Privacy Policy

For us at PATRIZIA SE, protecting your privacy is of utmost importance. The following information explains the nature, scope, and purpose of the collection and use of personal data. A version in other languages is also available upon request.

The privacy policy (including legally required information) is divided into two parts:

Part 1: Information on data protection regarding our data processing in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
Part 2: Supplementary data protection declaration for our website
Part 3: Information on data protection for applicants

Part 1: Information on data protection

Information on data protection regarding our data processing in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR). We take data protection seriously and hereby inform you how we process your data and what rights you have under data protection law. Valid from May 25, 2018.

1. Data controller and contact details of the data controller within the meaning of data protection law

PATRIZIA SE
Fuggerstraße 26
86150 Augsburg
Tel: +49 821 50910-000
Fax: +49 821 50910-999
immobilien(at)patrizia.ag

and its subsidiaries.

In exceptional cases, "joint responsibility" with other third parties may also exist. Currently, this is limited to specific situations in the area of property and facility management.

Contact details of our data protection officer:

HEC Harald Eul Consulting GmbH
Data Protection + Data Security
Harald Eul (Data Protection Officer PATRIZIA)
Auf der Höhe 34
50321 Brühl
datenschutz-patrizia(at)he-c.de
www.datenschutz-help.de

2. Purposes and legal basis on which we process your data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other applicable data protection regulations (details below). The specific data processed, possibly using artificial intelligence (AI), and how it is used, depends primarily on the services requested or agreed upon.

2.1 Purposes for the performance of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)

Personal data is processed for the performance of our contracts with you and the execution of your orders, as well as for carrying out measures and activities within the framework of pre-contractual relationships, e.g., with prospective clients. In particular, this processing serves to provide services in accordance with your orders and wishes and includes the necessary services, measures, and activities. This encompasses all business activities with a focus on real estate (especially acquisition, sale, brokerage, rental, and management) and investments in real estate (funds and direct investments). This essentially includes contract-related communication with you, the traceability of transactions, orders, and other agreements, as well as quality control through appropriate documentation, goodwill procedures, measures for managing and optimizing business processes, and fulfilling general due diligence obligations, management and control by affiliated companies (e.g., parent company); statistical analyses for business management, cost accounting and controlling, reporting, internal and external communication, emergency management, invoicing and tax assessment of business services, risk management, assertion of legal claims, and defense in legal disputes. Ensuring IT security (including system and plausibility tests) and general security, including building and plant security, ensuring and exercising the right of domicile (e.g., through access controls); ensuring the integrity, authenticity, and availability of data, preventing and investigating criminal offenses; control by supervisory bodies or control authorities (e.g., auditing).

2.2 Purposes within the scope of a legitimate interest of ours or third parties (Art. 6 para. 1 f GDPR)

Beyond the actual fulfillment of the contract or pre-contract, we may process your data if necessary to protect our legitimate interests or those of third parties, in particular for the following purposes:

– advertising or market and opinion research, provided you have not objected to the use of your data
; – obtaining information and exchanging data with credit agencies, insofar as this goes beyond our economic risk
; – reviewing and optimizing procedures for needs analysis
; – further developing services and products as well as existing systems and processes
; – training and (further) developing AI applications
; – disclosing personal data within the framework of due diligence in company sale negotiations
; – comparing data with European and international anti-terrorism lists, insofar as this goes beyond legal obligations
; – enriching our data, including through the use of or research into publicly accessible data
; – statistical evaluations or market analysis
; – benchmarking
; – asserting legal claims and defending against legal disputes that are not directly related to the contractual relationship
; – restricting the storage of data if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage
; – developing scoring systems or automated decision-making processes
; – preventing and investigating criminal offenses, insofar as not exclusively for the fulfillment of legal requirements
– building and plant security (e.g., through access controls and video surveillance), insofar as it goes beyond general due diligence obligations
– internal and external investigations, security checks
– the possible monitoring or recording of telephone conversations for quality control and training purposes
– obtaining and maintaining certifications of a private or official nature
– ensuring and exercising the right of domicile through appropriate measures as well as video surveillance to protect our customers and employees and to secure evidence in the event of criminal offenses and their prevention, and
– engaging service providers as independent or joint controllers to carry out activities to fulfill a contract or pre-contractual measures (see clause 2.2) or to fulfill a legitimate interest in accordance with the aforementioned list.

2.3 Purposes within the scope of your consent (Art. 6 para. 1 a GDPR)

Your personal data may also be processed for specific purposes (e.g., using your email address for marketing purposes) based on your consent. You can generally withdraw this consent at any time. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR came into effect, i.e., before May 25, 2018. You will be informed separately about the purposes and consequences of withdrawing or not granting your consent in the corresponding consent text.

As a general rule, the withdrawal of consent only takes effect for the future. Processing that took place before the withdrawal is not affected and remains lawful.

2.4 Purposes for fulfilling legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

Like anyone participating in economic activity, we are subject to a variety of legal obligations. These are primarily statutory requirements (e.g., commercial and tax laws), but may also include regulatory or other official requirements. The purposes of data processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating, and investigation of terrorist financing and asset-endangering crimes, checks against European and international anti-terrorism lists, compliance with tax-related monitoring and reporting obligations, and the archiving of data for data protection and data security purposes, as well as for audits by tax authorities and other agencies. Furthermore, the disclosure of personal data may be necessary in the context of official/judicial proceedings for the purposes of gathering evidence, criminal prosecution, or the enforcement of civil claims.

3. The categories of data we process, insofar as we do not obtain data directly from you, and their origin

To the extent necessary for the provision of our services, we process personal data lawfully obtained from other companies or other third parties (e.g., credit agencies, address publishers, property and facility management companies). We also process personal data that we have lawfully extracted, received, or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, residents' registration offices, debtors' registers, land registers, the press, the internet, and other media).

Relevant categories of personal data may include, in particular:

– Personal data (name, date of birth, place of birth, nationality, marital status, occupation/industry and similar data)
– Contact details (address, email address, telephone number and similar data)
– Address data (registration data and similar data)
– Payment/coverage confirmation for bank and credit cards
– Information about your financial situation (creditworthiness data including scoring, i.e., data for assessing economic risk)
– Customer history
– Data about your use of the telemedia services we offer (e.g., time of access to our websites, apps or newsletters, pages/links clicked or entries made by us and similar data)
– Video data

4. Recipients or categories of recipients of your data

Within our company, your data is only accessible to those internal departments or organizational units that require it to fulfill our contractual and legal obligations or to process and implement our legitimate interests. Your data will only be shared with external parties if necessary.

– in connection with contract processing
– for the purpose of fulfilling legal requirements under which we are obligated to provide information, report or disclose data, or where data disclosure is in the public interest (see section 2.4)
– insofar as external service providers process data on our behalf as data processors or service providers (e.g., external data centers, support/maintenance of EDP/IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility checks, data destruction, purchasing/procurement, customer management, mailing houses, marketing, media technology, research, risk controlling, billing, telephony, website management, property and facility management, auditing services, credit institutions, printing companies or companies for data disposal, courier services, logistics)
– based on our legitimate interest or the legitimate interest of the third party for the purposes mentioned in section 2.2 (e.g., Authorities, credit agencies, debt collection agencies, lawyers, courts, experts, affiliated companies and bodies and supervisory authorities)
– if you have given us your consent to transfer your data to third parties.

We will not share your data with third parties beyond this. If we engage service providers for data processing, your data will be subject to the same security standards there as with us. In all other cases, recipients may only use the data for the purposes for which it was transmitted to them.

5. Duration of data storage

We process and store your data for the duration of our business relationship. This includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

Furthermore, we are subject to various retention and documentation obligations arising, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention periods stipulated therein extend up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

Furthermore, specific legal provisions may require a longer retention period, such as the preservation of evidence within the framework of statutory limitation periods. While the regular limitation period is three years according to Sections 195 et seq. of the German Civil Code (BGB), limitation periods of up to 30 years may also apply.

If the data is no longer required for the fulfillment of contractual or legal obligations and rights, it is routinely deleted, unless its continued processing – for a limited period – is necessary for the purposes listed under section 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest exists, for example, if deletion is not possible or only possible with disproportionate effort due to the specific nature of the storage, and processing for other purposes is prevented by suitable technical and organizational measures.

6. Processing of your data in a third country or by an international organization

Data will only be transferred to entities in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if this is necessary for the execution of an order/contract from or with you, if it is required by law (e.g. tax reporting obligations), if it is in our or a third party's legitimate interest, or if you have given us your consent.

Your data may also be processed in a third country in connection with the involvement of service providers (e.g., within the framework of commissioned data processing). If the EU Commission has not issued an adequacy decision for the third country in question or for specific sectors within that third country, appropriate contracts (such as EU standard contractual clauses) and additional measures can be used as a basis for the transfer.

Information on the appropriate or suitable safeguards and the possibility of obtaining a copy of them can be requested from the company's data protection officer.

7. Your data protection rights

Under certain conditions, you can assert your data protection rights against us.

You have the right to obtain information from us about your data stored with us in accordance with the rules of Art. 15 GDPR (possibly with restrictions according to § 34 BDSG).

At your request, we will correct the data stored about you in accordance with Article 16 GDPR if it is inaccurate or incorrect.
If you wish, we will delete your data in accordance with the principles of Article 17 GDPR, provided that other legal regulations (e.g., statutory retention obligations or the restrictions under Section 35 BDSG) or an overriding legitimate interest on our part (e.g., for the defense of our rights and claims) do not preclude this.

Subject to the conditions of Article 18 GDPR, you can request that we restrict the processing of your data.
Furthermore, you can object to the processing of your data pursuant to Article 21 GDPR, which would require us to cease processing your data. However, this right to object only applies if there are compelling legitimate grounds relating to your particular situation, and our legitimate interests may override your right to object.

You also have the right, under the conditions of Article 20 GDPR, to receive your data in a structured, commonly used and machine-readable format or to transmit it to a third party.

Furthermore, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future (see section 2.3).

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address any complaints to our data protection officer first.

Your requests regarding the exercise of your rights or other inquiries concerning data protection should – if possible – be addressed to our data protection officer, preferably by email to datenschutz-patrizia(at)he-c.de (further contact details can be found above under point 1).

The aforementioned rights also apply to you if we process your personal data as part of joint controllership with a third party pursuant to Article 26 GDPR. This is currently limited to specific situations in the area of property and facility management. If you interact with a property or facility manager commissioned by us and we have concluded a joint controllership agreement with them, it is agreed that the parties are responsible for fulfilling their data protection obligations according to their respective responsibilities for the individual process steps. It is stipulated that the property/facility manager serves as your primary point of contact for exercising your rights under the GDPR. Based on the contractual agreements in these cases, the contracting parties mutually support each other to fully guarantee your data protection rights.

8. Scope of your obligation to provide us with your data

You only need to provide the data that is necessary for establishing and maintaining a business relationship or for a pre-contractual relationship with us, or that we are legally obligated to collect. Without this data, we will generally be unable to conclude or perform the contract. This may also apply to data required later in the course of the business relationship. If we request additional data from you, you will be specifically informed that providing this information is voluntary.

9. Existence of automated decision-making in individual cases (including profiling)

We do not use purely automated decision-making processes as defined in Article 22 of the GDPR. Should we use such a process in individual cases in the future, we will inform you separately, provided this is required by law.

In some cases, we may process your data partly for the purpose of evaluating certain personal aspects (profiling).

To provide you with targeted information and advice about products, we may use evaluation tools. These enable needs-based product design, communication and advertising, including market and opinion research.

These procedures can also be used to assess your creditworthiness and to combat money laundering and fraud. So-called "score values" can be used to assess your creditworthiness. Scoring uses mathematical methods to calculate the probability that a customer will meet their contractual payment obligations. These score values thus support us, for example, in assessing creditworthiness, making decisions regarding product sales, and are incorporated into our risk management. The calculation is based on mathematically and statistically recognized and proven methods and is carried out using your data, in particular your income, expenses, existing liabilities, occupation, employer, length of employment, experience from previous business relationships, timely repayment of previous loans, and information from credit bureaus.

Information on nationality and special categories of personal data pursuant to Article 9 GDPR are not processed.

Information about your right to object (Article 21 GDPR)

1. You have the right to object at any time to the processing of your data based on Article 6(1)(f) GDPR (processing based on legitimate interests) or Article 6(1)(e) GDPR (processing in the public interest), if there are grounds relating to your particular situation. This also applies to profiling based on these provisions within the meaning of Article 4(4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

2. We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object at any time; this also applies to profiling insofar as it is related to such direct marketing. We will respect this objection for the future.

We will no longer process your data for direct marketing purposes if you object to such processing. You can object informally, preferably by contacting:

PATRIZIA SE
Fuggerstraße 26
86150 Augsburg, Germany

Tel: +49 821 50910-000
Fax: +49 821 50910-999
immobilien(at)patrizia.ag

and their subsidiaries .

Part 2: Supplementary data protection information for our website

1. Data protection at a glance:
Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the section "Information on the responsible body" in this privacy policy.

How do we collect your data?

Your data is collected, firstly, because you provide it to us. This could include, for example, data that you enter into a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some data is collected to ensure the website functions correctly. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other inquiries.

What rights do you have regarding your data?

You have the right to obtain information free of charge at any time regarding the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with regard to this and other questions concerning data protection.

Analytics tools and third-party tools

When you visit this website, your browsing behavior may be statistically analyzed. This is done primarily using so-called analytics programs.

Detailed information about these analysis programs can be found in the following privacy policy and in the preceding Part 1.

2. Data collection on this website:
Cookies

Our website uses so-called "cookies." Cookies are small data packets and do not harm your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after you leave our website. Persistent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for carrying out electronic communication, for providing certain functions you have requested (e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring website traffic) (necessary cookies) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically flawless and optimized provision of its services. If consent to the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG); this consent can be revoked at any time.

You can configure your browser to notify you when cookies are set and to allow cookies only in individual cases, to accept cookies in certain cases or to generally reject them, and to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

You can find information about which cookies and services are used on this website in this privacy policy.

Consent with Cookiebot

Our website uses Cookiebot's consent technology to obtain your consent to the storage of certain cookies on your device or the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter "Cookiebot").

When you visit our website, a connection is established to Cookiebot's servers to obtain your consent and other declarations regarding cookie usage. Cookiebot then stores a cookie in your browser to associate your given consent or its revocation with you. The data collected in this way is stored until you request its deletion, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Order processing

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required contract under data protection law, which ensures that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Contact form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provided, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for taking steps prior to entering into a contract. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if such consent has been obtained; you may withdraw your consent at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – in particular, retention periods – remain unaffected.

3. Social Media
Instagram

This website integrates features of the Instagram service. These features are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram then receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The subsequent processing by Facebook or Instagram is not part of this joint responsibility. Our joint obligations are set out in a joint controllership agreement. You can find the text of this agreement at: https://www.facebook.com/legal/controller_addendum . According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for ensuring the tool's data protection-compliant implementation on our website. Facebook is responsible for the data security of its products. You can assert your data subject rights (e.g., requests for access) regarding data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum , https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381 .

Further information can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/ .

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452 .

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time you access a page on this website that contains LinkedIn elements, a connection is established with LinkedIn's servers. LinkedIn is informed that you have visited this website with your IP address. If you click the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn can associate your visit to this website with you and your user account. Please note that as the website provider, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de

Further information can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy .

4. Analytics tools and advertising:
Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking and analytics tools and other technologies into our website. The Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It serves solely to manage and deploy the tools integrated through it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on their website. If corresponding consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows website operators to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the user's origin. This data is aggregated into a user ID and assigned to the respective device of the website visitor.

Furthermore, we can use Google Analytics to record your mouse movements, scrolling, and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data and employs machine learning technologies for data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to and stored on a Google server in the USA.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://business.safety.google/adscontrollerterms/sccs/ .

IP anonymization

Google Analytics IP anonymization is activated. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de .

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, YouTube history, and demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.

Order processing

We have concluded a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-Commerce Measurement

This website uses the "E-commerce Measurement" feature of Google Analytics. E-commerce measurement allows the website operator to analyze the purchasing behavior of website visitors to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product are collected. This data can be aggregated by Google under a transaction ID that is assigned to the respective user or their device.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many advertisements resulted in clicks.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/ .

Google AdSense (non-personalized)

This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google AdSense in "non-personalized" mode. Unlike personalized mode, the ads are not based on your previous browsing behavior, and no user profile is created. Instead, so-called "contextual information" is used to select the ads. The selected ads are then based, for example, on your location, the content of the website you are visiting, or your current search terms. You can find more information about the differences between personalized and non-personalized targeting with Google AdSense here : https://support.google.com/adsense/answer/9007336

Please note that even when using Google AdSense in non-personalized mode, cookies or similar tracking technologies (e.g., device fingerprinting) may be used. According to Google, these are used to combat fraud and abuse.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://business.safety.google/adscontrollerterms/sccs/ .

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://adssettings.google.com/authenticated .

Further information about Google's advertising technologies can be found here: https://policies.google.com/technologies/ads and https://www.google.de/intl/de/policies/privacy/ .

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).

Furthermore, advertising audiences created with Google Ads Remarketing can be linked to Google's cross-device features. This allows interest-based, personalized advertising messages, tailored to you based on your previous usage and browsing behavior on one device (e.g., mobile phone), to also be displayed on another of your devices (e.g., tablet or PC).

If you have a Google account, you can opt out of personalized advertising at the following link: https://adssettings.google.com/anonymous?hl=de .

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

Further information and the data protection regulations can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de .

Target group formation with customer matching

To create target audiences, we use, among other things, the customer matching feature of Google Ads Remarketing. In this process, we transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they will be shown relevant advertising messages within the Google network (e.g., on YouTube, Gmail, or in the search engine).

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether a user has performed certain actions. For example, we can analyze which buttons on our website are clicked most frequently and which products are viewed or purchased most often. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

For more information about Google Conversion Tracking, please see Google's privacy policy: https://policies.google.com/privacy?hl=de .

5. Plugins and Tools:
Google Fonts (local hosting)

This website uses Google Fonts, provided by Google, for consistent font display. The Google Fonts are installed locally. No connection to Google servers is established.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de .

Font Awesome (local hosting)

This website uses Font Awesome for consistent font display. Font Awesome is installed locally. No connection is made to servers of Fonticons, Inc.

Further information about Font Awesome can be found in the Font Awesome privacy policy at: https://fontawesome.com/privacy .

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to verify whether data entry on this website (e.g., in a contact form) is done by a human or an automated program. To do this, reCAPTCHA analyzes the website visitor's behavior based on various characteristics. This analysis begins automatically as soon as the visitor enters the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g., IP address, the visitor's time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analysis runs entirely in the background. Website visitors are not notified that an analysis is taking place.

The data is stored and analyzed based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its website from abusive automated access and spam. If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telemedia Act (TMG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDG. Consent can be withdrawn at any time.

For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de .

Part 3: Data processing by social networks

Our social media presence

This privacy policy applies to the following social media profiles.

Data processing by social networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks like Facebook, X, etc., can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media pages triggers numerous data processing operations relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media page, the operator of the social media platform can associate this visit with your user account. Your personal data may also be collected even if you are not logged in or do not have an account with the respective social media platform. In this case, data collection occurs, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of social media platforms can create user profiles that store your preferences and interests. This allows them to display interest-based advertising to you both on and off the respective social media platform. If you have an account with the respective social network, this interest-based advertising can be displayed on all devices on which you are or have been logged in.

Please also note that we cannot track all data processing activities on social media platforms. Depending on the provider, the operators of the social media platforms may carry out further data processing activities. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

Legal basis

Our social media presence is intended to ensure the broadest possible reach online. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g., consent within the meaning of Article 6(1)(a) GDPR).

Responsible party and assertion of rights

When you visit one of our social media pages (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by this visit. You can generally assert your rights (access, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint) against both us and the operator of the respective social media portal (e.g., Facebook).

Please note that despite our joint responsibility with the social media platform operators, we do not have full control over the data processing operations of these platforms. Our options are largely determined by the respective provider's company policy.

Storage duration

The data we collect directly through our social media presence is deleted from our systems as soon as you request its deletion, withdraw your consent to its storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular, retention periods – remain unaffected.

We have no control over how long your data is stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).

Your rights

You have the right to obtain information free of charge at any time regarding the origin, recipients, and purpose of your stored personal data. You also have the right to object to processing, the right to data portability, and the right to lodge a complaint with the competent supervisory authority. Furthermore, you can request the rectification, blocking, erasure, and, under certain circumstances, the restriction of the processing of your personal data.

Social networks in detail

Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381 .

For details on how they handle your personal data, please see Instagram's privacy policy: https://privacycenter.instagram.com/policy/ .

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs .

For details on how LinkedIn handles your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy .