Home page

Natja Böttcher

Privacy Policy

Preamble

With the following data protection declaration we want to inform you about which types of your personal data (hereinafter also briefly referred to as "data") we process for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both within the scope of providing our services and especially on our websites, in mobile applications, as well as within external online presences, such as for example our social media profiles (hereinafter collectively referred to as "online offer").

The used terms are not gender-specific.

Status: June 4, 2025

Table of Contents

Preamble

Controller

Overview of processing

Relevant legal bases

Security measures

General information on data storage and deletion

Rights of the data subjects

Business services

Business processes and procedures

Use of online platforms for offer and distribution purposes

Payment procedures

Provision of the online offer and web hosting

Use of cookies

Newsletter and electronic notifications

Advertising communication via email, post, fax or telephone

Web analysis, monitoring and optimization

Presences in social networks (social media)

Plugins and embedded functions as well as content

Controller

Natja Böttcher

c/o Postflex #7253
Emsdettener Straße 10
48268 Greven

Email address: coaching@natja-boettcher.com

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the affected persons.

Types of processed data

Inventory data.
Payment data.
Contact data.
Content data.
Contract data.
Usage data.
Meta-, communication- and procedural data.
Log data.

Categories of affected persons

Service recipients and clients.
Interested parties.
Communication partners.
Users.
Business and contract partners.
Customers.

Purposes of processing

Provision of contractual services and fulfillment of contractual obligations.
Communication.
Security measures.
Direct marketing.
Reach measurement.
Office and organizational procedures.
Organizational and administrative procedures.
Feedback.
Marketing.
Profiles with user-related information.
Provision of our online offer and user-friendliness.
Information technology infrastructure.
Public relations.
Sales promotion.
Business processes and business management procedures.

Relevant legal bases

Relevant legal bases according to the GDPR: Below you receive an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that besides the regulations of the GDPR, national data protection provisions in your or our country of residence or registered office may apply. Furthermore, if in individual cases more specific legal bases are decisive, we will inform you about these in the data protection declaration.

Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given their consent to the processing of the personal data concerning them for a specific purpose or several specific purposes.
Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures at the request of the data subject.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – The processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject which require protection of personal data do not override those interests.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection in Germany apply. This includes especially the Federal Data Protection Act (BDSG). The BDSG contains in particular special regulations regarding the right of access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, as well as automated individual decision-making including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Notice on the applicability of GDPR and Swiss Data Protection Act (DSG): These data protection notices serve both the information obligation under the Swiss DSG and under the GDPR. For this reason, please note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DSG such as “processing” of “personal data,” “overriding interest,” and “especially protected personal data,” the terms used in the GDPR “processing” of “personal data,” “legitimate interest,” and “special categories of data” are used. However, the legal meaning of the terms is still determined under the Swiss DSG within the scope of the Swiss DSG's applicability.

Security measures

We take appropriate technical and organizational measures according to legal requirements, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing as well as the differing probabilities of occurrence and severity of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include in particular securing confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access concerning them, input, transmission, securing availability, and their separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Furthermore, we consider the protection of personal data already when developing or selecting hardware, software, and procedures according to the principle of data protection by design and by default.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the further developed and more secure version of SSL, ensures that all data transmissions comply with the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is transmitted securely and encrypted.

General information on data storage and deletion

We delete personal data that we process in accordance with legal provisions as soon as the underlying consents are revoked or no further legal grounds for processing exist. This applies to cases where the original purpose of processing no longer exists or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or protection of the rights of other natural or legal persons must be archived accordingly.

Our data protection notices contain additional information on the storage and deletion of data that applies specifically to certain processing procedures.

If multiple specifications apply for retention periods or deletion deadlines of a date, the longest period is always decisive.

If a period does not explicitly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships during which data is stored, the triggering event is the time the termination or other ending of the legal relationship becomes effective.

Data that is no longer required for the originally intended purpose but is retained due to legal requirements or other reasons, we process exclusively for the reasons that justify its retention.

Further notes on processing procedures, methods, and services:

Retention and deletion of data: The following general periods apply for retention and archiving under German law:

10 years – retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets as well as the work instructions and other organizational documents necessary for their understanding (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).
8 years – accounting documents, such as invoices and cost receipts (§ 147 para. 1 no. 4 and 4a in conjunction with para. 3 sentence 1 AO and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).
6 years – other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents as far as they are relevant for taxation, such as hourly wage slips, cost accounting sheets, calculation documents, price tags, but also payroll accounting documents as far as they are not already accounting documents and cash register receipts (§ 147 para. 1 no. 2, 3, 5 in conjunction with para. 3 AO, § 257 para. 1 no. 2 and 3 in conjunction with para. 4 HGB).
3 years – data necessary to consider potential warranty and compensation claims or similar contractual claims and rights as well as to process related inquiries based on previous business experience and usual industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of the data subjects

Rights of the data subjects under the GDPR: As data subjects, you have various rights under the GDPR, especially from Articles 15 to 21 GDPR:

Right to object: You have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you which is carried out based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such advertising; this also applies to profiling insofar as it is related to such direct marketing.
Right of withdrawal for consents: You have the right to withdraw consents given at any time.
Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to access such data as well as further information and copies of the data according to legal requirements.
Right to rectification: You have the right to request the completion of data concerning you or correction of incorrect data concerning you according to legal requirements.
Right to deletion and restriction of processing: You have the right to demand deletion of data concerning you without delay or alternatively, according to legal requirements, to demand restriction of the processing of data.
Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to demand its transmission to another controller according to legal requirements.
Complaint to supervisory authority: You have the right to complain to a supervisory authority, in particular in the member state of your habitual residence, place of work, or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy if you believe that the processing of personal data concerning you violates the GDPR provisions.

Business services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships as well as related measures and with regard to communication with the contractual partners (or pre-contractually), for example to answer inquiries.

We use this data to fulfill our contractual obligations. These particularly include the duties to provide the agreed services, any updating obligations, and remedies for warranty and other service disruptions. Furthermore, we use the data to safeguard our rights and for administrative tasks associated with these obligations as well as for corporate organization. In addition, we process the data based on our legitimate interests both in proper and businesslike management and in security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within applicable law, we only disclose contractual partners' data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further types of processing, e.g., for marketing purposes, within this privacy statement.

Which data are necessary for the aforementioned purposes, we communicate to the contractual partners before or during data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks or similar), or personally.

We delete the data after expiry of statutory warranty and comparable obligations, i.e., generally after four years, unless the data are stored in a customer account, e.g., as long as they must be retained for legal reasons for archiving (usually ten years for tax purposes). Data disclosed to us by the contractual partner in the context of an order are deleted according to the specifications and generally after the end of the order.

Processed types of data: Master data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication- and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).

Data subjects: Service recipients and clients; prospects. Business and contractual partners.

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures. Business processes and economic procedures.

Storage and deletion: Deletion according to the information in the section "General information on data storage and deletion."

Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, processes, and services:

Online shop, order forms, e-commerce, and delivery: We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and associated services, as well as their payment and delivery or execution. If necessary for executing an order, we use service providers, especially postal, forwarding, and shipping companies, to carry out the delivery or execution to our customers. For processing payments, we use banks and payment service providers. The required data are marked as such during the order or comparable acquisition process and include the data needed for delivery, provision, and billing, as well as contact information to be able to hold any consultations; legal basis: contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

We use the platform Systeme.io, a software-as-a-service provider based outside the EU, for the creation and automation of marketing funnels, email campaigns, course delivery, and digital sales processes. The use is based on a processing contract concluded with Systeme.io (Art. 28 GDPR). Customer data processed in campaigns or funnel systems are used exclusively for the contractually agreed purposes and are subject to the GDPR data protection regulations. Responsibility for the data protection-compliant integration of Systeme.io tools on customer systems lies – unless otherwise agreed – with the customer.

We use the service “Systeme.io” (operator: ITACWT Ltd., outside the EU) for funnel creation, email marketing, and course provision. Data processing is based on a processing contract according to Art. 28 GDPR. Personal data (name, email, IP address) may be transferred to third countries. The transfer is based on appropriate guarantees (standard contractual clauses).

More information: https://systeme.io/privacy-policy

Business processes and procedures

Personal data of service recipients and clients – including customers, clients, or in special cases, mandatees, patients, or business partners as well as other third parties – are processed within contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business processes in areas such as customer management, sales, payment transactions, accounting, and project management.

The collected data serve to fulfill contractual obligations and efficiently design operational processes. This includes processing business transactions, managing customer relationships, optimizing sales strategies, and ensuring internal accounting and financial processes. Additionally, the data support safeguarding the rights of the controller and promote administrative tasks and company organization.

Personal data may be disclosed to third parties if necessary for fulfilling the mentioned purposes or legal obligations.

Processed types of data: Master data (e.g., full name, residential address, contact information, customer number); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses); content data (e.g., textual or pictorial messages and posts as well as related information, e.g., authorship details); contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems). Meta-, communication- and procedural data (e.g., IP addresses, timestamps, identification numbers).

Data subjects: Service recipients and clients; prospects; communication partners; business and contractual partners. Customers.

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and economic procedures; security measures. Provision of our online offer and user-friendliness.

Storage and deletion: Deletion according to the information in the section "General information on data storage and deletion."

Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, processes, and services:

Customer account: Customers can create an account within our online offering (e.g., customer or user account, briefly “customer account”). If registration of a customer account is required, customers are informed accordingly as well as about the required information for registration. Customer accounts are not public and cannot be indexed by search engines. During registration and subsequent logins and uses of the customer account, we store customers’ IP addresses along with access times to prove registration and prevent possible misuse of the customer account. After the customer account is terminated, data of the customer account will be deleted after termination date, unless they are stored for other purposes than provision in the customer account or must be kept for legal reasons (e.g., internal storage of customer data, order processes, or invoices). It is the customers’ responsibility to secure their data when terminating the customer account; legal basis: contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Economic analyses and market research: To fulfill business purposes and to recognize market trends, contractual partner wishes, and users, the present data on business transactions, contracts, inquiries, etc., are analyzed. The group of affected persons may include contractual partners, prospects, customers, visitors, and users of the controller's online offer. The analyses serve the purposes of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). Registered users’ profiles, including information about utilized services, are taken into account if available. The analyses are exclusively for the controller and are not disclosed externally, except if anonymous analyses with summarized, i.e., anonymized values, are involved. Privacy of users is respected; data are processed pseudonymized and, where possible, anonymized for analysis purposes (e.g., as aggregated data); legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Use of online platforms for offering and sales purposes

We offer our services on online platforms operated by other service providers. In this context, in addition to our data protection notices, the data protection notices of the respective platforms apply. This applies especially with regard to the execution of payment transactions and the procedures used on the platforms for reach measurement and interest-based marketing.

Data subjects: Service recipients and clients. Business and contractual partners.

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; marketing. Business processes and economic procedures.

Storage and deletion: Deletion according to the information in the section "General information on data storage and deletion."

Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

We use the tool Countdown Hero, a conversion optimization tool to display time-limited offers or promotions (“scarcity tool”). This tool can generate personalized or dynamic countdowns to increase sales pressure within a legal framework. Particular attention is paid to ensuring that the use is not misleading within the meaning of the UWG (§ 5 para. 1 UWG) and that the displayed deadlines are actually observed or technically justifiable. Countdown Hero can also process data on user interaction. In this case, integration is done within the valid data protection regulations.

If Countdown Hero processes personal data (e.g., IP address, visit time), this only occurs after your explicit consent via our consent banner.

https://get.emailmarketingheroes.com/privacy-policy

Payment procedures

Within the framework of contractual and other legal relationships, due to legal obligations or based on our legitimate interests, we offer the affected persons efficient and secure payment options and use, besides banks and credit institutions, other service providers (collectively “payment service providers”).

Data processed by payment service providers include master data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, amount, and recipient-related information. The information is required to carry out transactions. The entered data are processed and stored only by the payment service providers. That means, we do not receive account- or credit card-related information, only information confirming or rejecting the payment. Under certain circumstances, data are transmitted by the payment service providers to credit agencies. This transmission aims to check identity and creditworthiness. We refer to the payment service providers’ terms and conditions and privacy notices.

Payment transactions are subject to the terms and privacy notices of the respective payment service providers, which can be accessed on their websites or transaction applications. We also refer to these for further information and for asserting revocation, information, and other data subject rights.

Processed types of data: Master data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication- and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).

Data subjects: Service recipients and clients; business and contractual partners. Prospects.

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Business processes and economic procedures.

Storage and deletion: Deletion according to the information in the section "General information on data storage and deletion."

Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, processes, and services:

Stripe: Payment services (technical connection of online payment methods);

more at https://stripe.com/de/privacy

PayPal: Payment services (processing of payments via PayPal accounts or credit cards); more at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Further information on processing procedures, methods and services:

Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web hoster"); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files." Server log files may include the address and name of the requested web pages and files, date and time of the request, transmitted data amounts, message about successful retrieval, browser type including version, user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. Server log files can be used on the one hand for security purposes, e.g. to avoid server overload (especially in case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure server utilization and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidence purposes are excluded from deletion until the final clarification of the respective incident.

E-mail sending and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients as well as senders, and further information concerning the email sending (e.g. the involved providers) and the contents of the respective emails are processed. The aforementioned data may also be processed for spam detection purposes. Please note that emails are generally not sent encrypted on the internet. As a rule, emails are encrypted during transmission, but (unless an end-to-end encryption procedure is used) not on the servers from which they are sent and received. Therefore, we cannot assume any responsibility for the transmission path of the emails between the sender and the reception on our server; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Use of cookies: The term "cookies" refers to functions that store information on end devices of users and read from them. Cookies can also be used for different purposes, for example for functionality, security and comfort of online offers as well as for the creation of analyses of visitor flows. We use cookies in accordance with legal provisions. For this purpose, if necessary, we obtain prior consent from users. If consent is not necessary, we rely on our legitimate interests. This applies when storing and reading information is indispensable to provide explicitly requested content and functions. This includes, for example, the storage of settings as well as ensuring the functionality and security of our online offer. Consent can be revoked at any time. We clearly inform about its scope and which cookies are used.

Notes on legal bases for data protection: Whether we process personal data using cookies depends on consent. If consent is given, it serves as legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage duration: Regarding storage duration, the following types of cookies are distinguished:

Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes their end device (e.g. browser or mobile application).
Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be stored and preferred content displayed directly when the user visits a website again. Also, user data collected by cookies can be used for reach measurement. Unless we explicitly inform users about the type and storage duration of cookies (e.g. when obtaining consent), they should assume these are permanent and storage duration can be up to two years.

General notes on revocation and objection (opt-out): Users can revoke given consents at any time and also object to processing according to legal requirements, including via privacy settings of their browser.

Processed data types: Meta-, communication and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).

Affected persons: Users (e.g. website visitors, users of online services).

Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing procedures, methods and services:

Processing of cookie data based on consent: We use a consent management solution where the consent of users for the use of cookies or the procedures and providers named within the consent management solution is obtained. This procedure serves to obtain, log, manage and revoke consents, especially relating to the use of cookies and comparable technologies used for storing, reading and processing information on users' end devices. Within this procedure, users’ consents for the use of cookies and associated processing of information, including specific processes and providers named in the consent management procedure, are obtained. Users also have the possibility to manage and revoke their consents. Consent declarations are stored to avoid repeated queries and to be able to provide proof of consent according to legal requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies to assign consent to a specific user or their device. If no specific information on providers of consent management services is available, the following general notes apply: The duration of storage of consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information about the scope of consent (e.g. concerning categories of cookies and/or service providers) as well as information about the browser, system and device used; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

We use the tool Consentmanager for data protection-compliant collection and documentation of user consents on websites. This is a GDPR-compliant consent management service that meets current requirements for consents under Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Integration is done individually on behalf of the client and configured so that consents are given clearly, granularly and revocably. The technical implementation and correct categorization of cookies is done according to the state of the art. Responsibility for the legal assessment and complete cookie documentation remains – unless otherwise commissioned – with the client.

On this website, the service "Consentmanager" is embedded to manage your consents for processing of cookies and other tracking technologies according to Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Operator: consentmanager AB, Germany. Your settings can be revoked or adjusted at any time.

More information: https://www.consentmanager.de/datenschutz

Newsletter and electronic notifications

We send newsletters, emails and other electronic notifications (hereinafter "newsletter") exclusively with the consent of the recipients or on the basis of a legal basis. If the content of the newsletter is mentioned during registration, this content is decisive for the user's consent. Usually, providing your email address is sufficient to register for our newsletter. To provide you with personalized service, we may ask for your name for personal addressing in the newsletter or other information necessary for the purpose of the newsletter.

Deletion and restriction of processing: We can store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, to be able to prove previously given consent. Processing of these data is limited to the purpose of potential defense against claims. An individual deletion request is possible at any time provided that the former existence of consent is confirmed. In case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocking list (so-called "blocklist").

Logging of the registration process is based on our legitimate interests for proof of its proper procedure. If we commission a service provider with sending emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

Contents: Information about us, our services, promotions and offers.

Processed data types: Master data (e.g. full name, address, contact details, customer number, etc.); contact data (e.g. postal and email addresses or phone numbers); meta-, communication and procedural data (e.g. IP addresses, time data, identification numbers, involved persons). Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).

Affected persons: Communication partners. Users (e.g. website visitors, users of online services).

Purposes of processing: Direct marketing (e.g. by email or post). Provision of contractual services and fulfillment of contractual obligations.

Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Right to object (opt-out): You can unsubscribe from our newsletter at any time, i.e. revoke your consents or object to further receipt. A link to unsubscribe can be found at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Further information on processing procedures, methods and services:

Measurement of open and click rates: Newsletters contain a so-called "web beacon," i.e. a pixel-sized file which is retrieved from our or its server when the newsletter is opened, if we use a dispatch service provider. During this retrieval, both technical information, such as browser and system data, as well as your IP address and the time of retrieval are collected. This information is used to technically improve our newsletter based on technical data or the target groups and their reading behavior based on their retrieval locations (determinable by IP address) or access times. This analysis also includes determining if and when newsletters were opened and which links were clicked. The information is assigned to individual newsletter recipients and stored in their profiles until deletion. The evaluations serve to recognize the reading habits of our users and adapt our content to them or send different content according to user interests. Measurement of open and click rates and storage of measurement results in user profiles. Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Prerequisite for using free services: Consent to mailing dispatch can be made a prerequisite for using free services (e.g. access to certain content or participation in certain promotions). If users wish to use the free service without subscribing to the newsletter, we ask for contact.

Advertising communication via email, post, fax or telephone

We process personal data for purposes of advertising communication, which may be carried out via various channels such as email, telephone, post or fax, in accordance with legal requirements.

Recipients have the right to revoke given consents at any time or object to advertising communication at any time.

After revocation or objection, we store data necessary to prove previous authorization for contact or sending for up to three years after the year of revocation or objection on the basis of our legitimate interests. Processing of these data is limited to the purpose of possible defense against claims. Based on legitimate interest to permanently observe the users' revocation or objection, we also store data necessary to avoid renewed contact (e.g. depending on communication channel, the email address, phone number, name).

Processed data types: Master data (e.g. full name, address, contact details, customer number, etc.); contact data (e.g. postal and email addresses or phone numbers). Content data (e.g. textual or visual messages and contributions as well as information about them, such as authorship or time of creation).

Affected persons: Communication partners.

Purposes of processing: Direct marketing (e.g. by email or post); marketing; sales promotion.

Storage and deletion: Deletion according to information in the section "General information on data storage and deletion."

Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Web analysis, monitoring and optimization

Web analysis (also referred to as "reach measurement") serves the evaluation of the visitor flows of our online offer and can include behavior, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, for example, we can recognize at what time our online offer or its functions or contents are most frequently used, or invite to reuse. It is also possible for us to trace which areas require optimization.

In addition to web analysis, we can also use testing methods to test and optimize different versions of our online offer or its components.

Unless otherwise indicated below, profiles, i.e., data grouped into a usage process, can be created for these purposes and information can be stored and then read out in a browser or on a device. The collected information particularly includes visited websites and elements used there, as well as technical information, such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, processing of location data is also possible.

Furthermore, users' IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear data of users (such as email addresses or names) are stored within the scope of web analysis, A/B testing, and optimization, but pseudonyms. This means that we and the providers of the used software do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Notes on legal basis: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data are processed based on our legitimate interests (i.e., interest in efficient, economical and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Processed types of data: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions). Meta-, communication- and procedural data (e.g., IP addresses, time data, identification numbers, persons involved).

Affected persons: Users (e.g., website visitors, users of online services).

Purposes of processing: Reach measurement (e.g., access statistics, detection of recurring visitors). Profiles with user-related information (creation of user profiles).

Storage and deletion: Deletion according to the information in the section "General information on data storage and deletion." Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of two years.).

Security measures: IP masking (pseudonymization of the IP address).

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Presences in social networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about us.

We point out that user data can be processed outside the territory of the European Union. This can create risks for users because, for example, enforcement of user rights could be made more difficult.

Furthermore, data of users are usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on usage behavior and resulting user interests. These may, in turn, be used to display advertisements within and outside the networks that presumably correspond to the interests of the users. Therefore, cookies are usually stored on the users’ computers, in which usage behavior and user interests are stored. Additionally, usage profiles can also store data independently of the devices used by users (especially if they are members of the respective platforms and logged in there).

For a detailed presentation of the respective processing forms and objection possibilities (opt-out), we refer to the privacy policies and information of the respective network operators.

Also in the case of information requests and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Processed types of data: Contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or pictorial messages and contributions as well as related information, such as authorship or creation time). Usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions).

Affected persons: Users (e.g., website visitors, users of online services).

Purposes of processing: Communication; feedback (e.g., collecting feedback via online form). Public relations.

Storage and deletion: Deletion according to the information in the section "General information on data storage and deletion."

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Plug-ins and embedded functions and content

We integrate functional and content elements into our online offer, which are retrieved from the servers of their respective providers (hereinafter referred to as "third parties"). These can, for example, be graphics, videos, or maps (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the users because, without an IP address, they could not send the content to their browsers. The IP address is therefore necessary for the representation of this content or functions. We strive to use only such content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. Through the pixel tags, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit time, and further usage information of our online offer, but can also be linked with such information from other sources.

Notes on legal basis: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

Affected persons: Users (e.g., website visitors, users of online services).

Purposes of processing: Provision of our online offer and user-friendliness.

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing procedures, methods, and services:

Google Fonts (retrieval from Google server): Retrieval of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform display, and consideration of possible licensing restrictions. The provider of the fonts is informed of the IP address of the user so that the fonts can be made available in the user's browser. Furthermore, technical data (language settings, screen resolution, operating system, used hardware) necessary for the provision of the fonts depending on the devices used and the technical environment are transmitted. These data can be processed on a server of the font provider in the USA — When visiting our online offer, users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the cascading style sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP header, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referrer URL (i.e., the website on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referrer URL). Access to these data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. These data are logged so that Google can determine how often a particular font family is requested. The Google Fonts Web API requires the user agent to adjust the font generated for the respective browser type. The user agent is primarily logged and used for debugging and to generate aggregated usage statistics with which the popularity of font families is measured. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations based on the number of font requests can be generated. According to Google, none of the information collected by Google Fonts is used to create profiles of end users or to display targeted advertisements; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website: https://fonts.google.com/; privacy policy: https://policies.google.com/privacy; basis for third-country transfers: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=en.

Legal Notice