Home
Contact
Company
Partner
Invest
Discover BIOCEL
Vision
Blog
English
German

Privacy Policy

Preamble

With this Privacy Policy, we aim to inform you about the types of personal data (hereafter also referred to as “data”) we process, for what purposes, and to what extent. This Privacy Policy applies to all processing of personal data carried out by us, both in the provision of our services and, in particular, on our websites, mobile applications, and within external online presences such as social media profiles (collectively referred to as the “Online Offering”).

The terminology used is not gender-specific.

Effective date: 13 January 2026

Table of Contents

  • Preamble
  • Data Controller
  • Overview of Processing Activities
  • Legal Bases
  • Security Measures
  • Disclosure of Personal Data
  • International Data Transfers
  • General Information on Data Retention and Deletion
  • Rights of Data Subjects
  • Business Services
  • Payment Procedures
  • Provision of Online Services and Web Hosting
  • Use of Cookies
  • Registration, Sign-Up and User Accounts
  • Blogs and Publications
  • Contact and Inquiry Management
  • Newsletter and Electronic Communications
  • Marketing Communications via Email, Post, Fax or Phone
  • Competitions and Sweepstakes
  • Surveys and Questionnaires
  • Web Analytics, Monitoring, and Optimisation
  • Online Marketing
  • Affiliate Programmes and Affiliate Links
  • Customer Reviews and Feedback Systems
  • Social Media Presences
  • Plug-ins and Embedded Features and Content
  • Modifications and Updates
  • Glossary of Terms

Data Controller

Biocel Labs FZCO

IFZA Business Park – Building A2 – Nadd Hessa

Dubai Silicon Oasis – Dubai

United Arab Emirates

Email: info@biocel-labs.com

Imprint: biocel-labs.com/imprint

Overview of Processing The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and procedural data.
  • Log data.

Categories of Data Subjects

  • Service recipients and clients.
  • Prospective customers.
  • Communication partners.
  • Users.
  • Sweepstake and contest participants.
  • Business and contractual partners.
  • Participants.

Purposes of Processing

  • Provision of contractual services and fulfilment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organisational procedures.
  • Conversion measurement.
  • Target group formation.
  • Affiliate tracking.
  • Organisational and administrative procedures.
  • Implementation of sweepstakes and contests.
  • Feedback.
  • Surveys and questionnaires.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our Online Offering and user-friendliness.
  • Information technology infrastructure.
  • Public relations.
  • Sales promotion.
  • Business processes and commercial procedures.

Relevant Legal Bases

Relevant legal bases under the GDPR: In the following, you will receive an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements in your or our country of residence or domicile may apply. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 (1) (1) (a) GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 (1) (1) (c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 (1) (1) (f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special regulations on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Austria. This includes, in particular, the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains, in particular, special regulations on the right of access, the right to rectification or erasure, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making.

Relevant legal bases under the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection (briefly "Swiss FADP"). Unlike the GDPR, for example, the Swiss FADP generally does not require a legal basis for the processing of personal data to be named, provided that the processing of personal data is carried out in good faith and is lawful and proportionate (Art. 6 (1) and (2) of the Swiss FADP). In addition, personal data is only collected by us for a specific purpose recognisable to the data subject and is only processed in a manner compatible with this purpose (Art. 6 (3) of the Swiss FADP).

Note on the application of the GDPR and the Swiss FADP: These privacy notices serve to provide information both under the Swiss FADP and under the General Data Protection Regulation (GDPR). For this reason, please note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms "processing" (Bearbeitung) of "personal data" (Personendaten), "overriding interest" (überwiegendes Interesse) and "sensitive personal data" (besonders schützenswerte Personendaten) used in the Swiss FADP, the terms "processing" (Verarbeitung) of "personal data" (personenbezogene Daten) as well as "legitimate interest" (berechtigtes Interesse) and "special categories of data" used in the GDPR are employed. However, the legal meaning of the terms will continue to be determined according to the Swiss FADP within the scope of its application.

Application of data protection requirements in the country of domicile: In the country where the controller has its registered office, national data protection regulations apply in addition to the General Data Protection Regulation (GDPR).

Security Measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and its separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the erasure of data and reactions to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through privacy-friendly default settings.

Securing online connections through TLS/SSL encryption technology (HTTPS): In order to protect the data of users transmitted via our online services from unauthorised access, we rely on TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorised access. TLS, as the further developed and more secure version of SSL, ensures that all data transmissions comply with the highest security standards. If a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and in encrypted form.

Transmission of Personal Data

In the context of our processing of personal data, it may happen that these are transmitted to other bodies, companies, legally independent organisational units or persons or disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

Data transfer within the organisation: We may transmit personal data to other departments or units within our organisation or grant them access to it. If the data transfer is for administrative purposes, it is based on our legitimate entrepreneurial and business interests or takes place if it is necessary to fulfil our contract-related obligations or if the consent of the data subjects or a legal permission has been obtained.

International Data Transfers

Data processing in third countries: If we transmit data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this happens in the context of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies (which becomes recognisable from the postal address of the respective provider or if the privacy policy explicitly refers to the data transfer to third countries), this is always done in accordance with the legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of the EU Commission dated 10 July 2023. In addition, we have concluded standard contractual clauses with the respective providers, which comply with the requirements of the EU Commission and establish contractual obligations to protect your data. This double safeguarding ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the standard contractual clauses serve as additional security. Should changes occur within the framework of the DPF, the standard contractual clauses act as a reliable fallback option. In this way, we ensure that your data remains adequately protected at all times, even in the event of any political or legal changes.

For individual service providers, we inform you whether they are certified according to the DPF and whether standard contractual clauses are available. Further information on the DPF and a list of certified companies can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/.

For data transfers to other third countries, corresponding security measures apply, in particular standard contractual clauses, explicit consents or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission.

Disclosure of personal data abroad: According to the Swiss FADP, we only disclose personal data abroad if an adequate level of protection for the data subjects is guaranteed (Art. 16 Swiss FADP). If the Federal Council has not established an adequate level of protection, we take alternative security measures. For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of Switzerland dated 15 September 2024. In addition, we have concluded standard data protection clauses with the respective providers, which have been approved by the Federal Data Protection and Information Commissioner (FDPIC) and establish contractual obligations to protect your data. This double safeguarding ensures comprehensive protection of your data.

General Information on Data Storage and Erasure

We erase personal data that we process in accordance with the legal provisions as soon as the underlying consents are withdrawn or there are no further legal bases for the processing. This applies to cases where the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require a longer retention or archiving of the data. In particular, data that must be kept for commercial or tax reasons or whose storage is necessary for the assertion of legal claims or the protection of the rights of other natural or legal persons must be archived accordingly.

Retention and erasure of data (Germany):

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets as well as the working instructions and other organisational documents required for their understanding (§ 147 (1) No. 1 in conjunction with (3) AO, § 14b (1) UStG, § 257 (1) No. 1 in conjunction with (4) HGB).
  • 8 years – Accounting vouchers, such as invoices and cost vouchers (§ 147 (1) No. 4 and 4a in conjunction with (3) sentence 1 AO and § 257 (1) No. 4 in conjunction with (4) HGB).
  • 6 years – Other business documents: received commercial or business letters, reproductions of sent commercial or business letters, other documents, insofar as they are of importance for taxation, e.g., hourly wage slips, business accounting sheets, calculation documents, price markings, but also payroll documents, insofar as they are not already accounting vouchers, and till rolls (§ 147 (1) No. 2, 3, 5 in conjunction with (3) AO, § 257 (1) No. 2 and 3 in conjunction with (4) HGB).
  • 3 years – Data required to take into account potential warranty and damage claims or similar contractual claims and rights as well as to process related inquiries, based on previous business experience and usual industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Retention and erasure of data (Switzerland):

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting vouchers and invoices as well as all required working instructions and other organisational documents (Art. 958f of the Swiss Code of Obligations (CO)).
  • 10 years – Data necessary to take into account potential damage claims or similar contractual claims and rights, as well as for the processing of related inquiries, are stored for the period of the statutory limitation period of ten years, unless a shorter period of five years is relevant, which is applicable in certain cases (Art. 127, 130 CO). Claims for rent, lease and capital interest as well as other periodic services, from the delivery of food, for board and for host debts, as well as from handicraft work, retail sale of goods, medical care, professional work of lawyers, legal agents, procurators and notaries and from the employment relationship of employees expire after five years (Art. 128 CO).

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject under the GDPR, you are entitled to various rights, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw given consents at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not data concerning you are being processed, and to access this data as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to rectification: You have the right, in accordance with the legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with the legal requirements, to request that data concerning you be erased immediately, or alternatively, in accordance with the legal requirements, to request a restriction of the processing of the data.
  • Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements or to demand its transmission to another controller.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the requirements of the GDPR.

Rights of data subjects under the Swiss FADP: As a data subject, you are entitled to the following rights in accordance with the provisions of the Swiss FADP:

  • Right of access: You have the right to request confirmation as to whether personal data concerning you are being processed and to receive the information necessary for you to assert your rights under this Act and to ensure transparent data processing.
  • Right to data surrender or transfer: You have the right to request the surrender of your personal data, which you have provided to us, in a common electronic format.
  • Right to rectification: You have the right to request the rectification of inaccurate personal data concerning you.
  • Right to object, erasure and destruction: You have the right to object to the processing of your data and to request that personal data concerning you be erased or destroyed.

Business Services

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as "Contractual Partners"), within the scope of contractual and comparable legal relationships and related measures, and with regard to communication with the Contractual Partners (or pre-contractually), for instance, to respond to inquiries.

We use this data to fulfil our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies in the event of warranty and other service disruptions. Furthermore, we use the data to safeguard our rights and for the purpose of administrative tasks associated with these obligations as well as corporate organisation. In addition, we process the data based on our legitimate interests in both proper and commercial business management and in security measures to protect our Contractual Partners and our business operations from misuse and the compromise of their data, secrets, information, and rights (e.g., for the involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the scope of applicable law, we only disclose the data of Contractual Partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations. Contractual Partners will be informed about other forms of processing, for example, for marketing purposes, within this privacy policy.

We inform the Contractual Partners which data is required for the aforementioned purposes before or during the data collection, e.g., in online forms, by special marking (e.g., colours) or symbols (e.g., asterisks or similar), or personally.

We erase the data after the expiry of statutory warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it must be kept for legal archiving reasons (e.g., for tax purposes, usually ten years). Data disclosed to us in the context of an order by the Contractual Partner will be erased according to the specifications and generally after the end of the order.

  • Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and e-mail addresses or telephone numbers); contract data (e.g., subject matter of the contract, duration, customer category); usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Service recipients and clients; prospective customers; business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; security measures; communication; office and organisational procedures; organisational and administrative procedures; business processes and commercial procedures.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR); legal obligation (Art. 6 (1) (1) (c) GDPR); legitimate interests (Art. 6 (1) (1) (f) GDPR).

Further information on processing operations, procedures, and services:

  • Online Shop, Order Forms, E-commerce and Performance of Services: We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and associated services, as well as their payment and provision, or delivery, or execution. If necessary for the execution of an order, we use service providers, in particular postal, freight, and shipping companies, to carry out the delivery or execution for our customers. We use the services of banks and payment service providers to handle payment transactions. The required information is marked as such in the context of the ordering or comparable acquisition process and includes the information required for delivery or provision and billing, as well as contact information to be able to consult if necessary.
  • Legal bases: Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR).

Payment Procedures

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively "Payment Service Providers"). Payment transactions are carried out according to the state of the art exclusively via encrypted connections, so that the entered data is protected from unauthorised access during transmission.

The data processed by the Payment Service Providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as the contract, total, and recipient-related information. The information is required to carry out the transactions. However, the entered data is only processed by the Payment Service Providers and stored by them. This means that we do not receive any account or credit card-related information, but only information confirming or denying the payment. Under certain circumstances, the data may be transmitted by the Payment Service Providers to credit agencies. This transmission serves the purpose of identity and credit checks. In this regard, we refer to the general terms and conditions and the privacy notices of the Payment Service Providers.

The terms and conditions and the privacy notices of the respective Payment Service Providers, which can be accessed within the respective websites or transaction applications, apply to the payment transactions. We also refer to these for further information and for asserting rights of withdrawal, access, and other data subject rights.

  • Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matter of the contract, duration, customer category); usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved); contact data (e.g., postal and e-mail addresses or telephone numbers).
  • Data subjects: Service recipients and clients; business and contractual partners; prospective customers.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; business processes and commercial procedures.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR); legitimate interests (Art. 6 (1) (1) (f) GDPR).

Further information on processing operations, procedures, and services:

  • Apple Pay: Payment services (technical connection of online payment methods); Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal bases: Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR); Website: https://www.apple.com/apple-pay/; Privacy Policy: https://www.apple.com/legal/privacy/.
  • Google Pay: Payment services (technical connection of online payment methods); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR); Website: https://pay.google.com/intl/en_uk/about/; Privacy Policy: https://policies.google.com/privacy.
  • Mastercard: Payment services (technical connection of online payment methods); Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal bases: Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR); Website: https://www.mastercard.co.uk/en-gb.html; Privacy Policy: https://www.mastercard.co.uk/en-gb/about-mastercard/what-we-do/privacy.html.
  • PayPal: Payment services (technical connection of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal bases: Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR); Website: https://www.paypal.com/; Privacy Policy: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.
  • Stripe: Payment services (technical connection of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal bases: Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR).

Provision of the Online Offering and Web Hosting

We process the data of users in order to provide them with our online services. For this purpose, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offering can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

The data processed within the scope of providing the online offering and web hosting may include all information relating to the users of our online offering that is collected during use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offerings to browsers, and all entries made within our online offering or from websites.

  • Processed data types: Content data (e.g., entries in online forms); Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved); Log data (e.g., HTTP request, user agent, IP address, date and time of the request).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and performance of information systems and technical devices (computers, servers, etc.)); Security measures; Business processes and commercial procedures.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Further information on processing operations, procedures and services:

  • Collection of access data and log files: Access to our online offering is recorded in the form of so-called "server log files". The server log files may include the address and name of the web pages and files accessed, date and time of access, transferred data volumes, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability of the servers and their load balancing.
  • Legal bases: Legitimate interests (Art. 6 (1) (1) (f) GDPR).
  • Storage and erasure: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further storage is required for evidentiary purposes is excluded from erasure until the final clarification of the respective incident.

Use of Cookies

Cookies are small text files or other storage notices that store information on end devices and read information from end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed or functions used in an online offering. Cookies can also be used for different purposes, e.g., for purposes of functionality, security and convenience of online offerings as well as the creation of analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, unless this is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, are absolutely necessary in order to provide the user with an information society service (i.e., our online offering) explicitly requested by them. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.

Notes on legal bases under data protection law: The legal basis under data protection law on which we process the personal data of users using cookies depends on whether we ask users for their consent. If users consent, the legal basis for processing their data is their declared consent. If no consent is given, the processing of data using cookies is based on our legitimate interests (e.g., in the commercial operation of our online offering and improving its usability) or, if this occurs in the context of fulfilling our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. We will clarify the purposes for which the cookies are processed by us in the course of this privacy policy or as part of our consent and processing procedures.

Storage period: With regard to the storage period, a distinction is made between the following types of cookies:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their end device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the data of users collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information on the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and the storage period can be up to two years.

General information on withdrawal and objection (so-called "Opt-Out"): Users can withdraw the consents they have given at any time and also object to the processing in accordance with the legal requirements. Among other things, users can restrict the use of cookies in the settings of their browser (although this may also restrict the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Registration, Login and User Account

Users can create a user account. Within the scope of registration, the required mandatory information is communicated to the users and processed for the purpose of providing the user account on the basis of contractual obligation fulfilment. The processed data includes, in particular, the login information (name, password and an e-mail address). The data entered during registration is used for the purpose of using the user account and its purpose.

Users can be informed by e-mail about information relevant to their user account, such as technical changes. If users have terminated their user account, their data with regard to the user account will be deleted, subject to a statutory retention obligation. It is the responsibility of the users to back up their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.

In the context of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of the users, in protection against misuse and other unauthorised use. This data is generally not passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so.

  • Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and e-mail addresses or telephone numbers); Content data (e.g., entries in online forms); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved); Log data (e.g., HTTP request, user agent, IP address, date and time of the request).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Security measures; Management and response to inquiries; Provision of our online offering and user-friendliness.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR); Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter "Publication Medium"). The data of readers are processed for the purposes of the Publication Medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our online offering in the context of this privacy policy.

  • Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and e-mail addresses or telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Feedback (e.g., collecting feedback via online forms); Provision of our online offering and user-friendliness; Security measures; Public relations.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., via contact form, e-mail, telephone or via social media) as well as in the context of existing low-threshold business and contractual relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact inquiries and any requested measures.

  • Processed data types: Contact data (e.g., postal and e-mail addresses or telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact and inquiry management; Provision of contractual services and fulfilment of contractual obligations; Management and response to inquiries; Feedback (e.g., collecting feedback via online forms); Provision of our online offering and user-friendliness.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR); Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, e-mails and other electronic notifications (hereinafter "Newsletter") only with the consent of the recipients or a legal permission. Insofar as the contents of the Newsletter are specifically described in the context of registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name for the purpose of personal address in the newsletter, or other information if this is necessary for the purposes of the newsletter.

  • Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and e-mail addresses or telephone numbers); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved); Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via e-mail or post).
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Consent (Art. 6 (1) (1) (a) GDPR).

Further information on processing operations, procedures and services:

  • Double Opt-In Procedure: Registration for our newsletter takes place in a so-called Double Opt-In procedure. This means that after registration, you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, changes to your data stored by the shipping service provider are logged.
  • Deletion/Withdrawal: You can terminate the receipt of our newsletter at any time, i.e., withdraw your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the contact options mentioned above, preferably e-mail.

Marketing Communication via E-mail, Post, Fax or Telephone

We process personal data for the purpose of marketing communication, which can take place via various channels, such as e-mail, post, fax or telephone, in accordance with legal requirements.

The processing is carried out for the purpose of informing about products, services or events. The data processed includes, in particular, contact information and, if applicable, information on interests or previous business relationships.

  • Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and e-mail addresses or telephone numbers).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via e-mail or post); Sales promotion; Marketing.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Consent (Art. 6 (1) (1) (a) GDPR); Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Sweepstakes and Contests

We process personal data of participants in sweepstakes and contests only in compliance with the relevant data protection regulations, insofar as the processing is contractually necessary for the provision, execution, and handling of the sweepstakes, the participants have consented to the processing, or the processing serves our legitimate interests (e.g., in the security of the sweepstakes or the protection of our interests against misuse through possible recording of IP addresses when submitting sweepstakes entries).

If entries are published within the sweepstakes (e.g., as part of a vote or presentation of the sweepstakes entries or the winners, or reports on the sweepstakes), we point out that the names of the participants may also be published in this context. Participants may object to the publication at any time.

If the sweepstakes takes place within an online platform or a social network (e.g., Facebook or Instagram, hereinafter referred to as "Online Platform"), the usage and data protection provisions of the respective platforms also apply.

  • Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Content data (e.g., entries in online forms); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Sweepstake and contest participants.
  • Purposes of processing: Implementation of sweepstakes and contests; Provision of contractual services and fulfilment of contractual obligations; Public relations.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Performance of a contract and prior contractual inquiries (Art. 6 (1) (1) (b) GDPR).

Surveys and Questionnaires

The surveys and questionnaires conducted by us (hereinafter "Surveys") are evaluated anonymously. Personal data is only processed to the extent that this is necessary for the provision and technical execution of the surveys (e.g., processing of the IP address to display the survey in the user's browser or to enable a survey restart with the help of a temporary cookie (session cookie)) or if users have consented.

  • Processed data types: Contact data (e.g., postal and e-mail addresses or telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Participants.
  • Purposes of processing: Surveys and questionnaires; Feedback (e.g., collecting feedback via online forms); Marketing.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Web Analysis, Monitoring and Optimisation

Web analysis (also referred to as "reach measurement") serves the evaluation of visitor flows to our online offering and can include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognise at what time our online offering or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas require optimisation.

In addition to web analysis, we can also use test procedures, e.g., to test and optimise different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e., data combined for a usage process, can be created for these purposes and information can be stored in a browser, or in an end device, and read from it. The information collected includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e., pseudonymisation by shortening the IP address) to protect the users. Generally, within the scope of web analysis, A/B testing, and optimisation, no clear user data (such as e-mail addresses or names) are stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

  • Processed data types: Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Profiles with user-related information (creating user profiles); Tracking (e.g., interest/behavior-related profiling, use of cookies); Feedback (e.g., collecting feedback via online forms); Provision of our online offering and user-friendliness.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Consent (Art. 6 (1) (1) (a) GDPR).

Further information on processing operations, procedures and services:

Online Marketing

We process personal data for the purposes of online marketing, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as "Content") based on the potential interests of users and the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which relevant information about the user for the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used, and information on usage times and functions used. If users have consented to the collection of their location data, this can also be processed.

The IP addresses of the users are also stored. However, we use available IP masking procedures (i.e., pseudonymisation by shortening the IP address) to protect the users. Generally, within the scope of the online marketing process, no clear user data (such as e-mail addresses or names) are stored, but pseudonyms. This means that we, as well as the providers of the online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

  • Processed data types: Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Marketing; Profiles with user-related information (creating user profiles); Tracking (e.g., interest/behavior-related profiling, use of cookies); Target group formation (determination of target groups relevant for marketing purposes or other output of content); Conversion measurement (measurement of the effectiveness of marketing measures).
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Consent (Art. 6 (1) (1) (a) GDPR).

Affiliate Programmes and Affiliate Links

We include so-called affiliate links or other references (which may include, for example, search masks, widgets, or discount codes) to the offers and services of third-party providers in our online offering (collectively referred to as "Affiliate Links"). If users follow Affiliate Links or subsequently take advantage of the offers, we may receive a commission or other benefits (collectively referred to as "Commission") from these third-party providers.

In order to track whether users have taken advantage of the offers of an Affiliate Link followed by them, it is necessary for the respective third-party provider, us, or other service providers (e.g., affiliate networks) to learn that the user has followed an Affiliate Link. The assignment of Affiliate Links to the respective business transactions or to other actions (e.g., purchases) serves the sole purpose of commission accounting and is cancelled as soon as it is no longer required for this purpose.

  • Processed data types: Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Affiliate tracking.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Consent (Art. 6 (1) (1) (a) GDPR); Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Customer Reviews and Assessment Procedures

We participate in review and assessment procedures to evaluate, optimise, and promote our services. If users rate us via the participating review platforms or procedures or otherwise provide feedback, the General Terms and Conditions or Terms of Use and the privacy notices of the providers also apply. As a rule, the rating also requires registration with the respective providers.

In order to ensure that the rating persons have actually used our services, we transmit the data required for this purpose with regard to the customer and the service used (e.g., name, e-mail address and order number or article number) to the review platform on the basis of our legitimate interests. Only data that is absolutely necessary to verify the authenticity of the user is transmitted.

  • Processed data types: Contact data (e.g., postal and e-mail addresses or telephone numbers); Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Feedback (e.g., collecting feedback via online forms); Marketing.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Consent (Art. 6 (1) (1) (a) GDPR); Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Social Media Presence

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We point out that user data may be processed outside the European Union. This can result in risks for users because, for example, the enforcement of user rights could be made more difficult.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on usage behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective processing operations and the possibilities of objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you can contact us.

  • Processed data types: Contact data (e.g., postal and e-mail addresses or telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact and inquiry management; Feedback (e.g., collecting feedback via online forms); Marketing.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "Third-Party Providers"). These may be, for example, graphics, videos, or city maps (hereinafter uniformly referred to as "Content").

The integration always requires that the Third-Party Providers of this Content process the IP address of the users, as they could not send the Content to their browser without the IP address. The IP address is therefore required for the presentation of this Content or function. We strive to use only such Content whose respective providers use the IP address only for the delivery of the Content. Third-Party Providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, time of visit, and other information about the use of our online offering, as well as be linked to such information from other sources.

  • Processed data types: Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved); Content data (e.g., entries in online forms).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness.
  • Storage and erasure: Erasure according to the details in the section "General Information on Data Storage and Erasure".
  • Legal bases: Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Further information on processing operations, procedures and services:

  • Google Fonts (Subscription from Google Server): External fonts; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 (1) (1) (a) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfer: Data Privacy Framework (DPF).
  • Google Maps: We integrate maps from the "Google Maps" service. The processed data may include, in particular, IP addresses and location data of the users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 (1) (1) (a) GDPR); Website: https://www.google.com/maps; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfer: Data Privacy Framework (DPF).

Amendments and Updates

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses may change over time and we ask you to check the information before contacting them.

Definitions

This section provides an overview of the terms used in this privacy policy. Many of the terms are derived from the law and are defined in particular in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended for better understanding. The terms are sorted alphabetically.

  • Affiliate Tracking: Within the scope of affiliate tracking, links are logged by means of which the linking websites refer users to websites with product or other offers. The operators of the respective linking websites can receive a commission if users follow these so-called affiliate links and then take advantage of the offers (e.g., purchase goods or use services). For this purpose, it is necessary for the providers to be able to track whether users who are interested in certain offers subsequently take advantage of them at the instigation of the affiliate links. Therefore, the functionality of affiliate links requires them to be supplemented by certain values that become part of the link or are stored otherwise, e.g., in a cookie. These values include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising material ID, partner ID, and categorisations.
  • Affiliate Programme: Affiliate programmes are offers where a provider (advertiser) provides advertising material (e.g., banners, links) to other website operators (affiliates). The affiliates integrate this advertising material into their websites and receive a commission if users interact with it or subsequently take advantage of the advertiser's services.
  • Assessment Procedures: Assessment procedures (also known as review or rating procedures) are processes in which users can express their opinion about services, products, or providers. They serve as feedback for the provider and as an orientation aid for other users.
  • Controller: The "Controller" is the natural or legal person, authority, institution, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Conversion Measurement: Conversion measurement (also referred to as "visit evaluation") is a procedure used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the user's device within the websites where the marketing measures take place and then retrieved again on the target website. For example, we can track whether the advertisements we placed on other websites were successful.
  • Personal Data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiles with User-Related Information: The processing of "profiles with user-related information", or simply "profiles", includes any type of automated processing of personal data consisting of using such personal data to analyse, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this includes information regarding age, gender, location and movement data, interaction with websites and their contents, shopping behavior, social interactions with other people) (e.g., interests in certain contents or products, click behavior on a website or location). Cookies and web beacons are often used for profiling purposes.
  • Reach Measurement: Reach measurement (also known as web analytics) serves to evaluate the visitor flows of an online offering and can include the behavior or interests of visitors in certain information, such as content of websites. With the help of reach analysis, website owners can see, for example, at what time visitors visit their website and what content they are interested in. This allows them, for example, to better adapt the website content to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognise returning visitors and thus obtain more precise analyses of the use of an online offering.
  • Registration, Login and User Account: The registration is the process of creating a user account. This often involves providing login information (e.g., e-mail address and password). The login is the subsequent process of logging into the created user account.
  • Tracking: One speaks of "tracking" when the behavior of users can be tracked across several online offerings. As a rule, with regard to the online offerings used, behavior and interest information is stored in cookies or on servers of the providers of the tracking technologies (so-called profiling). This information can then be used, for example, to show users advertisements that presumably correspond to their interests.
  • Processing: "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically every handling of data, be it collection, evaluation, storage, transmission, or erasure.
  • Target Group Formation: Target group formation (or "Custom Audiences") is the term used when target groups are determined for advertising purposes, e.g., the display of advertisements. For example, based on a user's interest in certain products or topics on the Internet, it can be concluded that this user is interested in advertisements for similar products or the online shop in which they viewed the products. "Lookalike Audiences" (or similar target groups) are spoke of, in turn, when content deemed suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are generally used for the purposes of creating Custom Audiences and Lookalike Audiences.