Privacy and Data Protection

Privacy Policy Bauer Studios GmbH according to the GDPR

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to shortly as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

Date: February 7, 2024

I. Name and Address of the Data Controller
The data controller within the meaning of the EU General Data Protection Regulation and other national data protection laws and regulations is:

Bauer Studio GmbH
Markgröninger Straße 46
71634 Ludwigsburg
Deutschland
Tel.: 07141/2268 0
E-Mail: info@bauerstudios.de Website: www.bauerstudios.de


II. Name and Address of the Data Protection Officer

The data protection officer of the data controller is:

Bernd Thumm
Markgröninger Str. 46
71634 Ludwigsburg
Germany
Tel.: +49 7141/2268 0
Email: Datenschutz@bauerstudios.de
Website: www.bauerstudios.de

III. General Information on Data Processing
1. Scope of Processing Personal Data

We generally only collect and use personal data of our users to the extent necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users regularly occur only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by legal regulations.
2. Legal Basis for the Processing of Personal Data

Where we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis for the processing.
3. Security Measures
In accordance with legal requirements and taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, securing availability, and separation thereof. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and responses to data breaches. Additionally, we consider the protection of personal data already in the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through privacy by design and default settings. TLS Encryption (https): To protect data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser. IP Address Truncation: If IP addresses are processed by us or by the service providers and technologies we use, and processing of the full IP address is not necessary, the IP address is truncated (also referred to as "IP masking"). In this process, the last two digits or the last part of the IP address after a dot are removed or replaced with placeholders. Truncating the IP address aims to prevent or significantly hinder the identification of a person based on their IP address.


4. Transfer of Personal Data
In the course of our processing of personal data, it may occur that the data is transferred to other entities, companies, legally independent organizational units, or individuals or disclosed to them. The recipients of this data may include, for example, service providers or providers of services and content entrusted with IT tasks or integrated into a website. In such cases, we comply with legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.
5. Data Processing in Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing occurs in the context of using services of third parties or disclosing/transferring data to other individuals, entities, or companies, this is done only in accordance with legal requirements. Subject to explicit consent or contractual or legal obligations for transmission, we process or allow the processing of data in third countries with an adequate level of data protection, based on contractual obligations using so-called standard contractual clauses of the EU Commission, certification mechanisms, or binding corporate rules (Articles 44 to 49 of the GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
6. Data Deletion and Storage Duration
Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to exist. Storage may also occur if provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.
7. Use of Cookies
Cookies are small text files or other storage markers that store information on end devices and retrieve information from end devices. For example, they can store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the functions used in an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as for generating analyses of visitor flows.
Notes on Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, unless not required by law. Consent is not necessary, in particular, when storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offering) explicitly requested by them. The revocable consent is clearly communicated to users and includes information about the respective cookie usage.
Notes on Data Protection Legal Bases: The legal basis for processing users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, data processed using cookies is based on our legitimate interests (e.g., in the commercial operation of our online offering and improving its usability) or, if necessary to fulfill our contractual obligations, on the basis that the use of cookies is necessary to fulfill our contractual obligations. We clarify the purposes for which cookies are processed in the course of this privacy policy or within our consent and processing procedures.


Storage Duration: With regard to storage duration, the following types of cookies are distinguished:
Temporary Cookies (also known as Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
Persistent Cookies: Persistent cookies remain stored even after the end device is closed. For example, login status can be stored, or preferred content can be displayed directly when the user revisits a website. Likewise, data collected using cookies can be used for audience measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are persistent and the storage duration can be up to two years.
General Information on Withdrawal and Objection (Opt-Out): Users can revoke their consent given at any time and also object to processing in accordance with the legal requirements specified in Article 21 of the GDPR. Users can also declare their objection via the settings of their browser, for example, by deactivating the use of cookies (although this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

IV. Consent Management Plattform consentmanager
1. Description and Scope of Data Processing
Processing of Cookie Data Based on Consent: We utilize the consent management tool "consentmanager" to request your consent for the processing of information about your end device and personal data using cookies or other tracking technologies on our website. With the help of "consentmanager," you have the option to consent to or reject the processing of your end device information and personal data using cookies or other tracking technologies for the purposes listed in "consentmanager." Such processing purposes may include the integration of external elements, integration of streaming content, statistical analysis, audience measurement, personalized product recommendations, and personalized advertising. You can use "consentmanager" to grant or deny your consent for all processing purposes or for individual purposes or third parties. You can also subsequently modify the settings you have made.
2. Legal Basis for Data Processing
The legal basis for processing is Art. 6(1) sentence 1 lit. c) GDPR in conjunction with Art. 7(1) GDPR, to the extent that processing is necessary to fulfill legal obligations for providing consent. Otherwise, Art. 6(1) sentence 1 lit. f) GDPR is the relevant legal basis. Our legitimate interests in processing lie in storing user settings and preferences regarding the use of cookies and evaluating consent rates.
3. Purpose of Data Processing
The purpose of integrating "consentmanager" is to enable users of our website to decide whether they want to set cookies and similar functionalities and to provide them with the opportunity to change settings that have already been made during their further use of our website. In the context of using "consentmanager," we process personal data and information about the devices used. Your data is also sent to consentmanager (consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden). Information about the settings you have made is also stored on your device.
4. Duration of Storage
Twelve months after setting user preferences, you will be asked for consent again. The user settings made will then be stored again for this period unless you delete the information about your user settings in the designated device capacities first.
5. Right to Object and Remedies
You have the right to object to processing if the processing is based on Art. 6(1) sentence 1 lit. f) GDPR. You have the right to object for reasons arising from your particular situation. You can send us your objection using the contact details provided in the "Responsible Party" section.

consentmanager: Cookie Consent Management; Service Provider: consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden; Website: https://www.consentmanager.de/; Privacy Policy: https://www.consentmanager.net/privacy/; Data Processing Agreement: https://www.consentmanager.net/tac.php; Further Information: The following data is stored on the service provider's servers in the EU: identification number (for the user, their browser, operating system, and device used), IP address, date and time, country, language, type, scope, and purpose of consent, browser's cookie settings, website where consent was given, technical information about the browser and operating system.


V. Plugins and Embedded Functions and Content
1. Description and Scope of Data Processing
We integrate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as "third-party providers"). These elements may include graphics, videos, or maps (hereinafter collectively referred to as "content"). The integration always presupposes that the third-party providers of this content process the IP address of users, as they could not send the content to their browser without the IP address. The IP address is thus necessary for the display of these content or functions. We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on users' devices and may include technical information about the browser and operating system, referring websites, visit time, as well as further information regarding the use of our online offering, and may also be linked with such information from other sources.
2. Legal Basis for Data Processing
Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).
3. Purpose of Data Processing
Providing our online offering and user-friendliness.
Processed Data Types: Usage data (e.g., visited web pages, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Inventory data (e.g., names, addresses); Contact details (e.g., email, phone numbers); Content data (e.g., entries in online forms).

VI. Payment Service Provider

PayPal
1. Description and Scope of Data Processing
On our website, we offer payment via "PayPal." The provider of this payment service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal"). To make a payment, you need to log in to your PayPal account. The payment details transmitted to PayPal are processed by PayPal for the purpose of payment processing. For further information on data processing by PayPal, please refer to: https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
To allocate your payment, we process your delivery/billing address, email address, and the selected payment method.
2. Legal Basis for Data Processing
The legal basis is Art. 6(1) sentence 1 lit. b) GDPR. Providing your payment data is necessary and mandatory for the conclusion and performance of the contract. If the payment data is not provided, it is not possible to conclude and/or perform a contract with the payment method "PayPal."
3. Purpose of Data Processing
Payment in our webshop
4. Duration of Storage
We delete the data generated in connection with this as soon as storage is no longer necessary, or we restrict processing if there are legal retention obligations. Due to legal commercial and tax regulations, we are obliged to store your address, payment, and order data for a period of up to ten years. Two years after the end of the contract, we restrict processing and reduce it to compliance with existing legal obligations.
5. Right to Object and Remedies
The collection of data for payment via PayPal and the storage of data for the processing of a sale are mandatory. Therefore, there is no option for the user to object.
Purchase by invoice
1. Description and Scope of Data Processing
We process the data transmitted to us by your bank in the course of the payment process "Purchase on Account" for the purpose of invoice verification.
2. Legal Basis for Data Processing
The legal basis for this processing is Art. 6(1) sentence 1 lit. b) GDPR.
3. Purpose of Data Processing
Providing your payment data is necessary and mandatory for the conclusion and performance of the contract. If the payment data is not provided, it is not possible to conclude and/or perform a contract using "Purchase on Account."
4. Duration of Storage
We delete the data generated in connection with this as soon as storage is no longer necessary, or we restrict processing if there are legal retention obligations. Due to legal commercial and tax regulations, we are obliged to store your address, payment, and order data for a period of up to ten years. Two years after the end of the contract, we restrict processing and reduce it to compliance with existing legal obligations.
5. Right to Object and Remedies
You can object to the processing if the processing is based on Art. 6(1) sentence 1 lit. f) GDPR. You have the right to object for reasons arising from your particular situation. You can send us your objection using the contact details provided in the "Responsible Party" section.

Google Tag Manager
We utilize the service called Google Tag Manager provided by Google. "Google" is a group of companies consisting of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, along with other affiliated companies of Google LLC.
We have entered into a data processing agreement with Google. The Google Tag Manager is an auxiliary service and processes personal data only for technically necessary purposes. The Google Tag Manager ensures the loading of other components, which in turn may collect data. The Google Tag Manager does not access this data.
Further information about Google Tag Manager can be found in Google's privacy policy.
Please note that American authorities, such as intelligence agencies, may potentially access personal data exchanged with Google when using this service, due to American laws like the Cloud Act, which are inherent to the exchange of data via the Internet Protocol (TCP).
VII. Hosting
1. Description and Scope of Data Processing
We utilize external hosting services provided by ALL-INKL.COM - Neue Medien Münnich (Hauptstraße 68, Friedersdorf, Germany), which offer the following services: infrastructure and platform services, computing capacity, security, and technical maintenance services.
2. Legal Basis for Data Processing
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. By using external hosting services, we aim to efficiently and securely provide our website.
3. Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes.
4. Duration of Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting data to provide the website, this occurs when the respective session is terminated. In the case of storing data in log files, this occurs no later than seven days after the session.
5. Objection and Removal Option
The collection of data to provide the website and the storage of data in log files are essential for the operation of the website. Therefore, there is no option for objection on the part of the user.

VIII. YouTube
1. Description and Scope of Data Processing
On the website, we use plug-ins from the video platform "YouTube.de" or "YouTube.com," a service provided by YouTube LLC (headquarters: 901 Cherry Avenue, San Bruno, CA 94066, USA; hereinafter "YouTube"), for which "Google" (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001) is responsible under data protection law. By processing data via the plug-ins, we aim to integrate visual content ("videos") that we have published on "YouTube.de" or "YouTube.com" into this website. All videos are integrated in "extended data protection mode," meaning no data about you as a user is transmitted to "YouTube" unless you play the videos. When playing videos on our website, "YouTube" receives information that you have accessed the corresponding subpage of our website. Additionally, some of the data mentioned in the "Use of Our Website" section is transmitted to "Google." This occurs regardless of whether "YouTube" provides a user account through which you are logged in or whether there is no user account. If you are logged in to "Google," your data will be directly associated with your account. If you do not wish to be associated with your profile on "YouTube," you must log out before activating the button. "YouTube" stores your data as usage profiles and processes them independently of the existence of a user account at "Google" for advertising, market research, and/or the customized design of its website.
2. Legal Basis for Data Processing
The legal basis for processing is your consent pursuant to Article 6(1)(a) GDPR. "Google" also processes some of the data in the USA. There is no adequacy decision by the EU Commission for the transfer of data to the USA. The legal basis for the transfer to the USA is your consent pursuant to Article 49(1)(a) GDPR.
3. Purpose of Data Processing
Provision of our online offering and user-friendliness.
For further information on the purpose and scope of processing by "YouTube," as well as the storage duration at "YouTube," please refer to the privacy policy at https://policies.google.com/privacy.
IX. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing
When our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:
   1. Information about the browser type and version
   2. Date and time of access
   3. Websites from which the user's system accessed our website
   4. Websites accessed by the user's system through our website
This data is also stored in log files on our system. This does not include the user's IP addresses or other data that could identify the user. Storage of this data alongside other personal data of the user does not occur.

2. Legal Basis for Data Processing
   The legal basis for the temporary storage of data is Art. 6(1)(f) of the GDPR.
3. Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session. Our legitimate interest in data processing pursuant to Art. 6(1)(f) of the GDPR is also based on these purposes.
4. Duration of Storage
The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collected for the provision of the website, this occurs when the respective session is terminated. In the case of storage of data in log files, this occurs after a maximum of seven days.
5. Objection and Removal Option
The collection of data for the provision of the website and the storage of data in log files are necessary for the operation of the website. Therefore, there is no option for the user to object.
X. Newsletter
1. Description and Scope of Data Processing
On our website, there is the option to subscribe to a free newsletter. When signing up for the newsletter, the data from the request email is transmitted to us.
The following data is collected during registration:
  1. (1)  User's email address
  2. (2)  User's first and last name
For the processing of data, your consent is obtained during the registration process, and reference is made to this privacy policy.
Newsletter dispatch is based on the sale of goods or services.
If you purchase goods or services on our website and provide your email address, it may subsequently be used by us for newsletter delivery. In such cases, the newsletter will exclusively contain direct advertising for our own similar goods or services. There is no disclosure of data to third parties in connection with the data processing for newsletter dispatch. The data is used solely for newsletter delivery.
2. Legal basis for data processing:
The legal basis for processing data after the user has registered for the newsletter, provided consent, is Article 6(1)(a) of the GDPR. The legal basis for newsletter dispatch resulting from the sale of goods or services is § 7(3) of the German Unfair Competition Act (UWG).
3. Purpose of data processing:
The collection of the user's email address is intended for newsletter delivery.
4. Duration of storage:
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. The user's email address will therefore be stored for as long as the newsletter subscription is active.
5. Right to object and remove:
The newsletter subscription can be canceled by the user at any time. For this purpose, each newsletter contains a corresponding link. This also allows revocation of consent for the storage of personal data collected during the registration process.
Deployment of the shipping service provider "Brevo"
The newsletters are sent via "Brevo," a newsletter delivery platform located at Köpenicker Straße 126, 10179 Berlin. The email addresses of our newsletter recipients, as well as their other data described in these notices, are stored on Brevo's servers in the EU. Brevo uses this information for sending and evaluating the newsletters on our behalf. Furthermore, according to its own information, Brevo may use this data to optimize or improve its own services, for example, for technical optimization of newsletter delivery and presentation or for economic purposes to determine the countries from which the recipients come. However, Brevo does not use the data of our newsletter recipients to contact them directly or to pass them on to third parties. We rely on the reliability and IT and data security of Brevo. Brevo is certified by TÜV Rheinland and is therefore committed to complying with EU data protection regulations. Furthermore, we have concluded a contract for order data processing with Brevo. This is a contract in which Brevo undertakes to protect the data of our users, to process it in accordance with its data protection provisions on our behalf, and in particular not to pass it on to third parties. You can view Brevo's privacy policy here.
Registration data
To sign up for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide your first and last name. These details are only used to personalize the newsletter.

Statistical surveys and analyses
The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from Brevo's server when the newsletter is opened. In the course of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, are initially collected. This information is used to technically improve the services based on technical data or the target groups and their reading behavior based on retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. Although these pieces of information can be assigned to individual newsletter recipients for technical reasons, it is neither our nor Brevo's intention to monitor individual users. Instead, the evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Online access and data management
There are cases in which we redirect newsletter recipients to the websites of Brevo. For example, our newsletters contain a link that allows newsletter recipients to access the newsletters online (e.g., in case of display problems in the email program). Furthermore, newsletter recipients can subsequently correct their data, such as the email address. Also, Brevo's privacy policy is only available on their site. In this context, we would like to point out that cookies are used on Brevo's websites, and thus personal data is processed by Brevo, their partners, and service providers (e.g., Google Analytics). We have no influence on this data collection. Further information can be found in Brevo's privacy policy. Additionally, we inform you about the options to object to data collection for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European area). "Note on the newsletter according to the template by lawyer Dr. Thomas Schwenke"
Legal basis for data processing
The legal basis for processing the data after the user subscribes to the newsletter is the user's consent under Art. 6(1)(a) GDPR. The legal basis for sending the newsletter following the sale of goods or services is § 7(3) UWG.
Purpose of data processing
The collection of the user's email address is intended to deliver the newsletter.
Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose of their collection. The user's email address will therefore be stored for as long as the newsletter subscription is active.
Objection and removal option
The newsletter subscription can be canceled by the user at any time. For this purpose, there is a corresponding link in every newsletter. By doing so, your consent to its delivery via Brevo and the statistical analyses will be revoked simultaneously. A separate revocation of the delivery via Brevo or the statistical evaluation is unfortunately not possible. This also enables revocation of the consent to the storage of the personal data collected during the registration process.
XI. Email Contact
1. Description and Scope of Data Processing
Contact can be made via the provided email address. In this case, the personal data transmitted by the user via email will be stored. In this context, the data will not be disclosed to third parties and will be used solely for processing the conversation.

2. Legal Basis for Data Processing
The legal basis for processing the data is the user's consent under Art. 6(1)(a) GDPR. Additionally, the legal basis for processing data transmitted via email is Art. 6(1)(f) GDPR. If the email contact aims at concluding a contract, Art. 6(1)(b) GDPR serves as an additional legal basis for processing.
3. Purpose of Data Processing
The processing of personal data from the email is solely for handling the contact. In the case of email contact, there is also a necessary legitimate interest in processing the data.
4. Duration of Storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose of their collection. For personal data transmitted via email, this occurs when the respective conversation with the user is terminated. The conversation is considered terminated when it can be inferred from the circumstances that the relevant matter has been conclusively clarified.
5. Objection and Removal Option
The user has the option to revoke their consent for processing personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The revocation of consent and objection to storage can be done by sending an email to Datenschutz@bauerstudios.de. All personal data stored as part of the contact will be deleted in this case.
XII. List of Third-Party Providers
consentmanager offers services to obtain consent from your website visitors and to provide this information to your advertisers and other partners.
Company Processing the Data:
consentmanager AB
Håltegelvägen 1b
72348 Västerås
SE
Privacy Policy
Categories of Processed Data:
Timestamp, IP Address, User-Agent, Language, Visited Website, Time Zone
Purpose of Data Processing:
- Essential Functions (Legitimate Interest (no Opt-Out possible) (GDPR Art. 6(1)(f)))
Legal Basis for Data Processing:
- Legitimate Interest (no Opt-Out possible) (GDPR Art. 6(1)(f))

Google Tag Manager
Google Tag Manager provides simple, reliable, and easily integratable tag management solutions.
Company Processing the Data:
Google Ireland Ltd
Gordon House, Barrow Street
Dublin 4
IE
Privacy Policy
Categories of Processed Data:
- Mouse Movement
- Timestamp
- IP Address
- Media Tracking
- User Location Tracking
- Visitor Behavior
- User-Agent
- Language
- Visited Website
- Time Zone
Purpose of Data Processing:
- Essential Functions (Legitimate Interest (no Opt-Out possible) (GDPR Art. 6(1)(f)))
Legal Basis for Data Processing:
- Legitimate Interest (no Opt-Out possible) (GDPR Art. 6(1)(f))
Data Transfer outside the EU:
This provider may transfer, store, or process your personal data outside the EEA/EU. These countries may not have the same level of data protection, and enforcement of your rights may be limited or not possible.

PayPal S.à r.l.
PayPal is an online payment system available in most countries that supports online transfers.

Company Processing the Data:
PayPal (Europe) S.à r.l.et Cie, S.C.A.
2211 North First Street
San Jose, CA 95131
US
Privacy Policy
Categories of Processed Data:
- Financial Information
- Fraud Detection and Prevention
- Timestamp
- IP Address
- Media Tracking
- Time and Date Tracking
- Device Tracking
- Network Tracking
- User-Agent
- Language
- Visited Website
- Time Zone

Legal Basis for Data Processing:
- Consent (GDPR Art. 6(1)(a))
Data Transfer outside the EU:
This provider may transfer, store, or process your personal data outside the EEA/EU. These countries may not have the same level of data protection, and enforcement of your rights may be limited or not possible.
YouTube
Through embedded plugins of the streaming platform "YouTube.de" or "YouTube.com" on our website, videos can be played directly on our site. When using the streaming function, information stored on users' devices is also processed. With data processing, we aim to integrate visual content ("videos") that we have published on "Youtube.de" or "Youtube.com" onto this website. The videos are embedded in "extended privacy mode," meaning no data about users is transferred to "YouTube" unless videos are played. During video playback on our website, "YouTube" receives information that the respective subpage of our website has been accessed. Additionally, access data, especially the IP address, browser information, the previously visited website, and the date and time of the server request, are transmitted to "Google." This occurs regardless of whether "YouTube" provides a user account through which users are logged in or whether no user account exists. If users are logged in to "Google," the user data is directly associated with their respective YouTube account. "YouTube" stores the data as usage profiles and processes them independently of the presence of a user account at "Google" for statistical analysis and advertising purposes.

Company Processing the Data:
Google Ireland Ltd
Gordon House, Barrow Street
Dublin 4
IE
Privacy Policy
Categories of Processed Data:
- Ad visibility measurement
- Timestamp
- Ad clicks tracking
- Conversion tracking
- IP address
- Time and date tracking
- Device tracking
- Visitor behavior
- User-Agent
- Language
- Visited website
- Time zone

Purpose of Data Processing:
- Integration of external content (Consent (GDPR 6.1.a))
Legal Basis for Data Processing:
- Consent (GDPR 6.1.a)
Data Transfer outside the EU:
This provider may transfer, store, or process your personal data outside the EEA/EU. These countries may not have the same level of data protection, and enforcement of your rights may be limited or not possible.

XIII. Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights against the data controller:

1. Right to Information
You can request confirmation from the data controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request information from the data controller about the following:

   - the purposes for which the personal data are processed;
   - the categories of personal data being processed;
   - the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
   - the planned duration of storage of the personal data concerning you or, if specific information about this is not possible, the criteria for determining the storage period;
   - the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the data controller, or a right to object to such processing;
   - the existence of a right to lodge a complaint with a supervisory authority;
   - all available information about the origin of the data if the personal data were not collected from the data subject.

You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to Rectification
You have the right to request the rectification and/or completion of your personal data processed by the data controller if the processed personal data concerning you are incorrect or incomplete. The data controller must make the correction without delay.

3. Right to Restriction of Processing

Under the following conditions, you may request the restriction of processing of your personal data:

1. If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
2. If the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. If the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims; or
4. If you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override yours.

When processing of your personal data has been restricted, except for storage, such data shall only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
You will be informed by the controller before the restriction of processing is lifted if the above-mentioned conditions for restriction are no longer applicable.
4. Right to Erasure
a) Obligation to Erase
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You withdraw consent on which the processing according to Article 6(1)(a) or Article 9(2)(a) of the GDPR is based, and where there is no other legal ground for the processing.
3. You object to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
4. The personal data concerning you have been unlawfully processed.
5. The erasure of the personal data concerning you is required for compliance with a legal obligation under Union or Member State law to which the controller is subject.
6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
b) Information to Third Parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary:
1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) as well as Article 9(3) of the GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. for the establishment, exercise or defense of legal claims.
5. Right to Information

If you have exercised your right to rectify, erase, or restrict processing with the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed about this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients from the controller.

6. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
1. The processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR; and
2. The processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
8. Right to Withdraw Consent under Data Protection Law
You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
1. Is necessary for entering into, or performance of, a contract between you and the data controller;
2. Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
3. Is based on your explicit consent.

However, these decisions should not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

Regarding the cases mentioned in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.