LEGAL NOTICE

Privacy Policy

This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter "data") within our online offering and its associated websites, functions, and content, as well as external online presences such as our social media profiles (hereinafter collectively referred to as the "online offering"). Regarding the terminology used, such as "processing" or "controller," we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

CATERISTIC GmbH Großmannstraße 70 20539 Hamburg Germany Phone: +49 (0)40 219019-60 Email: mail@cateristic.com

Represented by: Managing Directors Dipl. Kfm. Frank Frensdorff and Ole Buddrus Hamburg District Court, HRB 64453

VAT ID: DE191136341 The controller within the meaning of § 5 TMG, § 55 RfStV is: CATERISTIC GmbH

Types of Data Processed

• Inventory data (e.g., names, addresses)

• Contact data (e.g., email, phone numbers)

• Content data (e.g., text entries, photographs, videos)

• Usage data (e.g., websites visited, interest in content, access times)

• Meta/communication data (e.g., device information, IP addresses)

Categories of Data Subjects

Visitors and users of the online offering (hereinafter collectively referred to as "users").

Purposes of Processing

• Provision of the online offering, its functions, and content

• Responding to contact inquiries and communicating with users

• Security measures

• Reach measurement / marketing

Definitions

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.

"Pseudonymization" means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the data is not attributed to an identified or identifiable person.

"Profiling" means any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Processor" means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Legal Bases

In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. Where a legal basis is not stated in this Privacy Policy, the following applies: the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing to fulfill our services and carry out contractual measures and respond to inquiries is Art. 6(1)(b) GDPR; the legal basis for processing to comply with our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR. Where the vital interests of the data subject or another natural person require processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

Security Measures

In accordance with Art. 32 GDPR, and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to data, as well as access to, input of, disclosure of, and the separation and availability of such data. We have also established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data security threats. Furthermore, we take data protection into account from the outset in the development and selection of hardware, software, and processes, in accordance with the principle of privacy by design and privacy by default (Art. 25 GDPR).

Collaboration with Processors and Third Parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if transmission of data to third parties, such as payment service providers, is required for contract fulfillment pursuant to Art. 6(1)(b) GDPR), your consent, a legal obligation, or our legitimate interests (e.g., when using agents, web hosts, etc.).

Where we engage third parties to process data on the basis of a so-called "data processing agreement," this is done in accordance with Art. 28 GDPR.

Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union or the European Economic Area), or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this only takes place to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have data processed in a third country where the special requirements of Art. 44 et seq. GDPR are met — for example, on the basis of specific safeguards such as the officially recognized determination of a data protection level equivalent to that of the EU (e.g., for the USA via the EU-US Data Privacy Framework, "DPF") or the observance of officially recognized special contractual obligations (so-called "standard contractual clauses" pursuant to Art. 46(2)(c) GDPR).

Rights of Data Subjects

You have the right to request confirmation as to whether data concerning you is being processed, and to access that data as well as further information and a copy thereof, in accordance with Art. 15 GDPR.

You have the right, in accordance with Art. 16 GDPR, to request the completion or correction of inaccurate data concerning you.

You have the right, pursuant to Art. 17 GDPR, to request the immediate deletion of data concerning you, or alternatively, pursuant to Art. 18 GDPR, to request a restriction of the processing of such data.

You have the right to request that data concerning you that you have provided to us be received in a structured, commonly used, and machine-readable format, and to have it transferred to another controller, in accordance with Art. 20 GDPR.

You also have the right, pursuant to Art. 77 GDPR, to lodge a complaint with the competent supervisory authority.

Right of Withdrawal

You have the right to withdraw any consent granted pursuant to Art. 7(3) GDPR with effect for the future.

Right to Object

You may object at any time to the future processing of data concerning you in accordance with Art. 21 GDPR. The objection may be made in particular against processing for direct marketing purposes.

Cookies and Right to Object to Direct Marketing

"Cookies" are small files stored on users' computers. Cookies can store a variety of information. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, also called "session cookies" or "transient cookies," are deleted after a user leaves an online offering and closes their browser — for example, a shopping cart or login status may be stored in such a cookie. "Permanent" or "persistent" cookies remain stored even after the browser is closed, allowing, for example, login status or user interests to be saved for reach measurement or marketing purposes. "Third-party cookies" are offered by providers other than the controller operating the online offering (if only the controller's own cookies are used, they are called "first-party cookies").

We may use both temporary and permanent cookies and inform you of this in our Privacy Policy.

Where consent is required for the use of cookies, this is done exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent may be withdrawn at any time. Where cookies are required to fulfill contractual obligations or for technically necessary storage, this is done on the basis of Art. 6(1)(b) or (f) GDPR and § 25(2) TTDSG.

If users do not wish to have cookies stored on their computers, they are asked to disable the relevant option in their browser settings. Stored cookies can be deleted in the browser's system settings. Disabling cookies may result in limited functionality of this online offering.

A general objection to the use of cookies for online marketing purposes — especially tracking — can be made via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Cookies can also be disabled in the browser settings. Please note that doing so may limit the functionality of this online offering.

Deletion of Data

Data processed by us is deleted or restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, stored data is deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing deletion. Where data is not deleted because it is required for other legally permissible purposes, its processing is restricted — meaning it is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Under German law, retention is required in particular for 10 years pursuant to §§ 147(1) AO, 257(1) nos. 1 and 4, (4) HGB (books, records, management reports, accounting documents, commercial books, documents relevant for taxation, etc.) and 6 years pursuant to § 257(1) nos. 2 and 3, (4) HGB (commercial correspondence).

Under Austrian law, retention is required in particular for 7 years pursuant to § 132(1) BAO (accounting documents, receipts/invoices, accounts, vouchers, business papers, records of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents relating to electronically supplied services, telecommunications, broadcasting, and television services provided to non-business recipients in EU member states for which the Mini-One-Stop-Shop (MOSS) is used.

Administration, Financial Accounting, Office Organization, Contact Management

We process data in the context of administrative tasks and the organization of our operations, financial accounting, and compliance with legal obligations such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. The legal bases are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Those affected include customers, prospective customers, business partners, and website visitors. The purpose and our interest in the processing lies in administration, financial accounting, office organization, and data archiving — tasks that serve to maintain our business operations, fulfill our obligations, and provide our services. The deletion of data in respect of contractual services and contractual communication corresponds to the information provided for those processing activities.

We disclose or transfer data in this context to tax authorities, advisors such as tax consultants or auditors, and other fee-charging bodies and payment service providers.

Furthermore, based on our legitimate business interests, we store information about suppliers, organizers, and other business partners — for example, for the purpose of future contact. We generally store this predominantly business-related data on a permanent basis.

Business Analysis and Market Research

In order to operate our business economically, to identify market trends, and to understand the wishes of our contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, and metadata on the basis of Art. 6(1)(f) GDPR; those affected include contractual partners, prospective customers, customers, visitors, and users of our online offering.

The analyses are carried out for the purpose of business evaluation, marketing, and market research. We may take into account the profiles of registered users, including, for example, the services they have used. The analyses serve to improve user-friendliness, optimize our offering, and enhance business efficiency. The analyses are for our use only and are not disclosed externally, unless they are anonymous analyses with aggregated values.

Where such analyses or profiles are personal in nature, they are deleted or anonymized upon termination by the user, or otherwise after two years from the conclusion of the contract. Overall business analyses and general trend assessments are created anonymously where possible.

Data Protection in the Application Process

We process applicant data only for the purpose and within the scope of the application process, in accordance with legal requirements. Processing of applicant data is carried out to fulfill our (pre-)contractual obligations within the application process pursuant to Art. 6(1)(b) GDPR, as well as Art. 6(1)(f) GDPR where data processing becomes necessary for legal proceedings (in Germany, § 26 BDSG also applies).

The application process requires applicants to provide us with their application data. The required applicant data is indicated where we offer an online form; otherwise it follows from the job descriptions and generally includes personal details, postal and contact addresses, and application documents such as a cover letter, CV, and certificates. Applicants may also voluntarily provide additional information.

By submitting an application to us, applicants agree to the processing of their data for the purposes of the application process as described in this Privacy Policy.

Where special categories of personal data within the meaning of Art. 9(1) GDPR are voluntarily provided during the application process, their processing is additionally governed by Art. 9(2)(b) GDPR (e.g., health data such as severe disability status or ethnic origin). Where special categories of personal data are requested from applicants during the application process, their processing is additionally governed by Art. 9(2)(a) GDPR (e.g., health data where required for the exercise of a profession).

Where available, applicants may submit their applications via an online form on our website. Data is transmitted to us using state-of-the-art encryption.

Applicants may also submit applications by email. Please note, however, that emails are generally not sent in encrypted form and applicants are responsible for their own encryption. We therefore cannot accept responsibility for the transmission path of the application between the sender and receipt on our server, and recommend using the online form or postal mail instead. Applicants also retain the option of sending their application by post.

Data provided by applicants may, in the event of a successful application, be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a position is unsuccessful, the applicant's data is deleted. Applicants' data is also deleted if an application is withdrawn, which applicants are entitled to do at any time.

Deletion takes place, subject to a legitimate withdrawal by the applicant, after a period of six months, so that we can respond to any follow-up questions regarding the application and meet our obligations of proof under equal treatment legislation. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

Registration Function

Users may create a user account. During registration, the required mandatory information is communicated to users and processed on the basis of Art. 6(1)(b) GDPR for the purpose of providing the user account. The data processed includes, in particular, login information (name, password, and an email address). Data entered during registration is used for the purposes of using the user account and its intended function.

Users may be informed by email of information relevant to their user account, such as technical changes. If users have terminated their user account, their data relating to that account is deleted, subject to any statutory retention obligation. It is the users' responsibility to back up their data upon termination before the contract ends. We are entitled to permanently delete all data stored during the term of the contract.

In the context of using our registration and login functions and the user account, we store the IP address and the time of each user action. This storage is based on our legitimate interests and those of users in protection against misuse and unauthorized use. This data is generally not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6(1)(c) GDPR. IP addresses are anonymized or deleted no later than 7 days after recording.

Comments and Posts

When users leave comments or other posts, their IP addresses may be stored for 7 days on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR. This is for our security in case someone posts unlawful content in comments or posts (insults, prohibited political propaganda, etc.). In such cases, we ourselves could be held liable for the comment or post and therefore have an interest in the identity of the author.

We also reserve the right, on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR, to process users' details for spam detection purposes.

On the same legal basis, we reserve the right to store users' IP addresses for the duration of surveys and to use cookies to prevent multiple votes.

Data provided in connection with comments and posts is stored by us permanently until the user objects.

Retrieval of Profile Pictures via Gravatar

Within our online offering, and in particular in the blog, we use the Gravatar service provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Gravatar is a service that allows users to register and store profile pictures along with their email addresses. When users leave posts or comments on other online presences (especially blogs) using the corresponding email address, their profile pictures may be displayed alongside those posts or comments. For this purpose, the email address provided by users is transmitted to Gravatar in encrypted form to check whether a profile is stored for it. This is the sole purpose of transmitting the email address; it is not used for any other purpose and is deleted thereafter.

Gravatar is used on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR, as it allows us to offer contributors and commenters the ability to personalize their posts with a profile picture.

By displaying the images, Gravatar obtains the IP address of users, as this is necessary for communication between a browser and an online service. Further information on the collection and use of data by Gravatar can be found in Automattic's Privacy Policy: https://automattic.com/privacy/.

If users do not wish to have a profile picture associated with their email address at Gravatar displayed alongside their comments, they should use an email address not registered with Gravatar when commenting. We also note that it is possible to use an anonymous or no email address if users do not wish their email address to be sent to Gravatar. Users can prevent data transmission entirely by not using our comment system.

Newsletter

The following information explains the content of our newsletter, as well as the registration, sending, and statistical evaluation processes, and your right to object. By subscribing to our newsletter, you agree to receipt and the procedures described.

Content of the newsletter: We send newsletters, emails, and other electronic notifications containing promotional information (hereinafter "newsletter") only with the recipient's consent or a legal permission. Where the content of the newsletter is specifically described during registration, it is authoritative for the user's consent. Our newsletters otherwise contain information about our services and us.

Double opt-in and logging: Registration for our newsletter is carried out using a so-called double opt-in procedure, meaning you will receive an email after registration asking you to confirm your subscription. This confirmation is necessary to prevent anyone from registering with someone else's email address. Newsletter registrations are logged in order to demonstrate the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored with the delivery service provider are also logged.

Registration data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for personalized salutation in the newsletter.

The sending of the newsletter and associated performance measurement are carried out on the basis of the recipients' consent pursuant to Art. 6(1)(a) and Art. 7 GDPR in conjunction with § 7(2) no. 3 UWG, or, where consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG.

The logging of the registration process is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest is in using a user-friendly and secure newsletter system that serves both our business interests and users' expectations, and also enables us to provide evidence of consent.

Cancellation/withdrawal: You may cancel receipt of our newsletter at any time, i.e., withdraw your consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual deletion request is possible at any time, provided that the previous existence of consent is confirmed at the same time.

Newsletter – Mailchimp

Newsletters are sent via the delivery service provider "Mailchimp," a newsletter dispatch platform operated by The Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (a company of Intuit Inc.). The service provider's Privacy Policy is available at: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a Mailchimp is certified under the EU-US Data Privacy Framework (DPF) and thereby guarantees compliance with European data protection standards. The delivery service provider is used on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR and a data processing agreement pursuant to Art. 28(3) sentence 1 GDPR.

The delivery service provider may use recipients' data in pseudonymous form — i.e., without attribution to a user — to optimize or improve its own services, for example for technical optimization of the dispatch and display of newsletters, or for statistical purposes. However, the delivery service provider does not use our newsletter recipients' data to contact them directly or to share the data with third parties.

Newsletter – Performance Measurement

Newsletters contain a so-called "web beacon" — a pixel-sized file that is retrieved from our server (or, if we use a delivery service provider, from that provider's server) when the newsletter is opened. In the course of this retrieval, technical information is initially collected, including information about the browser and your system, your IP address, and the time of retrieval.

This information is used to improve the technical quality of the services based on technical data or target groups and their reading behavior based on retrieval locations (determinable via IP address) or access times. Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be attributed to individual newsletter recipients. However, it is neither our intention nor, where applicable, that of the delivery service provider to observe individual users. The analyses serve rather to recognize the reading habits of our users and to adapt our content to them, or to send different content according to users' interests.

It is unfortunately not possible to separately withdraw consent to performance measurement; in this case, the entire newsletter subscription must be cancelled.

Hosting and Email Dispatch

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services, and technical maintenance services, which we use for the purpose of operating this online offering.

In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, and meta- and communication data of customers, prospective customers, and visitors to this online offering, on the basis of our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Collection of Access Data and Log Files

We or our hosting provider collect, on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR, data on every access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, volume of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the relevant incident has been fully resolved.

Google Analytics

On the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economical operation of our online offering within the meaning of Art. 6(1)(f) GDPR) and on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG, we use Google Analytics 4 (GA4), a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google uses cookies. The information generated by the cookie about users' use of the online offering is generally transmitted to and stored on a server of Google in the USA.

Google LLC is certified under the EU-US Data Privacy Framework (DPF) and thereby guarantees compliance with European data protection law (https://www.dataprivacyframework.gov/). In addition, standard contractual clauses pursuant to Art. 46(2)(c) GDPR are used as appropriate safeguards for data transfers to the USA.

Google will use this information on our behalf to evaluate users' use of our online offering, to compile reports on activities within this online offering, and to provide us with further services related to the use of this online offering and internet usage. Pseudonymous usage profiles of users may be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google truncates users' IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent cookies from being stored by adjusting their browser software settings; users can also prevent the collection of data generated by the cookie and related to their use of the online offering, as well as the processing of such data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

For further information about data use by Google, settings options, and the right to object, please refer to Google's Privacy Policy (https://policies.google.com/privacy) and Google's ad settings (https://adssettings.google.com/authenticated).

Users' personal data is deleted or anonymized after 14 months.

Facebook Pixel, Custom Audiences, and Facebook Conversion

Within our online offering, on the basis of our legitimate interests in the analysis, optimization, and economical operation of our online offering, and on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG, we use the so-called "Meta Pixel" of the social network Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, or, for users outside the EU, by Meta Platforms, Inc., 1 Meta Way, Menlo Park, CA 94025, USA (hereinafter "Meta").

Meta Platforms, Inc. is certified under the EU-US Data Privacy Framework (DPF) and thereby guarantees compliance with European data protection law (https://www.dataprivacyframework.gov/). In addition, standard contractual clauses pursuant to Art. 46(2)(c) GDPR are used as appropriate safeguards.

The Meta Pixel enables Meta, on the one hand, to identify visitors to our online offering as a target group for the display of advertisements ("Facebook Ads"). Accordingly, we use the Meta Pixel to display the Facebook Ads we place only to Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g., interests in specific topics or products determined based on websites visited) that we transmit to Meta (so-called "Custom Audiences"). With the Meta Pixel, we also aim to ensure that our Facebook Ads correspond to the potential interests of users and do not appear intrusive. The Meta Pixel also allows us to track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad ("Conversion").

The processing of data by Meta takes place within the framework of Meta's data use policy: https://www.facebook.com/policy.php. Specific information and details about the Meta Pixel and how it works are available in Meta's help center: https://www.facebook.com/business/help/651294705016616.

You can object to the collection by the Meta Pixel and the use of your data for the display of Facebook Ads. To set what types of advertisements are displayed to you within Facebook, you can visit the page set up by Meta and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. Settings apply across platforms, meaning they apply to all devices, including desktop computers and mobile devices.

You can also object to the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/), and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Online Presence on Social Media

We maintain online presences on social networks and platforms in order to communicate with the customers, prospective customers, and users active there, and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in this Privacy Policy, we process users' data where they communicate with us within social networks and platforms, e.g., by writing posts on our online presences or sending us messages.

Integration of Third-Party Services and Content

Within our online offering, on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economical operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use content or service offerings from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as "content").

This always requires that third-party providers of such content are able to see users' IP addresses, as without the IP address they could not send the content to the user's browser. The IP address is therefore required for the display of this content. We endeavor to use only content whose providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users' devices and may contain, among other things, technical information about the browser and operating system, referring websites, visit times, and further details about the use of our online offering, and may be combined with such information from other sources.

Google Fonts

We incorporate fonts ("Google Fonts") provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When Google Fonts are used, your IP address and browser information are transmitted to Google. This use is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Privacy Policy: https://www.google.com/policies/privacy/; Opt-out: https://adssettings.google.com/authenticated.

Google Maps

We incorporate maps from the "Google Maps" service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include, in particular, IP addresses and location data of users, which are not collected without their consent (generally granted through their mobile device settings). Data may be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/; Opt-out: https://adssettings.google.com/authenticated.

Use of Meta Social Plugins

On the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economical operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use social plugins ("plugins") of the social network Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta"). The plugins may display interactive elements or content (e.g., videos, graphics, or text posts) and are recognizable by one of Facebook's logos (white "f" on a blue tile, the terms "Like" or "Gefällt mir," or a "thumbs up" symbol) or are labeled "Facebook Social Plugin." The list and appearance of Facebook Social Plugins can be viewed at: https://developers.facebook.com/docs/plugins/.

Meta Platforms, Inc. is certified under the EU-US Data Privacy Framework (DPF) and thereby guarantees compliance with European data protection law (https://www.dataprivacyframework.gov/).

When a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection with Meta's servers. The content of the plugin is transmitted directly by Meta to the user's device and integrated into the online offering. Usage profiles of users may be created from the processed data. We therefore have no influence over the scope of the data that Meta collects using this plugin and inform users accordingly based on our current knowledge.

Through the integration of the plugins, Meta receives the information that a user has accessed the corresponding page of the online offering. If the user is logged into Facebook, Meta can associate the visit with their Facebook account. If users interact with the plugins, for example by clicking the Like button or leaving a comment, the relevant information is transmitted directly from their device to Meta and stored there. Even if a user is not a member of Facebook, Meta may still obtain and store their IP address. According to Meta, only an anonymized IP address is stored in Germany.

The purpose and scope of data collection and further processing and use of data by Meta, as well as users' related rights and options for protecting their privacy, can be found in Meta's Privacy Policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Meta to collect data about them via this online offering and link it to their membership data stored at Facebook, they must log out of Facebook and delete their cookies before using our online offering. Further settings and objections regarding the use of data for advertising purposes can be made within Facebook's profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Settings apply across platforms, i.e., they are adopted for all devices such as desktop computers or mobile devices.

Instagram

Functions and content of the Instagram service, offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, may be integrated within our online offering. These may include, for example, content such as images, videos, or text, and buttons allowing users to share content from this online offering on Instagram. If users are members of the Instagram platform, Instagram may associate the retrieval of the above-mentioned content and functions with users' profiles there. Instagram/Meta Privacy Policy: https://privacycenter.instagram.com/policy.