Privacy Policy

Last updated: December 26, 2023

Table of Contents

• Controller
• Overview of Processing Operations
• Applicable Legal Bases
• Security Measures
• Deletion of Data
• Rights of Data Subjects
• Use of Cookies
• Business Services
• Payment Processing
• Provision of Online Services and Web Hosting
• Registration, Login, and User Account
• Single Sign-On Authentication
• Contact and Inquiry Management
• Newsletter and Electronic Communications
• Web Analytics, Monitoring, and Optimization
• Definitions

Controller

Anton Elmiger Goethestraße 45 10625 Berlin

Email address: whembat@gmail.com

Overview of Processing Operations

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

• Account data
• Payment data
• Contact data
• Content data
• Contract data
• Usage data
• Meta, communication, and procedural data
• Event data (Facebook)

Categories of Data Subjects

• Customers
• Interested parties
• Communication partners
• Users
• Business and contractual partners

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations
• Contact requests and communication
• Security measures
• Direct marketing
• Reach measurement
• Office and organizational procedures
• Management and response to inquiries
• Feedback
• Profiles with user-related information
• Registration procedures
• Provision of our online services and user-friendliness
• Information technology infrastructure

Applicable Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR under which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection requirements may apply in your or our country of residence. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Contract Performance and Pre-contractual Inquiries (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legal Obligation (Art. 6(1)(c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate Interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated individual decision-making, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on Applicability of GDPR and Swiss DPA: This privacy notice serves to provide information in accordance with both the Swiss Federal Act on Data Protection (Swiss DPA) and the General Data Protection Regulation (GDPR). For this reason, please note that GDPR terminology is used for broader territorial application and comprehensibility. In particular, instead of the terms "processing" of "personal data", "overriding interest" and "particularly sensitive personal data" used in the Swiss DPA, the terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms continues to be determined according to the Swiss DPA within the scope of the Swiss DPA's applicability.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input, disclosure, availability protection, and separation of the data. We have also established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software, and processes, in accordance with the principle of privacy by design and privacy by default settings.

TLS/SSL encryption (https): To protect user data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

Deletion of Data

The data processed by us will be deleted in accordance with legal requirements as soon as their permitted consent is revoked or other permissions expire (e.g., if the purpose for processing this data has ceased to apply or they are not necessary for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be limited to these purposes. That is, the data will be restricted and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person. Our privacy notices may contain further information on the retention and deletion of data that takes precedence for the respective processing operations.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject under the GDPR, you have various rights, which arise in particular from Art. 15 to 21 GDPR:

• Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right to Withdraw Consent: You have the right to withdraw your consent at any time.
• Right of Access: You have the right to obtain confirmation as to whether relevant data is being processed and to receive information about this data as well as further information and a copy of the data in accordance with legal requirements.
• Right to Rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of incorrect data concerning you.
• Right to Erasure and Restriction of Processing: You have the right, in accordance with legal requirements, to demand that relevant data be erased immediately or, alternatively, to demand restriction of the processing of the data.
• Right to Data Portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.
• Complaint to Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Use of Cookies

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, shopping cart contents in an e-shop, the content accessed, or functions used of an online service. Cookies can also be used for various purposes, e.g., for purposes of functionality, security, and comfort of online services as well as the creation of analyses of visitor flows.

Notes on Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, except when it is not required by law. In particular, consent is not necessary if the storage and reading of information, including cookies, is strictly necessary to provide users with a telemedia service (i.e., our online service) that they have explicitly requested. The strictly necessary cookies typically include cookies with functions related to the display and functionality of the online service, load balancing, security, storing preferences and selection options, or similar purposes associated with providing the main and auxiliary functions of the online service requested by users. The revocable consent is clearly communicated to users and contains the information about the respective cookie use.

Notes on Legal Bases under Data Protection Law: The legal basis under which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g., in a business operation of our online service and improvement of its usability) or, if this is done in the fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. For what purposes the cookies are processed by us, we clarify in the course of this privacy policy or in the framework of our consent and processing processes.

Storage Duration: With regard to the storage duration, the following types of cookies are distinguished:

• Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g., browser or mobile application).
• Permanent Cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.

General Information on Revocation and Objection (Opt-Out): Users can revoke their consent at any time and object to processing in accordance with legal requirements. Users can restrict the use of cookies in their browser settings (which may also limit the functionality of our online service). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

• Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR).

Business Services

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as associated measures and within the scope of communication with contractual partners (or pre-contractually), e.g., to answer inquiries.

We process this data to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations, and remedies in the event of warranty and other performance disruptions. In addition, we process the data to protect our rights and for the purpose of administrative tasks associated with these obligations and company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., for involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the scope of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, e.g., for marketing purposes, within the scope of this privacy policy.

We inform contractual partners which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks, etc.), or personally.

We delete the data after expiry of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be kept for legal archiving reasons. The statutory retention period is ten years for tax-relevant documents as well as commercial books, inventories, opening balances, annual financial statements, the work instructions and other organizational documents necessary for understanding these documents and accounting records, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent, or the accounting document was created, furthermore the recording was made or the other documents were created.

If we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms shall apply in the relationship between the users and the providers.

• Types of Data Processed: Account data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, time information, identification numbers, consent status).
• Data Subjects: Customers; Interested parties; Business and contractual partners.
• Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Contact requests and communication; Office and organizational procedures; Management and response to inquiries.
• Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods and Services:

• Customer Account: Customers can create an account within our online service (e.g., customer or user account, briefly "customer account"). If the registration of a customer account is required, customers will be informed of this as well as of the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration and subsequent logins and use of the customer account, we store the IP addresses of customers along with the access times to verify the registration and prevent any misuse of the customer account. If the customer account has been terminated, the data of the customer account will be deleted after the termination date, unless they must be retained for other purposes or must be kept for legal reasons (e.g., internal storage of customer data, order processes or invoices). It is the responsibility of customers to secure their data upon termination of the customer account; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).
• Provision of Software and Platform Services: We process the data of our users, registered and any test users (hereinafter uniformly referred to as "users") in order to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our offer and to develop it further. The required information is identified as such within the scope of the order, purchase or comparable contract conclusion and includes the information needed for service provision and billing as well as contact information in order to be able to hold any consultations; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Payment Processing

Within the framework of contractual and other legal relationships, based on legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively "payment service providers").

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to complete the transactions. However, the data entered is only processed and stored by the payment service providers. That is, we do not receive any account or credit card related information, but only information with confirmation or negative disclosure of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to verify identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers apply to the payment transactions, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and assertion of rights of revocation, information and other data subject rights.

• Types of Data Processed: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data Subjects: Customers; Interested parties.
• Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations.
• Legal Basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Additional Information on Processing Procedures, Methods and Services:

• Stripe: Payment services (technical connection of online payment methods); Service Provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal Basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://stripe.com; Privacy Policy: https://stripe.com/de/privacy. Basis for Third Country Transfer: EU-US Data Privacy Framework (DPF).

Provision of Online Services and Web Hosting

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

• Types of Data Processed: Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of our online service and user-friendliness; Information technology infrastructure (Operation and provision of information systems and technical devices (computers, servers etc.).). Security measures.
• Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods and Services:

• Provision of Online Service on Rented Storage Space: For providing our online service, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web hoster"); Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
• Collection of Access Data and Log Files: Access to our online service is logged in the form of so-called "server log files". The server log files may include the address and name of the accessed websites and files, date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid overloading the servers (especially in case of abusive attacks, so-called DDoS attacks) and to ensure the utilization of the servers and their stability; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR). Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is required for evidential purposes is exempt from deletion until final clarification of the respective incident.
• Hetzner: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.hetzner.com; Privacy Policy: https://www.hetzner.com/de/rechtliches/datenschutz. Data Processing Agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.

Registration, Login and User Account

Users can create a user account. During registration, users are informed of the required mandatory information and this information is processed for the purpose of providing the user account on the basis of contractual obligation fulfillment. The processed data includes in particular the login information (username, password, and an email address).

In the context of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. This data will not generally be passed on to third parties unless it is necessary for pursuing our claims or there is a legal obligation to do so.

Users may be informed by email about events that are relevant to their user account, such as technical changes.

• Types of Data Processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Management and response to inquiries. Provision of our online service and user-friendliness.
• Legal Basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods and Services:

• Registration with Pseudonyms: Users may use pseudonyms as usernames instead of real names; Legal Basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).
• User Profiles are Not Public: User profiles are not publicly visible or accessible.
• Deletion of Data after Termination: When users have terminated their user account, their data relating to the user account will be deleted, subject to any legal permission, obligation, or consent of the users; Legal Basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).
• No Obligation to Preserve Data: Users are responsible for securing their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract; Legal Basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Single Sign-On Authentication

"Single Sign-On" or "Single Sign-On Authentication" refers to procedures that allow users to log in to our online service using a user account with a Single Sign-On provider (e.g., a social network). The prerequisite for Single Sign-On authentication is that users are registered with the respective Single Sign-On provider and enter the required access data in the online form provided, or are already logged in with the Single Sign-On provider and confirm the Single Sign-On login via button.

Authentication takes place directly with the respective Single Sign-On provider. As part of such authentication, we receive a user ID with the information that the user is logged in under this user ID with the respective Single Sign-On provider and an ID that cannot be used by us for other purposes (so called "User Handle"). Whether additional data is transmitted to us depends solely on the Single Sign-On procedure used, the data releases selected during authentication and also which data users have released in their privacy or other settings with the Single Sign-On provider. Depending on the Single Sign-On provider and the user's choice, there can be different data, usually it is the email address and the username. The password entered as part of the Single Sign-On procedure with the Single Sign-On provider is neither visible to us nor is it stored by us.

Users are requested to note that their information stored with us may be automatically synchronized with their user account with the Single Sign-On provider, but this is not always possible or actually happens. If, for example, users' email addresses change, they must change them manually in their user account with us.

We may use the Single Sign-On login, if agreed with users, in the context of or prior to contract fulfillment if users have been requested to do so, process it within the framework of consent, and otherwise use it on the basis of legitimate interests on our part and the interests of users in an effective and secure login system.

Should users decide to no longer want to use the link of their user account with the Single Sign-On provider for the Single Sign-On procedure, they must remove this connection within their user account with the Single Sign-On provider. If users wish to delete their data with us, they must cancel their registration with us.

• Types of Data Processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Event data (Facebook) ("Event data" is data that can be transmitted from us to Facebook via Facebook Pixel (via apps or other means) and relates to persons or their actions; The data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event data does not include the actual content (such as written comments), no login information, and no contact information (i.e., no names, email addresses, and phone numbers). Event data is deleted by Facebook after a maximum of two years, the target groups created from them with the deletion of our Facebook account).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures. Login procedures.
• Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods and Services:

• Apple Single Sign-On: Authentication service; Service Provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.apple.com/de/. Privacy Policy: https://www.apple.com/legal/privacy/de-ww/.
• Google Single Sign-On: Authentication service; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.google.de; Privacy Policy: https://policies.google.com/privacy; Basis for Third Country Transfer: EU-US Data Privacy Framework (DPF). Opt-Out Option: Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff.
• X Single Sign-On: Authentication service; Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://twitter.com; Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization); Data Processing Agreement: https://privacy.twitter.com/en/for-our-partners/global-dpa. Basis for Third Country Transfer: Standard Contractual Clauses (https://privacy.twitter.com/en/for-our-partners/global-dpa).

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone, or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

• Types of Data Processed: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data Subjects: Communication partners.
• Purposes of Processing: Contact requests and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form). Provision of our online service and user-friendliness.
• Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR). Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Additional Information on Processing Procedures, Methods and Services:

• Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle the stated request; Legal Basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Newsletter and Electronic Communications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletters") only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for the purpose of personal address in the newsletter, or other information if these are required for the purposes of the newsletter.

Double-Opt-In Procedure: Registration for our newsletter takes place in a so-called double-opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's email addresses. The newsletter registrations are logged in order to be able to prove the registration process according to legal requirements. This includes storing the registration and confirmation time as well as the IP address. Changes to your data stored with the shipping service provider are also logged.

Deletion and Processing Restriction: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide proof of prior consent. The processing of this data will be limited to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process takes place on the basis of our legitimate interests for the purposes of proving its proper course. If we commission a service provider to send emails, this is done on the basis of our