data. With regard to EU law, we refer to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). We only process your data if at least one of the following conditions applies:

  • Consent (Art. 6 para. 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
  • Contract (Art. 6 para. 1 lit. b GDPR): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
  • Legal obligation (Art. 6 para. 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
  • Legitimate interests (Art. 6 para. 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and efficiently. This processing is therefore a legitimate interest.

In addition to the EU regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
  • In Germany, the Federal Data Protection Act (BDSG) applies.

If other regional or national laws apply, we will inform you of this in the following sections.
To the table of contents

Storage duration

It is a general criterion for us that we only store personal data for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for the data processing no longer exists. If you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to store it. We will inform you below about the specific duration of the respective data processing if we have further information on this.
To the table of contents

Rights under the General Data Protection Regulation

In accordance with Articles 13, 14 GDPR, we inform you of the following rights to which you are entitled in order to ensure fair and transparent processing of data:

  • According to Article 15 GDPR, you have a right to information as to whether we process your data. If this is the case, you have the right to receive a copy of the data and the following information:
    • the purpose for which we carry out the processing;
    • the categories, i.e., the types of data that are processed;
    • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
    • how long the data will be stored;
    • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
    • that you can lodge a complaint with a supervisory authority;
    • the origin of the data if we have not collected it from you;
    • whether profiling is carried out, i.e., whether data is automatically analyzed in order to create a personal profile of you.
  • According to Article 16 GDPR, you have a right to rectification of data, which means that we must correct data if you find errors.
  • According to Article 17 GDPR, you have the right to erasure („right to be forgotten“), which specifically means that you may request the erasure of your data.
  • According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data, but not use it any further.
  • According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
  • According to Article 21 GDPR, you have the right to object, which will result in a change in the processing after enforcement.
    • If the processing of your data is based on Art. 6 para. 1 lit. e (public interest, exercise of official authority) or Art. 6 para. 1 lit. f (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
    • If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
    • If data is used for profiling purposes, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
  • Under Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
  • According to Article 77 GDPR, you have the right to lodge a complaint. This means that you can lodge a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can contact the responsible body listed above at any time.
To the table of contents

Security of data processing

In order to protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible for third parties to infer personal information from our data. Art. 25 GDPR refers to „data protection by design and by default“. This means that security must always be considered and appropriate measures implemented for both software (e.g., forms) and hardware (e.g., access to the server room). If necessary, we will discuss specific measures below.

TLS encryption with https

We use HTTPS (the Hypertext Transfer Protocol Secure stands for „secure hypertext transfer protocol“) to transmit data tap-proof on the Internet. This means that the complete transmission of all data from your browser to our web server is secured and cannot be read by third parties. We have thus introduced an additional layer of security and comply with data protection by design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line.
To the table of contents

Communication

Communication summary
๐Ÿ‘ฅ Data subjects: Anyone who communicates with us by phone, email, post or online form.
๐Ÿ““ Processed data: e.g., telephone number, name, email address, form data entered. You can find more details on this in the respective contact type used.
๐Ÿค Purpose: Processing communication with customers, business partners, etc.
๐Ÿ“… Storage duration: Duration of the business case and the statutory provisions
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests)

If you contact us and communicate by telephone, e-mail, post or online form, personal data may be processed. The data is processed for the handling and processing of your question and the associated business transaction. The data will be stored for as long as required by law.

Affected persons

All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.

Legal basis

The processing of the data is based on the following legal bases:

  • Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to store your data and to use it for purposes relating to the business transaction;
  • Art. 6 para. 1 lit. b GDPR (contract): It is necessary for the performance of a contract with you or a processor, such as the telephone provider, or we need to process the data for pre-contractual activities, such as the preparation of an offer;
  • Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to handle customer inquiries and business communication in a professional manner. This requires certain technical facilities such as e-mail programs, exchange servers and mobile network operators in order to operate communication efficiently.
    To the table of contents

Data processing agreement (DPA)

Like most companies, we do not work alone, but also use the services of other companies or individuals.  By involving various companies or service providers, we may pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called data processing agreement (DPA). The most important thing for you to know is that the processing of your personal data takes place exclusively in accordance with our instructions and must be regulated by the DPA.

Who are processors?

As a company and website owner, we are responsible for all data that we process from you. In addition to controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, public authority, agency or other body which processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft. To make the terminology easier to understand, here is an overview of the three roles in the GDPR: Data subject (you as a customer or interested party) โ†’ Controller (we as a company and client) โ†’ Processor (service provider such as a web host or cloud provider)

Content of an order processing contract

As mentioned above, we have concluded a DPA with our partners who act as processors. This states above all that the processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, although the electronic conclusion of the contract is also deemed to be „in writing“ in this context. The processing of personal data only takes place on the basis of the contract. The contract must contain the following:

  • Commitment to us as the responsible party
  • Obligations and rights of the controller
  • Categories of affected persons
  • Type of personal data
  • Nature and purpose of data processing
  • Purpose and duration of data processing
  • Place of data processing

The contract also contains all the obligations of the processor. The most important obligations are

  • To ensure data security measures
  • take possible technical and organizational measures to protect the rights of the data subject
  • to maintain a data processing directory
  • cooperate with the data protection supervisory authority at its request
  • carry out a risk analysis in relation to the personal data received
  • Sub-processors may only be commissioned with the written consent of the controller

To the table of contents

Cookies

Cookiesโ€™ summary
Affected parties: visitors to the website
๐Ÿค Purpose: depending on the respective cookie. You can find more details on this in the privacy policy or the cookie guidelines of the manufacturer of the software that sets the cookie.
๐Ÿ““ Data processed: depends on the cookie used. You can find more details on this in the privacy policy or the cookie guidelines of the manufacturer of the software that sets the cookie.
๐Ÿ“… Storage duration: depends on the cookie, can vary from hours to years
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are cookies?

Cookies are small text files that are sent to your browser by the website you visit. Our website uses cookies to store user-specific data about your last visit. This can both make it easier for you to visit the website again and make the site more useful to you. Functionality cookies allow you to access basic features of the website. Things that are considered basic to a service include, for example, saving options and settings such as your language selection and personal page settings, as well as information relating to your session or the activation of functions. Many cookies contain a cookie ID, which is a unique identifier of the cookie and consists of a string of characters. This enables us to assign your Internet browser and thus distinguish it from other Internet browsers that contain other cookies. When you visit our site again, your browser transmits the „user-related“ information back to our site. Thanks to the cookie ID, our website knows who you are and offers you the settings you are used to. There are both first-party cookies (first-party cookies) and third-party cookies (third-party cookies). First-party cookies are created directly by our website and are not passed on to third parties. These include essential cookies, functional cookies and performance cookies. Third-party cookies are created by partner websites (e.g., Google Analytics) and include tracking cookies. Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. A cookie could look like this, for example:

  • Category: Essential, Cookie ID: wpEmojiSettingsSupports, Domain: www.schwarzertiger.com, Storage duration: Session, Description: WordPress sets this cookie when a user interacts with emojis on a WordPress page. It helps determine whether the user’s browser can display emojis correctly.

What types of cookies are there?

Cookies have different functions; there are 4 different types of cookies:

  1. Essential cookies
    These cookies are technically necessary to ensure the basic functions of the website.
  2. Functional cookies
    These cookies, e.g., session cookies, ensure better user-friendliness. For example, entered locations, font sizes or form data are saved.
  3. Performance cookies
    These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and the behavior of the website with different browsers.
  4. Tracking and marketing cookies
    These cookies are also known as targeting cookies and are used for advertising purposes. They collect various information, for example about the user’s navigation on the site, the frequency of page views or the duration of visits to the website.

When you visit a website for the first time, you are usually asked which of these cookie types you would like to allow. And of course, this decision is also stored in a cookie.

Purpose of processing via cookies

Through the use of cookies, we can provide you with more user-friendly services that would not be possible without the setting of cookies. The specific purpose ultimately depends on the cookie in question. You can find more details on this in the privacy policy or the cookie guidelines of the manufacturer of the software that sets the cookie.

What data is processed?

Unfortunately, it is not possible to generalize which data is stored in cookies and it depends on the cookie used. To find out exactly which of your data is stored and processed, please refer to the privacy policy or the cookie guidelines of the software manufacturer that sets the cookie.

Storage duration of cookies

The storage period depends on the cookie in question, and you can also influence it yourself. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser. You can delete all cookies manually at any time via your browser (see also „Right to object“ below). Furthermore, cookies that are based on consent will be deleted at the latest after you withdraw your consent, whereby the legality of the storage remains unaffected until then.

Right to object – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option of deleting, deactivating or only partially allowing cookies. For example, you can block third-party cookies but allow all other cookies. If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings. If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. This allows you to decide for each individual cookie whether or not to accept it. In addition, you can exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. In incognito mode, the browser history and cookies from incognito windows are automatically deleted from your device after you have closed all incognito windows. However, deactivating cookies may limit the functionality of this website.

Legal basis

The so-called „Cookie Guidelines“ have been in place since 2009. These state that the storage of cookies requires your consent (Art. 6 para. 1 lit. a GDPR). However, there are still very different reactions to these directives within the EU countries. In Austria, however, this directive was implemented in Section 165 (3) of the Telecommunications Act (2021). In Germany, the cookie directives have not been implemented as national law. Instead, this directive was largely implemented in Section 15 (3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024. For strictly necessary cookies, even if no consent has been given, there are legitimate interests (Art. 6 para. 1 lit. f GDPR) for the technically error-free and optimized provision of the website. If cookies that are not absolutely necessary are used, this is only done with your consent. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. Consent can be revoked at any time. In the following sections, you will be informed in more detail about the use of cookies if the software used uses cookies.
To the table of contents

Webhosting introduction

Web hosting summary
๐Ÿ‘ฅ Affected parties: visitors to the website
๐Ÿค Purpose: professional hosting of the website and securing its operation
๐Ÿ““ Processed data: IP address, time of website visit, browser used and other data. You can find more details on this below or from the web hosting provider used.
๐Ÿ“… Storage period: depends on the respective provider, but usually 7 days
โš–๏ธ Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is web hosting?

When you visit websites these days, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification.

Why do we process personal data?

The purposes of data processing are:

  1. Professional website hosting and operational security
  2. to maintain operational and IT security
  3. Anonymous evaluation of access behavior to improve our offer

What data is processed?

As a rule, data is automatically stored in files, the so-called web server log files, such as

  • the complete Internet address (URL) of the websites accessed
  • Browser and browser version (e.g., Chrome 89)
  • the operating system used (e.g., Windows 11)
  • the address (URL) of the previously visited page (referrer URL)
  • the host name and IP address of the device from which access is made
  • Date and time of access

How long is data stored?

As a rule, the above-mentioned data is logged by our provider, stored for 7 days and then automatically deleted and not passed on.

Legal basis

The lawfulness of the processing of personal data in the context of web hosting is based on Art. 6 para. 1 lit. f GDPR (protection of legitimate interests). The use of professional hosting with a provider is necessary in order to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary. There is usually a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.
To the table of contents

InternetWerk privacy policy

InternetWerk privacy policy summary
๐Ÿ‘ฅ Data subject: Visitors to the website
๐Ÿค Purpose: Website storage and accessibility on the Internet
๐Ÿ““ Processed data: IP address, but primarily also technical data
๐Ÿ“… Storage duration: Log files are deleted after 7 days at the latest
โš–๏ธ Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)

To ensure that our website runs quickly and smoothly, we use the external web hosting services of InternetWerk GmbH (Frankenstr. 2a, 04932 Hirschfeld, Germany).

What data is processed by InternetWerk?

InternetWerk may also process your personal data. Our web server automatically stores data when you visit our website. This includes personal data such as your IP address, but above all also technical data such as the Internet address of the website accessed, device information such as browser version, operating system and the URL of the previously visited website. We may also record when you accessed our website. The IP address can be used to increase the security of the website, to detect possible errors and also to carry out anonymous statistical analyses. Cookies can also be used for data storage.

How long and where is the data stored?

The data is deleted when the respective session has ended. If this data is stored in log files, this is the case after 7 days at the latest. The exact retention period of the various data depends very much on the type of data and the individual configurations. In principle, InternetWerk stores the data for as long as is necessary to fulfill its obligations. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.

How can I delete my data or prevent data storage?

You have the right to information, correction or deletion and restriction of the processing of your personal data at any time. You can also withdraw your consent to the processing of data at any time. If you generally want to deactivate, delete or manage cookies, you can also do this in your browser. Further information on this can be found in the „Cookies“ section.

Legal basis

We have a legitimate interest in using InternetWerk in order to be able to offer our online service. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). You can find out more about the data processed through the use of InternetWerk in the privacy policy at https://www.internetwerk.de/datenschutz. If you have any specific questions, you can also send an email to info@internetwerk.de.
To the table of contents

Website modular systems Introduction

Website builder systems Privacy policy summary
๐Ÿ‘ฅ Data subject: Visitors to the website
๐Ÿค Purpose: Optimization of our service performance
๐Ÿ““ Processed data: Data such as technical usage information such as browser activity, clickstream activity, session heatmaps as well as contact details, IP address or your geographical location. You can find more details on this below or in the providers‘ privacy policies.
๐Ÿ“… Storage period: depends on the provider
โš–๏ธ Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests), Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG (consent)

What are website builder systems?

We use a modular website system for our website. Modular systems are special forms of a content management system (CMS). By using a modular system, your personal data may also be collected, stored and processed. In this data protection text, we provide you with general information about data processing by modular systems. You can find more detailed information in the provider’s privacy policy.

Why do we use website builder systems for our website?

The biggest advantage of a modular system is its ease of use. We want to offer you a clear, simple and well-organized website that we can easily operate and maintain ourselves. A modular system now offers many helpful functions. This allows us to design our website according to our wishes and offer you an informative and enjoyable time on our website.

What data is stored by a modular system?

Exactly which data is stored depends, of course, on the website builder system used. Each provider processes and collects different data from the website visitor. As a rule, however, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit are collected. Tracking data (e.g., browser activity, clickstream activity, session heatmaps, etc.) may also be processed. Personal data may also be collected and stored. This usually involves contact data such as email address, telephone number (if you have provided this), IP address and geographical location data. You can find out exactly which data is stored in the provider’s privacy policy.

How long and where is the data stored?

We will inform you about the duration of data processing below in connection with the website building block system used, if we have further information on this. You can find detailed information about this in the provider’s privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. The provider may store your data according to its own specifications, over which we have no influence.

Right of objection

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the person responsible for the website builder system used at any time. Contact details can be found either in our privacy policy or on the website of the relevant provider. You can delete, deactivate or manage cookies that providers use for their functions in your browser. You can find more information on this in the „Cookies“ section. Please note, however, that not all functions may then work as usual.

Legal basis

We have a legitimate interest in using a website building block system to optimize our online service and to present it to you in an efficient and user-friendly manner. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). If the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. With this privacy policy, we have provided you with the most important general information about data processing. If you would like more detailed information in this regard, you will find further information in the following section on the CMS tool used or in the provider’s privacy policy.
To the table of contents

WordPress.com privacy policy

WordPress.com privacy policy summary
๐Ÿ‘ฅ Data subject: Visitors to the website
๐Ÿค Purpose: Optimization of our service performance
๐Ÿ““ Processed data: Data such as technical usage information such as browser activity, clickstream activity, session heatmaps as well as contact data, IP address or your geographical location. You can find more details below in this privacy policy.
๐Ÿ“… Storage duration: It depends primarily on the type of data stored and the specific settings.
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is WordPress?

We use the well-known open-source content management system (CMS) WordPress.com on our website. WordPress allows us to easily create, manage and update websites. The first version was released in 2003 and was programmed by Matthew Mullenweg and Mike Little as software for weblogs and continuously developed as an open-source project. Since 2005, the service provider has been the American company Automattic Inc. founded by Matt Mullenweg (60 29th Street #343, San Francisco, CA 94110, USA). WordPress is used by around 62% of all websites and has become one of the most widely used platforms for creating websites. Around a third of the one million most-visited websites use WordPress. Its widespread use is due to its user-friendliness, customizability through themes and plugins and the active WordPress developer community. By using WordPress, your personal data can also be collected, stored and processed. As a rule, mainly technical data such as the operating system, the browser, the screen resolution or the hosting provider are stored. However, personal data such as the IP address, geographical data or contact details may also be processed.

Why do we use WordPress on our website?

WordPress offers a wide range of themes (design templates) and plugins (extensions) that allow us to customize our website according to our own ideas and add functionalities. Thanks to the ease of use and comprehensive functions of WordPress, we can design our website according to our wishes and offer you a good user experience.

What data is processed by WordPress?

Non-personal data includes technical usage information such as browser activity, clickstream activity, session heatmaps and data about your computer, operating system, browser, screen resolution, language and keyboard settings, internet provider and date of the page visit. Personal data is also collected. This is primarily contact data (email address or telephone number, if you provide these), IP address or your geographical location. WordPress can also use cookies to collect data. These often collect data about your behavior on our website. For example, it may record which subpages you particularly like to view, how long you spend on individual pages, when you leave a page (bounce rate) or which default settings (e.g., language selection) you have made. Based on this data, WordPress can also better adapt its own marketing measures to your interests and user behavior. As a result, the next time you visit our website, you will be shown our website as you have previously configured it. WordPress may also use technologies such as pixel tags (web beacons), for example to clearly identify you as a user and possibly offer interest-based advertising. The following cookies are set by WordPress for the domain: www.schwarzertiger.com:

  • Category: Essential, Cookie ID: wpEmojiSettingsSupports, Storage duration: Session, Description: WordPress sets this cookie when a user interacts with emojis on a WordPress page. It helps determine whether the user’s browser can display emojis correctly.
  • Category: Functional, Cookie ID: wordpress_test_cookie, Storage duration: Session, Description: WordPress sets this cookie to determine whether cookies are enabled in the user’s browser. Script URL pattern: *.wordcamp.org

How long and where is the data stored?

How long the data is stored depends on various factors. In particular, it depends on the type of data stored and the specific settings of the website. In principle, WordPress deletes the data when it is no longer needed for its own purposes. There are of course exceptions, especially if legal obligations require the data to be stored for longer. Web server logs containing your IP address and technical data are deleted by WordPress or Automattic after 30 days. This is how long Automattic uses the data to analyze the traffic on its own websites (for example, all WordPress pages) and to fix possible problems. Deleted content on WordPress websites is also kept in the recycle bin for 30 days to enable recovery. After that, they can remain in backups and caches until these are also deleted. The data is stored on Automattic’s American servers.

How can I delete my data or prevent data storage?

You have the right to information, correction and deletion of your personal data at any time. If you have any questions, you can also contact Automattic at any time. You can find the contact details in our privacy policy or on the Automattic website. In your browser, you also have the option of individually managing, deleting or deactivating cookies. You can find more information on this in the „Cookies“ section. Please note, however, that this may mean that not all functions of our WordPress site will work as usual.

Legal basis

If you have consented to the use of WordPress, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TDDDG (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when it is collected by WordPress. In particular, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. We also have a legitimate interest in using WordPress in order to optimize our online service and present it to you in an attractive manner. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use WordPress if you have given your consent.
WordPress or Automattic processes your data in the USA, among other places. Automattic is certified in accordance with the „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: Data Privacy Framework (DPF) Program. Automattic also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (outside the European Union, Iceland, Liechtenstein, Norway and in particular the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Automattic undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA and outside the EU. The clauses are based on Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
For more details on what data is processed by WordPress and how, please refer to the Automattic Privacy Policy.
To the table of contents

Web Analytics Introduction

Web Analytics privacy policy summary
๐Ÿ‘ฅ Data subject: Visitors to the website
๐Ÿค Purpose: Evaluation of visitor information to optimize the website.
๐Ÿ““ Processed data: Access statistics containing data such as locations, device data, duration and time, navigation behavior and click behavior. You can find more details on this in the respective web analysis tool used.
๐Ÿ“… Storage duration: depending on the web analysis tool used
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is web analytics?

We use software on our website to evaluate the behavior of website visitors, known as web analytics or web analysis for short. This involves collecting data that is stored, managed and processed by the respective web analytics tool provider (also known as a tracking tool). The data is used to create analyses of user behavior on our website and made available to us as the website operator. User profiles can also be created for other analytics processes and the data can be stored in cookies.

Why do we use web analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. In order to achieve this goal, we want to offer the best and most interesting services on the one hand and make sure that you feel completely at ease on our website on the other. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our website accordingly for you and for us. For example, we can identify which content or products are particularly popular. All this information helps us to optimize the website and thus adapt it to your needs, interests and wishes.

What data is processed?

Exactly what data is stored depends, of course, on the web analysis tools used. However, as a rule, for example, the content you view on our website, the links you click on, when you access a page, the browser you use, the device (PC, tablet, smartphone, etc.) you use to visit the website or the computer system you use are stored. If you have agreed that location data may also be collected, this may also be processed by the web analysis tool provider. For the purpose of testing, web analysis and web optimization, no direct data such as your name, age, address or e-mail address is stored. All this data, if collected, is stored in pseudonymized form. This means that you cannot be identified as a person. How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of data processing below, if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If required by law, for example in the case of accounting, this storage period may also be exceeded.

Right of objection

You have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. You can find more information on this in the „Cookies“ section.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie banner. According to Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TDDDG (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when it is collected by web analytics tools. In particular, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. Consent can be revoked at any time. In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our offer technically and economically. With the help of web analytics, we can detect errors on the website, identify attacks and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use the tools if you have given your consent. Since web analysis tools use cookies, we recommend that you also read our general data protection declaration on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools. Information on specific web analysis tools can be found in the following sections.
To the table of contents

Google Analytics privacy policy

Google Analytics privacy policy summary
๐Ÿ‘ฅ Data subject: Visitors to the website
๐Ÿค Purpose: Evaluation of visitor information to optimize the website.
๐Ÿ““ Processed data: Access statistics containing data such as locations, device data, duration and time, navigation behavior and click behavior. You can find more details on this further down in this privacy policy.
๐Ÿ“… Storage duration: individually adjustable, by default Google Analytics stores 4 data for 2 months, it can be increased to 14 months.
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TDDDG (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

We use the tracking tool Google Analytics in the version Google Analytics 4 (GA4) of the US technology company Google LLC on our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics is the world’s most popular web analysis tool. Web analytics is the collection, compilation and evaluation of data about the behavior of visitors to websites. It records, for example, which pages visitors come from, how often which pages are visited and which search engines are used. The results of the analysis are provided in the form of reports. This enables us to better adapt and optimize our website and our service to your wishes. These measurements and analyses are based on a pseudonymous user identification number. This number does not contain any personal data such as name or address, but is used to assign events to an end device. GA4 uses an event-based model that records detailed information on user interactions such as page views, clicks, scrolling and conversion events. GA4 also incorporates various machine learning functions to better understand user behavior and certain trends. GA4 relies on modeling with the help of machine learning functions. This means that missing data can also be extrapolated on the basis of the collected data in order to optimize the analysis and also to be able to make forecasts.

Google Analytics reports

Google uses tags (tracking codes) on our website to ensure that Google Analytics works properly. When you visit our website, this code records various events that you carry out on our website. As soon as you leave our website, this data is stored in a cookie, sent to the Google Analytics servers and stored there. Google processes the data and we receive reports on your user behavior, but these do not identify individual users. These may include the following reports, among others

  • Acquisition: Acquisition reports provide us with helpful information on how we can get more people interested in our service.
  • Engagement: User engagement by events, pages and screens.
  • Retention: User loyalty, specifically the number of new and returning users and cohorts.
  • Real-time: Here we see the activities on our website at this exact moment in time.

In addition to the more conversion-oriented reports, the following reports are also available:

  • Technology: Information about the technologies you use to visit our website, e.g., your operating system, browser and device type such as desktop or mobile.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal. The statistically analyzed data gives us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it can be found more easily by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. We therefore know exactly what we need to improve on our website in order to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Client ID, user ID and property ID

By default, Google Analytics uses a tracking code to create a random, unique client ID that is linked to your browser cookie. This is how Google Analytics recognizes you as a new user and assigns you your own client ID. The next time you visit our site, you will be recognized as a „returning“ user. All collected data is stored together with this ClientID in a cookie. This makes it possible to evaluate pseudonymous user profiles. However, you can also interact with our website via different devices, such as a desktop computer, smartphone or web browser. This is taken into account in reports as an individual user with a pseudonymous device or a pseudonymous browser instance.  
The user ID can be used to analyze user interactions on different devices or different browser instances as a whole. This allows data on individual users who use different devices or browsers to be merged. This can be used to create cross-device reports for a maximum of 90 days. For this purpose, a constant, non-personal ID is defined for an individual user.
In order to be able to analyze our website with Google Analytics, a property ID
must be inserted into the tracking code. Your data, which is linked to cookies, user or advertising IDs, is then stored in the corresponding property for 2 or alternatively 14 months by default. Your interactions are measured using identifiers such as cookies, user IDs or user-defined event parameters, provided you have given your consent. Interactions are all types of actions that you perform on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics may be linked to third-party cookies. Google does not pass on Google Analytics data unless we as the website operator authorize this. Exceptions may be made if required by law. If you would like to find out more about Client ID and User ID in Google Analytics, we recommend the following article Reference to User ID.

Regional data centers

Google Analytics uses regional data centers to send your measurement data from our website to Google Analytics as quickly and securely as possible. If a connection is established in Analytics to the nearest available Google data center, the measurement data is sent to Analytics via an encrypted HTTPS connection. In these centers, the data is further encrypted before it is forwarded to the Analytics processing servers and made available on the platform. The most suitable local data center is determined based on the IP addresses.

IP anonymization

With Google Analytics 4, IP anonymization takes place automatically. No IP addresses are logged or stored. However, Google uses the IP address data to derive location data. For this purpose, all measurement data from devices located in the EU (based on the geographical location according to the IP address) is collected via domains and servers in the EU before the traffic is forwarded to Analytics servers for processing. No exact location data is provided in Analytics, instead the following metadata is derived from IP addresses: „city“ (and the derived latitude and longitude of the city), „continent“, „country“, „region“, „subcontinent“ (and the ID-based equivalents). After that, all IP addresses are immediately deleted in Analytics and not used for further use cases. In short, all IP addresses collected from users in the EU are deleted before the data is stored in a data center or on a server. If you would like to find out more about data collection in the EU by Google Analytics, we recommend the following articles under Data collection and protection in the EU and Regional data collection.

The following diagram shows how data is collected, filtered and stored in Google Analytics:

Im Diagramm wird dargestellt, wie in Google Analytics Daten erhoben, gefiltert und gespeichert werden.

Source: GA4 – Data Flow Diagram.pdf (https://storage.googleapis.com/support-kms-prod/LnQ8X4K0alkkQM5zyK7Wm0gkk1ETJIoSeNNk)

Cookies

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions. Nevertheless, there are some specific cookies that are used by GA4. Depending on your selection in the cookie banner, a client ID is stored in a separate cookie called „_ga“ for 2 years. This is used to distinguish individual users and their sessions on our website. It is used by every website on which Google Analytics is implemented, including Google services, and is the main cookie used by Google Analytics. Each „_ga“ cookie is unique to the specific property and therefore cannot be used to track a specific user or browser across unrelated websites. These include, for example, in the category Analysis for the domain: .schwarzertiger.com:

  • Used to distinguish individual users: Cookie ID: _ga, Storage duration: 1 year 1 month 4 days, Description: Google Analytics sets this cookie to store and count page views. Script URL pattern: google-analytics.com|googletagmanager.com/gtag/js
  • Used to store the session status: Cookie ID: _ga_*, Storage duration: 1 year 1 month 4 days, Description: Google Analytics sets this cookie to calculate visitor, session and campaign data and to track website usage for the website analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. Script URL pattern: google-analytics.com|googletagmanager.com/gtag/js

Note: This list cannot claim to be exhaustive, as Google is constantly changing its choice of cookies. The aim of GA4 is also to improve data protection. The tool therefore offers a number of options for controlling data collection. For example, we can set the storage duration ourselves and also control data collection.

If you would like to find out more about cookies in Google Analytics, we recommend the following article How Google uses cookies and Use of cookies on websites.

Data collected

Here we show you an overview of the most important types of data that are collected by default with Google Analytics:

  • Number of users: A distinction is made between new and returning users.
  • Session duration: Google defines session duration as the time you spend on our site without leaving the page. If you have been inactive for 20 minutes, the session ends automatically.
  • Bounce rate: A bounce is when you only view one page on our website and then leave our website again.
  • Approximate location determination: IP addresses are not logged or stored in Google Analytics. However, derivations for location data are used shortly before the IP address is deleted.
  • Technical information: Technical information includes your browser type and language and device information.
  • Source of origin: Google Analytics or we are of course also interested in which website or which advertisement you came to our site from (so-called referrer).
  • Detailed recording of location and device data (optional): If activated, metadata e.g., on your location at city level, device details and screen resolution are recorded.

This list is not exhaustive and only serves as a general guide to data storage by Google Analytics.

How long and where is the data stored?

Google has servers all over the world, but most of them are located in the USA. Under the link Google data centers you can see exactly where the data centers are located. Your data is distributed on various physical data carriers. This has the advantage that the data can be accessed more quickly and is better protected against manipulation. There are appropriate emergency programs for your data in every Google data center. If, for example, the hardware at Google fails or natural disasters paralyze servers, the risk of a service interruption at Google remains low. The data retention period depends on the properties used and is defined separately for each individual property. When a new property is created, the data retention period for event and user data is set to 2 months by default and can be increased to 14 months. There is also an option to extend the retention period for the user ID. With every new activity of this user, the expiration date is recalculated from this point in time. If this option is not activated, the data linked to the user ID is automatically deleted after the retention period has expired. This retention period applies to your data linked to cookies, user IDs or advertising IDs. Reporting results are based on aggregated data and are stored independently of user data. Aggregated data is an amalgamation of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to access, update, delete or restrict your data.

  • You can use the browser add-on to deactivate Google Analytics JavaScript (analytics.js, gtag.js) to prevent Google Analytics 4 from using your data. You can download and install the browser add-on yourself. Please note that this add-on only deactivates data collection by Google Analytics.
  • If you want to change how cookies are used, you can visit g.co/privacytools. Here you can, among other things, refuse the use of certain cookies.
  • If you generally want to deactivate, delete or manage cookies, you can also do this in your browser. You can find more information on this in the „Cookies“ section.

Legal basis

The use of Google Analytics requires your consent, which we have obtained with our cookie banner. According to Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TDDDG (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when it is collected by web analysis tools. In particular, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. Consent can be revoked at any time. In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our offer technically and economically. With the help of Google Analytics, we can detect errors on the website, identify attacks and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use Google Analytics if you have given your consent.
Google also processes your data in the USA, among other places. Google is certified in accordance with the „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: Data Privacy Framework (DPF) Program. Google also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (outside the European Union, Iceland, Liechtenstein, Norway and in particular the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA and outside the EU. The clauses are based on Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
If you want to find out more about how your data is handled, use the Google Privacy Policy. For more information about data processing by Google Analytics, we recommend Google’s information pages on data protection, the protection and security of your data and the terms of use for Google Analytics.
To the table of contents

MonsterInsights privacy policy

MonsterInsights privacy policy summary
๐Ÿ‘ฅ Data subject: Visitors to the website
๐Ÿค Purpose: Evaluation of visitor information to optimize the website.
๐Ÿ““ Processed data: Access statistics containing data such as locations, device data, duration and time, navigation behavior and click behavior. You can find more details on this below or in the Google Analytics privacy policy.
๐Ÿ“… Storage duration: depending on the Google Analytics properties used
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is MonsterInsights?

We use the „Google Analytics Plugin for WordPress“ from the American company MonsterInsights LCC (7732 Maywood Crest Dr, West Palm Beach, Florida, 33412, USA) on our website. The plugin is usually simply called MonsterInsights. With the help of the plugin, your user data can be stored, managed and processed by Google Analytics. For example, when you click on a link, Google Analytics saves this „click“ via the integrated plugin and offers informative web analyses based on this collected data. In this privacy policy we go into more detail about MonsterInsights and inform you which data is stored where and how. MonsterInsights uses the Google Analytics Reporting API for its services to collect data about our website and visitor behavior. This data is analyzed and then appears as charts, graphs and tables directly on our WordPress dashboard. For the plugin to work, a Google Analytics tracking code is integrated into our WordPress site. The plugin offers functions such as page analysis, statistics and ad tracking. We can therefore use the plugin to set up tracking functions such as event tracking, eCommerce tracking or outbound link tracking for our website very easily and without any programming knowledge. We can see all important statistics summarized in a single place directly in our dashboard.

Why do we use MonsterInsights?

MonsterInsights makes it much easier for us to use Google Analytics, as we can see the most important analyses directly on our dashboard and don’t always have to switch to Google Analytics. Google Analytics provides us with a lot of important data about visitor behavior on our website. With the help of this data, we can better adapt our website and our offer to your wishes. We use the statistics obtained to make our website more interesting and to target any advertisements.

What data is stored by MonsterInsights or Google Analytics?

By installing the MonsterInsights plugin, a Google Analytics tracking code is integrated into our WordPress website. Google Analytics uses this to create a random, unique ID that is linked to your browser cookie. In this way, you are recognized as a new visitor to our website. If you visit us again, you will be recognized as a so-called „returning“ user. This ID is then used to store all the data collected. In this way, pseudonymous user profiles are created and analyzed. Your actions on our website are stored in cookies. If you are linked to other Google services, the data generated may also be linked to third-party cookies. All tracking is performed and stored by Google Analytics. MonsterInsights passes all data directly to Google Analytics for processing on behalf of MonsterInsights. Google only shares this data if we allow it or if it is required by law. MonsterInsights does not use its own cookies to store data, but the code added by MonsterInsights loads Google Analytics, which adds cookies. For example, the website from which you came to us, which links you click on, how long you stay on the website and when you leave the website. Your approximate location can also be determined and technical information such as device type, browser type or operating system is also stored. If you want to know more about data storage and data processing, we recommend that you read our general privacy policy on Google Analytics.

How long and where is the data stored?

MonsterInsights does not store the collected data, but forwards it to Google Analytics. There the data is stored on Google’s servers. These servers are distributed worldwide, but most of them are located in the USA. Under the link Google data centers you can see exactly where the data centers are located. By default, your data is stored by Google for 2 or alternatively 14 months. Please also see our Google Analytics privacy policy. The retention period applies to data linked to cookies, user recognition and advertising IDs. Web analytics that appear in the form of reports are generated by aggregated data and are stored independently of your user data.

How can I delete my data or prevent data storage?

You have the right to information, updating, deletion and restriction of your data at any time. If you download and install the browser add-on to deactivate Google Analytics, you can prevent Google Analytics from using your data by deactivating Google Analytics JavaScript. If you generally want to deactivate, delete or manage cookies, you can also do this in your browser. You can find more information on this in the „Cookies“ section.

Legal basis

The use of MonsterInsights requires your consent, which we have obtained with our cookie banner. According to Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TDDDG (consent) the legal basis for the processing of personal data, as it may occur when collected by web analysis tools. In particular, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. Consent can be revoked at any time. In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our offer technically and economically. With the help of MonsterInsights, we can detect errors on the website, identify attacks and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use MonsterInsights if you have given your consent.
MonsterInsights and Google also process your data in the USA. Google is certified in accordance with the โ€œEU-US Data Privacy Frameworkโ€ (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: Data Privacy Framework (DPF) Program. Google also uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (outside the European Union, Iceland, Liechtenstein, Norway and in particular the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA and outside the EU. The clauses are based on Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
If you want to learn more about the WordPress plugin MonsterInsights, we recommend that you visit the website https://www.monsterinsights.com. If you want to find out more about how your data is handled, use the Google Privacy Policy. For more information about data processing by Google Analytics, we recommend our Google Analytics privacy policy as well as Google’s information pages on data protection, the protection and security of your data and the terms of use for Google Analytics.
To the table of contents

Social media introduction

Social media privacy policy summary
๐Ÿ‘ฅ Data subjects: Visitors to the website
๐Ÿค Purpose: Presentation and optimization of our services, contact with visitors, interested parties, etc., advertising
๐Ÿ““ Processed data: Data such as telephone numbers, email addresses, contact details, user behavior data, information about your device and your IP address. You can find more details on this in the respective social media tool used.
๐Ÿ“… Storage duration: depending on the social media platforms used
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is social media?

In addition to our website, we are also active on various social media platforms. User data may be processed so that we can target users who are interested in us via the social networks. In addition, elements of a social media platform may also be embedded directly in our website. This is the case, for example, if you click on a social button on our website and are forwarded directly to our social media presence. Social media refers to websites and apps that registered members can use to produce content, share content openly or in specific groups and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and get in touch online. Our social media presence allows us to bring our products and services closer to interested parties. The social media elements integrated on our website help you to switch to our social media content quickly and without complications. The data that is stored and processed through your use of a social media channel is primarily used to carry out web analyses. The aim of these analyses is to be able to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can be used to draw conclusions about your interests and create user profiles. This also enables the platforms to present you with customized advertisements. Cookies are usually set in your browser for this purpose, which store data on your usage behavior. As a rule, we assume that we remain responsible under data protection law, even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is then set out below for the platform concerned. Please note that when using the social media platforms or our built-in elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may not be able to claim or enforce your rights in relation to your personal data as easily.

What data is processed?

Exactly which data is stored and processed depends on the respective provider of the social media platform. However, it is usually data such as telephone numbers, email addresses and data that you enter in a contact form. User data is also collected, such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Data can be linked to your profile, especially if you have a profile on the social media channel you are visiting and are logged in. All data that is collected via a social media platform is also stored on the provider’s servers. This means that only the providers have access to the data and can provide you with the appropriate information or make changes. If you want to know exactly what data is stored and processed by the social media providers and how you can object to data processing, you should read the company’s privacy policy carefully. We also recommend that you contact the provider directly if you have any questions about data storage and data processing or wish to assert corresponding rights.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. For example, the social media platform Facebook stores data until it is no longer required for its own purposes. However, customer data that is compared with our own user data is deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If required by law, for example in the case of accounting, this storage period may be exceeded.

Right of objection

You have the right and the option to withdraw your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. As social media tools may use cookies, we recommend that you also read our general privacy policy on cookies. To find out exactly what data of yours is stored and processed, please refer to the privacy policy or cookie policy of the respective service provider.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG). In particular, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. The use of social media elements is in the interest of an appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Nevertheless, we only use the integrated social media elements if you have given your consent. Consent can be revoked at any time. Information on specific social media platforms can be found in the following section.
To the table of contents

TikTok privacy policy

TikTok privacy policy summary
๐Ÿ‘ฅ Data subject: Visitors to the website
๐Ÿค Purpose: Optimization of our service performance
๐Ÿ““ Processed data: your IP address, browser data, date and time of your page view may be stored. You can find more details below in this privacy policy.
๐Ÿ“… Storage duration: varies depending on the settings
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is TikTok?

TikTok is a popular social media platform, especially among young people, where users can create, watch, share, rate and comment on short video clips. We have integrated TikTok videos on our website so that we can present our video clips to you directly on our site. The service provider is the Chinese company Beijing Bytedance Technology Ltd. TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) is responsible for the European region. When you access a page on our website that has a TikTok video embedded, your browser automatically connects to the Bytedance servers. Various data is transmitted (depending on the settings).

Why do we use TikTok on our website?

We want to offer you the best possible user experience on our website. TikTok is particularly known for fun and creative content and of course we don’t want to deprive you of our content. We have built TikTok into our website so that you can watch our TikTok videos if you feel like it and interact with the videos where appropriate. This allows us to provide you with further helpful content in addition to our texts and images.

What data is processed by TikTok?

When you watch or interact with TikTok videos on our website, TikTok may collect information about your usage behavior and your device. This may include technical data such as your IP address, system language, operating system and device model and other technical information. In addition, TikTok automatically assigns you a device ID and a user ID. If you log in from multiple devices, TikTok uses this data to identify your activities across devices. Based on this technical data (e.g., SIM card and IP address), TikTok automatically collects information about your approximate location (e.g., country, state or city). TikTok may also use cookies and similar tracking technologies to operate and provide the Services, to remember your language preferences, to personalize your user experience and for marketing purposes. For more information about the use of cookies, please refer to the Cookie Policy for the TikTok Websites and Cookie Policy for the TikTok Platform. If you have a TikTok account yourself, other information may also be collected and processed. This includes user information (such as name, date of birth or your e-mail address) and information about how you use TikTok. This includes your search history, data about the content you have viewed, the duration and frequency of your use and data about your communication with other TikTok users. TikTok uses this data to infer your characteristics (e.g., age group and gender) and interests and to provide you with personalized advertising based on your interests, among other things. The following cookies are set by TikTok if you have consented to the use of cookies, in the Marketing category for the domain: .tiktok.com:

  • Cookie ID: ttwid, Storage duration: 1 year, Description: Tiktok sets this cookie to track user authentication and session information. Script URL pattern: tiktok.com|analytics.tiktok.com/i18n/pixel/config.js
  • Cookie ID: msToken, Storage duration: 10 days, Script URL pattern: tiktok.com

To find out more about exactly which of your data is stored and processed, please refer to the TikTok privacy policy.

How long and where is the data stored?

The storage period and storage locations of the data collected by TikTok can vary greatly and are subject to TikTok’s privacy policy. TikTok also stores data on servers in the USA and other countries such as Malaysia and Singapore. The storage period generally depends on the respective legal requirements and internal guidelines. According to TikTok, the data is stored for as long as is necessary for the provision of the platform and for the other purposes specified in TikTok’s privacy policy. TikTok also retains the data if this is necessary to fulfill contractual and legal obligations, if TikTok has a legitimate business interest in doing so (e.g., to improve and develop the platform and to improve the security and stability of its services) and to assert or defend legal claims. The retention periods vary depending on the type of data and the purposes for which TikTok uses the data. You can read more about this in the TikTok Privacy Policy.

How can I delete my data or prevent data storage?

If you have a TikTok account, you can manage your privacy settings directly on TikTok. For example, in the settings of your TikTok account, you can specify which information may and may not be shared. TikTok can also set cookies in your browser to store data. We therefore recommend that you read our general privacy policy about cookies. To find out exactly what data of yours is stored and processed, please also refer to TikTok’s privacy policy or cookie policy. In addition, you can manage, disable or delete cookies in your web browser to limit data collection. This is of course also possible without a TikTok account. Please note, however, that this may affect the functionality of our website and your TikTok experience.

Legal basis

If you have consented to your data being processed and stored by TikTok, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TDDDG). In particular, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. The use of TikTok is in the interest of an appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Nevertheless, we only use the integrated TikTok elements if you have given your consent. Consent can be revoked at any time.
TikTok also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may entail various risks for the legality and security of data processing. TikTok uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway and in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). By means of these clauses, TikTok undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA and outside the EU. They are based on Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Further information can be found in the TikTok Privacy Policy and in the general information about TikTok at https://www.tiktok.com.
To the table of contents

Cookie Consent Management Platform Summary
๐Ÿ‘ฅ Data subject: Website visitor
๐Ÿค Purpose: To obtain and manage consent for certain cookies and therefore the use of certain tools
๐Ÿ““ Processed data: Data for managing the cookie settings set, such as IP address, time of consent, type of consent, individual consents. You can find more details on this in the respective tool used.
๐Ÿ“… Storage period: Depends on the tool used, you must be prepared for periods of several years
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is a Cookie Consent Management Platform?

We use cookie consent management platform (CMP) software on our website, which makes it easier for us and you to handle scripts and cookies correctly and securely. The software automatically creates a cookie banner and scans and checks all scripts and cookies. It provides you with the cookie consent required under data protection law and helps us and you to keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or do not allow.

Why do we use a cookie management tool?

Our aim is to offer you the best possible transparency in the area of data protection. We are also legally obliged to do so. We want to provide you with as much information as possible about all tools and all cookies that can store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we first need to know exactly which cookies have landed on our website in the first place. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information about them. You can then accept or reject cookies via the consent system.

What data is processed?

As part of our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to ask you every time you visit our website and we can also prove your consent if required by law. This is stored either in an opt-in cookie or on a server. The storage period of your cookie consent varies depending on the provider of the cookie management tool.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years. The exact duration of data processing depends on the tool used. You can usually find detailed information about the duration of data processing in the respective data protection declarations of the individual providers.

Right of objection

You can prevent the collection and storage of data, for example, by rejecting the use of cookies via the cookie notice. You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. You can find more information on this in the „Cookies“ section.

Legal basis

If you consent to cookies, your personal data will be processed and stored via these cookies. If we are permitted to use cookies on the basis of your consent (Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG), this consent is also the legal basis for the use of cookies and the processing of your data. In particular, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. Consent can be revoked at any time. Cookie consent management platform software is used to manage and enable consent for cookies. The use of this software enables us to operate the website in an efficient and legally compliant manner, which constitutes a legitimate interest (Art. 6 para. 1 lit. f GDPR). Information on special cookie consent management tools can be found in the following section.
To the table of contents

CookieYes privacy policy summary
๐Ÿ‘ฅ Data subject: Website visitor
๐Ÿค Purpose: Obtaining consent for certain cookies and thus the use of certain tools
๐Ÿ““ Processed data: Data for managing the cookie settings set, such as IP address, time of consent, type of consent, individual consents. You can find more details below in this privacy policy.
๐Ÿ“… Storage period: the data is deleted after one year
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is CookieYes?

We use functions provided by the provider CookieYes on our website. CookieYes is an all-in-one cookie consent management platform that helps us to design our website in compliance with data protection regulations. The service provider is the British company CookieYes Limited (3 Warren Yard, Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom). Founded in 2018 as a WordPress plugin, it is now a standalone cookie consent solution with its own web application. CookieYes automatically creates a GDPR-compliant cookie notice (also known as a cookie banner or cookie notice) for our website visitors. By using this feature, data from you can be sent, stored and processed by CookieYes. In addition, the technology behind CookieYes scans, checks and evaluates all cookies and tracking measures on our website.

Why do we use CookieYes on our website?

We take data protection very seriously. We want to show you exactly what is happening on our website and which of your data is being stored. CookieYes helps us to get a good overview of all our cookies (first-party and third-party cookies). This enables us to provide you with accurate and transparent information about the use of cookies on our website. You always receive an up-to-date and data protection-compliant cookie notice and decide for yourself which cookies you allow and which you do not.

What data is stored by CookieYes?

If you have given your consent to cookies, the following data will be transmitted to CookieYes, stored and processed. In the context of the disclosure obligation under the GDPR, this data will also be fully documented in the proof of consent. Consent is collected once per language.

  • Our website URL
  • Date and time of your consent
  • Encrypted, anonymous consent ID
  • If available, the country
  • Anonymized IP address (the last 3 digits are set to 0)
  • Consent status (Accepted, Rejected, Partially accepted)
  • Consent status by category (Essential, Functional, Analytics, Marketing) with a list of the cookies contained

The following cookie is set by CookieYes after you have given your consent to cookies. Your consent status is stored there. This means that our website can remember and follow your status on future visits and does not have to query it again each time.

  • Category: Essential, Cookie ID: cookieyes-consent, Domain: www.schwarzertiger.com, Storage duration: 1 year, Description: CookieYes sets this cookie to store the consent preferences of the users so that their preferences are taken into account on subsequent visits to this website. No personal information about the visitors to the website is collected or stored. Script URL pattern: cookieyes.com

How long and where is the data stored?

CookieYes retains personal data for as long as reasonably necessary to fulfill the purposes for which it was provided or collected and applicable legal, regulatory, tax, accounting or other requirements. All User Data will be deleted by CookieYes on an ongoing basis after 1 year after registration (cookie consent) or immediately after termination of the CookieYes Account. For the use of the integrated cookie consent management platform, your consent data will be processed by CookieYes. CookieYes does not sell, trade or otherwise disclose your personal data to third parties. Your personal data will only be used for the purposes for which it was collected. However, CookieYes will share personal data to the extent necessary with trusted third parties or processors if this is necessary to fulfill the contract or to provide the technical functionality of the website or if there is another legal basis for the transfer. However, these third parties are contractually obliged to treat your data confidentially. In addition, data will also be passed on if this is legally required. If CookieYes commissions third parties with the collection, processing and use of data within the framework of order processing in accordance with Art. 28 GDPR, this is also done exclusively in compliance with the legal provisions on data protection. In addition, CookieYes has taken further security measures to ensure the security of the data. For example, all information provided to CookieYes is stored on its own secure servers. CookieYes also processes and transfers your personal data to countries outside the European Economic Area (EEA), Switzerland or the United Kingdom that offer an adequate level of protection. This is the case if the European Commission or the UK Information Commissioner’s Office (โ€œICOโ€) has explicitly stated this or if the recipient is bound by standard contractual clauses in accordance with the conditions set by the European Commission or the ICO. You can find out more about the data processed through the use of CookieYes in the Privacy Policy.

How can I delete my data or prevent data storage?

You can prevent the collection and storage of data, for example, by rejecting the use of cookies via the cookie notice. You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. You can find more information on this in the โ€œCookiesโ€ section. To find out exactly what data of yours is stored and processed, please also see CookieYes‘ privacy policy or cookie policy.

Legal basis

If you consent to cookies, your personal data will be processed and stored via these cookies. If we are permitted to use cookies on the basis of your consent (Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG), this consent is also the legal basis for the use of cookies and the processing of your data. In particular, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. Consent can be revoked at any time. CookieYes is used to manage consent for cookies and to enable you to do so. The use of this software enables us to operate the website in an efficient and legally compliant manner, which constitutes a legitimate interest (Art. 6 para. 1 lit. f GDPR). Nevertheless, we only use CookieYes if you have given your consent.
As a result of the UK’s withdrawal from the European Union, the GDPR is no longer applicable to the transfer of data there. However, the European Commission has decided on the basis of Art. 45 GDPR that the UK offers an adequate level of protection compared to the GDPR. The transfer of data to the UK is therefore permitted under Commission Implementing Decision (EU) 2021/1772 of June 28, 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom (notified under document number C (2021) 4800). CookieYes also processes and transfers your personal data to countries outside the European Economic Area (EEA), Switzerland or the United Kingdom that offer an adequate level of protection. This is the case if the European Commission or the UK data protection authority (โ€œICOโ€) has explicitly stated this or if the recipient is bound by standard contractual clauses in accordance with the conditions set by the European Commission or the ICO. The basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway and in particular in the USA) or a data transfer there is that CookieYes uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, CookieYes undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US and outside the EU. They are based on the Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
If you want to learn more about CookieYes, please visit the website at https://www.cookieyes.com/de. For more information about CookieYes‘ data processing, please refer to the Privacy Policy and Cookie Policy as well as the Data Processing Agreement and the General Terms and Conditions.
To the table of contents

Audio & Video Introduction

Audio & video privacy policy summary
๐Ÿ‘ฅ Data subject: Visitors to the website
๐Ÿค Purpose: Optimization of our service performance
๐Ÿ““ Processed data: Data such as contact details, user behavior data, information about your device and your IP address may be stored. You can find more details on this in the privacy policy of the respective provider.
๐Ÿ“… Storage duration: Data is generally stored for as long as it is required for the purpose of the service
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are audio and video elements?

We have integrated audio and video elements on our website so that you can watch videos or listen to music/podcasts directly via our website. The content is provided by service providers. All content is therefore also obtained from the corresponding servers of the providers. These are integrated functional elements from platforms such as YouTube. The use of these portals is generally free of charge. With the help of these integrated elements, you can listen to or watch the respective content via our website. If you use audio or video elements on our website, your personal data may also be transmitted to the service providers, processed and stored.

Why do we use audio & video elements on our website?

Of course, we want to provide you with the best offer on our website. And we are aware that content is no longer just conveyed in text and static images. Instead of simply giving you a link to a video, we offer you audio and video formats directly on our website that are entertaining or informative and ideally even both. This expands our service and makes it easier for you to access our interesting content. We therefore offer video and/or audio content in addition to our texts and images.

What data is stored by audio & video elements?

When you access a page on our website that has an embedded video, for example, your server connects to the server of the service provider. Your data is also transmitted to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system and other general information about your end device. Most providers also collect information about your web activity. This includes, for example, session duration, bounce rate, which button you clicked on or which website you used to access the service. All this information is usually stored using cookies or pixel tags (also known as web beacons). Pseudonymized data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.

Duration of data processing

You can find out exactly how long the data is stored on the servers of the third-party providers either below in the privacy policy of the respective tool or in the privacy policy of the provider. In principle, personal data is only ever processed for as long as is absolutely necessary for the provision of our services or products. This generally also applies to third-party providers. In most cases, you can assume that certain data will be stored on the servers of third-party providers for several years. Data can be stored for different lengths of time, especially in cookies. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years.

Right of objection

You have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. The lawfulness of the processing until the revocation remains unaffected. As the integrated audio and video functions on our website usually also use cookies, we recommend that you also read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, please also refer to the privacy policy or cookie guidelines of the respective service provider.

Legal basis

If you have consented to your data being processed and stored by integrated audio and video elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG). In particular, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. The use of integrated audio and video elements is in the interest of an appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Nevertheless, we only use the integrated audio and video elements if you have given your consent. Consent can be revoked at any time.
To the table of contents

YouTube privacy policy

YouTube privacy policy summary
๐Ÿ‘ฅ Data subject: Visitors to the website
๐Ÿค Purpose: Optimization of our service performance
๐Ÿ““ Processed data: Data such as contact details, user behavior data, information about your device and your IP address may be stored.
 You can find more details on this below in this privacy policy.
๐Ÿ“… Storage duration: Data is generally stored for as long as it is required for the purpose of the service
โš–๏ธ Legal basis: Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is YouTube?

On YouTube, users can watch, share, rate and comment on videos as well as upload them themselves. We have integrated YouTube videos on our website so that we can present our videos to you directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by Google LLC (D/B/A YouTube, 901 Cherry Ave, San Bruno, CA 94066, USA). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe. When you visit a page on our website that has a YouTube video embedded, your browser automatically connects to the YouTube or Google servers. Various data is transmitted (depending on the settings).

Why do we use YouTube videos on our website?

We want to offer you the best possible user experience on our website. And of course, interesting videos are a must. Embedding YouTube content on our website is called embedding. To enable us to display videos on our website, YouTube provides a code snippet that we have embedded on our site. This allows us to show you our videos from YouTube directly on our website and provide you with further helpful content in addition to our texts and images. In addition, our website is easier to find on the Google search engine thanks to the embedded videos.

What data is stored by YouTube?

We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalize surfing on YouTube and are also not used when YouTube is used later. Ads that are played in extended data protection mode are also not personalized and no cookies are set for them. In addition, the playback of a video in the extended data protection mode of the embedded player is not used to personalize advertisements that are displayed to the user outside of our website or app. Instead, however, so-called local storage elements are stored in the user’s browser, which contain personal data similar to cookies and can be used for recognition. If you would like to learn more about this, we recommend the following article: Activate extended data protection mode. These include, for example, for the domain: youtube-nocookie.com and script URL pattern: youtube.com in the Marketing category, if you have consented to the use of cookies:

  • Cookie IDs: yt.innertube::nextId, yt.innertube::requests, Storage duration: Permanent, Description: YouTube sets this cookie to collect a unique ID and store data about which YouTube videos the user has watched.

As well as for the Functional category (with consent):

  • Cookie IDs: yt-remote-device-id, yt-remote-connected-devices, Storage duration: Permanent, Description: YouTube sets this cookie to store the user’s video preferences using embedded YouTube videos.
  • This serves the same purpose, but with an expiration date after the end of the session: Cookie IDs: yt-remote-fast-check-period, yt-remote-cast-installed, yt-remote-session-name Storage duration: session, Description: The cookie is used by YouTube to store the user’s video player preferences for embedded YouTube videos.
  • Cookie ID: yt-remote-session-app, Storage duration: Session, Description: The cookie is used by YouTube to store user settings and information about the interface of the embedded YouTube video player.
  • Cookie ID: yt-player-headers-readable, Storage duration: Permanent, Description: The cookie is used by YouTube to store user preferences regarding video playback and the user interface in order to improve the user’s viewing experience.
  • Cookie ID: yt-player-bandwidth, Storage duration: Permanent, Description: The cookie is used to store the user’s preferences and settings for the video player, in particular with regard to the bandwidth and streaming quality on YouTube.
  • Cookie ID: ytidb::LAST_RESULT_ENTRY_KEY, Storage duration: Permanent, Description: The cookie is used by YouTube to store the last search result entry clicked by the user. This information is used to improve the user experience by displaying more relevant search results in the future.

Note: This list cannot claim to be exhaustive, as YouTube is constantly changing the selection.

How long and where is the data stored?

The data that YouTube receives from you and processes is stored on Google servers. These servers are distributed worldwide, but most of them are located in the USA. Under the link Google data centers you can see exactly where the data centers are located. Your data is distributed across the servers. This means that the data can be accessed more quickly and is better protected against manipulation. Google stores the data it collects for different lengths of time. You can delete some data at any time, others are automatically deleted after a limited time and others are stored by Google for a longer period of time. Some data (such as elements from „My activity“, photos or documents, products) that are stored in your Google account remain stored until you delete them. Even if you are not signed in to a Google Account, you can delete some data associated with your device, browser or app.

How can I delete my data or prevent data storage?

In principle, you can delete data in your Google account manually. With the automatic deletion function for location and activity data introduced in 2019, information is stored for either 3 or 18 months, depending on your decision, and then deleted. If you have a YouTube account, you can manage your privacy settings directly on YouTube. For example, in the settings of your YouTube account, you can specify which information may and may not be shared. YouTube can also set cookies in your browser to store data. We therefore recommend that you read our general privacy policy about cookies. To find out exactly what data is stored and processed by you, please also refer to Google’s privacy policy or cookie policy. In addition, you can manage, disable or delete cookies in your web browser to limit data collection. This is of course also possible without a YouTube account. However, please note that this may affect the functionality of our website and your YouTube experience.

Legal basis

If you have consented to your data being processed and stored by integrated YouTube elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG). In particular, insofar as the consent includes the storage of cookies and comparable recognition technologies within the meaning of the TDDDG. The use of YouTube is in the interest of an appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Nevertheless, we only use the integrated YouTube elements if you have given your consent. Consent can be revoked at any time.
YouTube and Google also process your data in the USA, among other places. Google is certified in accordance with the „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: Data Privacy Framework (DPF) Program. Google also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (outside the European Union, Iceland, Liechtenstein, Norway and in particular the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA and outside the EU. The clauses are based on Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
As YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to find out more about how your data is handled, we recommend the Google Privacy Policy.
To the table of contents

Explanation of terms used

We always endeavor to write our privacy policy as clearly and comprehensibly as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (e.g., personal data) or certain technical terms (e.g., cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have dealt with sufficiently in the previous privacy policy. These terms are taken from the GDPR (definition according to Article 4 of the GDPR). We will list the corresponding GDPR texts here and add our own explanations.

Processor

For the purposes of this Regulation, the term „processor“ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Explanation: As the website owner, we are responsible for all data that we process from you. In addition to the controller, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. In addition to service providers such as tax consultants, processors can therefore also be hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.

Third party

For the purposes of this Regulation, the term „third party“ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
Explanation: The GDPR basically only explains what a „third party“ is not. In practice, a „third party“ is anyone who also has an interest in the personal data but is not one of the above-mentioned persons, authorities or bodies. For example, a parent company can act as a „third party“. In this case, the subsidiary group is the controller and the parent group is the „third party“. However, this does not mean that the parent company may automatically view, collect or store the personal data of the subsidiary company.

Consent

For the purposes of this Regulation, „consent“ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Explanation: In the case of websites, such consent is usually given via a cookie consent management tool. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree or consent to data processing. In most cases, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not give your consent, your personal data may not be processed. In principle, consent can of course also be given in writing, i.e., not via a tool.

Recipient

For the purposes of this Regulation, „recipient“ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Explanation: Every person and every company that receives personal data is considered a recipient. This means that we and our processors are also so-called recipients. Only authorities that have an investigation mandate are not considered recipients.

Personal data

For the purposes of this Regulation, „personal data“ means any information relating to an identified or identifiable natural person (hereinafter „data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore all data that can identify you as a person. This is usually data such as:

  • Name
  • Address
  • E-mail address
  • Postal address
  • Phone number
  • Date of birth
  • Identification numbers such as social security number, tax identification number, identity card number or matriculation number
  • Bank data such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, you as the owner of the connection. Therefore, the storage of an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called „special categories“ of personal data, which are also particularly worthy of protection. These include

  • racial and ethnic origin
  • political opinions
  • religious or ideological convictions
  • trade union membership
  • genetic data such as data taken from blood or saliva samples
  • biometric data (i.e., information on mental, physical or behavioral characteristics that can identify a person).
    ย Health data
  • Data on sexual orientation or sexual life

Pseudonymization

For the purposes of this Regulation, „pseudonymization“ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
Explanation: Our privacy policy often refers to pseudonymized data. Pseudonymized data means that you can no longer be identified as a person, unless other information is added. However, you should not confuse pseudonymization with anonymization. Anonymization removes any personal reference, meaning that this can only be reconstructed with a disproportionate amount of technical effort.

Controller

For the purposes of this Regulation, „controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Explanation: In our case, we are responsible for the processing of your personal data and are therefore the „controller“. If we pass on collected data to other service providers for processing, these are „processors“. An „order processing contract (AVV)“ must be signed for this.

Processing

For the purposes of this Regulation, the term „processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Explanation: When we refer to processing in our privacy policy, we mean any kind of data processing. As mentioned above in the original GDPR declaration, this includes not only the collection, but also the storage and processing of data.
To the table of contents

Closing words

As you can see from the scope of our privacy policy, the protection of your personal data is particularly important to us. It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we not only want to tell you which data is processed, but also explain the reasons for using various software programs. For this reason, the most important terms are also explained in more detail at the end of the privacy policy. If you have any questions about data protection on our website, please do not hesitate to contact us. We wish you a pleasant time and hope to welcome you back to our website soon.
To the table of contents

All texts are protected by copyright. Source: Created with the data protection generator from AdSimple.