Privacy Policy

Preamble

With the following Privacy Policy, we inform you about the types of personal data (hereinafter also referred to simply as "data") we process, for what purposes, and to what extent.

This Privacy Policy applies to all processing of personal data carried out by us—both in the context of providing our website and our AI-powered gift recommendation tool, as well as in connection with our other services, communication offerings, and our online presences on social media platforms (hereinafter collectively referred to as the "online offering").

Where interactive features or AI-powered applications are used as part of our online offering, we process the data you enter only to the extent described in each case and for the stated purposes.

The terms used are not gender-specific.

Last updated: 16 February 2026

Table of Contents

• Preamble
• Controller
• Overview of Processing Activities
• Relevant Legal Bases
• Security Measures
• Disclosure of Personal Data
• International Data Transfers
• General Information on Data Retention and Deletion
• Rights of Data Subjects
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Registration, Login and User Account
• Newsletter and Electronic Notifications
• Web Analytics, Monitoring and Optimization
• Online Marketing
• Affiliate Programs and Affiliate Links
• Presences on Social Networks (Social Media)
• Plug-ins and Embedded Functions and Content
• Changes and Updates
• Definitions

Controller

Julian Felix Junker
Zanderstr. 10
60327 Frankfurt am Main

Email address: info@deingeschenk.ai

Legal notice (Imprint): https://www.deingeschenk.ai/legal-notice

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of Data Processed

• Inventory data.
• Contact data.
• Content data.
• Contract data.
• Usage data.
• Meta, communication and procedural data.
• Log data.

Categories of Data Subjects

• Prospective customers.
• Communication partners.
• Users.

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations.
• Communication.
• Security measures.
• Direct marketing.
• Reach measurement.
• Tracking.
• Conversion measurement.
• Audience building.
• Affiliate tracking.
• Organizational and administrative procedures.
• Feedback.
• Marketing.
• Profiles with user-related information.
• Provision of our online offering and user-friendliness.
• IT infrastructure.
• Public relations.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases apply in individual cases, we will inform you of these in this Privacy Policy.

• Consent (Art. 6(1) sentence 1 lit. a GDPR) – The data subject has given consent to the processing of personal data concerning them for one or more specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests, fundamental rights and freedoms of the data subject requiring the protection of personal data do not override those interests.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany. This includes in particular the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains, in particular, special rules on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and disclosure and automated decision-making in individual cases, including profiling. In addition, state data protection laws of the individual federal states may apply.

Security Measures

In accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, availability safeguarding and segregation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data security incidents. We also take data protection into account during the development or selection of hardware, software and processes, in accordance with the principle of privacy by design and privacy-friendly default settings.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cornerstones of secure data transmission on the internet. These technologies encrypt information transmitted between the website or app and the user's browser (or between servers), protecting data from unauthorized access. TLS, as the more advanced and more secure version of SSL, ensures that all transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is indicated by "HTTPS" in the URL. This serves as an indicator to users that their data is transmitted securely and in encrypted form.

Disclosure of Personal Data

In the course of our processing of personal data, data may be transmitted to other entities, companies, legally independent organizational units or individuals, or disclosed to them. Recipients of such data may include, for example, service providers commissioned with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with recipients that serve to protect your data.

International Data Transfers

Processing in third countries: Where we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in connection with the use of third-party services or the disclosure/transfer of data to other persons, entities or companies (which can be identified by the provider's address or where the Privacy Policy explicitly refers to transfers to third countries), this is always done in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission dated 10 July 2023. In addition, we have entered into Standard Contractual Clauses (SCCs) with the respective providers, in line with EU Commission requirements, establishing contractual obligations to protect your data.

This dual safeguard ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the SCCs provide an additional safeguard. Should there be changes to the DPF, the SCCs serve as a reliable fallback option. This ensures that your data remains adequately protected even in the event of political or legal changes.

For each individual service provider, we inform you whether they are certified under the DPF and whether SCCs are in place. Further information on the DPF and a list of certified companies can be found on the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/ (in English).

For transfers to other third countries, corresponding safeguards apply, in particular SCCs, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the EU Commission's information resources: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General Information on Data Retention and Deletion

We delete personal data we process in accordance with legal requirements as soon as the underlying consents are withdrawn or no other legal basis for processing exists. This applies where the original purpose of processing no longer applies or the data is no longer needed. Exceptions apply where legal obligations or special interests require longer retention or archiving.

In particular, data that must be retained for commercial or tax reasons or whose retention is necessary for legal enforcement or to protect the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that apply specifically to certain processing operations.

If multiple retention periods or deletion deadlines are stated, the longest period always applies. Data retained not for its original purpose but due to legal requirements or other reasons is processed solely for the reasons that justify its retention.

Retention and deletion of data: The following general retention periods apply under German law:

• 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheet, and organizational documents necessary for understanding them (§ 147(1) no. 1 in conjunction with (3) AO, § 14b(1) UStG, § 257(1) no. 1 in conjunction with (4) HGB).
• 8 years – Accounting vouchers such as invoices and expense receipts (§ 147(1) no. 4 and 4a in conjunction with (3) sentence 1 AO and § 257(1) no. 4 in conjunction with (4) HGB).
• 6 years – Other business records: received commercial or business letters, copies of sent commercial or business letters, and other documents relevant for taxation, e.g., wage slips, operating accounting sheets, calculation documents, price markings, payroll documents (unless already accounting vouchers), and cash register tapes (§ 147(1) no. 2, 3, 5 in conjunction with (3) AO, § 257(1) no. 2 and 3 in conjunction with (4) HGB).
• 3 years – Data required to consider potential warranty and damage claims or similar contractual claims and rights, and to handle related inquiries, based on prior business experience and usual industry practices, is stored for the regular statutory limitation period of three years (§§ 195, 199 BGB).

Start of the limitation period at year-end: If a period does not explicitly begin on a specific date and is at least one year, it starts automatically at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships, the triggering event is the effective date of termination or other end of the legal relationship.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, in particular arising from Articles 15 to 21 GDPR:

• Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions. Where personal data is processed for direct marketing, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw any consent at any time.
• Right of access: You have the right to request confirmation as to whether data concerning you is being processed, and to receive access to such data as well as further information and a copy of the data in accordance with legal requirements.
• Right to rectification: You have the right, in accordance with legal requirements, to request completion or correction of inaccurate data concerning you.
• Right to erasure and restriction of processing: You have the right, subject to legal requirements, to request that data concerning you be erased without undue delay, or alternatively to request restriction of processing.
• Right to data portability: You have the right to receive data concerning you which you have provided to us, in a structured, commonly used and machine-readable format, or to request its transmission to another controller.
• Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

Provision of the Online Offering and Web Hosting

We process users' data in order to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

• Types of data processed: Usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, involved persons). Log data (e.g., log files regarding logins or retrieval of data or access times.).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing and legitimate interests: Provision of our online offering and user-friendliness. IT infrastructure (operation and provision of information systems and technical devices such as computers and servers).
• Retention and deletion: Deletion in accordance with the "General Information on Data Retention and Deletion" section.
• Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

• Provision of the online offering on rented storage space: To provide our online offering, we use storage space, computing capacity and software that we rent or otherwise obtain from a server provider (also known as a "web host"); Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Use of Cookies

The term "cookies" refers to functions that store information on users' devices and read it from them. Cookies may be used for various purposes, such as functionality, security and convenience of online offerings, and creating analyses of visitor flows. We use cookies in accordance with legal requirements. Where required, we obtain users' consent in advance. Where consent is not required, we rely on our legitimate interests. This applies if storing and reading information is essential to provide expressly requested content and functions (e.g., storing settings and ensuring functionality and security of our online offering). Consent can be withdrawn at any time. We clearly inform users about the scope and which cookies are used.

Notes on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests as described above and in the context of the respective services and procedures.

Retention period: Regarding retention, the following types of cookies are distinguished:

• Temporary cookies (session cookies): Deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
• Persistent cookies: Remain stored after the device is closed, e.g., to store login status or preferred content for future visits. Usage data collected via cookies may also be used for reach measurement. If we do not provide explicit information on the type and retention period (e.g., in the context of obtaining consent), users should assume these cookies are persistent and the retention period may be up to two years.

General information on withdrawal and objection (opt-out): Users can withdraw consent at any time and object to processing in accordance with legal requirements, including via the privacy settings of their browser.

• Types of data processed: Meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, involved persons).
• Data subjects: Users (e.g., website visitors, users of online services).
• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR). Consent (Art. 6(1) sentence 1 lit. a GDPR).

Further information on processing operations, procedures and services:

• Processing cookie data based on consent: We use a consent management solution to obtain, log, manage and enable withdrawal of users' consent to the use of cookies or the procedures and providers named within the consent management solution. This procedure serves to obtain, log, manage and enable withdrawal of consents, in particular regarding the use of cookies and comparable technologies used to store, read and process information on users' devices. As part of this procedure, users' consents to the use of cookies and the associated processing of information are obtained, including the specific processing and providers named in the consent management procedure. Users also have the option to manage and withdraw their consents. Consent declarations are stored to avoid repeated requests and to provide evidence of consent as legally required. Storage may occur server-side and/or in a cookie ("opt-in cookie") or comparable technologies to assign consent to a particular user or device. Unless specific information about consent management providers is available, the following applies: consent may be stored for up to two years. A pseudonymous user identifier is created and stored together with the time of consent, the scope of consent (e.g., cookie categories and/or service providers), and information about the browser, system and device used; Legal basis: Consent (Art. 6(1) sentence 1 lit. a GDPR).

Registration, Login and User Account

Users can create a user account. During registration, users are informed of the required mandatory information, which is processed for the purpose of providing the user account on the basis of contractual performance. The data processed includes in particular login information (username, password and an email address).

When users use our registration and login functions and their user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests and those of users in protection against misuse and unauthorized use. This data is generally not disclosed to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed by email about processes relevant to their user account, such as technical changes.

• Types of data processed: Inventory data (e.g., full name, home address, contact details, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or image messages and posts and related information such as authorship or time of creation); usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Log data (e.g., log files regarding logins or retrieval of data or access times.).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations; security measures; organizational and administrative procedures. Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the "General Information on Data Retention and Deletion" section. Deletion after termination.
• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails and other electronic notifications (hereinafter "newsletter") only with recipients' consent or on a legal basis. If the contents of the newsletter are specified during signup, these contents are decisive for users' consent. Typically, providing an email address is sufficient for signup. However, to provide a personalized service, we may request your name for personalized address in the newsletter or further information if necessary for the newsletter purpose.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove prior consent. Processing is limited to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided the former existence of consent is confirmed. Where we are obliged to permanently observe objections, we reserve the right to store the email address solely for this purpose in a suppression list ("blocklist").

Logging of the signup procedure is based on our legitimate interests for the purpose of proving proper execution. Where we engage a service provider to send emails, this is based on our legitimate interests in an efficient and secure sending system.

Content:

Information about our AI-powered gift recommendation tool, new features, product updates, gift ideas and inspirations for various occasions (e.g., birthdays, Christmas, special events), information about collaborations, and occasional information about offers and promotions.

• Types of data processed: Inventory data (e.g., full name, home address, contact details, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers). Meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, involved persons).
• Data subjects: Communication partners.
• Purposes of processing and legitimate interests: Direct marketing (e.g., via email or post).
• Legal basis: Consent (Art. 6(1) sentence 1 lit. a GDPR).
• Right to object (opt-out): You may unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. You will find an unsubscribe link at the end of each newsletter, or you can use one of the contact options stated above (preferably email).

Web Analytics, Monitoring and Optimization

Web analytics (also referred to as "reach measurement") is used to evaluate visitor flows of our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. Reach analysis can help us identify times when our offering or its functions/content are used most often, encourage re-use, and determine which areas require optimization.

In addition to web analytics, we may also use testing procedures to test and optimize different versions of our online offering or parts thereof.

Unless otherwise stated below, profiles may be created for these purposes (i.e., data consolidated for a usage process) and information stored and read from a browser/device. Information collected includes visited websites and elements used there, technical details such as browser and operating system, and usage times. If users consent to the collection of location data, such data may also be processed.

In addition, users' IP addresses are stored. However, we use IP masking (pseudonymization by truncating the IP address) to protect users. Generally, no plain data (e.g., email addresses or names) is stored in the context of web analytics, A/B testing and optimization, but pseudonyms. This means neither we nor the providers of the software used know users' actual identities, only the information stored in their profiles for the respective procedures.

Notes on legal bases: If we ask users for consent to use third-party providers, consent is the legal basis. Otherwise, user data is processed based on our legitimate interests (interest in efficient, economical and user-friendly services). In this context, we also refer to the information on cookies in this Privacy Policy.

• Types of data processed: Usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, involved persons).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing and legitimate interests: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the "General Information on Data Retention and Deletion" section. Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for up to two years.).
• Security measures: IP masking (pseudonymization of IP address).
• Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

• Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number contains no unique data such as names or email addresses. It is used to assign analytics information to a device to understand which content users accessed, what search terms they used, whether they revisited content, or interacted with our offering. Usage time and duration, sources referring users, and technical aspects of devices and browsers are also stored.
  Pseudonymous user profiles may be created using information from multiple devices, and cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. It provides coarse geolocation data derived from IP metadata (city, continent, country, region, etc.). For EU traffic, IP data is used only for deriving geolocation and is then immediately deleted. It is not logged, not accessible, and not used for any other purposes. When Google Analytics collects measurement data, all IP lookups are performed on EU-based servers before forwarding traffic to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of IP address); Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Ad personalization settings: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).

Online Marketing

We process personal data for online marketing purposes, including in particular the marketing of advertising space or the display of promotional and other content (collectively "content") based on users' potential interests, and measuring effectiveness.

For these purposes, user profiles may be created and stored in a file (a "cookie") or similar methods used to store relevant details. These can include viewed content, visited websites, used online networks, communication partners, technical details (browser, operating system), and usage times and features used. If users consent to location data collection, location data may also be processed.

Users' IP addresses are stored, but we use IP masking (pseudonymization by truncating the IP address) to protect users. Generally, no plain data (such as names or email addresses) is stored for online marketing purposes, but pseudonyms. This means neither we nor the providers of the marketing methods know users' true identities, only the information stored in their profiles.

Statements in profiles are usually stored in cookies or similar methods. These cookies may later be read on other websites using the same marketing methods and analyzed for content delivery, supplemented with additional data, and stored on the marketing provider's servers.

Exceptionally, plain data may be assigned to profiles, especially if users are members of a social network whose marketing methods we use and the network links profiles to those details. Users may have additional arrangements with providers, such as by consenting during registration.

We generally only receive aggregated information on the success of our ads. However, via conversion measurement we can check which online marketing methods led to a "conversion" (e.g., contract conclusion). Conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, cookies used may be stored for up to two years.

Notes on legal bases: If we request user consent for third-party providers, consent is the legal basis. Otherwise, user data is processed based on our legitimate interests (interest in efficient, economical and user-friendly services). In this context, we also refer to the information on cookies in this Privacy Policy.

Withdrawal and objection:

We refer to the privacy notices of the respective providers and their opt-out options. If no opt-out is specified, users can disable cookies via browser settings, though functions may be limited. We additionally recommend the following opt-out options:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://youradchoices.ca/.

c) USA: https://optout.aboutads.info/.

d) Cross-region: https://optout.aboutads.info.

• Types of data processed: Usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, involved persons).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing and legitimate interests: Reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest/behavior-based profiling, use of cookies); audience building; marketing; profiles with user-related information (creation of user profiles). Conversion measurement (measuring effectiveness of marketing measures).
• Retention and deletion: Deletion in accordance with the "General Information on Data Retention and Deletion" section. Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for up to two years.).
• Security measures: IP masking (pseudonymization of IP address).
• Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

• Google Ads and conversion measurement: Online marketing method for placing content and ads within the provider's ad network (e.g., search results, videos, websites), shown to users with presumed interest. We also measure conversions, i.e., whether users interacted with ads and used promoted offers. We receive only anonymous information; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR), Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Controller terms and Standard Contractual Clauses for third-country data transfers: https://business.safety.google/adscontrollerterms.

Affiliate Programs and Affiliate Links

We integrate so-called affiliate links or other references (including search masks, widgets or discount codes) to offers and services of third-party providers (collectively "affiliate links") into our online offering. If users follow affiliate links and subsequently use the offers, we may receive a commission or other benefits (collectively "commission").

To track whether users make use of offers via an affiliate link, it is necessary that the relevant third-party providers learn that users followed an affiliate link within our online offering. Assigning affiliate links to transactions or other actions (e.g., purchases) serves solely the purpose of commission settlement and is lifted as soon as it is no longer necessary.

For these purposes, affiliate links may be supplemented with certain values that are part of the link or stored otherwise (e.g., in a cookie). These values may include, in particular, the originating website (referrer), the time, an online identifier of the website operator where the affiliate link was placed, an online identifier of the offer, the type of link, the type of offer, and an online identifier of the user.

Notes on legal bases: If we request user consent for third-party providers, consent is the legal basis. Otherwise, processing is based on our legitimate interests (interest in efficient, economical and user-friendly services). In this context, we also refer to the information on cookies in this Privacy Policy.

• Types of data processed: Contract data (e.g., subject matter, term, customer category); usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, involved persons).
• Data subjects: Prospective customers. Users (e.g., website visitors, users of online services).
• Purposes of processing and legitimate interests: Affiliate tracking.
• Retention and deletion: Deletion in accordance with the "General Information on Data Retention and Deletion" section.
• Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

• Amazon Partner Program: Affiliate partner program (Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates); Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.amazon.de; Privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010. Basis for third-country transfers: Data Privacy Framework (DPF).

Presences on Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.

We point out that user data may be processed outside the European Union. This may entail risks for users, for example because enforcement of user rights may be more difficult.

Furthermore, user data within social networks is typically processed for market research and advertising purposes. For example, usage profiles may be created based on user behavior and interests, which may be used to display ads within and outside networks. Cookies may be stored on users' computers that store usage behavior and interests. Data may also be stored across devices (especially when users are members of a platform and logged in).

For a detailed description of processing and opt-out options, we refer to the privacy policies of the respective network operators.

For access requests and exercising data subject rights, we note that these are most effectively asserted with the providers, as only they have access to user data and can take direct action. If you nevertheless require assistance, you can contact us.

• Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or image messages and posts and related information such as authorship or time of creation). Usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing and legitimate interests: Communication; feedback (e.g., collecting feedback via online form). Public relations.
• Retention and deletion: Deletion in accordance with the "General Information on Data Retention and Deletion" section.
• Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

• Instagram: Social network enabling sharing of photos and videos, commenting, favoriting, messaging, following profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.instagram.com; Privacy policy: https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Data Privacy Framework (DPF).
• Facebook Pages: Profiles within the Facebook social network – The controller is jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data of visitors to our Facebook page ("Fanpage"). This includes in particular information on user behavior (e.g., viewed or interacted content, actions taken) and device information (e.g., IP address, operating system, browser type, language settings, cookie data). Details are provided in Facebook's data policy: https://www.facebook.com/privacy/policy/. Facebook also uses this data to provide us with "Page Insights" statistics. The legal basis is an agreement with Facebook ("Page Insights information"): https://www.facebook.com/legal/terms/page_controller_addendum. Further information: https://www.facebook.com/legal/terms/information_about_page_insights_data. Users can submit access or deletion requests directly to Facebook. Joint controllership is limited exclusively to data collection by Meta Platforms Ireland Limited (EU). For further processing, including potential transfer to Meta Platforms Inc. in the USA, Meta Platforms Ireland Limited is solely responsible; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).
• Pinterest: Social network enabling sharing of photos, commenting, favoriting and curating posts, messaging, following profiles; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.pinterest.com. Privacy policy: https://policy.pinterest.com/de/privacy-policy.

Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter "third-party providers"). These may include graphics, videos or maps (collectively "content").

Integration requires that third-party providers process users' IP addresses, as without an IP address they cannot deliver content to the browser. The IP address is therefore required for displaying such content or functions. We strive to use only content whose providers use the IP address solely for delivering the content. Third-party providers may also use pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic. Pseudonymous information may also be stored in cookies and include technical information about the browser and operating system, referring websites, visit time, and other information about use of our online offering, and may be linked with information from other sources.

Notes on legal bases: If we request user consent for third-party providers, consent is the legal basis. Otherwise, processing is based on our legitimate interests (interest in efficient, economical and user-friendly services). In this context, we also refer to the information on cookies in this Privacy Policy.

• Types of data processed: Usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, involved persons).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing and legitimate interests: Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the "General Information on Data Retention and Deletion" section. Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for up to two years.).
• Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

• Google Fonts (loaded from Google servers): Provision of fonts (and icons) for technically secure, maintenance-free and efficient use, taking into account up-to-date status, load times, consistent display and licensing. The user's IP address is transmitted to the font provider so fonts can be provided to the browser. Additionally, technical data (language settings, screen resolution, operating system, hardware) is transmitted as required to provide fonts depending on device and environment. This data may be processed on servers in the USA – When visiting our online offering, users' browsers send HTTP requests to the Google Fonts Web API (a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) of Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used to access the internet, (2) the requested URL on the Google server, and (3) HTTP headers including the user agent and referrer URL. According to Google, IP addresses are not logged or stored and are not analyzed. The Google Fonts Web API logs request details (requested URL, user agent, referrer URL). Access is restricted and tightly controlled. The requested URL identifies the font families requested. The user agent is logged primarily for debugging and to generate aggregated usage statistics; the referrer URL is logged for maintenance and aggregated reports. Google states it does not use Google Fonts information to create end-user profiles or serve targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.

Changes and Updates

We ask you to regularly inform yourself about the contents of our Privacy Policy. We adapt the Privacy Policy as soon as changes to our processing activities make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or another individual notification.

Where we provide addresses and contact information of companies and organizations in this Privacy Policy, please note that addresses may change over time and we ask you to verify the information before contacting them.

Definitions

This section provides an overview of the terms used in this Privacy Policy. Where terms are defined by law, those legal definitions apply. The following explanations are intended to aid understanding.

• Affiliate tracking: In affiliate tracking, links used to refer users to websites with product or other offers are logged. Operators of linking websites may receive a commission when users follow affiliate links and subsequently make use of offers (e.g., purchase goods or use services). To enable this, providers must be able to track whether users who are interested in certain offers subsequently make use of them via affiliate links. For the functionality of affiliate links, it is necessary that certain values are added to links or stored otherwise (e.g., in a cookie). Values include, in particular, the originating website (referrer), time, online identifiers of the website operator, the offer, and the user, as well as tracking-specific values such as ad ID, partner ID and categorizations.
• Inventory data: Inventory data includes essential information necessary for identification and administration of contractual partners, user accounts, profiles and similar assignments. This data may include personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between persons and services, facilities or systems by enabling clear assignment and communication.
• Content data: Content data includes information generated in the course of creating, editing and publishing content of any kind. This category may include texts, images, videos, audio files and other multimedia content published across various platforms and media. Content data is not limited to the content itself but also includes metadata providing information about the content, such as tags, descriptions, author information and publication dates.
• Contact data: Contact data includes essential information enabling communication with persons or organizations, such as phone numbers, postal addresses, email addresses, social media handles and instant messaging identifiers.
• Conversion measurement: Conversion measurement (also referred to as "visit action evaluation") is a method to determine the effectiveness of marketing measures. A cookie is typically stored on users' devices within the websites where marketing takes place and then retrieved on the target website. This allows us to track whether ads placed on other websites were successful.
• Meta, communication and procedural data: Meta, communication and procedural data are categories containing information about how data is processed, transmitted and managed. Metadata (data about data) includes information about the context, origin and structure of other data (e.g., file size, creation date, author, change history). Communication data captures information exchange between users across various channels (email traffic, call logs, messages, chat logs), including parties, timestamps and transmission methods. Procedural data describes processes and workflows within systems or organizations (workflow documentation, transaction and activity logs, audit logs).
• Usage data: Usage data refers to information capturing how users interact with digital products, services or platforms. This includes a wide range of information showing how users use applications, which features they prefer, how long they spend on certain pages, and which paths they navigate. Usage data may also include frequency, timestamps, IP addresses, device information and location data. It is particularly valuable for analyzing user behavior, optimizing experiences, personalizing content and improving products or services, and plays a crucial role in identifying trends, preferences and potential problem areas.
• Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Profiles with user-related information: Processing of "profiles with user-related information" (or "profiles") includes any form of automated processing of personal data that involves using such data to evaluate, analyze or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include demographics, behavior and interests, e.g., interaction with websites and content). Cookies and web beacons are frequently used for profiling purposes.
• Log data: Log data is information about events or activities recorded in a system or network. This data typically contains timestamps, IP addresses, user actions, error messages and other details about system usage or operation. Log data is often used for troubleshooting, security monitoring or performance reporting.
• Reach measurement: Reach measurement (also referred to as web analytics) is used to evaluate visitor flows of an online offering and may include visitor behavior or interests in certain information (e.g., website content). Reach analysis helps operators identify, for example, when users visit their websites and what content interests them, enabling better content adaptation. Pseudonymous cookies and web beacons are frequently used to recognize returning visitors and obtain more accurate usage analyses.
• Tracking: "Tracking" refers to the ability to follow user behavior across multiple online offerings. Typically, behavior and interest information is stored in cookies or on tracking technology providers' servers (so-called profiling). This information may then be used, for example, to display ads likely matching users' interests.
• Controller: The "controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: "Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, including collection, evaluation, storage, transmission or deletion.
• Contract data: Contract data is specific information relating to the formalization of an agreement between two or more parties. It documents the conditions under which services or products are provided, exchanged or sold. This data category is essential for managing and fulfilling contractual obligations and includes identification of contracting parties and specific terms and conditions (start/end dates, types of services/products, pricing, payment terms, termination rights, renewal options, special conditions). Contract data serves as the legal basis for the relationship between parties and is decisive for clarifying rights and obligations, enforcing claims and resolving disputes.
• Audience building: Audience building (also known as "custom audiences") refers to determining target groups for advertising purposes. For example, based on a user's interest in certain products or topics, it may be inferred that the user is interested in ads for similar products or the online store where they viewed products. "Lookalike audiences" (similar audiences) refers to displaying suitable content to users whose profiles or interests presumably correspond to those for whom profiles were created. Cookies and web beacons are typically used for creating custom and lookalike audiences.

Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke