Privacy Policy

Privacy Policy

Preamble

This privacy policy explains the types of personal data (referred to as “data”) we process, the purposes for which we process it, and the extent of that processing. It applies to all personal data processing activities we undertake, including service delivery, our websites, mobile applications, and external online presences like social media profiles (collectively referred to as “online offerings”).

The terms used are not gender-specific.
Effective date: December 5, 2024

Contents Overview

1. Preamble
2. Responsible Entity
3. Overview of Processing Activities
4. Legal Basis
5. Security Measures
6. Data Transfers
7. International Transfers
8. Data Retention and Deletion
9. User Rights
10. Business Services
11. Processes and Procedures
12. Use of Online Platforms
13. Payment Processing
14. Web Hosting
15. Cookies
16. User Accounts
17. Community Features
18. Blogs and Publications
19. Contact Management
20. Messenger Communication
21. Push Notifications
22. Audio Content
23. Newsletters
24. Marketing Communication
25. Competitions
26. Surveys
27. Web Analytics
28. Online Marketing
29. Affiliate Programs
30. Customer Reviews
31. Social Media
32. Plugins and Embedded Content
33. Management Tools
34. Updates
35. Definitions

Responsible Entity

Forte³
26919 Brake, Germany
Email: contact@forte-3.com
Website: https://www.forte-3.com/

Overview of Processing Activities

Types of Data Processed:

• Basic information
• Payment details
• Location data
• Contact information
• Content
• Contract details
• Usage data
• Meta and communication data

Categories of Affected Individuals:

• Clients and service users
• Interested parties
• Communication partners
• Contest participants
• Business partners
• Students or workshop attendees

Purposes of Processing:

• Fulfillment of contractual obligations
• Communication
• Security measures
• Marketing and audience analysis
• Affiliate tracking

Security Measures

We employ appropriate technical and organizational measures to protect data, considering the state of the art, implementation costs, and processing risks. This includes encrypted online communications (TLS/SSL), IP masking, and internal procedures to uphold data confidentiality and integrity.

Data Transfers

Personal data may be transferred to internal departments or external service providers, adhering to legal requirements and protective contracts.

For further details, please consult the full policy here.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing involves the use of third-party services, disclosure, or transmission of data to other individuals, entities, or organizations, it is conducted in compliance with legal requirements. When the data protection level in the third country has been recognized through an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfer. Otherwise, transfers occur only if the data protection level is secured in other ways, particularly through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or if the transfer is contractually or legally necessary (Art. 49(1) GDPR). Additionally, we provide the basis for data transfers to third countries for specific third-party providers, with priority given to adequacy decisions. Information about third-country transfers and adequacy decisions can be found in the EU Commission’s information resources: EU Commission’s International Data Protection.

Under the “Data Privacy Framework” (DPF), the EU Commission recognized the data protection level of certain U.S. companies as secure in its adequacy decision dated July 10, 2023. The list of certified companies and further details about the DPF are available on the U.S. Department of Commerce website: Data Privacy Framework. We provide information about our service providers certified under the Data Privacy Framework in our privacy policy.

---

General Information on Data Storage and Deletion

We delete personal data processed by us in accordance with legal provisions once the underlying consent is withdrawn, or no further legal basis for processing exists. This includes cases where the original purpose for processing ceases or the data is no longer needed. Exceptions include mandatory legal retention requirements or special interests necessitating longer storage or archiving.

Data required for legal, tax, or rights protection purposes may be retained and processed solely for the reasons justifying their storage. For example, under German law, business records must be retained for 10 years, while other records (e.g., business correspondence) must be kept for 6 years. Data related to warranty or liability claims are typically retained for 3 years under standard limitation periods.

Retention periods without explicit start dates default to the end of the calendar year in which the triggering event occurred. For ongoing contractual relationships, the triggering event is typically the termination or conclusion of the contract.

For detailed information on retention and deletion, please refer to our privacy notices.

---

Rights of Affected Persons

Under the GDPR, you have the following rights, primarily outlined in Articles 15–21:

• Right to Object: You may object to data processing based on Art. 6(1)(e) or (f) GDPR, including profiling. For direct marketing, you can object at any time to such processing.
• Right to Withdraw Consent: You may revoke your consent at any time.
• Right to Access: You can request confirmation about whether your data is processed, along with details and copies.
• Right to Rectification: You may request corrections to inaccurate or incomplete data.
• Right to Erasure and Restriction: You may request immediate deletion of your data or restrictions on processing per legal provisions.
• Right to Data Portability: You can receive your data in a structured, machine-readable format or request its transfer to another controller.
• Right to Lodge a Complaint: You may file complaints with a supervisory authority in your residence, workplace, or the location of the alleged violation.

For comprehensive details on rights and related processes, refer to our privacy policy.

Business Processes and Procedures

Overview:
Personal data of service recipients and clients—including customers, clients, and, in specific cases, contractors, patients, or business partners, as well as other third parties—are processed as part of contractual and similar legal relationships, as well as pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates economic activities in areas such as customer management, sales, payment processing, accounting, and project management.

Purpose:
The collected data ensures the fulfillment of contractual obligations and the efficient operation of business processes. This includes managing business transactions, customer relationships, and sales strategies, while ensuring the functionality of internal accounting and financial workflows. Additionally, it helps preserve the rights of the responsible party and supports administrative and organizational tasks within the company.

Data Sharing:
Personal data may be shared with third parties if necessary to achieve the outlined purposes or fulfill legal obligations.

Processed Data Types:

• Basic Data: Full names, addresses, contact information, customer IDs, etc.
• Payment Data: Bank details, invoices, and payment histories.
• Contact Data: Postal and email addresses.
• Content Data: Text or image messages, contributions, authorship details.
• Contractual Data: Contract details, durations, customer categories.
• Usage Data: Page visits, duration, interaction patterns, device types, and systems.
• Meta/Communication Data: IP addresses, timestamps, IDs.

Affected Individuals:

• Service recipients and clients.
• Prospective customers and communication partners.
• Business and contractual partners.

Processing Purposes:

• Fulfillment of contractual obligations.
• Organizational and administrative procedures.
• Execution of business and economic processes.
• Security measures and user-friendly online services.

Retention and Deletion:
Data is retained and deleted in accordance with specified rules in the “General Information on Data Storage and Deletion” section.

Legal Basis:

• Contractual fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR).
• Legitimate interests (Art. 6(1)(f) GDPR).

Additional Notes on Processing:

• Customer Accounts: Personal data from customer accounts is stored securely, with measures in place to prevent misuse. Upon account termination, data is deleted unless otherwise required for legal or operational reasons.
• Economic Analysis and Market Research: Data is analyzed for business assessments, marketing strategies, and identifying customer trends, with pseudonymized or anonymized methods prioritizing user privacy.

This structured approach ensures compliance with GDPR regulations while facilitating effective business operations and data transparency.

Use of Online Platforms for Offering and Distribution Purposes

We offer our services on online platforms operated by other service providers. In this context, the data protection policies of the respective platforms apply in addition to our data protection notice. This is particularly relevant regarding payment transactions and the procedures used on the platforms for reach measurement and interest-based marketing.

• Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses, phone numbers); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., page views, time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
• Individuals Affected: Service recipients and contractors; business and contractual partners. Users (e.g., website visitors, online service users).
• Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; marketing; business processes and operational procedures. Provision of our online offering and user convenience.
• Retention and Deletion: Deletion according to the section “General Information on Data Retention and Deletion.”
• Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further Notes on Processing Procedures, Methods, and Services:

• eBay: Online marketplace for e-commerce; Service Provider: eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland; Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://www.ebay.de/; Privacy Policy: https://www.ebay.de/help/policies/member-behavior-policies/datenschutzerklrung?id=4260; Data Processing Agreement: Provided by the service provider. Basis for Third-Country Transfers: Adequacy Decision (Switzerland).
• Steady: Internet platform for project financing through crowdfunding as well as the sale of subscriptions and memberships, billing, and providing access and payment processes, utilizing cookies and processing IP addresses, date, time, and other technical data about the browser, operating system, and users’ inventory, contract, and payment data; Service Provider: Steady Media GmbH, Schönhauser Allee 36, Haus 1 – Aufg. D, 10435 Berlin, Germany; Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://steadyhq.com/de/. Privacy Policy: https://steadyhq.com/de/privacy.

Payment Procedures

As part of contractual and other legal relationships, due to legal obligations or based on our legitimate interests, we offer efficient and secure payment options to affected individuals. To this end, we use not only banks and credit institutions but also other service providers (collectively referred to as “payment service providers”).

Data processed by the payment service providers includes inventory data, such as names and addresses, banking data, such as account or credit card numbers, passwords, TANs, and checksums, as well as contractual, sum-related, and recipient-specific information. This data is necessary to process transactions. However, the data entered is processed only by the payment service providers and stored by them. That means we do not receive account- or credit card-related information but only information confirming or rejecting payment. In some cases, the payment service providers may transmit data to credit reporting agencies. This transmission is intended to verify identity and creditworthiness. We refer to the terms and conditions and data protection notices of the payment service providers for this purpose.

For payment transactions, the terms and conditions and data protection policies of the respective payment service providers apply, which are available on their respective websites or transaction applications. We also refer to these for further information and to assert rights of revocation, access, and other rights of affected persons.

• Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., page views, time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved). Contact data (e.g., postal and email addresses, phone numbers).
• Individuals Affected: Service recipients and contractors; business and contractual partners. Prospective customers.
• Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations. Business processes and operational procedures.
• Retention and Deletion: Deletion according to the section “General Information on Data Retention and Deletion.”
• Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further Notes on Processing Procedures, Methods, and Services:

• Amazon Payments: Payment services (technical integration of online payment methods); Service Provider: Amazon Payments Europe S.C.A. 38 avenue J.F. Kennedy, L-1855 Luxembourg; Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Website: https://pay.amazon.de/. Privacy Policy: https://pay.amazon.de/help/201212490.
• American Express: Payment services (technical integration of online payment methods); Service Provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany; Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Website: https://www.americanexpress.com/de/. Privacy Policy: https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

• Processed data types: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); Log data (e.g., log files related to logins or data access or access times). Content data (e.g., textual or pictorial messages and posts, as well as the information concerning them, such as authorship details or creation time).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness. Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.).
• Retention and deletion: Deletion according to the specifications in the section “General information on data storage and deletion”.
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional notes on processing procedures, methods, and services:

• Email sending and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as additional information regarding email sending (e.g., involved providers) and the contents of respective emails, are processed. The aforementioned data may also be processed for the purpose of SPAM detection. Please note that emails are generally not encrypted when sent over the internet. While emails are typically encrypted during transit, they are not (unless end-to-end encryption is used) encrypted on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission path of emails between the sender and the reception on our server; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• WordPress.com: Hosting and software for creating, providing, and operating websites, blogs, and other online offerings; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com; Privacy Policy: https://automattic.com/de/privacy/; Data Processing Agreement: https://wordpress.com/support/data-processing-agreements/. Third-country transfer basis: Data Privacy Framework (DPF).

Use of Cookies

The term “cookies” refers to functions that store and retrieve information on users’ devices. Cookies may also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as for analyzing visitor traffic. We use cookies in compliance with legal requirements. Where required, we obtain users’ consent beforehand. If consent is not necessary, we rely on our legitimate interests. This applies when storing and retrieving information is essential to providing explicitly requested content and features. These include storing settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about the scope and usage of cookies.

Notes on legal bases for data protection: Whether we process personal data using cookies depends on consent. If consent is provided, it serves as the legal basis. Without consent, we rely on our legitimate interests, as outlined in this section and in the context of specific services and procedures.

Storage duration: With regard to storage duration, the following types of cookies are distinguished:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
• Persistent cookies: Persistent cookies remain stored even after closing the device. For example, the login status can be stored, and preferred content displayed directly when the user revisits a website. Similarly, user data collected using cookies can be used for audience measurement. Unless explicitly stated otherwise (e.g., when obtaining consent), users should assume that such cookies are permanent and may be stored for up to two years.

General information on revocation and objection (opt-out): Users may revoke their consent at any time and may also object to processing under legal provisions, including through their browser’s privacy settings.

• Processed data types: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Affected persons: Users (e.g., website visitors, users of online services).
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Additional notes on processing procedures, methods, and services:

• Processing of cookie data based on consent: We use a consent management solution to obtain users’ consent for the use of cookies or the procedures and providers mentioned within the consent management solution. This procedure serves to collect, log, manage, and revoke consents, particularly regarding the use of cookies and similar technologies for storing, retrieving, and processing information on users’ devices. As part of this process, users’ consents for the use of cookies and associated data processing, including specific processes and providers mentioned in the consent management procedure, are obtained. Users also have the opportunity to manage and revoke their consents. The consent declarations are stored to avoid repeated requests and to demonstrate consent as required by law. The storage occurs server-side and/or in a cookie (so-called opt-in cookie) or via comparable technologies to associate consent with a specific user or their device. Unless specific information is provided about consent management service providers, the following general notes apply: The consent storage duration is up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, details about the scope of consent (e.g., affected categories of cookies and/or service providers), as well as information about the browser, system, and device used; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
• Complianz: Consent management: Process for obtaining, logging, managing, and revoking consents, especially for the use of cookies and similar technologies for storing, retrieving, and processing information on users’ devices, as well as their processing; Service provider: Execution on servers and/or computers under its own data protection responsibility; Website: https://complianz.io/; Privacy Policy: https://complianz.io/legal/. Additional information: An individual user ID, language, types of consent, and the time of submission are stored server-side and in the cookie on the user’s device.

Registration, login, and user account

Users can create an account. During registration, users are informed of the required mandatory information, which is processed to provide the user account based on contractual obligations. The processed data includes login information (username, password, and email address).

As part of our registration and login functions and the use of the user account, we store the IP address and the time of each user action. This storage is based on our legitimate interests and those of users in protecting against misuse and unauthorized use. These data are generally not shared with third parties unless required to pursue our claims or there is a legal obligation to do so.

Users may be informed via email about activities relevant to their user account, such as technical changes.

• Processed Data Types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image messages and posts, as well as associated information, such as authorship or creation timestamps); Usage data (e.g., page views, duration, click paths, usage intensity and frequency, device types, operating systems, interactions with content and features); Log data (e.g., log files related to logins or data access or access times).
• Affected Individuals: Users (e.g., website visitors, online service users).
• Processing Purposes: Provision of contractual services and fulfillment of contractual obligations; security measures; organizational and administrative procedures; provision of our online services and user-friendliness.
• Retention and Deletion: Deletion in accordance with the section “General Information on Data Retention and Deletion.” Deletion after termination.
• Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional Notes on Processing, Procedures, and Services:

• Registration with Pseudonyms: Users may use pseudonyms instead of real names as usernames; Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• User Profiles Are Not Public: User profiles are not visible or accessible to the public.
• Setting Profile Visibility: Users can configure settings to determine the extent to which their profiles are visible or accessible to the public or specific groups; Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Deletion of Data After Termination: If users terminate their accounts, their data related to the account will be deleted unless legally permitted, obligated, or with user consent; Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• No Obligation to Retain Data: Users are responsible for securing their data before contract termination. We reserve the right to irretrievably delete all user data stored during the contract period; Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Community Features

The community features we provide allow users to engage in conversations or exchange information. Please note that using community features is only permitted in compliance with applicable laws, our terms and conditions, and the rights of other users and third parties.

• Processed Data Types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Usage data (e.g., page views, duration, click paths, usage intensity and frequency, device types, operating systems, interactions with content and features).
• Affected Individuals: Users (e.g., website visitors, online service users).
• Processing Purposes: Provision of contractual services and fulfillment of contractual obligations; security measures; provision of our online services and user-friendliness.
• Retention and Deletion: Deletion in accordance with the section “General Information on Data Retention and Deletion.”
• Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional Notes on Processing, Procedures, and Services:

• User Contributions Are Public: Contributions and content created by users are publicly visible and accessible; Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Setting Contribution Visibility: Users can configure settings to determine the extent to which their contributions and content are visible or accessible to the public or specific individuals or groups; Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Storage of Data for Security Purposes: User contributions and other inputs are processed for community and conversation purposes and are not shared with third parties unless required by law or legal obligation, particularly in cases of unlawful contributions for legal prosecution. Alongside the content of contributions, their timestamps and the users’ IP addresses are also stored to enable appropriate measures for protecting other users and the community; Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Right to Delete Content and Information: The deletion of user contributions, content, or data is permissible after appropriate consideration if there are concrete indications of violations of legal rules, our terms, or third-party rights; Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Limited Deletion of Conversation Contributions: In consideration of other users, conversation contributions remain stored even after account termination to preserve the meaning of conversations, comments, advice, or similar communication among users. Usernames are deleted or pseudonymized unless already pseudonyms. Users may request the full deletion of conversation contributions at any time; Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Protecting Personal Data: Users decide which data they disclose within our online services, such as personal information or participation in conversations. Users are encouraged to protect their data and only disclose personal information thoughtfully and to the necessary extent. Specifically, users are urged to protect access data and use secure passwords (e.g., long, random combinations of characters); Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter referred to as “publication medium”). The data of readers is processed solely to the extent necessary for the presentation of the publication medium, communication between authors and readers, or for security purposes. For further information on processing the data of visitors to our publication medium, please refer to the information provided in this privacy policy.

• Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and contributions, including related information such as authorship details or time of creation); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Feedback (e.g., collecting feedback via online forms); Provision of our online services and user-friendliness; Security measures; Communication; Organizational and administrative procedures.
• Storage and deletion: Deletion is carried out in accordance with the information provided in the section “General information on data storage and deletion.”
• Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR). Consent (Article 6 (1) sentence 1 lit. a) GDPR).

Additional notes on processing methods, procedures, and services:

• Comments and contributions: If users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is for our security, in case someone posts illegal content (e.g., insults, prohibited political propaganda, etc.). In such cases, we may be held liable for the comment or contribution and are therefore interested in the identity of the author.
  
  Additionally, we reserve the right to process users’ data for spam detection purposes based on our legitimate interests.
  
  On the same legal basis, we reserve the right to store users’ IP addresses during surveys for their duration and use cookies to prevent multiple votes.
  
  The personal information provided as part of comments and contributions, including contact and website information and the content details, will be stored permanently until users object to this; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).
• Comment subscriptions: Follow-up comments can be subscribed to by users with their consent. Users will receive a confirmation email to verify if they are the owner of the provided email address. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will include instructions on how to revoke consent. For proof of users’ consent, we store the subscription time along with users’ IP addresses and delete this information when users unsubscribe.
  
  You may cancel your subscription at any time, i.e., revoke your consent. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, to be able to prove previously granted consent. The processing of this data is limited to defending against potential claims. An individual deletion request is possible at any time, provided the prior existence of consent is confirmed; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).
• Fetching WordPress Emojis and Smilies: Fetching WordPress Emojis and Smilies – Within our WordPress blog, graphic emojis (or smilies), i.e., small graphical files expressing emotions, are used to efficiently integrate content elements, sourced from external servers. The providers of these servers collect users’ IP addresses. This is necessary for the emoji files to be transmitted to users’ browsers; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://automattic.com; Privacy policy: https://automattic.com/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).

Profile pictures from Gravatar: Within our online offering and especially in our blog, we use the Gravatar service provided by Automattic Inc. to display user profile pictures, provided users have an email address registered with Gravatar and have selected it for their display. Gravatar allows displaying of the profile picture associated with the user’s email address and serves to personalize contributions and comments. If the user does not wish to use a Gravatar image, the email address should not be used for comments. Note that when Gravatar is used, the user’s email address is transmitted in encrypted form to check if there is a profile picture stored. It is not used for other purposes; Service provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website:https://automattic.com; Privacy policy:https://automattic.com/privacy.

Further guidance: More details on how to manage your data and privacy preferences related to the outlined services are usually provided within the privacy policies linked above. These policies detail data retention periods, the types of data processed, and any options for opting out or adjusting settings.

• Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact details (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and contributions as well as related information such as authorship or creation date); usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features). Meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Individuals affected: Communication partners.
• Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online forms). Providing our online offer and user-friendliness.
• Retention and deletion: Deletion as specified in the section “General Information on Data Storage and Deletion”.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Additional notes on processing procedures, methods, and services:

• Contact form: When contacting us via our contact form, email, or other communication channels, we process the personal data provided to respond to and handle the respective request. This typically includes details such as name, contact information, and possibly other information shared with us that is necessary for proper handling. We use this data solely for the stated purpose of contact and communication; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Communication via Messenger

We use messengers for communication purposes and therefore ask you to consider the following notes on the functionality of messengers, encryption, the use of communication metadata, and your options to object.

You can also contact us through alternative methods, such as by phone or email. Please use the contact options provided to you or those listed within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the message’s content and attached images) is end-to-end encrypted. This means that the content of the messages is not visible, not even by the messenger providers themselves. You should always use the latest version of the messenger with encryption enabled to ensure the encryption of the message content.

However, we also inform our communication partners that while messenger providers cannot view the content, they can determine that and when communication partners communicate with us and process technical information about the devices used by communication partners and, depending on their device settings, location information (so-called metadata).

Notes on legal basis: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and, for example, they contact us on their own, we use messengers in relation to our contractual partners and as a pre-contractual measure. For other interested parties and communication partners, we rely on our legitimate interests in efficient communication and fulfilling the needs of our communication partners. Furthermore, we note that we do not initially transmit the contact details shared with us to messengers without your consent.

Revocation, objection, and deletion: You can revoke any given consent at any time and – This text section requires a premium license to be unlocked. – premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext

• Processed data types: Contact data (e.g., postal and email addresses or – This text area must be unlocked with a premium license. – premiumtext premiumtext premiumtext ). Content data (e.g., textual or visual messages and contributions as well as the information relating to them, such as information on authorship – This text area must be unlocked with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext ).
• Affected persons: Communication partners.
• Purposes of processing: Communication.
• Retention and deletion: Deletion according to the information in the section “General information on data storage and deletion”.
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Performance of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Push Notifications

With the consent of users, we may send so-called “push notifications” to users. These are messages displayed on users’ screens, devices, or browsers even when our online service is not actively being used.

To sign up for push notifications, users must confirm their browser’s or device’s prompt to receive push notifications. This consent process is documented and stored. Storage is required to recognize whether users have consented to receiving push notifications and to be able to provide evidence of consent. For these purposes, a pseudonymous identifier of the browser (so-called “push token”) or the device ID of a device is stored.

Push notifications may be required, on the one hand, to fulfill contractual obligations (e.g., technical and organizational information relevant to the use of our online offer) and – This text area must be unlocked with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext

• Processed data types: Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with – This text area must be unlocked with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext ). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved – This text area must be unlocked with a premium license. – premiumtext premiumtext premiumtext ).
• Affected persons: Communication partners.
• Purposes of processing: Communication. Provision of our online offer and user-friendliness.
• Retention and deletion: Deletion according to the information in the section “General information on data storage and deletion”. Deletion after termination.
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Audio Content

We use hosting services from providers to offer our audio content for listening and downloading. We use platforms that enable the uploading, storage, and distribution of audio material.

• Processed data types: Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices used and operating systems, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Log data (e.g., log files regarding logins or access to data or access times).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Conversion measurement (measurement of the effectiveness of marketing measures); Profiles with user-related information (creation of user profiles). Provision of our online offer and user-friendliness.
• Retention and deletion: Deletion according to the information in the section “General information on data storage and deletion”.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing procedures, methods, and services:

• Soundcloud: Soundcloud – Music hosting; Service provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://soundcloud.com. Privacy Policy: https://soundcloud.com/pages/privacy.
• Spotify: Podcast hosting, publication, and management of podcast content, analysis of listening behavior and statistics, monetization options for podcasters; Service provider: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://podcasters.spotify.com/. Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/.

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletter”) only with the consent of the recipients or based on a legal basis. If the content of the newsletter is specified during registration, it is decisive for the users’ consent. Usually, providing your email address is sufficient for subscribing to our newsletter. To offer you a personalized service, we may request your name for a personal greeting in the newsletter or additional information if necessary for the newsletter’s purpose.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of previously given consent. Processing of these data is limited to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed simultaneously. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blacklist (so-called “blocklist”).

The logging of the registration process is carried out based on our legitimate interests for proving its proper implementation. If we engage a service provider for sending emails, this is done based on our legitimate interests in an efficient and secure mailing system.

Content:

Information about us, our services, promotions, and offers.

• Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features).
• Individuals affected: Communication partners. Users (e.g., website visitors, users of online services).
• Purposes of processing: Direct marketing (e.g., via email or postal mail). Provision of contractual services and fulfillment of contractual obligations.
• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Opt-out option: You can unsubscribe from our newsletter at any time, i.e., revoke your consent or object to further receipt. A link to unsubscribe can be found at the end of each newsletter or by using one of the above-mentioned contact methods, preferably email.

Further information on processing procedures, methods, and services:

• Measurement of opening and click rates: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our or, if we use a delivery service provider, its server upon opening the newsletter. During this retrieval, technical information such as browser details, your system, your IP address, and the time of retrieval are collected. These details are used to improve our newsletters technically or to assess target groups and their reading habits based on their retrieval locations (which can be determined using the IP address) or access times. The analysis also includes determining whether and when newsletters are opened and which links are clicked. The information is linked to individual newsletter recipients and stored in their profiles until deletion. The evaluations help identify our users’ reading habits, adapt our content to them, or send different content based on user interests. Measuring opening and click rates as well as storing the results in user profiles – This text area must be unlocked with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext ; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
• Requirement for free services: Consent to receive mailings can be made a condition for using free services (e.g., access to certain content or participation in certain activities). If users want to utilize the free service without subscribing to the newsletter, we request you contact us.
• Mailchimp: Email marketing, automation of marketing processes, collection, storage, and management of contact data, campaign performance measurement, recipient interaction tracking, content personalization; Service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://mailchimp.com; Privacy policy: https://mailchimp.com/legal/; Processing agreement: https://mailchimp.com/legal/; Basis for third-country transfers: Data Privacy Framework (DPF). Further information: Special security measures: https://mailchimp.com/de/help/mailchimp-european-data-transfers/.

Promotional communication via email, postal mail, fax, or phone

We process personal data for the purposes of promotional communication, which can be carried out via various channels such as email, phone, postal mail, or fax in accordance with legal regulations.

Recipients have the right to revoke granted consent at any time or to object to promotional communication.

After revocation or objection, we store the data required to demonstrate previous authorization to contact or send information until three years after the end of the year in which the revocation or objection occurs, based on our legitimate interests. The processing of this data is limited to defending against potential claims. Additionally, to permanently respect users’ revocations or objections, we store the data necessary to prevent further contact (e.g., the email address, phone number, or name depending on the communication channel).

• Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers). Content data (e.g., textual or pictorial messages and posts and related information, such as authorship or time of creation).
• Individuals affected: Communication partners.
• Purposes of processing: Direct marketing (e.g., via email or postal mail); Marketing. Sales promotion.
• Retention and deletion: Deletion as per the section “General information on data retention and deletion.”
• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Contests and competitions

We process the personal data of participants in contests and competitions in compliance with relevant data protection regulations, provided processing is contractually required to provide, conduct, and manage the contest, the participants have consented to the processing, or the processing serves our legitimate interests (e.g., ensuring contest security or protecting our interests from misuse by potentially capturing IP addresses when contest entries are submitted).

If participant contributions are published as part of the contest (e.g., during voting or showcasing the contest entries or winners, or in reports about the contest), we inform that participant names may also be published. Participants can object to this at any time.

When the contest occurs on an online platform or social network (e.g., Facebook or Instagram, referred to as “online platform”), the terms of use and privacy policies of the respective platforms also apply. In these cases, we clarify that we are responsible for the information provided by participants as part of the contest and that inquiries about the contest should be directed to us.

Participants’ data will be deleted once the contest or competition has ended, and the data is no longer needed to inform winners or handle potential inquiries about the contest. In general, participant data is deleted no later than six months after the contest ends. Winner data may be retained longer to answer inquiries about prizes or fulfill prize obligations; in such cases, the retention period depends on the prize type and may extend up to three years for handling warranty cases. Additionally, participant data may be retained longer, e.g., as part of reports about the contest in online and offline media.

If data is also collected for other purposes during the contest, its processing and retention period follow the privacy notices related to that usage (e.g., for newsletter sign-up as part of the contest).