Privacy Policy

1) Introduction and Contact Details of the Responsible Party

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we will inform you about the handling of your personal data when using our website. Personal data are all data that can be used to identify you personally.

1.2 The person responsible for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is "Peter Jochem Edrich." The data controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 The data controller has appointed a Data Protection Officer, who can be reached as follows: Peter Jochem Edrich, Kellereistraße 1, 67487 St. Martin, Phone: +49 6323 80 898 30, Email: info@waldbaden-akademie.com

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, that is, if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:

The website you visited
Date and time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
Browser used
Operating system used
IP address used (possibly in anonymized form)

The processing is carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not shared or used for any other purposes. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller). You can recognize an encrypted connection by the "https://" prefix and the padlock symbol in your browser's address bar.

3) Cookies

To make your visit to our website more attractive and to enable the use of certain features, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device for a longer period and allow the storage of site settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings overview of your web browser.

If any cookies we use process personal data, the processing is carried out in accordance with Article 6(1)(b) of the GDPR, either for the performance of the contract, or in accordance with Article 6(1)(a) of the GDPR if consent is given, or in accordance with Article 6(1)(f) of the GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can configure your browser to be informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally.

Please note that if cookies are not accepted, the functionality of our website may be limited.

4) Contact

In the context of contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in addressing your inquiry in accordance with Article 6(1)(f) of the GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted when it can be determined from the circumstances that the matter has been conclusively resolved and provided that no legal retention obligations prevent it.

5) Data Processing When Opening a Customer Account

In accordance with Article 6(1)(b) of the GDPR, personal data will continue to be collected and processed to the extent necessary when you provide us with this information during the creation of a customer account. The data required for account creation can be found in the input fields of the relevant form on our website.

Deletion of your customer account is possible at any time and can be carried out by sending a message to the address of the data controller mentioned above. After the deletion of your customer account, your data will be deleted, provided that all contracts concluded in relation to the account have been fully settled, there are no legal retention periods preventing deletion, and we have no legitimate interest in retaining the data further.

6) Use of Customer Data for Direct Marketing

6.1 Subscription to Our Email Newsletter

When you subscribe to our email newsletter, we will send you regular information about our offers. The only mandatory information required to send the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. We use the so-called Double Opt-In procedure for sending the newsletter, which ensures that you will only receive the newsletter once you have explicitly confirmed your consent to receive it by clicking on a verification link sent to the provided email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6(1)(a) of the GDPR. In this process, we store your IP address recorded by the Internet Service Provider (ISP) as well as the date and time of registration to track any potential misuse of your email address at a later time. The data we collect during newsletter registration is used strictly for its intended purpose.

You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending an appropriate message to the aforementioned data controller. After unsubscribing, your email address will be promptly removed from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and which we inform you about in this statement.

6.2 Rapidmail

The distribution of our email newsletters is carried out by the following provider: rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg, Germany.

Based on our legitimate interest in effective and user-friendly newsletter marketing, we share the data you provided during newsletter registration with this provider in accordance with Article 6(1)(f) of the GDPR so that they can handle the newsletter distribution on our behalf.

Subject to your explicit consent in accordance with Article 6(1)(a) of the GDPR, the provider also conducts statistical success evaluations of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the newsletter's content. In doing so, device information (e.g., time of access, IP address, browser type, and operating system) is collected and analyzed but is not combined with other data sets. You can revoke your consent to newsletter tracking at any time with future effect.

We have entered into a data processing agreement with the provider, which protects the data of our site visitors and prohibits the transfer of data to third parties.

6.3 Advertising by Mail

Based on our legitimate interest in personalized direct advertising, we reserve the right to store and use your first and last name, postal address, and, if we have received these additional details from you in the course of the contractual relationship, your title, academic degree, year of birth, and your professional, industry, or business designation in accordance with Article 6(1)(f) of the GDPR. This information may be used to send you interesting offers and information about our products by mail.

You can object to the storage and use of your data for this purpose at any time.

7) Data Processing for Order Fulfillment

7.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect is transferred to the assigned transportation company and the appointed financial institution in accordance with Article 6(1)(b) of the GDPR.

If we owe you updates for goods with digital elements or digital products based on a relevant contract, we process the contact details you provided at the time of ordering (name, address, email) to inform you about upcoming updates within the legally prescribed period in compliance with our legal information obligations under Article 6(1)(c) of the GDPR. Your contact details are used strictly for the purpose of communicating the updates we owe you and are processed by us only to the extent necessary for this information.

For processing your order, we also work with the following service provider(s) who assist us in fully or partially executing the contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

7.2 Use of Payment Service Providers

- Paypal

On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

When you choose a payment method from this provider that requires prepayment, the payment data you provided during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order are transferred to this provider in accordance with Article 6(1)(b) of the GDPR. The transfer of your data is solely for the purpose of processing the payment with the provider and only to the extent necessary for this.

If you select a payment method where we make the advance payment, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, if applicable, data on an alternative payment method).

To safeguard our legitimate interest in assessing your creditworthiness, this data is forwarded to the provider in accordance with Article 6(1)(f) of the GDPR for a credit check. The provider checks based on the personal data you provided, as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the chosen payment option can be granted concerning payment and/or default risks.

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things, but not exclusively, address data.

You can object to the processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if necessary for contractual payment processing.

PayPal Checkout

This website uses PayPal Checkout, an online payment system by PayPal, which consists of PayPal's own payment methods and local payment methods from third parties.

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – “Pay Later” via PayPal, we transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") for payment processing. The transfer is made in accordance with Article 6(1)(b) of the GDPR and only to the extent necessary for payment processing.

For the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – “Pay Later” via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be forwarded to credit agencies in accordance with Article 6(1)(f) of the GDPR based on PayPal's legitimate interest in assessing your creditworthiness. PayPal uses the result of the credit check regarding the statistical probability of default to decide on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things, but not exclusively, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if necessary for contractual payment processing.

If you select the PayPal payment method “Invoice Purchase,” your payment data will first be transmitted to PayPal to prepare the payment, after which PayPal forwards this data to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”) for payment processing. The legal basis is Article 6(1)(b) of the GDPR. In this case, Ratepay performs an identity and credit check in its own name to determine creditworthiness, following the principles mentioned above, and forwards your payment data to credit agencies based on its legitimate interest in assessing creditworthiness in accordance with Article 6(1)(f) of the GDPR. A list of credit agencies Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/

When using the payment method of a local third-party provider, your payment data will first be transmitted to PayPal in preparation for payment in accordance with Article 6(1)(b) of the GDPR. Depending on your selection of an available local payment method, PayPal will then forward your payment data for payment processing to the corresponding provider in accordance with Article 6(1)(b) of the GDPR:

Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)
bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

Further privacy-related information can be found in PayPal’s privacy statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

8) Web Analytics Services

8.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which allows us to analyze your use of our website.

By default, Google Analytics 4 sets cookies when you visit the website. These cookies are small text files placed on your device that collect certain information. This includes your IP address, which is truncated by Google to exclude the last digits, thereby preventing direct personal identification.

The information is transmitted to Google's servers and processed there. Transfers to Google LLC based in the USA are also possible.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website usage and internet use. The truncated IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data. The data collected via Google Analytics 4 is stored for a period of two months and then deleted.

All of the aforementioned processing activities, including the setting of cookies on your device, will only occur if you have given us your explicit consent according to Article 6(1)(a) of the GDPR. Without your consent, Google Analytics 4 will not be used during your visit to the site. You can withdraw your consent at any time with future effect. To exercise your right of withdrawal, please deactivate this service using the "Cookie Consent Tool" provided on the website.

We have entered into a data processing agreement with Google, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information regarding Google Analytics 4 can be found at Google Privacy & Terms and Google Technologies.

Demographic Features

Google Analytics 4 uses the "demographic features" feature to generate statistics about the age, gender, and interests of site visitors. This is done by analyzing advertising data and information from third parties. This allows us to identify target groups for marketing activities. However, the collected data cannot be assigned to any specific individual and is deleted after a storage period of two months.

Google Signals

As an extension of Google Analytics 4, this website may use Google Signals to generate cross-device reports. If you have enabled personalized ads and linked your devices with your Google account, Google may, subject to your consent for the use of Google Analytics according to Article 6(1)(a) of the GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the "Personalized Ads" feature in your Google account settings. Follow the instructions on this page: Google Ads Personalization. For more information on Google Signals, see: Google Signals Support.

UserIDs

As an extension of Google Analytics 4, this website may use the "UserIDs" feature. If you have consented to the use of Google Analytics 4 according to Article 6(1)(a) of the GDPR, set up an account on this website, and log in with this account on various devices, your activities, including conversions, can be analyzed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

8.2 Google Tag Manager

This website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").

Google Tag Manager provides a technical foundation for consolidating various web applications, including tracking and analytics services, and allows them to be calibrated, controlled, and conditionally managed through a unified user interface. Google Tag Manager itself does not store or read information on user devices and does not perform independent data analyses. However, when a page is accessed, Google Tag Manager may transmit and potentially store your IP address on Google’s servers, including those of Google LLC in the USA.

This processing will only take place if you have given us your explicit consent according to Article 6(1)(a) of the GDPR. Without this consent, the use of Google Tag Manager will not occur during your visit to the site. You can withdraw your consent at any time with future effect. To exercise your right of withdrawal, please deactivate this service using the "Cookie Consent Tool" provided on the website.

We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

9) Retargeting/Remarketing and Conversion Tracking

9.1 Google Ads Remarketing

This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

For this purpose, Google sets a cookie in your browser that automatically enables interest-based advertising based on the pseudonymous cookie ID and the pages you have visited. Further data processing occurs only if you have consented to Google linking your internet and app browsing history with your Google account and using information from your Google account to personalize ads you see on the web. If you are logged into Google during your visit to our website, Google uses your data along with Google Analytics data to create and define audience lists for cross-device remarketing. This involves temporarily linking your personal data with Google Analytics data to form target audiences. As part of Google Ads Remarketing, there may also be a transfer of personal data to servers of Google LLC in the USA.

All the aforementioned processing activities, especially setting cookies to read information on the device used, will only be carried out if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. Without this consent, the use of retargeting technology will be omitted during your visit to the site.

You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please disable this service using the "Cookie Consent Tool" provided on the website.

For data transfers to the USA, the provider is certified under the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

9.2 Google Ads Conversion-Tracking

This website uses the online advertising program "Google Ads" and, within Google Ads, the conversion tracking service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Ads to promote our attractive offers on external websites through advertisements (known as Google AdWords). We can evaluate the effectiveness of individual advertising measures based on campaign data. Our goal is to display ads that are of interest to you, make our website more appealing to you, and achieve a fair calculation of advertising costs incurred.

The conversion tracking cookie is set when a user clicks on an ad served by Google. Cookies are small text files placed on your device. These cookies typically expire after 30 days and do not serve personal identification purposes. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across Google Ads customers' websites. The information collected through the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can personally identify users. As part of the use of Google Ads, there may also be a transfer of personal data to the servers of Google LLC in the USA.

Details about the processing initiated by Google Ads conversion tracking and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites

All the processing described above, especially setting cookies to read information on the device used, will only be carried out if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You can withdraw your consent at any time with effect for the future by disabling this service in the "Cookie Consent Tool" provided on the website.

You can also permanently object to the setting of cookies by Google Ads conversion tracking by downloading and installing the browser plugin available at the following link: https://www.google.com/settings/ads/plugin?hl=en

Please note that certain features of this website may not be available or may be limited if you have disabled the use of cookies.

Google's privacy policies can be viewed here: https://www.google.de/policies/privacy/

10) Site Functionalities

10.1 Youtube

This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Data may also be transmitted to: Google LLC, USA.

When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the provider's servers to load the plugin. During this process, certain information, including your IP address, is transmitted to the provider.

If the playback of embedded videos is initiated via the plugin, the provider also sets cookies to collect information about user behavior, generate playback statistics, and prevent misuse.

If you are logged into a user account with the provider during your visit to our site, your data will be directly associated with your account when you click on a video. If you do not wish for your data to be associated with your account, you must log out before starting the video playback.

All of the aforementioned processes, especially the setting of cookies to read information on the used device, will only be executed if you have given us your explicit consent according to Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service via the "Cookie Consent Tool" provided on the website.

10.2 Google Maps

This website uses an online map service from the following provider: Google Maps (API) by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Maps is a web service for displaying interactive (land) maps to visually represent geographic information. By using this service, our location is shown to you, and it facilitates any potential directions.

When you access pages where the Google Maps map is embedded, information about your use of our website (such as your IP address) is transmitted to Google’s servers and stored there. This may also involve transmission to servers of Google LLC in the USA. This occurs regardless of whether Google provides a user account to which you are logged in or if a user account exists. If you are logged into Google, your data is directly associated with your account. If you do not want this association with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.

The collection, storage, and evaluation of data are carried out in accordance with Art. 6 (1) (f) GDPR based on Google's legitimate interest in displaying personalized advertisements, market research, and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right. If you do not agree with the future transmission of your data to Google in the context of using Google Maps, you also have the option to completely disable the Google Maps web service by disabling JavaScript in your browser. Google Maps, and thus the map display on this website, will then not be usable.

If legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with future effect. To exercise your withdrawal, please follow the aforementioned option to object.

10.3 Google reCAPTCHA

This website uses the CAPTCHA service provided by: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transferred to: Google LLC, USA. For the visual design of the CAPTCHA window, the provider uses "Google Fonts," which are fonts loaded from the Internet by Google. No additional data processing beyond what is already transmitted to Google through the functionality of reCAPTCHA occurs in this context.

The service checks whether an input is made by a human or is maliciously performed through automated and machine processing, blocking spam, DDoS attacks, and similar automated malicious access. To ensure that an action is taken by a human and not an automated bot, Cloudflare Turnstile collects the IP address of the device used, identification data of the browser and operating system type, as well as the date and duration of the visit, and transmits this information for evaluation to the provider's servers.

The legal basis for this is our legitimate interest in ensuring individual accountability on the Internet and preventing misuse and spam according to Art. 6 (1) (f) GDPR.

We have entered into a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.

10.4 Zoom

For conducting online meetings, video conferences, and/or webinars, we use the following provider: Zoom Video Communications Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA

The provider processes various data, the extent of which depends on the information you provide before or during participation in an online meeting, video conference, or webinar. Your data as a communication participant is processed and stored on the provider's servers. This may include, in particular, your login information (name, email address, phone number (optional), and password) and session data (topic, participant IP address, device information, description (optional)).

Additionally, audio and video contributions from participants, as well as text entries in chats, may be processed.

For the processing of personal data necessary for the fulfillment of a contract with you (this also applies to processing operations required for the performance of pre-contractual measures), the legal basis is Art. 6 (1) (b) GDPR. If you have given us consent for the processing of your data, the processing is based on Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with future effect.

Furthermore, the legal basis for data processing in the conduct of online meetings, video conferences, or webinars is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in the effective conduct of the online meeting, webinar, or video conference.

We have entered into a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with European data protection standards.

10.5 Job Applications via Email

On our website, we advertise current job vacancies in a dedicated section, allowing interested parties to apply via email to the provided contact address.

Applicants must provide all personal data necessary for a thorough assessment, including general information such as name, address, and contact details, as well as performance-related evidence and, if applicable, health-related information. Details on how to apply are outlined in the job advertisement.

Upon receiving an application via email, the data will be stored and processed solely for the purpose of evaluating the application. For follow-up questions, we will use either the applicant's email address or phone number. The processing is based on Art. 6 (1) (b) GDPR (or § 26 (1) BDSG), which considers the application process as part of pre-contractual measures related to employment.

If special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g., health data such as information about disability status) are requested during the application process, the processing is carried out in accordance with Art. 9 (2) (b) GDPR, to exercise rights and fulfill obligations under employment law, social security law, and social protection regulations.

Alternatively or additionally, the processing of special categories of data may be based on Art. 9 (1) (h) GDPR, if it is for purposes of occupational health or occupational medicine, to assess the applicant's work ability, for medical diagnosis, care, or treatment in the health or social sector, or for the management of health or social services and systems.

If the applicant is not selected or withdraws their application prematurely, the transmitted data and all electronic correspondence, including the application email, will be deleted after a corresponding notification, and no later than 6 months. This period is based on our legitimate interest in answering any follow-up questions related to the application and, if necessary, fulfilling our documentation obligations related to non-discrimination regulations for applicants.

In the case of a successful application, the provided data will be processed on the basis of Art. 6 (1) (b) GDPR (in Germany in conjunction with § 26 (1) BDSG) for the purpose of implementing the employment relationship.

11) Tools and Other Services

11.1 Cookie-Consent-Tool

This website uses a "Cookie Consent Tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The Cookie Consent Tool is presented to users as an interactive interface when the website is accessed. Users can provide consent for specific cookies and/or cookie-based applications by checking boxes. This ensures that consent-required cookies/services are only loaded if the user provides the corresponding consent by checking the boxes. Thus, cookies are only set on the user’s device if consent is given.

The tool sets technically necessary cookies to store your cookie preferences. Generally, no personal user data is processed in this context.

In cases where the processing of personal data (such as IP addresses) is required for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in ensuring a legally compliant, user-specific, and user-friendly consent management for cookies and thus in ensuring a legally compliant design of our online presence.

Additionally, Article 6(1)(c) of the GDPR serves as a legal basis for the processing. As data controllers, we are legally obligated to make the use of technically non-essential cookies dependent on user consent.

Where necessary, we have entered into a data processing agreement with the provider, ensuring the protection of our website visitors' data and prohibiting unauthorized disclosure to third parties.

For more information about the operator and the settings of the Cookie Consent Tool, please refer to the relevant user interface on our website.

11.2 Wordfence

This website uses the service of the following provider for security purposes: Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.

The provider protects the website and its associated IT infrastructure from unauthorized third-party access, cyberattacks, as well as from viruses and malware. The provider collects IP addresses of users and, if necessary, other data about their behavior on our website (including accessed URLs and header information) to detect and prevent illegitimate site access and threats. The collected IP address is compared with a list of known attackers. If the IP address is identified as a security risk, the provider may automatically block access to the site for that IP address. The collected information is transmitted to a server of the provider and stored there.

The described data processing is carried out in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interests in protecting the website from harmful cyberattacks and in maintaining the integrity and security of our infrastructure and data.

If visitors to the website have login rights, the provider also sets cookies (= small text files) on the visitor's device. These cookies allow for the reading of certain location and device information, which helps assess whether the login-accessed request is from a legitimate person. At the same time, the cookies help evaluate access rights and release them through an internal website firewall according to the access level. Finally, the cookies are used to register irregular accesses by site administrators from new devices or locations and to notify other administrators accordingly. These cookies are only set if a user has login rights. For visitors without login rights, the provider does not set cookies.

If personal data is processed through cookies, the processing is carried out in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in preventing illegitimate access to site administration and defending against unauthorized administrator access.

We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with European data protection standards.

12) Rights of the Data Subject

12.1 The applicable data protection laws grant you the following rights regarding the processing of your personal data by the data controller (controller), with the specific conditions for exercising these rights referenced in the mentioned legal basis:

Right to Access according to Art. 15 GDPR;
Right to Rectification according to Art. 16 GDPR;
Right to Erasure according to Art. 17 GDPR;
Right to Restriction of Processing according to Art. 18 GDPR;
Right to Notification according to Art. 19 GDPR;
Right to Data Portability according to Art. 20 GDPR;
Right to Withdraw Consent according to Art. 7 (3) GDPR;
Right to Lodge a Complaint according to Art. 77 GDPR.

12.2 Right to Object

If we process your personal data based on a legitimate interest, you have the right to object to this processing at any time, for reasons arising from your particular situation.

If you exercise your right to object, we will cease processing your personal data. However, processing may continue if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. You can exercise this right as described above.

If you exercise your right to object, we will stop processing your personal data for direct marketing purposes.

13) Duration of Storage of Personal Data

The duration for which personal data is stored is determined based on the respective legal basis, the purpose of processing, and, if applicable, any statutory retention periods (e.g., commercial and tax law retention requirements).

Consent-Based Processing: For data processed based on explicit consent in accordance with Art. 6 (1) (a) GDPR, the data will be stored until you withdraw your consent.

Legal Retention Periods: If there are statutory retention periods for data processed based on contractual or quasi-contractual obligations under Art. 6 (1) (b) GDPR, such data will be routinely deleted after the retention periods expire, provided it is no longer necessary for contract fulfillment or contract initiation and/or we do not have a legitimate interest in retaining it further.

Legitimate Interests: For data processed based on Art. 6 (1) (f) GDPR, the data will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Direct Marketing: For data processed for direct marketing purposes under Art. 6 (1) (f) GDPR, the data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise specified in this statement regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.