Contact us

Privacy Policy

With the following privacy statement, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes, and to what extent. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).
 

Data Controller

Kurskontrolle UG (haftungsbeschränkt)
Jahnstraße 43
41564 Kaarst
Germany
Authorized Representatives: Dr. Simon Lichte, Kornelius Dridger
Email address: info@investiqal.com
Imprint: https://investiqal.com/imprint/

Overview of Processing

The following overview summarizes the types of data processed, the purposes of their processing, and refers to the categories of data subjects affected.
 

Types of Data Processed

  • Inventory Data (e.g., names, addresses)
  • Content Data (e.g., entries in online forms)
  • Contact Data (e.g., email, phone numbers)
  • Meta/Communication Data (e.g., device information, IP addresses)
  • Usage Data (e.g., visited websites, interest in content, access times)
  • Contract Data (e.g., subject of the contract, duration, customer category)
  • Payment Data (e.g., bank details, invoices, payment history)

Categories of Data Subjects

  • Business and Contractual Partners
  • Prospects
  • Communication Partners
  • Customers
  • Users (e.g., website visitors, users of online services)

Purposes of Processing

  • Provision of Contractual Services and Customer Service
  • Contact Requests and Communication
  • Security Measures
  • Direct Marketing
  • Reach Measurement
  • Office and Organizational Procedures
  • Affiliate Tracking
  • Management and Response to Inquiries
  • Feedback
  • Marketing
  • Profiles with User-Related Information
  • Provision of Our Online Offering and User-Friendliness

Relevant Legal Bases

Below, you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or registered office. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.
  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a Contract and Pre-Contractual Inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal Obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate Interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • National Data Protection Regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes, in particular, the law on protection against misuse of personal data in data processing (Federal Data Protection Act – BDSG). The BDSG contains specific provisions, among others, on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), particularly with regard to the establishment, performance, or termination of employment relationships and the consent of employees. Additionally, data protection laws of the individual federal states may also apply.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, and ensuring availability and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to data threats. Additionally, we take the protection of personal data into account as early as the development or selection of hardware, software, and processes, in line with the principle of data protection by design and by default.
SSL Encryption (https): To protect the data you transmit via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transfer of Personal Data

In the course of our processing of personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include, for example, service providers tasked with IT functions or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if processing occurs in the context of using third-party services or disclosing or transferring data to other persons, entities, or companies, this is done solely in accordance with legal requirements.
Subject to explicit consent or contractually or legally required transfers, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications, or binding internal data protection regulations (Articles 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Deletion of Data

The data processed by us will be deleted in accordance with legal requirements as soon as the consents permitted for processing are revoked or other legal permissions cease to apply (e.g., if the purpose of processing this data no longer exists or the data is not necessary for the purpose).
If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.
As part of our privacy notices, we may provide users with additional information regarding the deletion and retention of data that specifically applies to the respective processing operations.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and read information from them. For example, they can be used to store the login status in a user account, the contents of a shopping cart in an online shop, the accessed content, or the functions used in an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as analyzing visitor flows.
Notes on Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless such consent is not legally required. Consent is not necessary, in particular, if the storage and retrieval of information, including cookies, are strictly necessary to provide users with a telemedia service (i.e., our online offering) that they have expressly requested. The revocable consent is clearly communicated to users and includes information about the respective cookie usage.
Notes on Legal Bases for Data Protection: The legal basis on which we process users’ personal data using cookies depends on whether we request consent from users. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the efficient operation of our online offering and improving its usability) or, if this occurs in the context of fulfilling our contractual obligations, on the necessity of using cookies to meet those obligations. We explain the purposes for which we process cookies throughout this privacy policy or as part of our consent and processing procedures.
Storage Duration: With regard to storage duration, the following types of cookies are distinguished:
  • Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user revisits a website. Likewise, data collected using cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.
General Notes on Revocation and Objection (Opt-Out): Users can revoke their given consent at any time and also object to the processing in accordance with the legal requirements under Art. 21 GDPR (further details on objections are provided within this privacy policy). Users can also declare their objection through their browser settings.
Further Information on Processing Procedures, Methods, and Services:
  • Processing of Cookie Data Based on Consent: We use a cookie consent management procedure within which users’ consents to the use of cookies—or the processing and providers mentioned in the cookie consent management procedure—are obtained, managed, and revocable by users. The consent declaration is stored to avoid having to repeat the request and to be able to prove consent in accordance with legal obligations. Storage can occur server-side and/or in a cookie (so-called opt-in cookie or similar technologies) to associate the consent with a user or their device. Subject to individual details about the providers of cookie management services, the following applies: The duration of consent storage can be up to two years. A pseudonymous user identifier is created and stored along with the time of consent, details of the scope of consent (e.g., which categories of cookies and/or service providers), and the browser, system, and end device used.
  • ccm19: Cookie Consent Management; Service Provider: Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany; Website: https://www.ccm19.de/; Privacy Policy: https://www.ccm19.de/datenschutzerklaerung.html; Additional Information: A pseudonymous user ID with the consent status is stored.

Business Services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as “contractual partners”), in the context of contractual and comparable legal relationships, as well as related measures and communication with the contractual partners (or pre-contractual activities), e.g., to respond to inquiries.
We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies in the case of warranty claims or other performance issues. Additionally, we process the data to safeguard our rights and for the purposes of administrative tasks associated with these obligations and for business organization. Furthermore, we process the data based on our legitimate interests in proper and efficient business management, as well as security measures to protect our contractual partners and our business operations from misuse, risks to their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services, subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, e.g., for marketing purposes, within this privacy policy.
We inform contractual partners about which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks or similar), or in person.
We delete the data after the expiry of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., typically 10 years for tax purposes). Data disclosed to us by the contractual partner in the context of an assignment is deleted in accordance with the specifications of the assignment, generally after the assignment ends.
Where we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Customer Account: Contractual partners can create an account within our online offering (e.g., a customer or user account, referred to as a “customer account”). If the registration of a customer account is required, contractual partners will be informed of this as well as of the details required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration process, as well as subsequent logins and use of the customer account, we store the customers’ IP addresses along with access times to verify registration and prevent potential misuse of the customer account.
When customers terminate their customer account, the data related to the customer account will be deleted, unless its retention is required for legal reasons. It is the responsibility of the customers to back up their data upon termination of the customer account.
Provision of Software and Platform Services: We process the data of our users, registered users, and any test users (collectively referred to as “users”) to provide them with our contractual services and based on legitimate interests to ensure the security of our offering and to further develop it. The required information is identified as such during the conclusion of an order, purchase, or comparable contract and includes the details necessary for service provision and billing, as well as contact information to enable any necessary consultations.
  • Types of Data Processed: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., email, phone numbers); contract data (e.g., subject of the contract, term, customer category); usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Customers; prospects; business and contractual partners.
  • Purposes of Processing: Provision of contractual services and customer service; security measures; contact requests and communication; office and organizational procedures; management and response to inquiries.
  • Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR); legal obligation (Art. 6(1)(c) GDPR).

Provision of the Online Offering and Web Hosting

To provide our online offering securely and efficiently, we utilize the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offering can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space, and database services, as well as security and technical maintenance services.
The data processed in the context of providing the hosting services may include all information relating to the users of our online offering that arises during use and communication. This regularly includes the IP address, which is necessary to deliver the content of online offerings to browsers, and all entries made within our online offering or on websites.
Email Sending and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as additional information regarding email transmission (e.g., the providers involved) and the content of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails on the internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot assume responsibility for the transmission path of emails between the sender and receipt on our server.
Collection of Access Data and Log Files: We (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, a notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), and typically IP addresses and the requesting provider.
Server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks), and, on the other hand, to ensure server utilization and stability.
  • Types of Data Processed: Content data (e.g., entries in online forms), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
Services and Service Providers Used:
  • STRATO: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service Provider: STRATO AG, Pascalstraße 10, 10587 Berlin, Germany; Website: https://www.strato.de; Privacy Policy: https://www.strato.de/datenschutz; Data Processing Agreement: concluded with the provider.
  • Contabo: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service Provider: Contabo GmbH, Aschauer Straße 32a, 81549 Munich, Germany; Website: https://contabo.com; Privacy Policy: https://contabo.com/en/legal/privacy; Data Processing Agreement: concluded with the provider.

Special Notes on Applications (Apps)

We process the data of the users of our application to the extent necessary to provide the users with the application and its functionalities, to monitor its security, and to further develop it. We may also contact users in compliance with legal requirements if the communication is necessary for the administration or use of the application. Otherwise, with regard to the processing of users’ data, we refer to the privacy notices in this privacy policy.
Legal Bases: The processing of data necessary for providing the functionalities of the application serves the fulfillment of contractual obligations. This also applies if providing the functions requires user permissions (e.g., granting access to device functions). If the processing of data is not necessary for providing the functionalities of the application but serves the security of the application or our business interests (e.g., collecting data for the purpose of optimizing the application or for security purposes), it is carried out based on our legitimate interests. If users are expressly asked for their consent to the processing of their data, the processing of the data covered by the consent is based on that consent.
  • Types of Data Processed: Inventory data (e.g., names, addresses); meta/communication data (e.g., device information, IP addresses); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject of the contract, term, customer category).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and customer service.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Further Information on Processing Procedures, Methods, and Services:
  • Commercial Use: We process the data of the users of our application, registered users, and any test users (collectively referred to as “users”) to provide them with our contractual services and, based on legitimate interests, to ensure the security of our application and to further develop it. The required information is identified as such during the conclusion of a usage, order, purchase, or comparable contract and may include the details necessary for service provision and any billing, as well as contact information to enable any necessary consultations.
  • Storage of a Universal and Unique Identifier (UUID): The application stores a so-called Universally Unique Identifier (UUID) for the purposes of analyzing the usage and functionality of the application and storing user settings. This identifier is generated upon installation of the application (but is not linked to the device, thus not a device identifier in that sense), remains stored between the start of the application and its updates, and is deleted when users remove the application from their device.
  • Device Permissions for Access to Functions and Data: The use of our application or its functionalities may require user permissions to access certain functions of the devices used or to data stored on the devices or accessible via the devices. By default, these permissions must be granted by the users and can be revoked at any time in the settings of the respective devices. The exact procedure for controlling app permissions may depend on the users’ device and software. Users can contact us if they need clarification. We point out that denying or revoking the respective permissions may affect the functionality of our application.
  • No Location History or Movement Profiles: Location data is used only on a one-time basis and is not processed to create a location history or movement profile of the devices used or their users.

Acquisition of Applications via App Stores

Our application is obtained through special online platforms operated by other service providers (so-called “app stores”). In this context, in addition to our privacy notices, the privacy policies of the respective app stores also apply. This is particularly relevant with regard to the methods used on these platforms for reach measurement and interest-based marketing, as well as any associated costs.
  • Types of Data Processed: Inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, phone numbers), contract data (e.g., subject of the contract, term, customer category), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Customers.
  • Purposes of Processing: Provision of contractual services and customer service.
  • Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).
Further Information on Processing Procedures, Methods, and Services:

Registration, Login, and User Account

Users can create a user account. During the registration process, users are informed of the required mandatory details, which are processed for the purpose of providing the user account based on the fulfillment of contractual obligations. The processed data includes, in particular, login information (username, password, and an email address).
As part of the use of our registration and login functions, as well as the use of the user account, we store the IP address and the time of each user action. This storage is based on our legitimate interests, as well as those of the users, in protecting against misuse and other unauthorized use. In principle, this data is not disclosed to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.
Users may be informed via email about processes relevant to their user account, such as technical changes.
  • Types of Data Processed: Inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., entries in online forms); meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and customer service; security measures; management and response to inquiries.
  • Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Further Information on Processing Procedures, Methods, and Services:
  • Registration with Real Names: Due to the nature of our community, we ask users to use our offering only with their real names. This means that the use of pseudonyms is not permitted.
  • Deletion of Data After Termination: If users terminate their user account, their data related to the user account will be deleted, subject to any legal permission, obligation, or consent from the users.
  • No Data Retention Obligation: It is the responsibility of the users to back up their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.

Contact and Inquiry Management

When contacting us (e.g., via contact form, email, telephone, or social media) and within the scope of existing user and business relationships, the details of the inquiring individuals are processed to the extent necessary to respond to the contact inquiries and any requested measures.
The handling of contact inquiries and the management of contact and inquiry data within the framework of contractual or pre-contractual relationships are carried out to fulfill our contractual obligations or to respond to (pre-)contractual inquiries and, otherwise, based on legitimate interests in addressing the inquiries and maintaining user or business relationships.
  • Types of Data Processed: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Contact inquiries and communication.
  • Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Communication via Messenger

Push Notifications

With the consent of users, we may send users so-called “push notifications.” These are messages displayed on the screens, devices, or browsers of users, even when our online service is not actively being used.
To subscribe to push notifications, users must confirm the prompt from their browser or device to receive push notifications. This consent process is documented and stored. Storage is necessary to determine whether users have agreed to receive push notifications and to be able to prove their consent. For these purposes, a pseudonymous identifier of the browser (so-called “push token”) or the device ID of an end device is stored.
Push notifications may, on the one hand, be necessary for the fulfillment of contractual obligations (e.g., technical and organizational information relevant to the use of our online offering) and are otherwise sent, unless specifically stated below, based on the consent of the users. Users can modify the receipt of push notifications at any time using the notification settings of their respective browsers or devices.
  • Purposes of Processing: Provision of contractual services and customer service.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR), performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
We use messengers for communication purposes and therefore ask you to note the following information regarding the functionality of the messengers, encryption, the use of communication metadata, and your options for objection.
You can also contact us through alternative means, e.g., via telephone or email. Please use the contact options provided to you or those specified within our online offering.
In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the message content and attached images) is encrypted from end to end. This means that the content of the messages is not viewable, not even by the messenger providers themselves. You should always use an up-to-date version of the messenger with encryption enabled to ensure the encryption of the message content.
However, we additionally inform our communication partners that, while the messenger providers cannot view the content, they can still determine that and when communication partners communicate with us, as well as process technical information about the device used by the communication partners and, depending on their device settings, location information (so-called metadata).
Notes on Legal Bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for processing their data is their consent. Otherwise, if we do not request consent and they contact us on their own initiative, for example, we use messengers in relation to our contractual partners and in the context of contract initiation as a contractual measure, and in the case of other interested parties and communication partners, based on our legitimate interests in fast and efficient communication and meeting the needs of our communication partners for communication via messengers. Furthermore, we point out that we do not initially transmit the contact details provided to us to the messengers without your consent.
Revocation, Objection, and Deletion: You can revoke any consent given at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion policies (i.e., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information requests from the communication partners, provided no reference to a previous conversation is expected and no legal retention obligations prevent deletion.
Reservation of Reference to Other Communication Channels: Finally, we would like to note that, for reasons of your security, we reserve the right not to respond to inquiries via messenger. This is the case, for example, if contract-related matters require special confidentiality or a response via messenger does not meet formal requirements. In such cases, we will refer you to more appropriate communication channels.
  • Types of Data Processed: Contact data (e.g., email, phone numbers); usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Contact inquiries and communication; direct marketing (e.g., via email or postal mail).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Further Information on Processing Procedures, Methods, and Services:

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) only with the consent of the recipients or based on a legal permission. If the content of the newsletter is specifically described during the registration process, this description is decisive for the users’ consent. Otherwise, our newsletters contain information about our services and about us.
To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for the purpose of personal addressing in the newsletter, or additional details if these are necessary for the purposes of the newsletter.
Double-Opt-In Procedure: Subscription to our newsletter generally takes place via a so-called double-opt-in procedure. This means that after registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from registering with someone else’s email address. Subscriptions to the newsletter are logged to demonstrate compliance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored with the mailing service provider are also logged.
Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to prove prior consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the prior existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist (so-called “blocklist”).
The logging of the registration process is based on our legitimate interests for the purpose of proving its proper execution. If we commission a service provider with sending emails, this is done based on our legitimate interests in an efficient and secure mailing system.
Notes on Legal Bases: The sending of newsletters is based on the recipients’ consent or, if consent is not required, on our legitimate interests in direct marketing, provided and to the extent that this is legally permitted, e.g., in the case of advertising to existing customers. If we commission a service provider with sending emails, this is based on our legitimate interests in an efficient and secure dispatch. The registration process is recorded based on our legitimate interests to demonstrate that it was conducted in accordance with the law.
  • Types of Data Processed: Inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); meta/communication data (e.g., device information, IP addresses); usage data (e.g., visited websites, interest in content, access times).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., via email or postal mail).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
  • Objection Option (Opt-Out): You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object Zebto further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or can otherwise use one of the contact options provided above, preferably email, for this purpose.
Further Information on Processing Procedures, Methods, and Services:
  • Measurement of Open and Click Rates: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our server, or, if we use a mailing service provider, from their server when the newsletter is opened. As part of this retrieval, technical information such as details about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used to improve the technical aspects of our newsletter based on the technical data or the target audience and their reading behavior, determined by their retrieval locations (which can be identified using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us recognize the reading habits of our users and adapt our content to them or send different content according to the interests of our users. The measurement of open rates and click rates, as well as the storage of the measurement results in the users’ profiles and their further processing, are based on the users’ consent. Unfortunately, a separate revocation of the performance measurement is not possible; in this case, the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted.

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as “reach measurement”) is used to evaluate the visitor flows of our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, determine at what times our online offering, its functions, or content are most frequently used or encourage repeat visits. It also allows us to identify which areas require optimization.
In addition to web analysis, we may also use testing procedures, e.g., to test and optimize different versions of our online offering or its components.
Unless otherwise specified below, profiles—i.e., data aggregated for a usage process—may be created for these purposes, and information may be stored in a browser or end device and retrieved from it. The collected data includes, in particular, visited websites and elements used there, as well as technical details such as the browser used, the computer system employed, and information about usage times. If users have consented to the collection of their location data either to us or to the providers of the services we use, location data may also be processed.
The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear data of users (such as email addresses or names) is stored in the context of web analysis, A/B testing, and optimization, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.
Notes on Legal Bases: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.
  • Types of Data Processed: Usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles).
  • Security Measures: IP masking (pseudonymization of the IP address).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Further Information on Processing Procedures, Methods, and Services:

Affiliate Programs and Affiliate Links

We integrate so-called affiliate links or other references (which may include, for example, search boxes, widgets, or discount codes) to the offers and services of third-party providers into our online offering (collectively referred to as “affiliate links”). When users follow these affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third-party providers (collectively referred to as “commission”).
To track whether users have taken advantage of the offers linked via an affiliate link we have provided, it is necessary for the respective third-party providers to know that the users followed an affiliate link used within our online offering. The assignment of affiliate links to the respective business transactions or other actions (e.g., purchases) serves solely the purpose of commission settlement and is discontinued as soon as it is no longer required for this purpose.
For the purposes of the aforementioned assignment of affiliate links, the affiliate links may be supplemented with certain values that are part of the link or stored elsewhere, e.g., in a cookie. These values may include, in particular, the originating website (referrer), the time, an online identifier of the operator of the website where the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer, and an online identifier of the user.
Notes on Legal Bases: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Furthermore, their use may be a component of our (pre-)contractual services, provided that the use of third-party providers was agreed upon in this context. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.
  • Types of Data Processed: Contract data (e.g., subject of the contract, term, customer category); usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Affiliate tracking.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Further Information on Processing Procedures, Methods, and Services:

Presences in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.
We point out that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce their rights.
Furthermore, user data within social networks is typically processed for market research and advertising purposes. For instance, usage profiles can be created based on user behavior and the resulting interests. These usage profiles may, in turn, be used to display advertisements within and outside the networks that presumably align with the users’ interests. For these purposes, cookies are usually stored on the users’ devices, where their usage behavior and interests are recorded. Additionally, data may be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and logged in).
For a detailed description of the respective processing methods and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we also note that these can most effectively be addressed with the providers. Only the providers have access to the users’ data and can directly take appropriate measures and provide information. Should you still need assistance, you can contact us.
  • Types of Data Processed: Contact data (e.g., email, phone numbers); content data (e.g., entries in online forms); usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Contact inquiries and communication; feedback (e.g., collecting feedback via online forms); marketing.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
Further Information on Processing Procedures, Methods, and Services:

Plugins and Embedded Functions as well as Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or city maps (hereinafter uniformly referred to as “content”).
The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is thus necessary for the display of this content or functions. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through these “pixel tags,” information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit times, and further details about the use of our online offering, as well as being linked to such information from other sources.
Notes on Legal Bases: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.
  • Types of Data Processed: Usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses); inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., entries in online forms).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Further Information on Processing Procedures, Methods, and Services:

Modification and Updating of the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an action on your part (e.g., consent) or any other individual notification becomes necessary.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that these addresses may change over time, and we ask you to verify the details before contacting them.

Rights of Data Subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:
  • Right to Object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right to Access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data, as well as further details and a copy of the data in accordance with legal requirements.
  • Right to Rectification: In accordance with legal requirements, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.
  • Right to Erasure and Restriction of Processing: In accordance with legal requirements, you have the right to demand that data concerning you be deleted without delay or, alternatively, to request a restriction of the processing of the data in accordance with legal requirements.
  • Right to Data Portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format in accordance with legal requirements, or to request its transmission to another controller.
  • Right to Lodge a Complaint with a Supervisory Authority: In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you habitually reside, the supervisory authority of your workplace, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

Definitions

In this section, you will find an overview of the terminology used in this privacy policy. Many of the terms are derived from the law and are primarily defined in Art. 4 GDPR. The legal definitions are binding. The following explanations, however, are primarily intended to aid understanding. The terms are listed alphabetically.
  • Affiliate Tracking: Within the scope of affiliate tracking, links are logged through which referring websites direct users to websites with product or other offers. The operators of the respective referring websites may receive a commission if users follow these so-called affiliate links and subsequently take advantage of the offers (e.g., purchase goods or use services). To this end, it is necessary for the providers to track whether users who are interested in certain offers subsequently act on them as a result of the affiliate links. Therefore, for affiliate links to function, they must be supplemented with certain values that become part of the link or are otherwise stored, e.g., in a cookie. These values include, in particular, the originating website (referrer), the time, an online identifier of the operator of the website where the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising material ID, partner ID, and categorizations.
  • Personal Data: “Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiles with User-Related Information: The processing of “profiles with user-related information,” or simply “profiles,” encompasses any form of automated processing of personal data that involves using this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include various information concerning demographics, behavior, and interests, such as interaction with websites and their content, etc.) (e.g., interests in specific content or products, click behavior on a website, or location). Cookies and web beacons are often used for profiling purposes.
  • Reach Measurement: Reach measurement (also referred to as web analytics) serves to evaluate the visitor flows of an online offering and may include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, website owners can, for example, determine at what times visitors access their website and which content they are interested in. This allows them, for instance, to better tailor the website’s content to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyses of the use of an online offering.
  • Controller: A “controller” is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: “Processing” refers to any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, including collection, evaluation, storage, transmission, or deletion.
Scroll to Top