Privacy Policy

1. Data Protection at a Glance

General Information

This section provides a simple overview of what happens to your personal data when you visit our website. Personal data includes all data that can be used to personally identify you. Detailed information on data protection can be found in our full privacy policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the “Responsible Party” section of this privacy policy.

How do we collect your data?

Your data is collected in two ways: First, when you actively provide it – for example, by entering information in a contact form.

Second, certain data is collected automatically or with your consent by our IT systems when you visit the website. This includes technical data such as your internet browser, operating system, or the time of the page request. This data is collected automatically as soon as you access our website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision and security of the website. Other data may be used to analyze user behavior in order to optimize the website.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data at any time and free of charge. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke it at any time for the future. In certain circumstances, you have the right to request the restriction of processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

If you wish to exercise any of these rights or have further questions about data protection, you can contact us at any time.

Analytics and Third-Party Tools

When visiting this website, your browsing behavior may be statistically analyzed. This is done primarily using analytics programs.

Detailed information on these analytics tools can be found in the privacy policy below.

Note: This English version is for informational purposes only. The legally binding version is the original German version, available at www.flowq.de/de/datenschutz.

2. Hosting and Content Delivery Networks (CDN)

Hosting with netcup

Our website is hosted by netcup.

Provider:

netcup GmbH
Daimlerstraße 25
76185 Karlsruhe
(Germany, hereinafter referred to as "netcup")

Further information can be found in netcup’s privacy policy.

The use of netcup is based on Art. 6(1)(f) GDPR and reflects our legitimate interest in providing a reliable presentation of our website. If consent has been obtained, processing is carried out solely on the basis of Art. 6(1)(a) GDPR. This consent can be withdrawn at any time.

Data Processing Agreement

We have concluded a data processing agreement (DPA) with the provider mentioned above. This agreement ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Cloudflare

We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as "Cloudflare").

Cloudflare provides a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed through Cloudflare’s network. This allows Cloudflare to analyze the traffic between your browser and our website and to serve as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may use cookies or other technologies to recognize internet users, solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in a technically error-free and secure delivery of our website (Art. 6(1)(f) GDPR).

Data transfer to the USA is based on the European Commission’s Standard Contractual Clauses. Details can be found here: https://www.cloudflare.com/privacypolicy/.

For more information on security and data protection at Cloudflare, please visit: https://www.cloudflare.com/privacypolicy/.

Data Processing Agreement

We have signed a data processing agreement (DPA) with the provider mentioned above. This is a legally required contract under data protection law, ensuring that this provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

Protecting your personal data is important to us. We treat your personal data confidentially and in accordance with the applicable data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is any information that can be used to personally identify you. This privacy policy explains what data we collect, how we use it, and for what purpose.

Please note that data transmission over the internet (e.g., communication by email) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible.

The responsible party for data processing on this website is:

FlowQ Beratungs- & Servicegesellschaft mbH
Zeppelinstraße 73
81669 Munich
Germany

Phone: +49 (0) 89 2000 0719
Email: [email protected]

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted – unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once those reasons no longer apply.

Note on Data Transfer to the USA and Other Third Countries

Among other tools, we use services provided by companies based in the USA or other non-EU countries that are not considered secure under data protection law. If these tools are active, your personal data may be transferred to and processed in those countries. Please note that these countries may not guarantee a level of data protection comparable to that of the EU. For example, U.S. companies are required to hand over personal data to security authorities without you being able to take legal action. Therefore, we cannot guarantee that U.S. authorities (e.g., intelligence services) will not process, evaluate, or permanently store your data located on U.S. servers for surveillance purposes. We have no control over these processing activities.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may revoke your consent at any time with effect for the future. The legality of the data processing carried out until the revocation remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE LEGAL BASIS ON WHICH PROCESSING IS BASED IS SPECIFIED IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING AT ANY TIME; THIS ALSO APPLIES TO PROFILING IN CONNECTION WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process based on your consent or in fulfillment of a contract in a commonly used, machine-readable format. You may also request that the data be transmitted directly to another controller, where technically feasible.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us. You can recognize an encrypted connection by the browser’s address bar switching from “http://” to “https://” and by the lock symbol in your browser bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payments on This Website

If you are required to transmit your payment details (e.g., account number for direct debit authorization) after concluding a paid contract, this data is necessary for payment processing.

Payment transactions using common methods (Visa/MasterCard, direct debit) are carried out exclusively via encrypted SSL or TLS connections. You can recognize an encrypted connection by the change in the address line of your browser from “http://” to “https://” and the lock icon in the browser line.

With activated encryption, your payment data transmitted to us cannot be read by third parties.

Right to Access, Deletion, and Rectification

Within the framework of applicable legal provisions, you have the right at any time to receive free information about your stored personal data, its origin, recipients, and the purpose of the data processing. You may also have a right to correction or deletion of this data. For this and any further questions about personal data, you may contact us at any time.

Right to Restrict Processing

You have the right to request the restriction of the processing of your personal data. You may contact us at any time to do so. The right to restrict processing applies in the following cases:

If you contest the accuracy of your personal data stored with us, we usually need time to verify this. During the verification period, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
If we no longer need your personal data but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of processing instead of deletion.
If you have lodged an objection pursuant to Art. 21(1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, such data – apart from storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

Objection to Promotional Emails

We hereby object to the use of contact data published in accordance with legal notice requirements for the transmission of unsolicited advertising and information materials. The operators of this site expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.

4. Data Collection on This Website

Cookies

Our websites use so-called "cookies." Cookies are small text files that do not harm your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them or your browser deletes them automatically.

Third-party cookies may also be stored on your device when you enter our site (third-party cookies). These allow us or you to use certain services of the third-party company (e.g., cookies for payment processing services).

Cookies serve various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., shopping cart or video display). Other cookies are used to analyze user behavior or display advertising.

Cookies necessary for electronic communication, providing certain functions you requested (functional cookies), or optimizing the website (e.g., audience measurement cookies) are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent has been requested, storage is based exclusively on this consent (Art. 6(1)(a) GDPR); consent can be revoked at any time.

You can configure your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

If cookies from third-party companies or for analysis purposes are used, you will be informed separately in this privacy policy and asked for your consent if required.

Consent with Borlabs Cookie

Our website uses the Borlabs Cookie consent technology to obtain your consent to store certain cookies in your browser or to use certain technologies and to document this in compliance with data protection laws. The provider of this technology is Borlabs - Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter "Borlabs").

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you gave or the revocation of these consents are recorded. This data is not shared with Borlabs Cookie’s provider.

The recorded data is stored until you request its deletion, delete the Borlabs cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on Borlabs Cookie data processing can be found here: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

The use of the Borlabs Cookie consent technology is intended to obtain the legally required consents for the use of cookies. The legal basis is Art. 6(1)(c) GDPR.

Server Log Files

The website provider automatically collects and stores information in so-called server log files that your browser automatically transmits to us. These are:

Browser type and version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources.

This data is collected based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website – for this, server log files must be collected.

Contact Form

If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (e.g., name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested.

The data you send to us via contact requests remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

Request by Email, Phone, or Fax

If you contact us by email, phone, or fax, your request, including all resulting personal data (e.g., name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

SimplyMeet.me

Our website gives you the option to schedule appointments with us. For booking appointments, we use the "SimplyMeet.me" tool. The provider is SIMPLYBOOK.ME LTD, registered at 30 Gladstonos Street, P. Makedonas Court, Mezzanine Floor, 3041, Limassol, Cyprus, Registration Number: HE387490 (hereinafter "SIMPLYBOOK.ME").

For appointment booking, you enter the requested data and preferred appointment time into the provided form. The data entered is used for planning, executing, and possibly following up on the appointment. The data is stored on SIMPLYBOOK.ME servers. You can view their privacy policy here: https://simplymeet.me/de/policy

Your entered data will remain with us until you request its deletion, revoke your consent to storage, or the purpose of data storage no longer applies. Mandatory legal obligations – especially retention periods – remain unaffected.

The legal basis for data processing is Art. 6(1)(f) GDPR. The website operator has a legitimate interest in providing a convenient appointment scheduling process. If consent has been requested, Art. 6(1)(a) GDPR is the legal basis; consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://simplymeet.me/de/policy

Data Processing Agreement

We have concluded a data processing agreement (DPA) with the above provider. This legally required contract ensures that personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

Cal.com

Our website gives you the option to schedule appointments with us. For appointment bookings, we use the tool "Cal.com." The provider is Cal.com, Inc., 2261 Market Street #4641, San Francisco, CA 94114, USA (hereinafter "Cal.com").

To book an appointment, you enter the requested information and your preferred time into the provided form. This data is used for planning, execution, and any necessary follow-up. The appointment data is stored on Cal.com's servers. You can view their privacy policy here: https://cal.com/privacy

Your entered data will remain with us until you request deletion, revoke your consent, or the purpose for data storage no longer applies. Mandatory statutory retention requirements remain unaffected.

The legal basis for data processing is Art. 6(1)(f) GDPR. The website operator has a legitimate interest in offering a convenient way for customers and prospects to schedule appointments. If consent is obtained, Art. 6(1)(a) GDPR is the legal basis for processing; this consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://cal.com/privacy

5. Social Media

Our Social Media Profiles

Data Processing by Social Networks

We operate publicly accessible profiles on social networks. The individual social networks we use are listed below.

Social networks such as Facebook or Twitter can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media profiles triggers numerous data processing operations relevant to data protection. Specifically:

If you are logged into your social media account and visit our profile, the provider of the social media platform may associate your visit with your account. Your personal data may also be collected even if you are not logged in or do not have an account on the respective platform. This data collection may occur via cookies stored on your device or by capturing your IP address.

With the help of this data, the operators of social media platforms can create user profiles that store your preferences and interests. This enables interest-based advertising to be displayed to you both within and outside of the social media platform. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.

Also note that we cannot track all processing activities on social media platforms. Depending on the provider, additional processing operations may be carried out by the social media platform operators. For details, please refer to the terms of use and privacy policies of the respective platforms.

Our social media appearances are intended to ensure the broadest possible presence on the internet. This is a legitimate interest pursuant to Art. 6(1)(f) GDPR. The analysis processes initiated by social networks may be based on different legal grounds, which must be stated by the providers (e.g., consent under Art. 6(1)(a) GDPR).

Controller and Assertion of Rights

If you visit one of our social media profiles (e.g., Facebook), we are jointly responsible with the platform operator for the data processing operations triggered during this visit. You can exercise your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) both with us and with the respective social media platform operator (e.g., Facebook).

Please note that despite the joint responsibility with the social media platform operators, we do not have full influence on the data processing activities of the platforms. Our options are significantly governed by the corporate policy of the respective provider.

Storage Duration

The data we collect directly via our social media profiles will be deleted from our systems as soon as you request deletion, revoke your consent, or the purpose for storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal requirements – particularly retention periods – remain unaffected.

We have no influence over the storage duration of your data stored by social network operators for their own purposes. For details, please refer directly to the operators’ privacy policies (see below).

Social Networks in Detail:

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

To disable LinkedIn advertising cookies, use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

See LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875, https://de-de.facebook.com/help/566994660333381.

See Instagram’s privacy policy: https://help.instagram.com/519522125107875.

X (formerly Twitter)

We use the microblogging service X (formerly Twitter). The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can manage your Twitter privacy settings in your user account via the following link: https://twitter.com/personalization.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

See Twitter’s privacy policy: https://twitter.com/de/privacy.

Facebook

We have a profile on Facebook. The provider is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

We have entered into a joint processing agreement (Controller Addendum) with Facebook, which defines our respective responsibilities for data processing when you visit our Facebook page. You can view this agreement here: https://www.facebook.com/legal/terms/page_controller_addendum.

You can manage your ad settings in your user account via the following link: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

See Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

We have a profile on WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or third parties from accessing the content. However, WhatsApp may access metadata such as sender, recipient, and timestamp.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details: https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927.

See WhatsApp’s privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea.

6. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Tag Manager itself does not create user profiles, store cookies, or carry out independent analytics. It merely facilitates the management and deployment of the tools integrated through it. However, Google Tag Manager does record your IP address, which may be transmitted to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If consent was obtained, processing is based exclusively on Art. 6(1)(a) GDPR; this consent can be revoked at any time.

Google Analytics

This website uses features of the Google Analytics web analysis service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, dwell time, operating systems used, and the origin of the user. Google may combine this data into a profile that is associated with the respective user or their device.

Google Analytics uses technologies such as cookies or device fingerprinting to recognize users and analyze their behavior. The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize its website and advertising. If consent was requested (e.g., for cookie storage), processing is based exclusively on Art. 6(1)(a) GDPR; consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP Anonymization

We have activated IP anonymization on this website. Your IP address will be shortened by Google within the member states of the EU or in other countries party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities, and to provide other services related to website and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Data Processing Agreement

We have signed a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographics in Google Analytics

This website uses the “demographics” feature of Google Analytics to display appropriate ads to visitors within the Google advertising network. This allows reports to be created that include statements about the age, gender, and interests of site visitors. These data come from interest-based advertising by Google and visitor data from third parties. They cannot be assigned to a specific individual. You can disable this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described under “Objection to data collection.”

Google Analytics E-Commerce Tracking

This website uses the “E-Commerce Tracking” feature of Google Analytics. E-commerce tracking allows the website operator to analyze the purchasing behavior of visitors to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing a product to purchasing it is recorded. Google may merge this data under a transaction ID assigned to the respective user or their device.

Storage Duration

Google stores user- and event-level data linked to cookies, user IDs (e.g., User ID), or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) for 14 months before anonymization or deletion. Details: https://support.google.com/analytics/answer/7667196?hl=de

Marketplan.io

This website uses the Marketplan.io service. The provider is ConversionFly LLC, 224 Datura Street, West Palm Beach, FL 33401, USA (Website: https://www.marketplan.io).

Marketplan.io tracks visitor behavior in marketing funnels after a clickthrough on campaign pages. This allows for statistical evaluation of campaign effectiveness and for tailoring content and layout to improve user engagement and future targeting.

The data collected is anonymized for us as the website operator, and we cannot identify users personally. The data is stored and processed by Marketplan.io, but no link to user profiles such as Facebook is possible. We as website operators cannot influence Marketplan.io’s data use.

Details on data usage by Marketplan.io can be found in their privacy policy: https://marketplan.io/privacy/ and https://marketplan.io/terms/.

The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize its website and advertising. If consent was requested (e.g., cookie usage), processing is based solely on Art. 6(1)(a) GDPR; consent can be revoked at any time.

Data Processing Agreement

We have signed a data processing agreement with the provider mentioned above. This contract ensures that the provider processes personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Posthog

This website uses the “Posthog” service. The provider is Posthog Inc., 965 Mission Street, San Francisco, CA 94103, USA.

We use Posthog to better understand user behavior and optimize our services. Posthog may record and replay your behavior on our site.

IP addresses and information such as timestamps, clicks, and language preferences are collected in shortened form and processed without direct personal reference. These statistics are not merged with other data.

Data is primarily processed and stored within the EU. If transfer to Posthog’s AWS infrastructure in the USA is necessary, it is based on the EU Standard Contractual Clauses (SCCs). Details: Posthog SCCs.

Processing is based on our legitimate interest under Art. 6(1)(f) GDPR to analyze and improve our digital offerings, support business operations, and enhance the user experience.

More details can be found in Posthog’s privacy policy: https://posthog.com/privacy

Data Processing Agreement

We have signed a data processing agreement with the provider mentioned above. This ensures the provider processes personal data of our website visitors only in accordance with our instructions and the GDPR.

7. Newsletters and Postal Advertising

Newsletter Data

If you would like to receive the newsletter offered on this website, we require your email address and information that allows us to verify that you are the owner of the email address and that you consent to receiving the newsletter. No additional data is collected, or only on a voluntary basis. We use this data exclusively to send the requested information and do not share it with third parties.

The processing of the data entered into the newsletter sign-up form is based solely on your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of your data, email address, and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe and will be deleted from the newsletter distribution list after you unsubscribe or the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within our legitimate interest under Art. 6(1)(f) GDPR.

After unsubscribing from the distribution list, your email address may be stored in a blacklist by us or the newsletter provider to prevent future mailings. The data in the blacklist is used solely for this purpose and not combined with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest pursuant to Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to this storage if your interests outweigh our legitimate interest.

Encharge

This website uses Encharge to send newsletters. The provider is Smel Nov Svyat EOOD (DBA Encharge), ul. Dragovica 11, ap. 5, Sofia, Bulgaria, 1505.

Encharge is a service used to organize and analyze newsletter distribution. The data you enter for the purpose of receiving newsletters is stored on servers operated by Amazon Web Services EMEA SARL in Ireland.

Data Analysis by Encharge

With the help of Encharge, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked. This allows us to determine which links are clicked most often.

We can also see whether predefined actions were taken after clicking (conversion rate). For example, we can tell if you made a purchase after clicking a newsletter link.

Encharge also enables us to segment newsletter recipients based on different categories and demographic characteristics. This allows us to better tailor newsletters to target audiences. If you do not want any analysis by Encharge, you must unsubscribe from the newsletter. We provide a link for this in every newsletter message.

For more detailed information on Encharge’s features, please visit: https://encharge.io/industries/marketing-automation-for-saas-companies/

Encharge’s privacy policy is available here: https://encharge.io/privacy-policy/

Information on Encharge’s GDPR compliance: https://encharge.gdprpage.com/

Data processing is based on your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time. The legality of data processing already performed remains unaffected by the revocation.

Storage Duration

The data you provide to receive the newsletter will be stored by us or the newsletter service provider until you unsubscribe and will be deleted from the newsletter list after you unsubscribe. Data stored for other purposes remains unaffected.

After unsubscribing, your email address may be stored in a blacklist to prevent future mailings. The data in the blacklist is used only for this purpose and is not combined with other data. This is in your interest and ours to comply with legal requirements for newsletter sending (legitimate interest under Art. 6(1)(f) GDPR). The blacklist storage is not time-limited. You may object to this storage if your interests outweigh our legitimate interest.

Data Processing Agreement

We have concluded a data processing agreement (DPA) with the above provider. This contract ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

8. Plugins and Tools

Google Web Fonts

This site uses so-called web fonts provided by Google to ensure uniform font display. Google Fonts are installed locally. No connection to Google servers or font downloads occurs during this process.

For more information on Google Web Fonts, please visit: https://developers.google.com/fonts/faq and Google’s privacy policy: https://policies.google.com/privacy?hl=de.

WP Compress

We use the plugin "WP Compress" on our website. The provider is WP Compress, BOSTON, MA, USA.

WP Compress is a WordPress plugin for compressing and optimizing image files to improve website performance. When enabled, all uploaded and displayed images are automatically optimized, reducing file sizes without compromising quality. This helps improve load times and reduce bandwidth usage.

Use of WP Compress is based on our legitimate interest in providing a user-friendly and performant website and product experience (Art. 6(1)(f) GDPR).

More on WP Compress's security and privacy: https://wpcompress.com/privacy-policy/

AiTable.ai

Our website uses AiTable.ai, a tool for data management and analysis. The provider is APITable Ltd., 63 Forty Second St, Unionville Toronto, ON, Canada, L3P 7K3.

Data entered into the provided fields is used for analysis and improvement of our website and services. Data is stored on AiTable.ai servers. See the privacy policy here: https://help.aitable.ai/docs/guide/gdpr-at-aitable/

Data remains with us until deletion is requested, consent is withdrawn, or the purpose no longer applies. Mandatory legal provisions, particularly retention periods, remain unaffected.

Processing is based on our legitimate interest in analyzing user behavior for optimization (Art. 6(1)(f) GDPR). If consent was requested, Art. 6(1)(a) GDPR applies.

AiTable.ai stores and processes personal data within the EU/EEA. For transfers outside these areas, appropriate safeguards such as EU Standard Contractual Clauses are used.

ScoreApp

We use ScoreApp, a tool for creating interactive quizzes and surveys. The provider is Hyper Targeted Marketing Limited, UK (company number 12301024).

Data is entered into designated fields and used to analyze and improve our website and services. Data is stored on ScoreApp servers. Privacy policy: https://support.scoreapp.com/article/99-is-scoreapp-gdpr-compliant

Data remains with us until deletion is requested, consent is withdrawn, or the purpose no longer applies. Legal retention periods remain unaffected.

Processing is based on Art. 6(1)(f) GDPR. If consent is obtained, Art. 6(1)(a) GDPR applies.

ScoreApp stores and processes data in the EU/EEA. For transfers beyond, standard contractual clauses are applied.

Sessions.us

Our website uses Sessions.us for virtual meetings and webinars. The provider is Sessions Technologies Romania SRL.

Data entered for event registration is analyzed to improve offerings. Stored on Sessions.us servers. Privacy policy: https://sessions.us/features/video

Data remains with us until deletion is requested or the purpose no longer applies. Legal obligations remain unaffected.

Processing is based on our legitimate interest under Art. 6(1)(f) GDPR. If consent is obtained, Art. 6(1)(a) applies. Data storage is EU/EEA based with appropriate protections for transfers.

Miro

We use Miro for visual collaboration. Provider: RealtimeBoard Inc. (Miro), San Francisco, USA, and Miro DACH GmbH, Berlin.

Data entered into collaboration boards is used to optimize our service. Stored on Miro servers. Privacy: https://help.miro.com/hc/en-us/articles/360012346599-Miro-security-and-compliance

Data is kept until deletion is requested or purpose ceases. Processing under Art. 6(1)(f) or Art. 6(1)(a) GDPR if consented. Transfers outside EU use SCCs.

Notch.so

We use Notch.so for managing interactive offers and projects. Provider: Notch GmbH, Hamburg, Germany.

Entered data is used for service improvement. Stored on Notch.so servers. Privacy policy: https://www.notch.one/support/downloads_area/

Data is deleted upon request or when purpose no longer applies. Art. 6(1)(f) applies; Art. 6(1)(a) if consent was given. Data processing within EU/EEA or with SCCs.

Data Processing Agreement

We have a DPA with Notch.so to ensure GDPR-compliant processing.

Lemlist

We use Lemlist for email marketing and sales automation. Provider: lempire SAS, Paris, France.

Data entered is used to analyze interactions and improve campaigns. Stored on Lemlist servers. Privacy: https://www.lemlist.com/privacy-policy

We use Lemlist’s "Website Visitors Feature" to analyze user interactions. Processing based on consent (Art. 6(1)(a) GDPR), revocable at any time. Retention based on purpose or until consent withdrawal.

Lemlist stores data in EU/EEA or uses SCCs. DPA is in place.

NYTRO SEO

We use NYTRO SEO for automated search engine optimization. Provider: NYTRO Systems LLC, New York, USA.

The platform uses AI to generate and optimize metadata. No personal data is processed. Only technical and analytical data are collected and cannot be linked to individuals.

More on data: https://nytroseo.com/privacy-policy/

Use based on our legitimate interest (Art. 6(1)(f) GDPR). No consent or opt-out required as no personal data is processed.

SuperOkay

We use SuperOkay to host our customer portal. Provider: Specstimate Ltd., London, UK.

We collect and process personal data provided by authorized users or contained in uploaded documents. Data is used to manage relationships and access to services.

Privacy: https://superokay.com/privacy-policy/

Use based on Art. 6(1)(f) GDPR for service and communication optimization. Personal data is stored only as long as necessary. Customers may object or withdraw consent at any time.

Data Processing Agreement

We have a DPA in place to ensure GDPR-compliant processing by SuperOkay.

9. Online Marketing and Affiliate Programs

Affiliate Programs on This Website

The website operator participates in affiliate programs. When you click on an advertisement on our website that is part of an affiliate program and subsequently perform a transaction (e.g., a purchase), we may receive a commission from our affiliate partners. This requires our affiliate partners to be able to identify you and track that you came to the respective product through the advertisement placed on our website and completed the predefined transaction. For this purpose, our affiliate partners use cookies or similar recognition technologies (e.g., device fingerprinting).

The storage and analysis of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in correctly calculating its affiliate compensation. If consent was requested (e.g., for the storage of cookies), data processing is based exclusively on Art. 6(1)(a) GDPR; this consent can be revoked at any time.

We participate in the following affiliate programs:

Amazon Affiliate Program

Provider is Amazon Europe Core S.à.r.l. For details, please refer to Amazon’s privacy policy at: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.

10. eCommerce and Payment Providers

Processing of Data (Customer and Contract Data)

We collect, process, and use personal data only insofar as it is necessary for the establishment, content structuring, or modification of the legal relationship (inventory data). This is based on Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. Personal data concerning the use of this website (usage data) is collected, processed, and used only to the extent necessary to enable the user to use the service or to bill them.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data Transmission upon Conclusion of Contracts for Services and Digital Content

We transmit personal data to third parties only if this is necessary in the context of contract processing—for example, to the credit institution responsible for processing the payment.

No further transmission of the data takes place or only if you have expressly consented to the transmission. Your data will not be disclosed to third parties without explicit consent, for example, for advertising purposes.

The basis for data processing is Art. 6(1)(b) GDPR, which permits data processing for the performance of a contract or pre-contractual measures.

11. Audio and Video Conferencing

Data Processing

We use various online conferencing tools to communicate with our clients. The specific tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data is collected and processed by us and the respective conferencing tool provider.

These tools collect all data you provide or use during use (e.g., email address and/or phone number). They also process conference duration, start and end times, number of participants, and other context-related data (metadata) related to the communication.

Additionally, the tool provider processes all technical data required for conducting online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and type of connection.

Where content is exchanged, uploaded, or otherwise provided within the tool, it is also stored on the tool provider’s servers. This includes cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other shared information.

Please note that we do not have full control over the data processing operations of the tools used. Our capabilities depend largely on the policies of the respective provider. For details on how conferencing tools process data, please refer to the privacy policies of the respective tools listed below.

Purpose and Legal Bases

The conferencing tools are used to communicate with potential or existing contractual partners or to offer specific services to our clients (Art. 6(1)(b) GDPR). Furthermore, the use of these tools serves to simplify and expedite general communication with us (legitimate interest as per Art. 6(1)(f) GDPR). Where consent is requested, the tools are used on the basis of that consent, which can be revoked at any time with future effect.

Storage Duration

Data collected directly by us via conferencing tools is deleted from our systems once you request deletion, revoke your consent to storage, or the purpose of data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence over the storage duration of your data stored by the tool providers for their own purposes. For details, please contact the tool providers directly or consult their privacy policies.

Tools We Use

We use the following conferencing tools:

Google Meet

We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on data processing, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.

Data Processing Agreement

We have entered into a data processing agreement (DPA) with the above provider to ensure GDPR-compliant processing of personal data.

Zoom

We use Zoom. The provider is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For data processing details, please see Zoom’s privacy policy: https://zoom.us/de-de/privacy.html.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details are available here: https://zoom.us/de-de/privacy.html.

Data Processing Agreement

We have entered into a data processing agreement (DPA) with the above provider to ensure GDPR-compliant processing of personal data.

12. Our Own Services

Handling of Applicant Data

We offer you the opportunity to apply for a position with us (e.g., by email, post, or via an online application form). Below we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data complies with applicable data protection laws and all other legal provisions, and that your data will be treated strictly confidentially.

Scope and Purpose of Data Collection

When you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.) to the extent necessary for deciding on the establishment of an employment relationship. The legal basis for this is Section 26 BDSG under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation), and – if you have given your consent – Art. 6(1)(a) GDPR. Consent can be revoked at any time. Your personal data will only be shared within our company with individuals involved in processing your application.

If the application is successful, the data you have submitted will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship.

Retention Period of the Data

If we cannot offer you a position, you reject an offer, or you withdraw your application, we reserve the right to retain the data you have provided based on our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months after the end of the application process (rejection or withdrawal). The data will then be deleted, and physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be needed after the 6-month period (e.g., due to a pending or anticipated legal dispute), the data will only be deleted once the purpose for the further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6(1)(a) GDPR) or if legal retention obligations prevent deletion.

Inclusion in the Applicant Pool

If we do not offer you a position, there may be an option to include you in our applicant pool. In case of inclusion, all documents and details from your application will be transferred to the applicant pool in order to contact you in the event of suitable job openings.

Inclusion in the applicant pool takes place exclusively on the basis of your express consent (Art. 6(1)(a) GDPR). Giving consent is voluntary and unrelated to the ongoing application process. You may revoke your consent at any time. In this case, the data will be permanently deleted from the applicant pool unless legal retention obligations exist.

Data from the applicant pool will be permanently deleted no later than two years after the consent has been granted.

Google Drive

We have integrated Google Drive on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Drive allows us to embed an upload area on our website through which you can upload content. If you upload content, it will be stored on Google Drive’s servers. When you visit our website, a connection to Google Drive is also established, enabling Google Drive to identify that you have visited our website.

The use of Google Drive is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in having a reliable upload feature on their website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; consent may be revoked at any time.

Data Processing Agreement

We have entered into a data processing agreement (DPA) with the above-mentioned provider. This contract ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

13. Video Hosting Services

YouTube

Our website uses plugins from the YouTube site operated by Google. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established. This informs the YouTube server which of our pages you have visited.

Additionally, YouTube may store various cookies on your device. These cookies allow YouTube to collect information about visitors to our website. This information is used, among other things, to collect video statistics, improve user experience, and prevent fraud. The cookies remain on your device until you delete them.

If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to ensure an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been requested, processing is carried out solely on the basis of Art. 6(1)(a) GDPR; consent may be revoked at any time.

Further information on the handling of user data can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=en.

VadooTV and Third-Party Services

Our website uses the video hosting service VadooTV. The provider is VadooTV Inc., 1013 Centre Rd, Suite 403-A, Wilmington, DE 19805, USA.

When you visit one of our pages equipped with a VadooTV video, a connection to the VadooTV servers is established. This informs the VadooTV server which of our pages you have visited. VadooTV also stores various cookies on your device to save information about your video usage.

VadooTV uses additional third-party services such as Unpkg, Sentry, Jsdelivr, BootstrapCDN, and Cloudflare to provide and optimize their services. These third parties may process data such as your IP address and set cookies to improve performance and ensure security. We have no control over these data processing activities.

The use of VadooTV and the aforementioned third-party services is in the interest of providing an attractive and smooth display of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been requested, processing is carried out solely on the basis of Art. 6(1)(a) GDPR; consent may be revoked at any time.

Further information on the handling of user data can be found in VadooTV’s privacy policy: https://vadoo.tv/privacy-policy/.

Information on the privacy policies of the third-party services used can be found at the following links:

Unpkg: https://unpkg.com/privacy-policy
Sentry: https://sentry.io/privacy/
Jsdelivr: https://www.jsdelivr.com/privacy-policy-jsdelivr-net
BootstrapCDN: https://www.bootstrapcdn.com/privacy-policy/
Cloudflare: https://www.cloudflare.com/privacypolicy/

This privacy policy was created based on the e-recht24.de privacy policy and has been adapted accordingly.