Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This applies only insofar as no other information is provided in the following processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.

Your data will be transferred to Canada, among other places. The EU Commission has issued an adequacy decision for data transfers to Canada.

contact

Responsible
Please contact us if you wish. The data controller is: Stefanie Kopischke, Agnesenstraße 1, 79106 Freiburg, Germany, contact@mentalhealthclub.shop

Customer initiates contact via email
If you contact us proactively via email, we collect your personal data (name, email address, message text) only to the extent that you provide it. This data processing serves the purpose of processing and responding to your inquiry.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing of data when images are sent via upload
We provide an image file upload function on our website. This allows you to send us images via encrypted data transmission. By submitting your images, we may collect your personal data (images of identifiable individuals) only to the extent that you provide it. This data processing serves the purpose of creating personalized products. The submitted image serves as a template for the product and is used for this purpose (e.g., T-shirt printing). This processing is based on Article 6 Paragraph 1 Letter b of the GDPR and is necessary for the performance of a contract with you.
Your data may be shared with service providers that we use for order processing. It will not be shared with any other third parties.
We will only use the image you sent us for the purpose of providing our services. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

WhatsApp Business
If you contact us for business purposes via WhatsApp, we use the WhatsApp Business version provided by WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “WhatsApp”). If you are located outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The data processing serves to process and respond to your contact request. For this purpose, we collect and process your mobile phone number registered with WhatsApp, your name if provided, and other data to the extent you have made it available. We use a mobile device for this service whose address book contains only data from users who have contacted us via WhatsApp. Therefore, no personal data is shared with WhatsApp without your prior consent to this.
Your data will be transferred by WhatsApp to servers of Meta Platforms Inc. in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. is certified under the TADPF and has thus committed to complying with European data protection principles. If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice regarding a potential purchase, preparing a quote) or relates to a contract already concluded between you and us, this data processing is based on Article 6(1)(b) GDPR.
If contact is made for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in providing quick and easy contact options and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We use your personal data only to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Further information on terms of service and data protection when using WhatsApp can be found at https://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy .

Orders

Your data will be transferred to Canada, among other places. The EU Commission has issued an adequacy decision for data transfers to Canada.

Reviews Advertising

Use of the email address for sending newsletters
We use your email address, independently of contract processing, exclusively for our own advertising purposes to send you newsletters, provided you have expressly consented to this. This processing is based on Article 6 Paragraph 1 Letter a of the GDPR with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on the consent before its revocation. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list.

Use of the email address for sending direct marketing.
We use your email address, which we obtained in connection with the sale of goods or services, to send you electronic advertising for our own goods or services that are similar to those you have already purchased from us, unless you have objected to this use. Providing your email address is necessary for the conclusion of the contract. Failure to provide it will result in the contract not being concluded. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in direct marketing. You can object to this use of your email address at any time by notifying us. Our contact details for exercising your right to object can be found in the legal notice. You can also use the unsubscribe link provided in the advertising email. No costs other than standard transmission fees will be incurred.

Using Mailchimp
We use the service of Rocket Science Group LLC (675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308, USA; “Mailchimp”) for sending newsletters as part of a data processing agreement.
We forward the information you provide during newsletter registration (email address, and optionally first and last name) to Mailchimp. This data processing serves the purpose of sending the newsletter and its statistical evaluation.
To evaluate newsletter campaigns, the newsletters we send contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This allows us to determine whether you have opened the newsletter and whether you have clicked on any embedded links. In this context, we collect your personal data, such as your IP address, browser type and device, and the time of access. Usage profiles can be created from this data under a pseudonym. The collected data is not used to personally identify you. It is used solely for statistical analysis to improve our newsletter campaigns.
Your data is generally transferred to and stored on Mailchimp's servers in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Mailchimp is certified under the TADPF and has therefore committed to complying with European data protection principles.
Your personal data is processed on the basis of Article 6(1)(f) GDPR, based on our overriding legitimate interest in a targeted, effective, and user-friendly newsletter system. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.
Further information and MailChimp's privacy policy can be found at: https://mailchimp.com/de/legal/data-processing-addendum/ and https://www.intuit.com/privacy/statement/ .

Use of mobile phone number for sending SMS advertising
We use your mobile phone number, independently of the contract processing, exclusively for our own advertising purposes to send SMS advertising, provided you have expressly agreed to this.
The processing of your data is based on Article 6(1)(a) GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on your consent before its withdrawal. Your mobile phone number will then be removed from the mailing list.

Your mobile phone number will be passed on to a service provider for SMS sending as part of order processing.

Payment service provider

Using PayPal Express
We use the PayPal Express payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of enabling you to pay via the PayPal Express payment service.
To integrate this payment service, PayPal needs to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when you access the website. Cookies may also be used for this purpose. These cookies enable your browser to be recognized.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 TTDSG. In conjunction with Article 6(1)(a) GDPR. Your personal data is processed with your consent on the basis of Article 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
By selecting and using PayPal Express, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the chosen payment method. This processing is based on Article 6(1)(b) GDPR.
Further information on data processing when using the PayPal Express payment service can be found in the corresponding privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS

Using PayPal Checkout
We use the PayPal Checkout payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of offering you the option of paying via this service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR.

Credit card via PayPal, direct debit via PayPal & "Pay later" via PayPal
For certain payment methods, such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical methods using credit reference agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit reference agency and uses the information received about the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values ​​(score values) calculated using scientifically recognized mathematical-statistical methods, which may incorporate address data, among other factors. Your legitimate interests are protected in accordance with legal regulations. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in protecting against payment defaults when PayPal provides services in advance.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(f) GDPR by notifying PayPal. Providing this data is necessary for concluding the contract with your chosen payment method. Failure to provide this data will result in the contract not being able to be concluded with your chosen payment method.

Third-party providers
When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is based on Article 6(1)(b) GDPR. To process this payment method, PayPal may then forward the data to the respective provider. This processing is also based on Article 6(1)(b) GDPR. Local third-party providers may include, for example:

• Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
• giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)

Purchase on account via PayPal
When paying via invoice, the data required for payment processing is initially transmitted to PayPal. To process this payment method, PayPal then transmits the data to Ratepay GmbH (Franklinstrasse 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6 Paragraph 1 Letter b GDPR. Ratepay may conduct a credit check using mathematical-statistical methods (probability or score values) with credit agencies, following the procedure described above. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6 Paragraph 1 Letter f GDPR, due to our overriding legitimate interest in protecting against payment defaults when Ratepay provides services in advance. Further information on data protection and which credit agencies Ratpay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/ .

Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

Advertising tracking communication

Use of Google Analytics 4
We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of analyzing this website and its visitors, as well as for marketing and advertising purposes. To this end, Google, on behalf of the operator of this website, will use the information obtained to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator.
The following information may be collected, among other things: IP address, date and time of the page visit, click path, information about the browser and device you are using, pages visited, referrer URL (website from which you accessed our website), location data, and purchase activity. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Google uses technologies such as cookies, web storage in the browser and tracking pixels, which enable an analysis of your use of the website.
The information generated about your use of this website is generally transmitted to and stored on a Google server in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has thus committed to complying with European data protection principles. Both Google and US government authorities have access to your data. Google may combine your data with other data, such as your search history, your personal accounts, your usage data from other devices, and any other data Google holds about you.
When using Google Analytics 4, the IP address transmitted by your website is automatically collected and processed in anonymized form. Google shortens the IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before processing it.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on terms of use and data protection can be found at https://policies.google.com/technologies/partner-sites and at https://policies.google.com/privacy?hl=de&gl=de .

Using the Pinterest tag
We use the Pinterest tag of Pinterest Europe Limited (Palmerston House, 2nd, Fenian Street, Floor, Dublin 2, Ireland "Pinterest") on our website.
This application is designed to target website visitors with interest-based advertising on the social network Pinterest. To achieve this, the Pinterest conversion tag has been implemented on the website. This tag establishes a direct connection to Pinterest's servers when you visit the website. This transmits information to Pinterest's servers about which of our pages you have visited. Pinterest associates this information with your personal Pinterest user account if you are logged into the social network. When you visit Pinterest, you will then be shown personalized, interest-based Pinterest ads.
When you access our website via a pin on the social network Pinterest, a conversion tracking cookie is placed on your computer. These cookies have a limited lifespan, do not contain any personal data, and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Pinterest and we can recognize that you clicked on the pin and were redirected to this page. The information collected using the conversion cookie is used to generate conversion statistics and thus optimize our website. This may include, among other things, the following information: the total number of users who clicked on one of our pins and were redirected to our website, the subpages visited on our website (e.g., category or product pages), search queries on our website, your shopping cart contents, and completed transactions.
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not TADPF certified. Data transfers are based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de .
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
For more information about how Pinterest collects and uses data, your related rights and options for protecting your privacy, please see Pinterest's privacy policy at https://policy.pinterest.com/de/privacy-policy .

Use of TikTok Pixel
We use the TikTok Pixel on our website, provided by TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; “TikTok Ireland”) and TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; “TikTok UK”). Both companies are joint controllers for data processing (hereinafter “TikTok”).
The data processing serves the purpose of identifying and analyzing our customers' website visits, improving customer targeting through the placement of targeted advertisements, and evaluating the effectiveness of advertisements on TikTok. TikTok uses technologies such as cookies and pixels to recognize your browser. The following information, among other things, may be collected and transmitted to TikTok: date and time of visit, information about your browser and device type, screen resolution, and IP address. TikTok can associate this information with your personal TikTok user account. Usage profiles can be created from the data collected in this way using pseudonyms. However, personal identification of users is not possible through this process.
Your data may be transferred to third countries, such as the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified under the TADPF. Data transfers to the USA and to third countries without an adequacy decision are based, among other things, on standard contractual clauses as suitable safeguards for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de .
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on data protection can be found at https://www.tiktok.com/legal/new-privacy-policy?lang=de-DE and https://ads.tiktok.com/i18n/official/policy/controller-to-controller .

Plug-ins and other

Use of social plug-ins
We use social network plugins on our website. The integration of social plugins and the associated data processing serve the purpose of optimizing advertising for our products.
When social plugins are integrated, a connection is established between your computer and the servers of the social network provider. The plugin is then displayed on the page by sending a message to your browser, provided you have explicitly consented to this. In this process, both your IP address and information about which of our pages you have visited are transmitted to the provider's servers. This applies regardless of whether you are registered with or logged into the social network. Even unregistered or logged-out users are subject to this transmission. If you are simultaneously connected to one or more of your social network accounts, the collected information can also be associated with your corresponding profiles. When you use the plugin functions (e.g., by clicking the button), this information is also associated with your user account. You can prevent this association by logging out of your social media accounts before visiting our website and before activating the buttons.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
The social networks listed below are integrated into our website via social plugins. Further information on the scope and purpose of data collection and use, as well as your related rights and options for protecting your privacy, can be found in the linked privacy policies of the providers.

Facebook of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Meta Platforms Ireland and we are jointly responsible for the collection of your data and its transfer to Facebook when you use this service. This is based on an agreement between us and Meta Platforms Ireland regarding the joint processing of personal data, which defines the respective responsibilities. The agreement can be accessed at https://www.facebook.com/legal/controller_addendum . Specifically, we are responsible for fulfilling the information obligations under Articles 13 and 14 of the GDPR, for complying with the security requirements of Article 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Articles 33 and 34 of the GDPR insofar as a personal data breach affects our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling the data subject rights in accordance with Articles 15-20 GDPR, complying with the security requirements of Article 32 GDPR with regard to the security of the service, and fulfilling the obligations under Articles 33 and 34 GDPR insofar as a personal data breach affects Meta Platforms Ireland's obligations under the joint processing agreement.
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta is certified under the TADPF and has therefore committed to complying with European data protection principles.
Further information on the collection and use of data by Facebook, your related rights and options for protecting your privacy can be found in Facebook's privacy policy at https://www.facebook.com/about/privacy/ .

LinkedIn from LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA)
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). LinkedIn is not certified under the TADPF.

Pinterest from Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA)
https://policy.pinterest.com/de/privacy-policy
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not TADPF certified.

Using social plug-ins via "Shariff"
We use social network plugins on our website. To ensure you retain control over your data, we use the privacy-friendly "Shariff" buttons.
No links to the servers of the social networks will be established and consequently no data will be transmitted without your explicit consent.
"Shariff" is a development by the specialists at the computer magazine c't. It enables greater privacy online and replaces the usual "Share" buttons of social networks. More information about the Shariff project can be found here: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
When you click the buttons, a pop-up window will appear where you can log in to the respective provider with your credentials. A direct connection to the social networks will only be established after you have actively logged in.
By logging in, you consent to the transfer of your data to the respective social media provider. This includes, among other things, the transmission of your IP address and information about which of our pages you have visited. If you are simultaneously logged into one or more of your social network accounts, the collected information will also be associated with your corresponding profiles. You can only prevent this association by logging out of your social media accounts before visiting our website and before activating the buttons. The social networks listed below are integrated using the "Shariff" function.
Further information on the scope and purpose of the collection and use of data, as well as your related rights and options for protecting your privacy, can be found in the linked privacy policies of the providers.

Facebook of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://www.facebook.com/policy.php
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta is certified under the TADPF and has therefore committed to complying with European data protection principles.

Instagram of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) https://help.instagram.com/155833707900388 .
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta is certified under the TADPF and has therefore committed to complying with European data protection principles.

LinkedIn from LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA)
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). LinkedIn is not certified under the TADPF.

Pinterest from Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA)
https://policy.pinterest.com/de/privacy-policy
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not TADPF certified.

Using social plug-ins via the "2-click solution"
We use social network plugins on our website via the "2-click solution". This means that no connection to the social network servers is established and consequently no data is transmitted without your explicit consent.
When plugins are integrated in the standard way, a connection is established between your computer and the servers of the social network provider when you visit pages on our website that contain such a plugin. The plugin is then displayed on the page by sending a message to your browser. In this process, both your IP address and information about which of our pages you have visited are transmitted to the provider's servers. This applies regardless of whether you are registered with or logged into the social network. Even unregistered or logged-out users are subject to this transmission. If you are also logged into the Facebook social network, this information will be associated with your personal user account. When you use the plugin functions (e.g., by clicking the button), this information will also be associated with your user account, which you can only prevent by logging out before using the plugin. To ensure you retain control over your data, we have decided to initially deactivate the corresponding button. You can recognize this by the grayed-out button. Without your explicit consent – ​​in the form of activating the button – no connection to the social network's server will be established and consequently no data will be transmitted.
Only when you activate the button will it become active (highlighted in color) and a direct connection to the social network's servers will be established.
By activating this feature, you consent to the transfer of your data to the respective social network provider. This includes, among other things, the transmission of your IP address and information about which of our pages you have visited. If you are simultaneously logged into one or more of your social network accounts, the collected information will also be associated with your corresponding profiles. You can only prevent this association by logging out of your social network accounts before visiting our website and before activating the buttons.
The social networks listed below are integrated using the "2-click function". Further information on the scope and purpose of data collection and use, as well as your related rights and options for protecting your privacy, can be found in the linked privacy policies of the providers.

Facebook of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://www.facebook.com/policy.php
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta is certified under the TADPF and has therefore committed to complying with European data protection principles.

Instagram of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
http://instagram.com/legal/privacy/
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta is certified under the TADPF and has therefore committed to complying with European data protection principles.

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland):
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). LinkedIn is not certified under the TADPF.

Pinterest from Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA):
https://policy.pinterest.com/de/privacy-policy
https://help.pinterest.com/de/articles/personalization-and-data
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not TADPF certified.

Using Facebook's single sign-on feature
We use the single sign-on function (formerly Facebook Connect) of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Facebook”) on our website.
Meta Platforms Ireland and we are jointly responsible for the collection of your data and its transfer to Facebook when you use this service. This is based on an agreement between us and Meta Platforms Ireland regarding the joint processing of personal data, which defines the respective responsibilities. The agreement can be accessed at https://www.facebook.com/legal/controller_addendum . Specifically, we are responsible for fulfilling the information obligations under Articles 13 and 14 of the GDPR, for complying with the security requirements of Article 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Articles 33 and 34 of the GDPR insofar as a personal data breach affects our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling the data subject rights in accordance with Articles 15-20 GDPR, complying with the security requirements of Article 32 GDPR with regard to the security of the service, and fulfilling the obligations under Articles 33 and 34 GDPR insofar as a personal data breach affects Meta Platforms Ireland's obligations under the joint processing agreement.
This feature allows website visitors to log in to the website using their existing Facebook account. The data processing serves the purpose of verification during registration, personalization, and interest-based advertising.
To offer this feature on the website, a connection to the Facebook server is established. Cookies are used for this purpose. The following information, among other things, may be collected and transmitted to Facebook: IP address, browser information, referrer URL (website from which you accessed our website), and location data. This applies regardless of whether you are registered with or logged into the social network. Data is also transmitted for users who are not registered or logged in. If you are simultaneously connected to one or more of your social network accounts, the collected information can also be associated with your corresponding profiles. You can prevent this association by logging out of your social media accounts before visiting our website and before activating the buttons. Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself under the TADPF and is therefore committed to complying with European data protection principles.
When using the single sign-on function, the website visitor's Facebook profile is linked to a customer account for this website. In doing so, we receive personal data from Facebook, as specified during the login process. This may include, among other things, the following information: name, address, public profile information (e.g., name, profile picture, age, gender), email address, friend lists, and "likes".
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on the collection and use of data by Facebook, your related rights and options for protecting your privacy can be found in Facebook's privacy policy at https://www.facebook.com/about/privacy/ .

Using YouTube
We use the YouTube video embedding function on our website, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”). YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
This feature displays videos hosted on YouTube within an iFrame on the website. The "Enhanced Privacy Mode" option is enabled. This means that YouTube does not store any information about website visitors. Information is only transmitted to and stored by YouTube when you actually watch a video. Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself under the TADPF and has therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on the collection and use of data by YouTube and Google, your related rights and options for protecting your privacy can be found in YouTube's privacy policy at https://www.youtube.com/t/privacy .

Using Vimeo
We use plugins from Vimeo Inc. (555 West 18th Street New York, New York 10011, USA; “Vimeo”) on our website to embed videos from the “Vimeo” portal.
When you access pages on our website that contain such a plug-in, a connection is established to Vimeo's servers, and the plug-in is displayed on the page by sending a message to your browser. This transmits both your IP address and information about which of our pages you have visited to Vimeo's servers.
If you are logged into Vimeo, Vimeo will associate this information with your personal user account. When using the plug-in functions (e.g., by starting a video by clicking the corresponding button), this information will also be associated with your Vimeo account.
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Vimeo is not certified under the TADPF. Data transfers are based, among other things, on standard contractual clauses as suitable safeguards for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de .
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
For more information on the purpose and scope of data collection, as well as the further use and processing of data by Vimeo, and your related rights and options for protecting your privacy, please see Vimeo's privacy policy: https://vimeo.com/privacy

Use of Google Fonts
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of ensuring consistent font display on our website. To load the fonts, a connection to Google's servers is established when the page is accessed. Cookies may be used in this process. Among other things, your IP address and information about the browser you are using are processed and transmitted to Google. This data is not linked to your Google account.
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on data processing and data protection can be found at https://www.google.de/intl/de/policies/ and at https://developers.google.com/fonts/faq .

Data subject rights and storage period

Storage duration
After complete contract fulfillment, the data will initially be stored for the duration of the warranty period, then taking into account legal, in particular tax and commercial law retention periods, and then deleted after the expiry of the period, unless you have consented to further processing and use.

Rights of the data subject
Provided the legal requirements are met, you have the following rights under Articles 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
Furthermore, pursuant to Article 21 Paragraph 1 GDPR, you have the right to object to processing based on Article 6 Paragraph 1 f GDPR, as well as to processing for direct marketing purposes.

Right to lodge a complaint with the supervisory authority
According to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is unlawful.

You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstrasse 10 a
70173 Stuttgart
Tel.: +49 711 6155410
Fax: +49 711 61554115
Email: poststelle@lfdi.bwl.de

Right to object
If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time with effect for the future on grounds relating to your particular situation.
After an objection has been lodged, the processing of the data in question will cease, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

If your personal data is processed for direct marketing purposes, you can object to this processing at any time by notifying us. Upon receipt of your objection, we will cease processing the data in question for direct marketing purposes.

Last updated: August 10, 2025