Menu Home
Opening hours

Data Privacy Statement

Content

 

  1. Contact details of the body responsible for processing
  2. Contact details of the Data Protection Officer
  3. Field of application
  4. Your rights of persons concerned
  5. General information on the collection of personal data and the nature and purpose of its use
  6. General information on recipients or categories of recipients of personal data
  7. General information on the duration of the storage of personal data
  8. Data processing on this website
    1. Collection of general information when you visit our website
    2. Cookies
    3. Registration on our website
    4. Newsletter
    5. Contact form
    6. Online shop
    7. Organising a birthday party
    8. Use of Google Analytics
    9. Use of Google Tag Manager
    10. Use of Google Maps
    11. Use of Google Web Fonts
    12. Embedded Youtube Videos
    13. Google AdWords
    14. Use of Google Remarketing
    15. Facebook-Pixel
    16. Mouseflow
  9. Use of Social Plugins
    1. Facebook Social Plugin
    2. Instagram Social Plugin
    3. Youtube Social Plugin
  10. SSL Encryption
  11. Changes to this Privacy Policy


1) Contact details of the body responsible for processing


Competent authority in the sense of the data protection laws, in particular the EU data protection basic regulation (GDPR), is:


Badeparadies Schwarzwald TN GmbH
Am Badeparadies 1
79822 Titisee-Neustadt
Telephone: 008000 4444 333
Email: info@badeparadies-schwarzwald.de


2) Contact details of the Data Protection Officer


You can reach our Data Protection Officer at: datenschutz@badeparadiesschwarzwald.de


3) Field of Application


This privacy policy applies to the following websites https://www.badeparadies-schwarzwald.de/https://www.badeparadies-schwarzwald.de/palais-vital/,
https://www.badeparadies-schwarzwald.de/palmenoase/https://www.badeparadies-schwarzwald.de/galaxy/https://www.badeparadies-schwarzwald.de/shop/ und
https://www.badeparadies-schwarzwald.de/myparadise/


4) Your rights of persons concerned


You can exercise the following rights at any time using the contact details
provided by our Data Protection Officer:

  • Information about your data stored with us and their processing (Art. 15 GDPR),
  • Correction of incorrect personal data (Art. 16 GDPR),
  • Deletion of your data stored with us (Art. 17 GDPR),
  • Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
  • Objection to the processing of your data by us (Art. 21 GDPR) and
  • Data transferability if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).


If you have given us your consent, you can revoke it at any time with effect for the future.

You can complain to a supervisory authority at any time, e.g. to the competent supervisory authority of the federal state of your residence or to the authority responsible for us.

A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.


5) General information on the collection of personal data and the nature and purpose of its use


We collect and process the following personal data about you:

  • User Data
  • Contact information
  • Social Media Identificators
  • Online Identificators

We process your personal data for the following purposes:

  • Processing of contracts
  • Establishment of contacts
  • Advertising
  • Quality Assurance
  • Statistics

Your data will be processed on the following legal basis:

  • Your consent Art. 1 lit. a) GDPR
  • For the execution of a contract with you, Art. 6 para. 1 lit. b) GDPR
  • Legitimate interests, Art. 6 para. 1 lit. f) GDPR

When processing your data, we pursue the following legitimate interests:

  • Improvement of our offer
  • Protection against misuse
  • Statistics

Collection of usage data

We store selected usage data from visitors when accessing our channels in order to ensure a high level of security, improve the efficiency of the channels and optimise their availability. This usage data will not be used to create personal usage profiles.
The usage data we collect includes:

  • Unique IDs such as a cookie placed on your computer or mobile device, or device IDs
  • Internet Protocol address (IP address) and data derived from your IP address, such as your geographic location
  • Information about your devices, such as information contained in HTTP headers (defined below) or other internet transfer protocol signals, browser or device type and version, operating system, user-agent strings, and about whether or not you have apps on your mobile devices, the screen resolution, and your preferred language
  • Behavioural data related to your use of our channels, such as websites clicked, websites and content areas visited, as well as date and time of activities
  • The web search you used to locate and navigate to the channels
  • Occasionally we associate usage data with personally identifiable information, e.g. an exact geographic location with your name. If we link usage data to your personal data, we will handle the linked data as personal data.

6) General information on recipients or categories of recipients of personal data


When processing your data, we cooperate with the following service providers who have access to your data:

  • Web hosting provider
  • Provider of social media platforms
  • Advertising networks (for advertising pop-ups)
  • Provider of web analysis tools


7) General information on the duration of the storage of personal data


We store your data,

  • if you have consented to the processing at most until you revoke your consent,
  • if we need the data for the execution of a contract at most as long as the contractual relationship with you exists or legal record retention periods run,
  • if we use the data on the basis of a justified interest, at most as long as your interest in deletion or anonymisation does not prevail.

The data stored with us are deleted as soon as they revoke any consent or if the data are no longer required for their purpose and there are no legitimate interests or legal record retention obligations. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be stored for commercial or tax law reasons.

According to legal requirements, the storage takes place for 6 years according to § 257 Para. 1 HGB (e.g. business letters, accounting records, etc.) as well as for 10 years according to § 147 Para. 1 AO (e.g. commercial and business letters, tax-relevant documents).

 

8) Data processing on this website


a. collection of general information when you visit our website


The nature and purpose of processing:

If you access our website, i.e. if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like. This is only information that does not allow any conclusions to be drawn about your person.

In particular, they shall be processed for the following purposes:

  • Ensuring a trouble-free connection to the website,
  • ensuring the smooth use of our website,
  • evaluation of system safety and stability as well as
  • for other administrative purposes.


We do not use your data to draw conclusions about your person. Information of this kind is evaluated statistically by us if necessary, in order to optimise our online presence and the technology behind it.

Legal basis:

Data is processed in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

Recipient:

Recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website.

Storage time:

The data are deleted as soon as they are no longer required for collection purposes. This is generally the case for the data used to provide the website when the respective session has ended.

Provision required or necessary:

The provision of the aforementioned personal data is neither required by law nor by contract. Without the IP address, however, the service and functionality of our website cannot be guaranteed. Additionally, individual services may not be available or restricted. For this reason an objection is excluded.

b. cookies

On the basis of your consent within the framework of the cookie note, our website also uses so-called cookies, which are described in more detail below. A cookie is a text file with an identification number that is transmitted to the user's computer together with the other data actually requested during your use of the website and stored there. The file is kept there for later access and serves to authenticate the user.

Since cookies are only simple files and not executable programs, they do not pose a threat to computers. Cookies do not contain any directly personal data, so that the protection of your privacy is guaranteed. Depending on the settings you have selected, your internet browser will automatically accept cookies. However, this setting can be changed to disable the storage of cookies or to notify you when a cookie is stored.

If cookie use is deactivated, however, some functions of the website may not be available or only to a limited extent. You can delete individual cookies or the entire cookie sets via your browser settings. Furthermore, you will receive information and instructions on how these cookies can be deleted or their storage blocked in advance. Depending on the provider of your browser, you will find the necessary information under the following links:

 

c. Registration on our website


The nature and purpose of processing:

When registering for the use of our personalised services, some personal data is collected, such as name, address, contact and communication data (e.g. telephone number and e-mail address). If you are registered with us, you can access content and services that we only offer to registered users. Registered users also have the option of changing or deleting the data provided during registration at any time. Of course, we will also provide you with information about the personal data we have stored about you at any time.

Legal basis:

The data entered during registration are processed on the basis of the user's consent (Art. 6 para. 1 lit. a GDPR).

Recipient:

Recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website.

Storage time:

Data will only be processed in this context as long as the corresponding consent is available. Thereafter, they shall be deleted unless there are legal obligations to retain them. To contact us in this context, please use the contact details provided at the end of this privacy statement.

Provision required or necessary:

The provision of your personal data is voluntary, solely on the basis of your consent. Without the provision of your personal data we cannot grant you access to our provided contents and services.

d. Newsletter


The nature and purpose of processing:

Your data will only be used to send you the subscribed newsletter by e-mail. Your name will be entered in order to address you personally in the newsletter and, if necessary, to identify you if you wish to exercise your rights as a data subject. Your e-mail address is sufficient for receiving the newsletter. When you register to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers may also be notified by e-mail of circumstances relevant to the service or registration (e.g. changes in the newsletter offering or technical circumstances).

For an effective registration we need a valid e-mail address. In order to verify that a registration is actually carried out by the owner of an e-mail address, we use the "double opt-in" method. For this purpose, we log the order of the newsletter, the dispatch of a confirmation e-mail and the receipt of the reply requested herewith. No further data is collected. The data will be used exclusively for the newsletter dispatch and will not be passed on to third parties.

Legal basis:

On the basis of your expressly given consent (Art. 6 para. 1 lit. a GDPR), we will regularly send you our newsletter or comparable information by e-mail to your specified e-mail address. You can revoke your consent to the storage of your personal data and its use for newsletter dispatch at any time with effect for the future. In every newsletter you will find a corresponding link. You can also unsubscribe directly from this website at any time or inform us of your revocation via the contact option given at the end of this data protection notice.

Recipient:

The recipients of the data may be order processors.

Storage time:

Data will only be processed in this context as long as the corresponding consent is available. Thereafter, they shall be deleted.

Provision required or necessary:

The provision of your personal data is voluntary, solely on the basis of your consent. Unfortunately, we cannot send you our newsletter without your consent.

e. Contact form


The nature and purpose of processing::

The data you enter will be stored for the purpose of individual communication with you. For this purpose it is necessary to provide a valid e-mail address and your name. This is used to assign the query and then answer it. The specification of further data is optional.

Legal basis:

The data entered in the contact form will be processed on the basis of a legitimate interest (art. 6 par. 1 lit. f GDPR). By providing the contact form, we would like to make it easy for you to contact us. The information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions. If you contact us to request an offer, the data entered in the contact form will be processed for the purpose of implementing pre-contractual measures (Art. 6 Para. 1 lit. b GDPR).

Recipient:

The recipients of the data may be order processors.

Storage time:

Data will be deleted at the latest 6 months after processing the request. Insofar as a contractual relationship is established, we are subject to the statutory retention periods in accordance with the German Commercial Code (HGB) and delete your data after these periods have expired. Provision required or necessary:

Provision required or necessary:

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, e-mail address and the reason for the request.

f. online-shop


The personal data collected by us are passed on to the transport company commissioned with the delivery within the framework of processing the contract, insofar as this is necessary for the delivery of the goods.

We pass on your payment data to the commissioned credit institution within the framework of the processing of payments. Transfers to state institutions or authorities are only made within the framework of mandatory national legal provisions. When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" via PayPal, we pass on your payment details to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") as part of the payment process.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" via PayPal. PayPal uses the result of the credit check for the statistical probability of non-payment for the purpose of deciding which payment method to provide in each case.

The creditworthiness information can contain probability values (so called score values). As far as score values flow into the result of the creditworthiness information, these have their basis in a scientifically recognised mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. Please refer to PayPal's privacy policy for further information on data protection, including the credit bureaus used:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full required for the provision of certain content and services on our website.

The Trusted Shops Trustbadge is integrated on this website in order to display the ratings we may have collected with Trusted Shops. This serves to safeguard our predominantly legitimate interests in an optimal marketing of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The Trustbadge and the services promoted thereby are an offer of the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

When the Trustbadge is called up, the web server automatically saves a so-called server log file which contains, for example, your IP address, date and time of the retrieval, the amount of data transferred and the requesting provider (access data) and documents the retrieval. These access data are not evaluated and are automatically overwritten at the latest seven days after the end of your page visit. Further personal data will only be transferred to Trusted Shops if you have consented to this, have decided to use Trusted Shops products after completing an order or have already registered for their use. In this case, the contractual agreement made between you and Trusted Shops applies.


Payments via amazon pay

When paying via Amazon Pay, we will forward your payment details first to Amazon Payments Europe s.c.a., and second to Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL. All three are headquartered at 5 Rue Plaetis, L 2338 Luxembourg (hereinafter "Amazon Payments").

Amazon Payments reserves the right to conduct a credit check. Amazon Payments uses the findings of the credit check to determine the statistical probability of default and whether or not to provide the respective payment method. The credit check may include probability values (score values). Where score values are included in the credit report, these are based on a scientifically recognised mathematical statistics method. Your address details will also be included when calculating the score values.

Amazon Payments is also entitled to forward your personal data to unnamed third parties such as banks, e-service providers, service partners, as well as auditors, analytics services, credit agencies, marketing partners, cloud service providers, retargeting providers and affiliated companies.

For more information on Amazon Payments' Privacy Policy, including the credit agencies used, please see: pay.amazon.com/de/help/201751600. The legal basis for this is Article 6 para. 1 sent. 1 letter b GDPR.


Tracing COVID-19-virus (coronavirus) infections in case of online bookings

When you book your visit to a thermal bath on our website, it is not necessary that you give your personal contact details again when entering the thermal bath. In case a corona infection has become known and is confirmed at the Badeparadies Schwarzwald while you are staying there, the data from your online booking can be used by us to pass these on to the relevant public health authority to ensure the traceability of COVID-19 infections. This only refers to your first- and family name, the time or rather the period you have spent at the thermal bath and your contact details (e-mail address and, if required, your telephone number). It is necessary that your contact details are passed on, enabling the public health authority to contact you as the case may be. This is legally based on Art.6 Para. 1 lit. d) DSGVO (Processing person-related data to protect vital interests of the person concerned or another natural person).

In as far as your person-related data have to be submitted to the relevant public health authority, they are entered in a list prepared for just this situation and sent to the health authority. Your data will remain on this list for the period of one month and is removed from it once this period has expired. The processed data may be passed on by the relevant public health authority exclusively upon request for the purpose of tracing possible infection paths.
Keeping your person-related data on our booking system remains unaffected.

g. Organising a birthday party for a child


The nature and purpose of processing:

If you would like to celebrate your child's birthday with us, we will provide you with an online form so that you can send us your request quickly and easily. For this purpose it is necessary that you disclose some personal data to us. This includes the first name, surname and date of birth of your child and personal data of the parents (title, first name, surname, postal code, place of residence, if applicable country, telephone number and e-mail address). We need this information in order to organise the child's birthday party and to contact you if necessary.
The personal data will be used for the reservation, booking and processing of your child's birthday. If you also give us permission to send information by post or e-mail, we will also use your address data and the e-mail address provided for the purposes stated until you revoke your declaration of consent for the future.

Legal basis:

We process the personal data provided by you to the extent necessary for the reservation and execution of your child's birthday (Art. 6 Para. 1 lit. b) GDPR). Should you also agree to the dispatch of information material by post or e-mail, we will process the personal data required for this purpose on the basis of your consent in accordance with Art. 6 Para. 1 a) GDPR.

Recipient:

The recipients of the data may be contract processors for the maintenance of our data processing systems and for the provision of IT services for the electronic dispatch of newsletters.

Storage time:

The personal data you provide to us will be stored by us until the purpose of their processing is fulfilled. The data is then deleted. If we additionally process your address data and the e-mail address as part of your declaration of consent to the dispatch of information material by post and e-mail, this data will be deleted from our systems as soon as you revoke your declaration of consent for the future.

Provision required or necessary:

The provision of your personal data is voluntary. However, we can only process your request if you provide us with the necessary personal data in the online form.

h. Use of Google Analytics


The nature and purpose of processing:

This website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter referred to as: "Google"). Google Analytics uses so-called "cookies", which are text files that are stored on your computer and allow an analysis of the use of the website by you. The information generated by the cookie about your use of this site is usually sent to a server of Google in the USA and stored there. Due to the activation of IP anonymity on these sites, your IP address is however abbreviated beforehand by Google within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on your activities on this website and to provide other services relating to website usage and internet use to the website operator. The IP address transmitted by your browser in conjunction with Google Analytics is not merged with other data held by Google. The purposes of data processing are to evaluate the use of the website and to compile reports on activities on the website. On the basis of the use of the website and the internet, further related services are to be provided.

Legal basis:

On the basis of the use of the website and the internet, further related services are to be provided.

Recipient:

The recipient of the data is Google as the processor. For this purpose, we have concluded the corresponding order processing contract with Google.

Storage time:

The data will be deleted as soon as they are no longer required for our recording purposes.

Transfer to third countries:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework. We have also entered into standard privacy clauses with Google for the use of Google Analytics.

Provision required or necessary:

The provision of your personal data is voluntary, solely on the basis of your consent. Insofar as you prevent access, this may result in functional restrictions on the website.

Revocation of consent:

You can prevent the storage of cookies by selecting the appropriate settings on your browser; we point out, however, that in this case it is possible that you will not be able to fully use all the features of this site. You can also prevent the collection of the data generated by the cookie and relating to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in that is available under the following link: Browser Add On to disable Google Analytics. In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking this link. In this context , an opt-out cookie is installed on your device. This will prevent Google Analytics from collecting cookies for this website and for this browser in the future as long as the cookie remains installed in your browser.

Profiling:

With the help of the tracking tool Google Analytics the behaviour of the visitors of the website can be evaluated and their interests analysed. For this purpose we create a pseudonymous user profile.


i. Use of Google Tag Manager

On our website, we use the Google Tag Manager from Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Insofar as you have your customary abode in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) shall be considered to be the Responsible Party for your data. Accordingly, Google Ireland Limited is the company affiliated with Google which is responsible for the processing of your data and the fulfilment of the applicable data protection laws.
This application is used to administrate JavaScript tags and HTML tags which are used for the implementation of particularly tracking and analytical tools. The data processing shall serve the purpose of the requirements-based design and optimisation of our website.
The Google Tag Manager itself stores neither cookies nor any personal data created therefrom. However, it enables the activation of additional tags which may collect and process personal data.
You can find detailed information on the Usage Terms and Conditions and data protection here: (https://www.google.com/intl/de/tagmanager/use-policy.html).

j. Use of Google Maps


The nature and purpose of processing:

On this website we use the Google Maps service. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). This enables us to display interactive maps directly on the website and enables you to use the map function conveniently. For more information about data processing by Google, please refer to the Google Privacy Notice. You can also change your personal data protection settings there in the data protection centre. Detailed instructions on how to manage your own data related to Google products can be found here.

Legal basis:

The legal basis for the integration of Google Maps and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a GDPR).

Recipient:

When you visit the website, Google receives information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account that you are logged in to or whether there is no user account. When you're logged in to Google, your information will be directly associated with your account. If you do not this association in your Google profile, you have to log out of Google before the button is activated. Google stores your data as user profiles and uses them for advertising, market research and / or needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Storage time:

We do not collect any personal data through the integration of Google Maps.

Transfer to third countries:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

Revocation of consent:

If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you will not be able to use our website, or only to a limited extent.

Provision required or necessary:

The provision of your personal data is voluntary, solely on the basis of your consent. Insofar as you prevent access, this may result in functional restrictions on the website.


k. Use of Google Web Fonts

We use Google Fonts on our website. These "Google Fonts" belong to Google Inc. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services within Europe.

You do not have to register or rather save a password for using Google Fonts nor are cookies saved to your browser. The data files (CSS, Fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, enquiries for CSS and fonts are completely independent from any other Google service. If you have a Google account, you do not have to worry, whether your Google account data is transmitted to Google while you use Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the various different fonts used and safely stores this data.

What are Google Fonts?

Google Fonts (formerly Google Web Fonts) is a list of more than 800 fonts that Google makes available to its users. Many of these fonts are published under the SIL Open Font Licence while others have been published under the Apache Licence, both of which are freely available software licences.

Why do we use Google Fonts on our website?

Using Google Fonts means that we can use our own website fonts on our website but do not have to upload these on our server. Google Fonts is an important component to maintain the high quality of our website. All Google fonts are automatically optimised for the web, saving data volume and they are particularly useful in connection with mobile end devices.
The small size of data files means faster downloading when you visit our website. In addition, Google Fonts are safe web fonts. Different image synthesis-systems (rendering) in various browsers, operating systems, and mobile end devices may lead to errors. Such errors can optically partly distort texts or rather whole websites. It is thanks to the fast 'Content Delivery Networks' (CDN) that there are no cross-platform problems with Google Fonts. Google Fonts supports all usual browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably with most of the modern operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts because we want to present our overall online service as best and consistently as possible.

What data is saved by Google?

When you visit our website, the fonts are uploaded by a Google server. This external call-up initiates data to be transferred to the Google servers. In this way Google also recognises that you or rather your IP-address is visiting our website. The Google Font API was developed in order to reduce the use, storage and recording of end user data to the amount required to provide proper fonts. API is the abbreviation for 'Application Programming Interface' and serves – among other things – to transmit data in the software section. Google Fonts saves CSS- and font enquiries and they are thus protected. The collected usage numbers tell Google how well the individual fonts are received. Google publishes the results on internal analysis sites such as, for example, Google Analytics. In addition, Google also uses data from its own web-crawler to establish which websites use Google Fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery, in order to investigate and move large data volumes. It must, however, be considered that every Google Font enquiry generating information such as language setting, IP-address, type of browser, screen resolution of browser and name of browser is automatically transmitted to Google servers. It cannot be established beyond doubt or is not unambiguously communicated by Google that this data is actually stored.

How long and where is this data stored?

Enquiries for CSS-assets are stored for one day on Google servers that are mainly located outside of the EU. This enables us to use the fonts by means of a Google Stylesheet. A stylesheet is a format with which it is easy to change, for example, the design or the type of font on a website quickly.
The font data is stored at Google for the period of one year. In doing this, it is Google's objective to basically improve the uploading time of websites. If millions of websites refer to the same fonts, they are stored after the first visit and will appear immediately on all websites that are visited later on. At times Google will update font data files to reduce the data volume, to increase the language coverage and to improve the design. How can I delete my data or rather prevent my data from being stored? Data that Google stores for one day or rather one year cannot simply be deleted. Upon calling up a website, the data is automatically transmitted to Google. In order to delete this data at an early stage you will have to contact the Google Support under https://support.google.com/?hl=de&tid=331602572761. In this case you can only prevent data from being stored by not visiting our website. The website https://www.google.com/intl/de/policies/privacy/ informs you about what data is basically recorded by Google and what this data is used for. You will find more information and further questions on Google Fonts on this website https://developers.google.com/fonts/faq?tid=331602572761.
Source: Data protection generator by AdSimple in cooperation with warkly.de

l. Embedded Youtube Videos


The nature and purpose of processing:

On some of our websites we integrate YouTube videos. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter "YouTube"). When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This will tell YouTube which pages you are visiting. If you are logged in to your YouTube account, YouTube can personally associate your behaviour with you. You can prevent this by logging out of your YouTube account beforehand. When a YouTube video is started, the provider uses cookies to collect information about user behaviour. Further information on the purpose and scope of data collection and processing by YouTube can be found in the provider's privacy policy, where you will also find further information on your rights in this regard and setting options to protect your privacy (https://policies.google.com/privacy). Google processes your data in the USA and has submitted to the EU_US Privacy Shield  https://www.privacyshield.gov/EU-US-Framework

Legal basis:

The legal basis for the integration of YouTube and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a GDPR).

Recipient:

Calling YouTube automatically triggers a connection to Google.

Storage period and revocation of consent:

If you have deactivated the saving of cookies for the Google Ad program, you will not have to expect such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in the browser. You will find further information on data protection at "YouTube" in the provider's privacy policy: https://www.google.de/intl/de/policies/privacy/

Transfer to third countries:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

Provision required or necessary:

The provision of your personal data is voluntary, solely on the basis of your consent. Insofar as you prevent access, this may result in functional restrictions on the website.

m. Google AdWords


The nature and purpose of processing:

Our website uses Google Conversion Tracking. The operating company of Google AdWords services is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you have reached our website via an advertisement placed by Google, Google Adwords places a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. If the user visits certain pages on our site and the cookie has not expired, we and Google may recognise that the user clicked on the ad and was directed to that page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be traced via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers will be informed of the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, the customer will not receive any information that personally identifies users. If you do not wish to participate in tracking, you can refuse the setting of a cookie that is required for this purpose - for example, by means of a browser setting that deactivates the automatic setting of cookies in general or you can set your browser to block cookies from the "googleleadservices.com" domain. Please note that you may not delete the opt-out cookies as long as you do not wish to record measurement data. If you have deleted all your cookies in your browser, you must set the respective opt-out cookie again.

Provision required or necessary:

The provision of your personal data is voluntary, solely on the basis of your consent. Insofar as you prevent access, this may result in functional restrictions on the website.

n. Use of Google Remarketing


The nature and purpose of processing:

This website uses the remarketing function of Google Inc. The operating company of Google Remarketing services is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). This function is used to present interest-related advertisements to website visitors within the Google advertising network. A so-called "cookie" is stored in the browser of the website visitor, which makes it possible to recognise the visitor when he visits websites belonging to the Google advertising network. On these pages, advertisements can be presented to the visitor, which refer to contents, which the visitor called up before on web pages, which use the Remarketing function of Google.

Legal basis:

The legal basis for the integration of Google Remarketing and associated data transfer to Google is your consent (Art. 6 para. 1 lit. a GDPR).

Recipient:

Every time you visit our website, personal data, including your IP address, is transferred to Google in the USA. These personal data are stored by Google. Google may share this personal information collected through the technical process with third parties. Our company does not contain any information from Google that could be used to identify the individual concerned.

Revocation of consent:

According to its own information, Google does not collect any personal data during this process. However, if you do not want Google's Remarketing feature to work, you can always disable it by selecting the appropriate settings at  https://support.google.com/adwordspolicy/answer/143465. Alternatively, you can disable the use of cookies for interest-based advertising through the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

Provision required or necessary:

The provision of your personal data is voluntary, solely on the basis of your consent. Insofar as you prevent access, this may result in functional restrictions on the website.

o. Facebook-Pixel

If you have given us your express consent by clicking on a button provided for this purpose, we will use the "Facebook pixel" of Facebook Inc., 1601 S. California Ave, PaloAlto, CA 94304, USA ("Facebook") within our website. This allows users to track their behaviour after seeing or clicking on a Facebook ad. This process is used to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and can help to optimise future advertising measures. The collected data is anonymous for us and does not give us any information about the identity of the user. However, Facebook stores and processes the data so that it can be linked to the respective user profile and Facebook can use the data for their own advertising purposes in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/).

You can enable Facebook and its affiliates to serve ads on and off Facebook. A cookie can also be stored on your computer for these purposes. Consent to the use of the Facebook pixel may only be given by users who are older than 16 years of age. If you are younger, please ask your parent or guardian for permission. In order to generally object to the use of cookies on your computer, you can set your Internet browser so that cookies
can no longer be stored on your computer in the future or cookies that have already been stored are deleted. Disabling all cookies may, however, mean that some functions on our Internet pages can no longer be executed. You can also disable the use of cookies by third parties such as Facebook on the following Digital Advertising Alliance website: http://www.aboutads.info/choices/

 

p. Mouseflow

This website uses Mouseflow: a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you'd like to opt-out, you can do so at https://mouseflow.com/opt-out. If you'd like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at privacy@mouseflow.com.

For more information, see Mouseflow's Privacy Policy at http://mouseflow.com/privacy/.

For more information on Mouseflow and GDPR, visit https://mouseflow.com/gdpr/.

For more intormation on Mouseflow and CCPA visit https://mouseflow.com/ccpa.

9) Use of Social Plugins


On the basis of our legitimate interests (Art. 6 Para. 1 lit. f. GDPR) in a need-based design of our web pages, we use the following plug-ins of the respective third-party providers.


a. Use of Facebook Social Plugins

Our website uses Social Plugins ("Plugins") of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are marked with a Facebook logo or the addition "Facebook Social Plugin". An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins/.%20/?locale=de_DE

When you call up a website on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website by it. By integrating the plugins, Facebook receives the information that you have accessed the corresponding page of our website. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example by clicking on the "Like" button or commenting on them, your browser sends the corresponding information directly to Facebook and stores it there.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your related rights and setting options for the protection of your privacy can be found in Facebook's data protection information: https://www.facebook.com/policy.php


b. Use of Instagram Social Plugins

Our website uses plugins from the Instagram network operated by Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). When you click on the Instagram button, the plugin establishes a direct connection between your browser and the Instagram server. This will tell Instagram that you have visited our site with your IP address. The purpose and scope of the data collection and the further processing and use of this data by Instagram is not known to us. We encourage you to review Instagram's

privacy policy regarding this and your rights and privacy settings to protect your privacy: https://help.instagram.com/155833707900388


c. Use of Youtube Social Plugins

This website uses the Youtube embedding function to display and play videos of the provider "Youtube". For this purpose, the extended data protection mode is used which, according to the provider, only initiates the storage of user information when the video(s) is/are played. If the playback of embedded Youtube videos is started, the provider "Youtube" uses cookies to collect information about the user behaviour. According to information from Youtube, these serve, among other things, to collect video statistics, improve user-friendliness and prevent abusive practices. Irrespective of any playback of the embedded videos, each time this website is accessed, a connection to the Google "DoubleClick" network is established, which can trigger further data processing operations without our influence. You will find further

information on data protection at "YouTube" in the provider's privacy policy: https://www.google.de/intl/de/policies/privacy/


10) SSL Encryption

In order to protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.


11) Changes to our Privacy Policy

We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your renewed visit will then be subject to the new data protection declaration.


Version dated October 27, 2020