Privacy Policy – pizzadragons

Introduction

In the following privacy policy we would like to educate you on the way we use your personal data (in the following also referred to as “data”) and to which extents and purposes it is being processed. The privacy policy applies to all processing of personal data carried out by us, both for services provided and on our websites, mobila applications and external online presences, e.g. our social media profiles (in the following referred to as “online services”).

As of: 28th of December 2021

Person in charge

Silas Lemberger
Mittermayerstr. 6
85221 Dachau

E-Mail: silas.lemberger@yahoo.com

Overview of Processing

Kinds of processed data

Stock data
Payment data
Contact data
Content data
Contract data
Usage data
Meta-/ Communication data

Categories of affected persons

Customers
Prospective buyers
Users
Business- & contractual partners

Purposes of processing

Fulfillment of contractual services and customer service
Contact requests and communication contact
Safety measures
Measurement of range of influence
Office- and organizational management
Administration of and response to questions
Feedback
Marketing
Profiles with user specific information
Provision of our online services and ease of use

Decisive legal bases

The following contains and overview of legal bases of the General Data Protection Regulation (GDPR), based on which we process your personal data. Please note that there might exist national requirements besides the DSGVO which apply to your country of residence. Should any special legal bases apply in individual cases we will notify you in our privacy policy.

Consent (Art. 6 Abs. 1 S. 1 lit. a. GDPR) – the affected person has provided their consent in the processing of personal data concerning them for a specific purpose or multiple specific purposes.
Contractual fulfillment and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b. GDPR) – The processing is necessary for the fulfillment of a contract, which the affected person is party to, or for the execution of pre-contractual actions which are made as per request of the affected person.
Legal obligation (Art. 6 Abs. 1 S. 1 lit. c. GDPR) – The processing is necessary for the fulfillment of a legal obligation, which the person responsible is liable to.
Legitimate interest (Art. 6 Abs. 1 S. 1 lit. f. GDPR) – The processing is necessary for maintaining the legitimate interests of the person responsible or of third parties, as long as this does not infringe upon the interests, basic rights or basic liberties of the affected person which require the protection of personal data.

In addition to the rules and regulations of data protection in the GDPR, national regulations for data protection in Germany apply. This especially includes the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) for protection against misuse of personal data in data processing. The BDSG especially contains special regulations for the right of disclosure, the right of deletion, the right of objection, the processing of special categories of personal data, the processing for other purposes and for transmission as well as automated decision-making in individual cases, including profiling. Furthermore does it govern the data processing for purposes of employment (§ 26 BDSG), especially with regard to justification, execution or termination of employment as well as the consent of employees. Additionally, state data protection acts may apply.

Safety measures

We implement approproate technological and organizational measures to provide a risk-appropriate level of protection according to legal guidelines, taking into account the current state of technology, implementation costs and the kind, extent, circumstances and purposes of processing as well as the differing probabilities of occurrence and the magnitude of threat to the rights and freedoms of natural persons.

These measures especially include the assurance of trustworthiness, integrity and availability of data through inspection of physical and electronic access to the data as well as their accessability, the input, transmission, securing of availability and their separation. We have furthermore implemented a process which ensures the assertion of rights of the affected person, the deletion of data and reaction to endangerment of data. Additionally we take the protection of personal data into consideration during the development or selection of hardware, software and processes in accordance with the principles of data protection, through configuration of technoloy and data protection friendly presets.

To protect data transferred via our online services, we use an SSL- encrypted connection. You can recognize such connections by the prefix https:// in the adress bar of your browser.

Transmission of personal data

As part of our processing of personal data it might occur that the data is transmitted or disclosed to other locations, corporations, legally autonomous organizational units or people. These recipients might include service or content providers which were assigned IT tasks, for example. In such a case we will follow the federal regulations and accordingly enter into special contracts or agreements, which serve the purpose of protecting your data, with the recipients of said data.

Data processing in third party countries

Provided that we process data in a thrid party country (meaning: outside the European Union (EU), European Economic Area (EEA)) or if the processing of data takes place within the framework of utilization of services of third parties or the disclosure or transmission of data to other people, administrations or companies, this will happen in accordance with legal specifications.

Subject to explicit consent or contractually or legally necessary transmission we only process data, or let data be processed, in third party countries with a recognized data protection level, contractual obligations through so-called standard contractual clauses of the EU commission, at submission of certificates or binding internal data protection regulations (Art. 44 – 49 GDPR, information website of the EU commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection)

Deletion of data

The data we process is deleted according to legal regulations, once the necessary consent for permitted processing is revoked or other consent is no longer applicable (e.g. the purpose of processing of said data is dispensed with or if the data is no longer necessary for the purpose).

Provided that data is not deleted because it is used for other legally permissible purposes, its processing will be limited to these purposes. Meaning the data will be blocked and not used for other pruposes. This is applicable for data, which must be kept for trade- or tax-related reasons, for example, or of the storage is necessary for the enforcement, execution or defense of legal claims or for the protection of the rights of another natural or legal person.

Our privacy notices can also contain further details about the storage and deletion of data, which take precedence over the respective processing.

Use of cookies

Cookies are small text files or other storage notations which save information to end devices and read information from end devices, for example to save the login status of a user account, the contents of a cart in an electronic store, the accessed contents or utilized functions of an online service. Cookies can furthermore be used for different purposes, e.g. for the purpose of functionality, security and convenience of online services as well as the creation of analyses of streams of visitors.

Information on consent: We utilize cookies in accordance with legal prescriptions. Therefore we obtain preceding consent from users, unless it is legally not required. Consent is especially not necessary, if the storage and readout of information, including cookies, is absolutely necessary to provide users with a telemedia service (our online services) which is explicitly desired by them. The revocable consent is clearly communicated to the user and contains information for perspective cookie usages.

Information on legal bases of data protection: On which legal basis we process the data of users with the help of cookies depends on whether we ask users for consent. If users consent to the usage of cookies, the legal basis of the processing of their data is their given consent. Otherwise data is processed via cookies based on our legitimate interest (for example an economic operation of our online services and improvement of usability) or, if it takes place within the scope of fulfilling our contractual obligations, if the usage of cookies if required to fulfill our contractual obligations. For which purposes our cookies are processed is explained in this privacy policy or in the framework of our consent and processing procedures.

Storage duration: With regard to storage duration we distinguish between the following kinds of cookies:

Temporary cookies (also: Session cookies): Temporary cookies will be deleted after a user has exited the online service and has closed their end device (e.g. browser or mobile application).
Permanent cookies: Permanent cookies remain in storage even after the closure of the end device. This enables, for example, a direct display of login status or preferred content when the user visits the website again. Likewise, the data which is collected from users with the help of cookies can be used to measure range of influence. If we don’t provide users with explicit information on the type and storage suration of cookies (e.g. in the framework of obtaining consent), the user should assume that cookies are permanent and that their storage duration lasts up to two years.

General information on revoking consent and objection (opt-out): Users can object to the processing according to legal guidelines in Art. 21 GDPR at any time (further information on revoking consent follow in this privacy policy). Users can also opt out via their browser settings.

Further information on processing procedures and services:

Processing of cookies based on consent: We use a method of managing cookie consent in the framework of which user consent to the usage of cookies, or the processing and providers named in the cookie consent management method, can be obtained and revoked by the users. In this process the declaration of consent is stored in order to avoid a recurring enquiry and to prove evidence of consent in accordance with legal requirements. This storage can happen on the server side and/or in a cookie (so-called opt-in-cookie or with comparable technologies) to match given consent with a user or device. Unless otherwise individually specified about providers of cookie management services, the following information applies: The duration of storage of consent can last up to two years. In this process a pseudonymous user identifier is created and stored together with the time of consent, details on the scope of consent (e.g. which categories of cookies and /or service providers) as well as the browser type, operating system and end device model.

Business-related services

We process data from our contractual partners and business partners, e.g. customers and interested parties (summarily named “contractual partners”) in the framework of contractual relationships and other comparable legal relationships as well as thereby associated actions and communications with contractual or pre-contractual partners, e.g. to answer questions.

We process this data to fulfill our contractual obligations. This includes the obligations for provision of agreed-upon services, possible update obligations and remediation concerning warranty- or other service disruptions. Furthermore we process data to exercise our rights and for the purpose of administrative tasks connected to these obligations as well as organizing our business. We also process data on the basis of our legitimate interest in an orderly and economically sound business management as well as in safety procedures for protection of our contractual partners and our business from misuse, endangerment of your data, secrecy, information and rights (e.g. for participation in telecommunication- transport and other helping services as well as subcontractors, banks, tax- and legal advisors, payment service providers or financial institutions). In accordance with applicable law we only provide data to third parties, if this is necessary for the fulfillment of previously stated purposes or for the fulfillment of legal responsibilities. We will notify contractual partners about further forms of processing , e.g. for marketing purposes, in this privacy policy.

We provide our contractual partners with special identifiers (e.g. colors or asterisks) on which data is mandatory for the previously stated purposes, or we inform them personally.

We delete data after the expiration of the statutory warranty period and other comparable requirements, that is to say, after 4 years have elapsed, unless the data is stored in a customer account, e.g. if they have to be retained or archived for statutory reasons (for example, the usual period for tax purposes is 10 years). Data which has been disclosed to us via contractual partners will be deleted after completion of the tasks in accordance with the specifications of the contract.

As far as we employ third parties or platforms for provision of a service, the terms and conditions and privacy policies of the respective third parties or platforms apply.

Shop and e-commerce

We process the data of our customers to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery, or execution to our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required information is identified as such in the context of the order or comparable purchase process and includes the information needed for delivery, or provision and billing, as well as contact information, so that, if necessary, consultation can be held.

Artistic and literary services

We process the data of our clients to enable them to select, purchase or commission the chosen services or works and related activities, as well as enabling their payment and delivery or execution or performance.

The required information is identified as such in the context of the contractual, purchase or comparable finalization and includes the information required for delivery and invoicing as well as contact information in order to be able to hold any consultations.

Types of data processed: inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., e-mail, phone numbers); contract data (e.g., subject matter of contract, term, customer category); usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
Affected persons: Customers; prospective customers; business and contractual partners.
Purposes of processing: provision of contractual services and customer service; security measures; contact requests and communication; office and organizational procedures; administration and response to requests.
Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR); Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR).

Payment procedures

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer affected persons efficient and secure payment options and use other service providers in addition to banks and credit institutions for this purpose (collectively, “payment service providers”).

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e., we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the payment service providers transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and the privacy policy of the payment service providers.

The terms and conditions and the data protection notices of the respective payment service providers apply to the payment transactions, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other affected persons’ rights.

Types of data processed: inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matter of contract, term, customer category); usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
Affected persons: Customers; prospective customers.
Purposes of processing: provision of contractual services and customer service.
Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Further information on processing operations, procedures and services:

Mastercard: Payment processing services; Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgien; Website: https://www.mastercard.de/de-de.html; Privacy policy: https://www.mastercard.de/de-de/datenschutz.html.
PayPal: Payment processing services (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/de; Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Stripe: Payment processing services; Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Website: https://stripe.com; Privacy policy: https://stripe.com/de/privacy.
Visa: Payment processing services; Service provider: Visa Europe Services Inc., branch office London, 1 Sheldon Square, London W2 6TT, GB; Website: https://www.visa.de; Privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Provision of online services and web hosting

In order to provide our online service securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online service can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

The data processed as part of the provision of the hosting services may include all information relating to the users of our online service, which is generated as a result of usage and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online services to browsers, and all entries made within our online service or from websites.

Types of data processed: Content data (e.g. entries in online forms); Usage data (e.g. web pages visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: provision of our online offer and user-friendliness; provision of contractual services and customer service.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Further information on processing procedures, methods and services:

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on each access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability; deletion of data: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
WordPress.com: hosting platform for blogs / websites; Service provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA; Website: https://wordpress.com; Privacy policy: https://automattic.com/de/privacy/; Order processing agreement: concluded with provider: https://wordpress.com/support/data-processing-agreements/
STRATO: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: STRATO AG, Pascalstraße 10,10587 Berlin, Germany; Website: https://www.strato.de; Privacy policy: https://www.strato.de/datenschutz; Order processing agreement: concluded with provider.

Web analysis, monitoring and optimization

Web analytics (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can recognize, for example, at what time our online offer or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas require optimization.

In addition to web analytics, we may also use testing procedures, for example, to test and optimize different versions of our online services or their components.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have agreed to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, in the context of web analysis, A/B testing and optimization, no clear data of the users (such as e-mail addresses or names) are stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Types of data processed: Usage data (e.g. web pages visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Affected persons: Users (e.g., website visitors, users of online services).
Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles).
Security measures: IP masking (pseudonymization of the IP address).
Legal grounds: consent (Art. 6 para. 1 p. 1 lit. a. GDPR); legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR)

Further information on processing operations, procedures and services:

Jetpack (WordPress Stats): Jetpack provides analytics – features for WordPress software; Service provider: Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA; Website: https://automattic.com; Privacy Policy: https://automattic.com/privacy, Cookies Policy: https://jetpack.com/support/cookies.

Online marketing

We process personal data for online marketing purposes, which may include, in particular, marketing advertising space or displaying promotional and other content (collectively, “Content”) based on users’ potential interests and measuring its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, by means of which the information about the user relevant for the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

The IP addresses of the users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored as part of the online marketing process, but pseudonyms. This means that we, as well as the providers of the online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.

Ausnahmsweise können Klardaten den Profilen zugeordnet werden. Das ist der Fall, wenn die Nutzer z.B. Mitglieder eines sozialen Netzwerks sind, dessen Onlinemarketingverfahren wir einsetzen und das Netzwerk die Profile der Nutzer mit den vorgenannten Angaben verbindet. Wir bitten darum, zu beachten, dass Nutzer mit den Anbietern zusätzliche Abreden, z.B. durch Einwilligung im Rahmen der Registrierung, treffen können.

In principle, we only receive access to summarized information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing methods have led to a so-called conversion, i.e., for example, to a contract being concluded with us. The conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

Types of data processed: Usage data (e.g. web pages visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Affected persons: Users (e.g., website visitors, users of online services).
Purposes of processing: marketing; profiling with user-related information (creating user profiles).
Security measures: IP masking (pseudonymization of the IP address).
Legal grounds: consent (Art. 6 para. 1 p. 1 lit. a. GDPR); legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
Possibility of objection (opt-out): We refer to the data protection notices of the respective providers and the objection options given to the providers (so-called “opt-out”). If no explicit opt-out option has been specified, you have the option of disabling cookies in your browser settings. However, this may restrict functions of our online offers. We therefore recommend the following additional opt-out options, which are offered in summary for the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-territory: https://optout.aboutads.info.

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for the users because, for example, the enforcement of the users’ rights could be made more difficult.

Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on usage behavior and resulting interests of the users. Usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Types of data processed: contact data (e.g., email, phone numbers); content data (e.g., input in online forms); usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
Affected persons: Users (e.g., website visitors, users of online services).
Purposes of processing: contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Further information on processing operations, procedures and services:

Instagram: Social network; Service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy.
Twitter: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; parent company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; privacy policy: https://twitter.com/privacy, (settings: https://twitter.com/personalization).
YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy: https://policies.google.com/privacy; Opt-out: https://adssettings.google.com/authenticated.

Plugins and embedded functions and content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content or function. We strive to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online services as well as be linked to such information from other sources.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: provision of our online offer and user-friendliness; provision of contractual services and customer service; marketing; profiles with user-related information (creation of user profiles).
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. GDPR); Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Further information on processing operations, procedures and services:

Instagram plugins and content: Instagram Plugins and Content – This may include, for example, content such as images, videos or text and buttons that allow users to share content from this online offering within Instagram. – We are jointly responsible with Facebook Ireland Ltd. for collecting or receiving in the course of a transmission (but not further processing) “Event Data” that Facebook collects or receives in the course of a transmission by means of Instagram features (e.g., content embedding features) running on our Online Offer for the purposes of: a) displaying content as well as promotional information that matches users’ presumed interests; b) delivering commercial and transactional messaging (e.g., targeting users via Instagram); c) providing users with a link to Instagram content; d) providing users with a link to Instagram content; e.g., providing users with a link to Instagram content; f) providing users with a link to Instagram content; and g) providing users with a link to Instagram content. e.g., targeting users via Facebook Messenger); c) improving ad delivery and personalization of features and content (e.g., improving the detection of which content or advertising information presumably matches users’ interests). We have entered into a special agreement with Facebook (“Addendum for Responsible Parties”, https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill data subject rights (i.e., users can, for example, provide information or make deletion requests directly to Facebook). Note: When Facebook provides us with metrics, analytics, and reports (which are aggregated, i.e., do not receive information about individual users and are anonymous to us), this processing is not done under shared responsibility, but rather on the basis of a data processing contract (“Data Processing Terms “, https://www.facebook.com/legal/terms/dataprocessing) , the “Data Security Terms and Conditions” (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of standard contractual clauses (“Facebook EU Data Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority), are not restricted by the agreements with Facebook; Service provider: https://www.instagram.com, Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy.
Twitter plugins and content: Twitter plugins and buttons – This may include, for example, content such as images, videos or text and buttons that allow users to share content from this online offering within Twitter; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, Parent Company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; website: https://twitter.com/; privacy policy: https://twitter.com/privacy, (settings: https://twitter.com/personalization).
YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Ad display settings: https://adssettings.google.com/authenticated.

Modification and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy statement, please note that the addresses may change over time and please check the information before contacting us.

Rights of the affected persons

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Right to withdraw consent: You have the right to revoke any consent given at any time.
Right to information: you have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with the legal requirements.
Right to rectification: you have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data concerning you be rectified.
Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with the legal requirements, to demand restriction of the processing of the data.
Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to demand its transfer to another responsible party.
Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the requirements of the GDPR.

Definitions of terms

This section provides you with an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined primarily in Art. 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are sorted alphabetically.

Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, includes any type of automated processing of personal data that consists of using such personal data to analyze, evaluate or to predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behavior and interests, such as interaction with websites and their content, etc.) (e.g., interests in certain content or products, click behavior on a website or location). Cookies and web beacons are often used for profiling purposes.
Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can include visitors’ behavior or interests in certain information, such as website content. With the help of reach analysis, website owners can see, for example, at what time visitors visit their website and what content they are interested in. This enables them, for example, to better adapt the content of the website to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyses of the use of an online offer.
Responsible party: a ” responsible party ” is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Processing: “Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data, be it collection, analysis, storage, transmission or deletion.

Translated from: kostenloser Datenschutz-Generator.de von Dr. Thomas Schwenke

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
tk_lr	1 year	The tk_lr is a referral cookie set by the JetPack plugin on sites using WooCommerce, which analyzes referrer behaviour for Jetpack.
tk_or	5 years	The tk_or is a referral cookie set by the JetPack plugin on sites using WooCommerce, which analyzes referrer behaviour for Jetpack.
tk_r3d	3 days	JetPack installs this cookie to collect internal metrics for user activity and in turn improve user experience.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.