Privacy - GRAVEL RUN more than running

Data Protection at a Glance

General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the section “Information about the responsible party” in this privacy policy.
How do we collect your data?
Your data is collected in part when you provide it to us. This may include, for example, data that you enter into a contact form.
Other data is collected automatically or after your consent when you visit the website through our IT systems. These are primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may withdraw this consent at any time for the future. Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time regarding this or any other questions on the subject of data protection.

Analytics Tools and Third-Party Tools
When visiting this website, your browsing behavior may be statistically analyzed. This is mainly done using so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting and Content Delivery Networks (CDN)

We host the content of our website with the following provider:

External Hosting
This website is hosted externally. Personal data collected on this website is stored on the servers of the hosting provider(s). This may include, in particular, IP addresses, contact inquiries, metadata and communication data, contract data, contact details, names, website access data, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) lit. b GDPR) and in the interest of providing our online services in a secure, fast, and efficient manner through a professional provider (Art. 6 (1) lit. f GDPR). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Our hosting provider(s) will process your data only to the extent necessary to fulfill their service obligations and will follow our instructions regarding this data.

We use the following hosting provider:

Serverhelden GmbH
Hohenzollernstraße 25
30161 Hannover

Cloudflare
We use the service “Cloudflare.” The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed content delivery network (CDN) with DNS. Technically, the transfer of information between your browser and our website is routed through Cloudflare’s network. This enables Cloudflare to analyze data traffic between your browser and our website and to act as a filter between our servers and potentially malicious internet traffic. In doing so, Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as reliably and securely as possible (Art. 6 (1) lit. f GDPR).

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/

Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnZKAA0&status=Active

Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

**DATA PROTECTION**
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as this privacy policy.

When you use this website, various personal data is collected. Personal data is any data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the internet (e.g., communication via email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

—

**Information about the Responsible Party**
The responsible party for data processing on this website is:

XLETIX GmbH
Bouchéstraße 12, Building 8, Staircase B
12435 Berlin

Email: [[email protected]](mailto:[email protected])

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

—

**Storage Period**
Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

—

**General Information on the Legal Bases for Data Processing on This Website**
If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR if special categories of data are processed pursuant to Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TTDSG. Consent can be withdrawn at any time.

If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 (1) lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. The relevant legal bases in each individual case are explained in the following sections of this privacy policy.

—

**Data Protection Officer**
We have appointed a data protection officer:

Mr. Reichert
e:los GmbH
Heideweg 25
92318 Neumarkt

Phone: 09181 522940
Email: [[email protected]](mailto:[email protected])

—

**Note on Data Transfers to Third Countries That Are Not Secure Under Data Protection Law and Transfers to US Companies Not Certified Under the DPF**
We use, among other things, tools from companies based in third countries that are not considered secure under data protection law, as well as US-based tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to and processed in these countries. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in such countries.

We would like to point out that the USA is generally considered a secure third country with a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permissible if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or provides appropriate additional safeguards. Information on transfers to third countries, including the recipients of the data, can be found in this privacy policy.

—

**Recipients of Personal Data**
As part of our business activities, we work with various external parties. In some cases, it is also necessary to transfer personal data to these external parties. We only pass on personal data if this is necessary for the fulfillment of a contract, if we are legally obligated to do so (e.g., disclosure to tax authorities), if we have a legitimate interest pursuant to Art. 6 (1) lit. f GDPR, or if another legal basis permits the data transfer.

When using data processors, we only pass on personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

—

**Withdrawal of Your Consent to Data Processing**
Many data processing operations are only possible with your explicit consent. You may withdraw your consent at any time. The legality of the data processing carried out until the withdrawal remains unaffected.

—

**Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)**
IF DATA PROCESSING IS BASED ON ART. 6 (1) LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21 (2) GDPR).

—

**Right to Lodge a Complaint with the Competent Supervisory Authority**
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. This right exists without prejudice to any other administrative or judicial remedies.

—

**Right to Data Portability**
You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract, in a commonly used, machine-readable format, either for yourself or for transfer to a third party. If you request the direct transfer of data to another controller, this will only be carried out where technically feasible.

—

**Access, Rectification, and Deletion**
Within the framework of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin, recipients, and the purpose of data processing, and, if applicable, a right to rectification or deletion of this data. You may contact us at any time regarding this and other questions on the subject of personal data.

—

**Right to Restriction of Processing**
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing applies in the following cases:

* If you contest the accuracy of your personal data stored by us, we usually need time to verify this. During the verification period, you have the right to request the restriction of processing of your personal data.
* If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
* If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of processing instead of deletion.
* If you have objected pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, such data may—apart from storage—only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

—

**SSL or TLS Encryption**
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

—

**Objection to Advertising Emails**
The use of contact data published as part of the legal notice requirements for sending unsolicited advertising and information materials is hereby prohibited. The operators of the site expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

**4. Data Collection on This Website**

—

**Cookies**
Our website uses so-called “cookies.” Cookies are small data packets and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services provided by third parties within websites (e.g., cookies for processing payment services).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., shopping cart functionality or video display). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies required for carrying out electronic communication processes, providing certain functions requested by you (e.g., shopping cart), or optimizing the website (e.g., measuring web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 (1) lit. a GDPR and Section 25 (1) TTDSG); consent can be withdrawn at any time.

You can configure your browser to inform you about the setting of cookies and to allow cookies only in individual cases, exclude the acceptance of cookies in certain cases or in general, and enable automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in this privacy policy.

—

**Consent with Borlabs Cookie**
Our website uses the consent technology of Borlabs Cookie to obtain your consent for storing certain cookies in your browser or for using certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter “Borlabs”).

When you visit our website, a Borlabs cookie is stored in your browser in which the consents you have given or the withdrawal of these consents are stored. This data is not passed on to the provider of Borlabs Cookie.

The collected data is stored until you request deletion, delete the Borlabs cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at: [https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/](https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/)

The use of Borlabs Cookie consent technology is carried out to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 (1) lit. c GDPR.

—

**Server Log Files**
The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

* Browser type and browser version
* Operating system used
* Referrer URL
* Hostname of the accessing computer
* Time of the server request
* IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website—for this purpose, server log files must be recorded.

—

**Contact Form**
If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling the inquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR), if this has been requested; consent can be withdrawn at any time.

The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions—especially retention periods—remain unaffected.

—

**Inquiries by Email, Telephone, or Fax**
If you contact us by email, telephone, or fax, your inquiry, including all personal data resulting from it (name, request), will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

The data you send to us via contact inquiries will remain with us until you request deletion, withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory statutory provisions—especially retention periods—remain unaffected.

**5. Analytics Tools and Advertising**

—

**Google Tag Manager**
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform any independent analyses. It merely serves to manage and deploy the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on the website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to complying with these standards. Further information is available at:
[https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active](https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active)

—

**Google Analytics**
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data such as page views, duration of visits, operating systems used, and the origin of users. This data is assigned to the respective user’s device. It is not assigned to a user ID.

Furthermore, we can use Google Analytics to record, among other things, your mouse and scroll movements and clicks. Google Analytics also uses various modeling approaches to supplement collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of users for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
[https://privacy.google.com/businesses/controllerterms/mccs/](https://privacy.google.com/businesses/controllerterms/mccs/)

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information is available at:
[https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active](https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active)

—

**IP Anonymization**
We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide further services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

—

**Browser Plugin**
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link:
[https://tools.google.com/dlpage/gaoptout?hl=en](https://tools.google.com/dlpage/gaoptout?hl=en)

More information on how Google Analytics handles user data can be found in Google’s privacy policy:
[https://support.google.com/analytics/answer/6004245?hl=en](https://support.google.com/analytics/answer/6004245?hl=en)

—

**Google Signals**
We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, YouTube history, and demographic data (visitor data). This data can be used with Google Signals for personalized advertising. If you have a Google account, the visitor data from Google Signals is linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on user behavior.

—

**Demographic Features in Google Analytics**
This website uses the “demographic features” function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be created that contain information about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as from third-party visitor data. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described under “Objection to data collection.”

—

**Data Processing Agreement**
We have concluded a data processing agreement with Google and fully comply with the strict requirements of German data protection authorities when using Google Analytics.

—

**Google Analytics E-Commerce Measurement**
This website uses the “e-commerce measurement” function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors in order to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product is recorded. This data may be consolidated by Google under a transaction ID assigned to the respective user or their device.

**Hotjar**
This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: [https://www.hotjar.com](https://www.hotjar.com)).

Hotjar is a tool used to analyze user behavior on this website. With Hotjar, we can, among other things, record your mouse and scroll movements and clicks. Hotjar can also determine how long you hover your mouse over a specific area. Based on this information, Hotjar creates so-called heatmaps, which show which areas of the website are viewed most frequently by visitors.

We can also determine how long you stay on a page and when you leave it. Additionally, we can identify at which point you stop entering data into a contact form (so-called conversion funnels).

Furthermore, Hotjar can be used to collect direct feedback from website visitors. This function serves to improve the website operator’s online offerings.

Hotjar uses technologies that enable the recognition of users for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting).

If consent has been obtained, the use of this service is based exclusively on Art. 6 (1) lit. a GDPR and § 25 TTDSG. Consent can be withdrawn at any time. If no consent has been obtained, the use of this service is based on Art. 6 (1) lit. f GDPR; the website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

—

**Disabling Hotjar**
If you wish to disable data collection by Hotjar, please click the following link and follow the instructions provided there:
[https://www.hotjar.com/policies/do-not-track/](https://www.hotjar.com/policies/do-not-track/)

Please note that disabling Hotjar must be carried out separately for each browser and each device.

Further information about Hotjar and the data collected can be found in Hotjar’s privacy policy at:
[https://www.hotjar.com/privacy](https://www.hotjar.com/privacy)

—

**Data Processing Agreement**
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

**Clarity**
This website uses Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, [https://docs.microsoft.com/en-us/clarity/](https://docs.microsoft.com/en-us/clarity/) (hereinafter “Clarity”).

Clarity is a tool for analyzing user behavior on this website. In particular, Clarity records mouse movements and creates graphical representations showing which areas of the website users scroll over most frequently (heatmaps). Clarity can also record sessions, allowing us to review website usage in the form of videos. In addition, we receive information about general user behavior on our website.

Clarity uses technologies that enable the recognition of users for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the United States.

Further details on Clarity’s data protection can be found here:
[https://docs.microsoft.com/en-us/clarity/faq](https://docs.microsoft.com/en-us/clarity/faq)

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to complying with these standards. Further information is available at:
[https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active](https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active)

—

**Google Ads**
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available from Google (e.g., location data and interests) (audience targeting). As website operators, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our ads and how many ads resulted in corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
[https://policies.google.com/privacy/frameworks](https://policies.google.com/privacy/frameworks)
[https://privacy.google.com/businesses/controllerterms/mccs/](https://privacy.google.com/businesses/controllerterms/mccs/)

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to complying with these standards. Further information is available at:
[https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active](https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active)

—

**Google Ads Remarketing**
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign users who interact with our online offering to specific target groups in order to subsequently display interest-based advertising within the Google advertising network (remarketing or retargeting).

In addition, the advertising audiences created with Google Ads Remarketing can be linked with Google’s cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to your previous usage and browsing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link:
[https://www.google.com/settings/ads/onweb/](https://www.google.com/settings/ads/onweb/)

The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be withdrawn at any time.

Further information and the privacy policy can be found here:
[https://policies.google.com/technologies/ads?hl=en](https://policies.google.com/technologies/ads?hl=en)

—

**Audience Creation with Customer Matching**
For audience creation, we use, among other things, Google Ads Remarketing’s customer matching. In this process, we transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the respective customers are Google users and are logged into their Google account, they will be shown suitable advertising messages within the Google network (e.g., on YouTube, Gmail, or in the search engine).

—

**Google Conversion Tracking**
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can recognize whether the user has performed certain actions. For example, we can analyze which buttons on our website are clicked and how often, and which products are viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that allows us to personally identify users. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be withdrawn at any time.

More information about Google Conversion Tracking can be found in Google’s privacy policy:
[https://policies.google.com/privacy?hl=en](https://policies.google.com/privacy?hl=en)

**Meta Pixel (formerly Facebook Pixel)**
This website uses the visitor activity pixel from Facebook/Meta for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

This allows the behavior of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The collected data is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Facebook, enabling a connection to the respective user profile, and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy:
[https://de-de.facebook.com/about/privacy/](https://de-de.facebook.com/about/privacy/)

This allows Facebook to place advertisements on Facebook pages as well as outside of Facebook. This use of data cannot be influenced by us as the website operator.

The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. Consent can be withdrawn at any time.

We use the advanced matching feature within the Meta Pixel.

Advanced matching enables us to transmit various types of data (e.g., place of residence, state, postal code, hashed email addresses, names, gender, date of birth, or phone number) of our customers and prospects that we collect via our website to Meta (Facebook). This activation allows us to tailor our advertising campaigns on Facebook more precisely to people who are interested in our offers. In addition, advanced matching improves the attribution of website conversions and expands custom audiences.

If personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transmission to Facebook. The processing carried out by Facebook after transmission is not part of the joint responsibility. The obligations jointly incumbent upon us have been set out in an agreement on joint processing. The wording of the agreement can be found at:
[https://www.facebook.com/legal/controller_addendum](https://www.facebook.com/legal/controller_addendum)

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert your data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert your rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
[https://www.facebook.com/legal/EU_data_transfer_addendum](https://www.facebook.com/legal/EU_data_transfer_addendum)
[https://de-de.facebook.com/help/566994660333381](https://de-de.facebook.com/help/566994660333381)

Further information on protecting your privacy can be found in Facebook’s privacy policy:
[https://de-de.facebook.com/about/privacy/](https://de-de.facebook.com/about/privacy/)

You can also deactivate the remarketing function “Custom Audiences” in the ad settings at:
[https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen](https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen)
(To do this, you must be logged into Facebook.)

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance:
[http://www.youronlinechoices.com/de/praferenzmanagement/](http://www.youronlinechoices.com/de/praferenzmanagement/)

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to complying with these standards. Further information is available at:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

**Facebook Conversion API**
We have integrated Facebook Conversion API on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

Facebook Conversion API allows us to capture interactions of website visitors with our website and forward them to Facebook in order to improve advertising performance on Facebook.

In particular, the time of access, the website accessed, your IP address, your user agent, and, if applicable, other specific data (e.g., purchased products, shopping cart value, and currency) are collected. A complete overview of the data that can be collected can be found here:
[https://developers.facebook.com/docs/marketing-api/conversions-api/parameters](https://developers.facebook.com/docs/marketing-api/conversions-api/parameters)

The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. Consent can be withdrawn at any time.

The obligations jointly incumbent upon us have been set out in an agreement on joint processing. The wording of the agreement can be found at:
[https://www.facebook.com/legal/controller_addendum](https://www.facebook.com/legal/controller_addendum)

Further information on protecting your privacy can be found in Facebook’s privacy policy:
[https://de-de.facebook.com/about/privacy/](https://de-de.facebook.com/about/privacy/)

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information is available at:
[https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active](https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active)

—

**Facebook Custom Audiences**
We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, use our free or paid services, submit data to us, or interact with our company’s Facebook content, we collect your personal data. If you give us consent to use Facebook Custom Audiences, we will transmit this data to Facebook so that Facebook can display relevant advertisements to you. Furthermore, your data can be used to define target groups (lookalike audiences).

Facebook processes this data as our data processor. Details can be found in Facebook’s terms of use:
[https://www.facebook.com/legal/terms/customaudience](https://www.facebook.com/legal/terms/customaudience)

The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
[https://www.facebook.com/legal/terms/customaudience](https://www.facebook.com/legal/terms/customaudience)
[https://www.facebook.com/legal/terms/dataprocessing](https://www.facebook.com/legal/terms/dataprocessing)

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information is available at:
[https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active](https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active)2zt0000000GnywAAC&status=Active)

**LinkedIn Insight Tag**
This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

—

**Data Processing by LinkedIn Insight Tag**
With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze key professional data (e.g., career level, company size, country, location, industry, and job title) of our website visitors and thus better tailor our website to the respective target groups.

Furthermore, with the help of LinkedIn Insight Tags, we can measure whether visitors to our website make a purchase or perform another action (conversion tracking). Conversion tracking can also be carried out across devices (e.g., from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising to visitors of our website outside of the website, whereby, according to LinkedIn, no identification of the advertising recipient takes place.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser characteristics, and time of access). IP addresses are shortened or (if used to reach LinkedIn members across devices) hashed (pseudonymized). Direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it as part of its own advertising measures. Details can be found in LinkedIn’s privacy policy:
[https://www.linkedin.com/legal/privacy-policy#choices-oblig](https://www.linkedin.com/legal/privacy-policy#choices-oblig)

—

**Legal Basis**
If consent has been obtained, the use of this service is based exclusively on Art. 6 (1) lit. a GDPR and § 25 TTDSG. Consent can be withdrawn at any time. If no consent has been obtained, the use of this service is based on Art. 6 (1) lit. f GDPR; the website operator has a legitimate interest in effective advertising measures, including social media.

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
[https://www.linkedin.com/legal/l/dpa](https://www.linkedin.com/legal/l/dpa)
[https://www.linkedin.com/legal/l/eu-sccs](https://www.linkedin.com/legal/l/eu-sccs)

—

**Objection to the Use of LinkedIn Insight Tag**
You can object to the analysis of user behavior and targeted advertising by LinkedIn at the following link:
[https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out](https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out)

In addition, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

—

**Microsoft Advertising**
We use the Microsoft Advertising service (formerly Bing Ads) provided by Microsoft Corporation (USA) on our website, including Universal Event Tracking (UET). Through UET, Microsoft stores a cookie in the user’s browser in order to enable an analysis of the use of our online offering. A prerequisite for this is that the user has reached our website via an advertisement from Microsoft Advertising.

In this way, Microsoft and we can recognize that someone clicked on an advertisement, was redirected to our online offering, and reached a previously defined target page (so-called conversion tracking). No IP addresses are stored, and no further personal information about the user’s identity is shared.

Further information about these processing activities, the technologies used, stored data, and storage duration can be found in the cookie settings. The use of Microsoft Advertising is carried out only with your consent in accordance with Art. 6 (1) lit. a GDPR.

When using Microsoft services, a transfer of data to the USA cannot be ruled out. Please refer to the information in the section “Data transfer to third countries.” Further information on data protection at Microsoft can be found in Microsoft’s privacy policy:
privacy.microsoft.com/de-de/privacystatement

**Outbrain**
We have integrated Outbrain on this website. The provider is Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011, USA (hereinafter “Outbrain”).

When you visit a website that includes Outbrain, Outbrain creates a pseudonymous user profile (user ID) in which it stores which content you have viewed or read. Based on this, you may be shown additional interest-based content or advertisements on our website or on other websites that use Outbrain.

For this purpose, among other things, your device type, IP address, browser type, visited websites, articles read, time of access, and device ID are stored and combined in your user ID.

We also use the Outbrain pixel. When you visit our website, this pixel allows us to determine whether you already have an Outbrain user ID. In this way, advertisers within the Outbrain advertising network can measure the effectiveness of their campaigns.

Further information can be found in Outbrain’s privacy policy:
[https://www.outbrain.com/legal/privacy#privacy-policy](https://www.outbrain.com/legal/privacy#privacy-policy)

You can find a list of all cookies used by Outbrain at:
[https://www.outbrain.com/privacy/cookies/](https://www.outbrain.com/privacy/cookies/)

If you would like to view or adjust your interest profile with Outbrain, please visit:
[https://my.outbrain.com/recommendations-settings/home](https://my.outbrain.com/recommendations-settings/home)

—

**Pinterest Tag**
We have integrated the Pinterest Tag on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

The Pinterest Tag is used to record certain actions that you perform on our website. The data can then be used to display interest-based advertising to you on our website or on other websites within the Pinterest advertising network.

For this purpose, the Pinterest Tag collects, among other things, a tag ID, your location, and the referrer URL. In addition, action-specific data such as order value, order quantity, order number, category of purchased items, and video views may be collected.

The Pinterest Tag uses technologies that enable cross-site recognition of users for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting).

If consent has been obtained, the use of this service is based exclusively on Art. 6 (1) lit. a GDPR and § 25 TTDSG. Consent can be withdrawn at any time. If no consent has been obtained, the use of this service is based on Art. 6 (1) lit. f GDPR; the website operator has a legitimate interest in implementing the most effective marketing measures possible.

Pinterest is a global company, so data may also be transferred to the USA. According to Pinterest, this data transfer is based on the standard contractual clauses of the European Commission. Details can be found here:
[https://policy.pinterest.com/en/privacy-policy](https://policy.pinterest.com/en/privacy-policy)

Further information about the Pinterest Tag can be found here:
[https://help.pinterest.com/en/business/article/track-conversions-with-pinterest-tag](https://help.pinterest.com/en/business/article/track-conversions-with-pinterest-tag)

—

**TikTok**
We use the so-called “TikTok Pixel” provided by TikTok on this website (for the EU: TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway, Holborn, London, WC2B 6NH). This is a piece of code that we have implemented on our website. With the help of this code, and provided that you have given your explicit consent, a connection to the TikTok servers is established when you visit our website in order to track your behavior on our website.

For example, if you purchase a product on our website, the TikTok Pixel is triggered and stores your actions on our website in one or more cookies. You have the option to withdraw your consent at any time with effect for the future. No costs will be incurred beyond the basic tariffs.

Personal data such as your IP address and other information such as device ID, device type, and operating system may also be transmitted to TikTok. TikTok uses email or other login or device information to identify users of our website and to assign their actions to a TikTok user account.

TikTok uses this data to display targeted and personalized advertising to its users and to create interest-based user profiles. The data collected is anonymous to us and cannot be viewed by us; it is only used by us to measure the effectiveness of advertising campaigns.

In principle, your data is processed within the EU or the EEA. A corresponding data protection agreement has been concluded with TikTok for this purpose. If personal data is transferred to countries outside the EU or EEA, this is done on the basis of the European Commission’s standard contractual clauses for the transfer of personal data to third countries.

You can find TikTok’s privacy policy here:
[https://www.tiktok.com/legal/new-privacy-policy?lang=en](https://www.tiktok.com/legal/new-privacy-policy?lang=en)

**6. Newsletter**

—

**Newsletter Data**
If you would like to subscribe to the newsletter offered on this website, we require an email address from you as well as information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis.

For the processing of the newsletter, we use newsletter service providers, which are described below.

—

**Brevo**
This website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on the servers of Sendinblue GmbH in Germany.

—

**Data Analysis by Brevo**
With the help of Brevo, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked. This allows us to determine which links are clicked particularly often.

We can also determine whether certain predefined actions have been carried out after opening or clicking (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter.

Brevo also enables us to segment newsletter recipients into different categories (“clustering”). For example, recipients can be segmented by age, gender, or place of residence. This allows newsletters to be better tailored to the respective target groups.

If you do not want analysis by Brevo, you must unsubscribe from the newsletter. A corresponding link is provided in every newsletter message.

Detailed information on Brevo’s features can be found at:
[https://www.brevo.com/en/newsletter-software/](https://www.brevo.com/en/newsletter-software/)

—

**Legal Basis**
Data processing is carried out on the basis of your consent (Art. 6 (1) lit. a GDPR). You can withdraw this consent at any time. The legality of data processing carried out prior to the withdrawal remains unaffected.

—

**Storage Period**
The data you provide for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist, if necessary to prevent future mailings. The data from the blacklist is used solely for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). Storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.

Further details can be found in Brevo’s privacy policy:
[https://www.brevo.com/en/data-protection/](https://www.brevo.com/en/data-protection/)
[https://www.brevo.com/en/legal/privacypolicy/](https://www.brevo.com/en/legal/privacypolicy/)

—

**7. Plugins and Tools**

—

**YouTube with Enhanced Privacy Mode**
This website embeds videos from the YouTube platform. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch a video. However, the transfer of data to YouTube partners is not necessarily excluded by the enhanced privacy mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. The YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your device or use comparable recognition technologies (e.g., device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user experience, and prevent fraud attempts.

Additional data processing operations may be triggered after starting a YouTube video, over which we have no control.

The use of YouTube is in the interest of presenting our online offerings in an appealing way. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Further information on data protection at YouTube can be found in their privacy policy:
[https://policies.google.com/privacy?hl=en](https://policies.google.com/privacy?hl=en)

—

**Google Fonts (Local Hosting)**
This website uses so-called Google Fonts for the uniform display of fonts, which are provided by Google. The Google Fonts are installed locally. No connection to Google servers is established.

Further information about Google Fonts can be found at:
[https://developers.google.com/fonts/faq](https://developers.google.com/fonts/faq)
and in Google’s privacy policy:
[https://policies.google.com/privacy?hl=en](https://policies.google.com/privacy?hl=en)

—

**Friendly Captcha**
We use Friendly Captcha (hereinafter “Friendly Captcha”) on this website. The provider is Friendly Captcha GmbH, Am Anger 3–5, 82237 Woerthsee, Germany.

Friendly Captcha is used to verify whether data input on this website (e.g., in a contact form) is performed by a human or by an automated program. For this purpose, Friendly Captcha analyzes the behavior of website visitors based on various characteristics. For analysis, Friendly Captcha evaluates different types of information (e.g., anonymized IP address, referrer, time of visit, etc.). Further information can be found here:
[https://friendlycaptcha.com/legal/privacy-end-users/](https://friendlycaptcha.com/legal/privacy-end-users/)

The storage and analysis of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and spam. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

—

**Zendesk**
We use the CRM system Zendesk to process user inquiries. The provider is Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA.

We use Zendesk to process your inquiries quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.

You can submit inquiries by providing your email address without having to provide your name.

The messages you send to us will remain with us until you request deletion or the purpose for data storage no longer applies (e.g., after your inquiry has been fully processed). Mandatory legal provisions—especially retention periods—remain unaffected.

Zendesk has Binding Corporate Rules (BCR), which have been approved by the Irish Data Protection Authority. These are binding internal company rules that legitimize internal data transfers to third countries outside the EU and EEA. Details can be found here:
[https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/](https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/)

If you do not agree to the processing of your inquiry via Zendesk, you can alternatively contact us by email, telephone, or fax.

Further information can be found in Zendesk’s privacy policy:
[https://www.zendesk.de/company/customers-partners/privacy-policy/](https://www.zendesk.de/company/customers-partners/privacy-policy/)

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to complying with these standards. Further information is available at:
[https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TOjeAAG&status=Active](https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TOjeAAG&status=Active)

—

**n8n**
We use the integration service provider n8n.io, a service of n8n GmbH, Borsigstr. 27, 10115 Berlin (hereinafter “n8n”).

We use n8n to integrate various databases and web tools. n8n is a web service that automates actions between different tools and synchronizes their applications with each other. In doing so, n8n automates our processing operations and ensures various workflows for efficient data processing.

The described data processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interests in the efficient design of our work processes.

Further information on data usage by n8n can be found in n8n’s privacy policy:
[https://n8n.io/legal/#privacy](https://n8n.io/legal/#privacy)

**Zapier**
We have integrated Zapier on this website. The provider is Zapier Inc., Market St. #62411, San Francisco, CA 94104-5401, USA (hereinafter “Zapier”).

Zapier enables us to connect various functionalities, databases, and tools with our website and synchronize them with each other. For example, this makes it possible to automatically publish content from our website on our social media channels or to export content from marketing and analytics tools. Depending on the functionality, Zapier may also process various personal data.

The use of Zapier is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the most effective integration of the tools used. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
[https://zapier.com/tos](https://zapier.com/tos)

—

**8. Audio and Video Conferences**

—

**Data Processing**
We use online conferencing tools, among others, to communicate with our customers. The specific tools we use are listed below. If you communicate with us via video or audio conference over the internet, your personal data will be collected and processed by us and the provider of the respective conferencing tool.

The conferencing tools collect all data that you provide/use to utilize the tools (email address and/or your phone number). Furthermore, the conferencing tools process the duration of the conference, the start and end (time) of participation, the number of participants, and other “context information” related to the communication process (metadata).

In addition, the provider of the tool processes all technical data required for handling online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded, or otherwise made available within the tool, this content is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policies of the respective provider. Further information on data processing by the conferencing tools can be found in the privacy policies of the respective tools listed below.

—

**Purpose and Legal Basis**
The conferencing tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 (1) lit. b GDPR). Furthermore, the use of these tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). If consent has been requested, the tools are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.

—

**Storage Period**
The data collected directly by us via the video and conferencing tools will be deleted from our systems as soon as you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence over the storage duration of your data that is stored by the operators of the conferencing tools for their own purposes. For details, please contact the operators of the conferencing tools directly.

—

**Conferencing Tools Used**
We use the following conferencing tools:

**Microsoft Teams**
We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy:
[https://privacy.microsoft.com/en-us/privacystatement](https://privacy.microsoft.com/en-us/privacystatement)

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to complying with these standards. Further information is available at:
[https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active](https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active)

—

**9. Own Services**

—

**Handling of Applicant Data**
We offer you the opportunity to apply to us (e.g., via email, post, or online application form). In the following, we inform you about the scope, purpose, and use of your personal data collected as part of the application process. We assure you that the collection, processing, and use of your data are carried out in compliance with applicable data protection laws and all other legal provisions, and that your data will be treated strictly confidentially.

—

**Scope and Purpose of Data Collection**
If you submit an application to us, we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship.

The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 (1) lit. b GDPR (general contract initiation), and—if you have given your consent—Art. 6 (1) lit. a GDPR. Consent can be withdrawn at any time.

Your personal data will only be shared within our company with persons involved in processing your application.

If your application is successful, the data you submitted will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 (1) lit. b GDPR for the purpose of carrying out the employment relationship.

—

**Data Retention Period**
If we are unable to offer you a position, you reject a job offer, or withdraw your application, we reserve the right to retain the data you have submitted based on our legitimate interests (Art. 6 (1) lit. f GDPR) for up to 6 months after the end of the application process (rejection or withdrawal of the application).

After this period, the data will be deleted and any physical application documents will be destroyed. The retention serves, in particular, as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period (e.g., due to a pending or threatened legal dispute), deletion will only take place once the purpose for further storage no longer applies.

Longer retention may also take place if you have given corresponding consent (Art. 6 (1) lit. a GDPR) or if statutory retention obligations prevent deletion.

—

**Inclusion in the Applicant Pool**
If we are unable to offer you a position, there may be an option to include you in our applicant pool. If included, all documents and information from your application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Inclusion in the applicant pool takes place exclusively on the basis of your explicit consent (Art. 6 (1) lit. a GDPR). Providing consent is voluntary and is not related to the ongoing application process. The data subject may withdraw their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided there are no legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.

**10. Ticket Shop**

In order to professionally organize events and provide a smooth registration process, we require various data from our customers. We store and use the information you provide when using our services.

The safety of our participants, as well as trust and transparency, are important to us. Therefore, your registration data must be accurate.

Our participants and volunteers register via the ticketing service provider “TicketPAY.”

For event registration, we require all or part of the following information:

* Selected ticket category, as well as the date and name of the event
* Billing address (if applicable: company name and address addition, street, house number, postal code, city)
* Delivery address (salutation, first name, last name, if applicable company and address addition, street, house number, postal code, city, mobile phone number)
* Date of birth
* Contact details (mobile phone number and/or landline number)
* Payment data (bank account details, credit card details)
* For corporate customers requesting an invoice: VAT identification number

Our ticket sales are handled via the service provider TicketPAY. As soon as you click the “Secure Ticket” button, you will be redirected to the TicketPAY Germany website.

Information regarding visiting their website and data protection can be found in their privacy policy:
[https://manage.ticketpay.de/documents/agb/tpeu_privacy_de.pdf](https://manage.ticketpay.de/documents/agb/tpeu_privacy_de.pdf)

Please note that cookie settings you have made on our website may not apply on the TicketPAY website.

The forms indicate which data is required to complete the booking. Registration is not possible without providing this data. To ensure secure data transmission, all data is transmitted via a secure SSL connection. We have concluded a data processing agreement with TicketPAY and ensure that your data is processed there in accordance with legal requirements.

We use this data to establish, structure, modify, or terminate a contractual relationship with you, to fulfill our contractual obligations, and to contact you if requested or required within the contractual relationship or permitted by law.

You provide this data on the basis of the contractual relationship with us. In particular, we use the data in accordance with Art. 6 (1) lit. b GDPR for the following purposes:

* Registration for and participation in events
* Responding to inquiries or using feedback tools to process your requests or evaluate our services
* Sending information about changes to terms and conditions or privacy notices

If you send us communications, we also store these messages.

XLETIX will transfer your data to third parties only to the extent necessary to fulfill the contract with you or to respond to pre-contractual inquiries (Art. 6 (1) lit. b GDPR). In particular, we will share your personal data with a ticketing service provider in order to generate participation tickets.

In addition, we use your data on the basis of a balancing of interests in accordance with Art. 6 (1) lit. f GDPR in order to:

* Personalize our website and services for you
* Recognize you as a user during repeat visits and, for example, save you from re-entering your data
* Conduct internal statistical market research/service surveys
* Show you advertising and offers that may be of interest to you (or avoid showing irrelevant ads)
* Inform you about updates or special offers on our website, e.g., via newsletters if you have subscribed
* Send postal advertising (if you have requested it)
* Prevent and, if necessary, take action against unlawful or abusive use of XLETIX services or resolve disputes related to services mediated by XLETIX (this also applies after the user relationship has ended). Data will only be shared with third parties in this context if there are justified and documented indications of such cases

We store participant and volunteer data for a period of ten years from the last participation. The period begins at the end of the current calendar year.

Data from customer support inquiries or feedback tools is stored for seven years after the request has been processed and is then automatically deleted.

Information required under commercial and tax law is retained for the legally prescribed periods (generally ten years from invoicing). These retention obligations typically concern billing-related data and the associated master data.

We are also legally obliged to provide information to certain public authorities upon request (e.g., law enforcement authorities, regulatory authorities, and tax authorities). Data disclosure in such cases is carried out in accordance with Art. 6 (1) lit. c GDPR.

—

**11. Media Partners at Events**

At our events, Sportograf GmbH & Co. KG (website: [www.sportograf.com](http://www.sportograf.com)) is used as a media partner and exclusive photography service provider. If you participate in an event where Sportograf has been commissioned as the exclusive photography service provider, Sportograf GmbH & Co. KG may collect video or image material in which you are personally identifiable.

Sportograf uses the data collected at sporting events to fulfill its contractual obligations as a photography service provider and for its own commercial interests, namely to market the photos or videos of the event to interested participants via its website [www.sportograf.com](http://www.sportograf.com).

Based on their extensive experience in event photography, participants are transparently informed that Sportograf is used as the exclusive photography provider, and participants must expect that the organizer or its cooperation partners will market such photos as souvenirs or memories.

Your data will not be shared with third parties. To capture the corresponding photos, Sportograf GmbH & Co. KG exclusively uses photographers who are contractually obligated to comply with EU data protection regulations (GDPR).

The legal basis for this processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. You have the right to object to this processing. Further information on the handling of personal data and your right to object can be found in the privacy policy at:
[www.sportograf.com/en/privacy](http://www.sportograf.com/en/privacy)

In addition, WAM – We are Mud (website: [http://wearemud.de/](http://wearemud.de/)) is used at our events for photo and video recordings, which are subsequently used by us for marketing and advertising purposes.