Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Accept
Deny
Preferences
Skip to main content

Privacy Policy

Introduction

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also briefly referred to as “data”) we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). The terms used are not gender-specific.

Status: January 4, 2021

Table of Contents

  • Introduction
  • Controller
  • Overview of Processing Activities
  • Relevant Legal Bases
  • Security Measures
  • Transmission and Disclosure of Personal Data
  • Data Processing in Third Countries
  • Use of Cookies
  • Commercial and Business Services
  • Payment Service Providers
  • Provision of the Online Offering and Web Hosting
  • Blogs and Publication Media
  • Contacting Us
  • Deletion of Data
  • Changes and Updates to the Privacy Policy
  • Rights of Data Subjects
  • Definitions

Controller

Alexander Bodo

Benzstraße 87

71563 Affalterbach

Authorized representatives

Dominic Barth

Email address

ab@paceteq.com

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • Inventory data (e.g., names, addresses).
  • Content data (e.g., entries in online forms).
  • Contact data (e.g., email, telephone numbers).
  • Meta-/communication data (e.g., device information, IP addresses).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Contract data (e.g., subject matter of the contract, term, customer category).
  • Payment data (e.g., bank details, invoices, payment history).

Categories of Data Subjects

  • Business and contractual partners.
  • Prospective customers.
  • Communication partners.
  • Customers.
  • Users (e.g., website visitors, users of online services).

Purposes of Processing

  • Conversion measurement (measuring the effectiveness of marketing measures).
  • Office and organizational procedures.
  • Feedback (e.g., collecting feedback via online form).
  • Interest-based and behavioral marketing.
  • Contact requests and communication.
  • Profiling (creating user profiles).
  • Remarketing.
  • Reach measurement (e.g., access statistics, recognition of returning visitors).
  • Security measures.
  • Tracking (e.g., interest-/behavior-based profiling, use of cookies).
  • Provision of contractual services and customer service.
  • Administration and response to inquiries.

Relevant Legal Bases

Below we inform you of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, the national data protection regulations in your and/or our country of residence or registered office may apply. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy.

  • Consent (Art. 6 (1) sentence 1 lit. a GDPR) – The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 (1) sentence 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not override them.

National data protection regulations in Germany: In addition to the data protection provisions of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains, in particular, specific provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases including profiling. It also regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation, or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures in accordance with statutory requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

Measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input of, transfer of, securing of availability of, and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also consider the protection of personal data when developing or selecting hardware, software, and procedures in accordance with the principle of data protection by design and by default.

SSL encryption (https): To protect your data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in your browser’s address bar.

Transmission and Disclosure of Personal Data

In the course of our processing of personal data, it may occur that the data is transmitted to other entities, companies, legally independent organizational units, or persons or disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks, or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data transmission within the organization: We may transmit personal data to other entities within our organization or grant them access to this data. If this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate entrepreneurial and business interests or occurs if it is necessary for the fulfillment of our contractual obligations or if consent of the data subjects or a legal permission exists.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if processing occurs in the context of the use of services of third parties or disclosure or transmission of data to other persons, entities, or companies, this is done only in accordance with legal requirements.

Subject to explicit consent or a transmission required by contract or law, we process or allow the data to be processed only in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses of the EU Commission, in the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie primarily serves to store information about a user during or after their visit within an online offering. The stored information may include, for example, language settings on a website, login status, a shopping cart, or the position where a video was watched. We also include other technologies that perform the same functions as cookies under the term cookies (e.g., if user details are stored based on pseudonymous online identifiers, also referred to as “user IDs”).

The following types of cookies and functions are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their browser.
  • Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, user interests used for reach measurement or marketing purposes can be stored in such a cookie.
  • First-party cookies: First-party cookies are set by us ourselves.
  • Third-party cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or strictly necessary) cookies: Cookies can be strictly necessary for the operation of a website (e.g., to save logins or other user inputs or for security reasons).
  • Statistics, marketing, and personalization cookies: Furthermore, cookies are generally used within the scope of reach measurement and when the interests of a user or their behavior (e.g., viewing certain content, use of functions, etc.) are stored in a user profile on individual websites. Such profiles are used to display content to users that corresponds to their potential interests. This process is also referred to as “tracking,” i.e., tracking the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or as part of obtaining consent.

Notes on legal bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies is processed based on our legitimate interests (e.g., in the economical operation of our online offering and its improvement) or, if the use of cookies is necessary, to fulfill our contractual obligations.

Storage duration: Unless we provide you with explicit information on the duration of storage of permanent cookies (e.g., as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.

General information on withdrawal and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to withdraw your consent or object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection by adjusting your browser settings, e.g., by disabling the use of cookies (though this may limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you may receive further objection notices in the information on the service providers and cookies used.

Processing of cookie data based on consent: We use a cookie consent management procedure in which users’ consents to the use of cookies, or the processing and providers mentioned in the context of the cookie consent management procedure, are obtained, managed by users, and can be revoked. The consent declaration is stored so that its query does not have to be repeated and to be able to prove consent in accordance with the legal obligation. Storage can take place server-side and/or in a cookie (so-called opt-in cookie, or with comparable technologies) in order to assign the consent to a user or their device. Subject to individual specifications of the providers of cookie management services, the following notes apply: The duration of the storage of consent can be up to two years. A pseudonymous user identifier is formed and stored along with the time of consent, information on the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and device used.

Types of data processed: Usage data (e.g., websites visited, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).

Data subjects: Users (e.g., website visitors, users of online services).

Legal bases: Consent (Art. 6 (1) sentence 1 lit. a GDPR), Legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).

Commercial and Business Services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships and associated measures and within the framework of communication with the contractual partners (or pre-contractually), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations, to secure our rights, and for the purposes of the administrative tasks associated with this information as well as the entrepreneurial organization. We only disclose the data of contractual partners to third parties within the scope of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or takes place with the consent of the data subjects (e.g., to involved telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Contractual partners are informed about further forms of processing, e.g., for marketing purposes, within the framework of this privacy policy.

Which data is required for the aforementioned purposes is communicated to the contractual partners before or during data collection, e.g., in online forms, through special labeling (e.g., colors) and/or symbols (e.g., asterisks), or personally.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons for archiving (e.g., for tax purposes usually 10 years). Data that has been disclosed to us by the contractual partner in the context of an order will be deleted in accordance with the specifications of the order, generally after the end of the order.

If we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Economic analyses and market research: For business reasons and to be able to recognize market trends, wishes of contractual partners, and users, we analyze the data available to us on business transactions, contracts, inquiries, etc., whereby the group of data subjects may include contractual partners, interested parties, customers, visitors, and users of our online offering. The analyses are performed for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). We may take into account the profiles of registered users along with their details, e.g., of services used, if available. The analyses are for our purposes only and are not disclosed externally unless they are anonymous analyses with aggregated, i.e., anonymized values. Furthermore, we take into account the privacy of users and process the data for analysis purposes as pseudonymously and, if possible, anonymously (e.g., as aggregated data).

Project and development services: We process the data of our customers as well as clients (hereinafter uniformly referred to as “customers”) to enable them to select, purchase, or commission the selected services or works as well as related activities, and the payment and provision and/or execution or performance thereof.

The required information is identified as such in the context of the order, purchase, or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information in order to be able to hold any necessary consultations. Insofar as we gain access to information of end customers, employees, or other persons, we process this in accordance with legal and contractual requirements.

Offer of software and platform services: We process the data of our users, registered and any test users (hereinafter uniformly referred to as “users”), in order to provide our contractual services to them and, on the basis of legitimate interests, to ensure the security of our offering and to be able to further develop it. The required information is identified as such in the context of the order, purchase, or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information to be able to hold any necessary consultations.

Types of data processed: Inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, telephone numbers), contract data (e.g., subject matter of the contract, term, customer category), usage data (e.g., websites visited, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).

Data subjects: Prospective customers, business and contractual partners, customers.

Purposes of processing: Provision of contractual services and customer service, contact requests and communication, office and organizational procedures, administration and response to inquiries, conversion measurement (measuring the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creating user profiles).

Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b GDPR), legal obligation (Art. 6 (1) sentence 1 lit. c GDPR), legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).

Payment Service Providers

In the context of contractual and other legal relationships, due to legal obligations, or otherwise on the basis of our legitimate interests, we offer efficient and secure payment options to the data subjects and use, in addition to banks and credit institutions, other payment service providers (collectively “payment service providers”).

Data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract-, sum-, and recipient-related information. The information is required to carry out the transactions. However, the entered data is processed and stored only by the payment service providers. That is, we do not receive any account or credit card-related information, but only information with confirmation or negative notification of the payment. The data may be transmitted by the payment service providers to credit reference agencies. This transmission aims at identity and credit checks. In this regard, we refer to the terms and conditions and the privacy notices of the payment service providers.

For payment transactions, the terms and conditions and privacy notices of the respective payment service providers, which are available within the respective websites or transaction applications, apply. We also refer to these for further information and the assertion of withdrawal, access, and other data subject rights.

Types of data processed: Inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contract data (e.g., subject matter of the contract, term, customer category), usage data (e.g., websites visited, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).

Data subjects: Customers, prospective customers.

Purposes of processing: Provision of contractual services and customer service.

Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b GDPR), legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).

Services and service providers used:

  • Mastercard: Payment services; Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Website: https://www.mastercard.de/de-de.html Privacy policy: https://www.mastercard.de/de-de/datenschutz.html
  • PayPal: Payment services and solutions (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/de Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
  • Visa: Payment services; Service provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, UK; Website: https://www.visa.de Privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

Provision of the Online Offering and Web Hosting

To be able to provide our online offering securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers they manage) the online offering can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

Data processed in the context of providing the hosting offering may include all information relating to the users of our online offering that arises in the context of use and communication. This regularly includes the IP address, which is necessary to deliver the content of online offerings to browsers, and all entries made within our online offering or on websites.

Email dispatch and hosting: The web hosting services we use also include the dispatch, receipt, and storage of emails. For these purposes, the addresses of the recipients and senders as well as further information concerning the email dispatch (e.g., the involved providers) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purposes of SPAM detection. Please note that emails are generally not sent encrypted on the internet. As a rule, emails are encrypted during transport, but (unless an end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume responsibility for the transmission path of emails between the sender and the receipt on our server.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the retrieved websites and files, date and time of retrieval, data volumes transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider.

The server log files can be used for security purposes on the one hand, e.g., to prevent server overloads (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure the utilization of the servers and their stability.

Types of data processed: Content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta-/communication data (e.g., device information, IP addresses), inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: Contact requests and communication, reach measurement (e.g., access statistics, recognition of returning visitors), tracking (e.g., interest-/behavior-based profiling, use of cookies), remarketing, conversion measurement (measuring the effectiveness of marketing measures), profiling (creating user profiles).

Legal bases: Legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR), consent (Art. 6 (1) sentence 1 lit. a GDPR).

Services and service providers used:

  • Webflow: We use Webflow services to create static websites that may also contain online forms. Service provider: Webflow, Inc., 208 Utah, Suite 210, San Francisco, CA 94103, USA; Website: https://webflow.com Privacy policy: https://webflow.com/legal/eu-privacy-policy
  • Amazon Web Services (AWS): Web hosting and infrastructure services; Service provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA; Website: https://aws.amazon.com/de/ Privacy policy: https://aws.amazon.com/de/privacy/?nc1=f_pr

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). The data of readers is processed for the purposes of the publication medium only to the extent necessary for its presentation and the communication between authors and readers or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publication medium within these privacy notices.

Comments and posts: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is for our security in case someone leaves illegal content in comments and posts (insults, prohibited political propaganda, etc.). In such a case, we can be held liable for the comment or post and are therefore interested in the identity of the author.

Furthermore, we reserve the right, on the basis of our legitimate interests, to process user data for the purpose of spam detection.

On the same legal basis, in the case of surveys, we reserve the right to store users’ IP addresses for the duration of the surveys and to use cookies to prevent multiple votes.

The information provided in the context of comments and posts regarding the person, any contact and website information as well as the content information will be stored by us permanently until users object.

Types of data processed: Inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: Provision of contractual services and customer service, feedback (e.g., collecting feedback via online form), security measures, administration and response to inquiries.

Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b GDPR), legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).

Contacting Us

When contacting us (e.g., via contact form, email, telephone, or via social media), the information of the requesting persons is processed insofar as this is necessary to respond to the contact requests and any requested measures.

The response to contact requests within the framework of contractual or pre-contractual relationships takes place to fulfill our contractual obligations or to respond to (pre-)contractual inquiries and otherwise on the basis of the legitimate interests in responding to the inquiries.

Types of data processed: Inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).

Data subjects: Communication partners.

Purposes of processing: Contact requests and communication.

Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b GDPR), legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).

Deletion of Data

The data we process is deleted in accordance with statutory requirements as soon as the consents permitting processing are withdrawn or other permissions cease to apply (e.g., if the purpose of processing this data no longer applies or they are no longer necessary for the purpose).

If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person.

Further notes on the deletion of personal data may also be provided in the context of the individual data processing notes of this privacy policy.

Changes and Updates to the Privacy Policy

We ask you to inform yourself regularly about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an action of participation on your part (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time and please verify the information before contacting us.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent it is related to such direct marketing.
  • Right of withdrawal for consents: You have the right to withdraw consents given at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to obtain access to this data and further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of incorrect data concerning you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be erased without delay or, alternatively, to request restriction of the processing of the data in accordance with legal requirements.
  • Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format in accordance with legal requirements or to request transmission to another controller.
  • Complaint to supervisory authority: You also have the right, in accordance with legal requirements, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Definitions

In this section, you will find an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are primarily defined in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily to aid understanding. The terms are arranged alphabetically.

  • Interest-based and behavioral marketing: Interest- and/or behavioral-based marketing refers to the practice of determining potential interests of users in ads and other content as precisely as possible. This is done based on information about their previous behavior (e.g., visiting certain websites and staying on them, purchasing behavior, or interaction with other users), which is stored in a so-called profile. Cookies are generally used for these purposes.
  • Conversion measurement: Conversion measurement (also referred to as “visitor action evaluation”) is a method by which the effectiveness of marketing measures can be determined. For this purpose, a cookie is usually stored on users’ devices within the websites on which the marketing measures take place and then retrieved again on the target website. In this way, for example, we can track whether the advertisements placed by us on other websites were successful.
  • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiling: “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person (depending on the type of profiling, this may include information concerning age, gender, location and movement data, interaction with websites and their content, purchasing behavior, social interactions with other people) to analyze, predict, or evaluate (e.g., interests in certain content or products, click behavior on a website, or location). Cookies and web beacons are often used for profiling purposes.
  • Reach measurement: Reach measurement (also referred to as web analytics) serves to evaluate the visitor flows of an online offering and may include behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, website owners can, for example, recognize at what time visitors visit their website and which content they are interested in. This enables them to adapt the content of the website to the needs of their visitors, for example. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyses of the use of an online offering.
  • Remarketing: “Remarketing” or “retargeting” refers to when, for example for advertising purposes, it is noted which products a user is interested in on a website in order to remind the user of these products on other websites, e.g., in advertisements.
  • Tracking: “Tracking” refers to the ability to trace the behavior of users across several online offerings. As a rule, behavior and interest information with regard to the used online offerings is stored in cookies or on the servers of the providers of tracking technologies (so-called profiling). This information can subsequently be used, for example, to show users advertisements that are likely to correspond to their interests.
  • Controller: “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data, be it collection, evaluation, storage, transmission, or erasure.