Privacy policy

Scope

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information in the sense of Art. 4 No. 1 GDPR such as name, email address, and postal address of a person. Processing personal data allows us to offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• social media appearances and email communication
• mobile apps for smartphones and other devices

Legal Basis

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which allow us to process personal data.
As far as EU law is concerned, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this General Data Protection Regulation of the EU online at EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:

1. Consent (Article 6 (1) lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
2. Contract (Article 6 (1) lit. b GDPR): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a purchase agreement with you, we need personal information in advance.
3. Legal obligation (Article 6 (1) lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6 (1) lit. f GDPR): In case of legitimate interests, which do not restrict your fundamental rights, we reserve the right to process personal data. We must process certain data in order to operate our website securely and efficiently. Thus, this processing is a legitimate interest.

Other conditions such as the performance of tasks carried out in the public interest or in the exercise of official authority, as well as the protection of vital interests, do not usually occur with us. Should such a legal basis be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), briefly DSG.
• In Germany, the Federal Data Protection Act, briefly BDSG, applies.

If further regional or national laws apply, we will inform you in the following sections.

Contact Details of the Responsible

The data processing on this website is carried out by the website operator. You can find the contact details in the imprint of this website.

Storage Duration

That we only store personal data as long as necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for data processing is no longer present. In some cases, we are legally obliged to store certain data even after the initial purpose no longer exists, for example for accounting purposes.

If you wish for the deletion of your data or revoke your consent to data processing, the data will be deleted as quickly as possible and as far as no obligation to store it exists.

We will provide more specific information on the duration of the respective data processing below, if we have further information.

Rights According to the General Data Protection Regulation

According to articles 13, 14 GDPR, we inform you about the following rights that are available to you so that data processing is fair and transparent:

• According to Article 15 GDPR, you have the right to obtain information about whether we process data from you. Should this be the case, you are entitled to receive a copy of the data and to learn the following information:
  • the purposes of processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed;
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • if the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
• According to Article 16 GDPR, you have the right to immediate rectification of incorrect personal data concerning you and, taking into account the purposes of the processing, to have incomplete personal data completed.
• According to Article 17 GDPR, you have the right to erasure of personal data concerning you without undue delay (“right to be forgotten”) if one of the specific reasons applies.
• According to Article 18 GDPR, you have the right to restriction of processing if one of the specific conditions applies.
• According to Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where technically feasible.
• According to Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
• According to Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
• According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority, which in Austria is the Data Protection Authority whose website you can visit at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more detailed information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:

Data Transfer to Third Countries

We transfer or process data only to countries outside the scope of the GDPR (third countries) if you have consented to this processing or if there is another legal permission. This is particularly the case if the processing is legally required or necessary for the fulfillment of a contractual relationship and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason for us to process data in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.

We expressly point out that, according to the opinion of the European Court of Justice, there is currently an adequate level of protection for data transfer to the USA only if a US company processing personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being anonymized and stored. Furthermore, US government authorities may access individual data. Furthermore, it may happen that collected data is linked with data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, if offered.
We will inform you more precisely about data transfer to third countries in this privacy policy, if applicable.

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to infer personal information from our data.

Art. 25 GDPR speaks of "data protection by design and by default" and means that both software (e.g. forms) and hardware (e.g. access to the server room) always consider security and appropriate measures are taken. In the following, we will go into specific measures, if necessary.

TLS Encryption with https

TLS, encryption, and https sound very technical and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transmit data tap-proof on the internet.
This means that the complete transmission of all data from your browser to our web server is secured – nobody can "listen in".

We have thus introduced an additional layer of security and comply with data protection through technology design (Article 25 (1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small lock symbol in the top left corner of the browser, to the left of the internet address (e.g. examplepage.com) and the use of the https scheme (instead of http) as part of our internet address.
If you want to know more about encryption, we recommend a Google search for "Hypertext Transfer Protocol Secure wiki" to find good links to further information.

Communication

If you contact us and communicate via phone, email, or online form, personal data may be processed.

The data is processed for handling and processing your question and the associated business process. The data is stored as long as it is prescribed by law.

Affected Persons

All those affected who seek contact with us via the communication channels we provide.

Phone

When you call us, the call data is pseudonymously stored on the respective terminal device and with the telecommunications provider used. In addition, data such as name and phone number can subsequently be sent by email and stored for answering inquiries. The data is deleted as soon as the business case has ended and legal requirements allow it.

Email

If you communicate with us via email, data may be stored on the respective terminal device (computer, laptop, smartphone,...) and data is stored on the email server. The data is deleted as soon as the business case has ended and legal requirements allow it.

Legal Basis

The processing of data is based on the following legal bases:

• Art. 6 Abs. 1 lit. a GDPR (Consent): You give us consent to store your data and to use it for purposes related to the business case;
• Art. 6 Abs. 1 lit. b GDPR (Contract): There is a need to fulfill a contract with you or a processor, such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
• Art. 6 Abs. 1 lit. f GDPR (Legitimate Interests): We want to conduct customer inquiries and business communication in a professional framework. Certain technical facilities such as email programs, exchange servers, and mobile network operators are necessary to efficiently operate communication.

Cookies

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so you better understand the following privacy policy.

Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

There's no denying cookies are extremely useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, effectively the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must be specified.

Cookies store certain user data about you, such as language or personal page settings. When you revisit our site, your browser transmits the “user-related” information back to our site. Thanks to the cookies, our website knows who you are and offers you the setting you are accustomed to. In some browsers, each cookie has its own file, in others such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. The web browser requests a website from the server, which sends a cookie back to the browser, which the browser uses again when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Every cookie is to be evaluated individually since every cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies are no software programs and contain no viruses, trojans, or other “pests”. Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152312717369-9
Purpose: Differentiation of website visitors
Expiration Date: after 2 years

These minimum sizes should be supported by a browser:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we specifically use depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly go over the different types of HTTP cookies.

There are 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure basic functionality of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues to surf on other pages, and later goes to the checkout. Through these cookies, the shopping cart is not deleted, even if the user closes their browser window.

Functional Cookies
These cookies collect info about the user behavior and whether the user gets any error messages. Also, these cookies measure the load time and behavior of the website on different browsers.

Targeted Cookies
These cookies ensure a better user experience. For example, entered locations, font sizes, or form data are stored.

Advertising Cookies
These cookies are also called targeting cookies. They serve to deliver individually adapted advertisements to the user. This can be very practical, but also very annoying.

Usually, you are asked for the first time you visit a website which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and do not shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

How can I delete cookies?

How and whether you want to use cookies is up to you. Regardless of which service or website the cookies are from, you always have the option to delete cookies, only partially allow them, or disable them. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser when you change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove the information websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you do not wish to have cookies, you can set up your browser to inform you when a cookie is set. This way, you can decide on the acceptance of each cookie. The procedure varies depending on the browser. It is best to search for the instructions in Google with the search term “Delete Chrome cookies” or “Disable Chrome cookies” in the case of a Chrome browser.

Legal Basis

The so-called “Cookie Guidelines” have been in place since 2009. It states that storing cookies requires your consent (Article 6 (1) lit. a GDPR). Within EU countries, there are still very different reactions to these guidelines. In Austria, however, this directive was implemented in Section 96 Paragraph 3 of the Telecommunications Act (TKG). In Germany, the Cookie Guidelines were not implemented as national law. Instead, this directive was largely implemented in Section 15 Paragraph 3 of the Telemedia Act (TMG).

If absolutely necessary cookies are used, as is the case when shopping carts of online shops are stored, cookie consent is not required. In other words, Article 6 (1) lit. f GDPR (legitimate interests) applies. In any case, we strive to inform you as accurately as possible about the use of cookies on this privacy policy.

Registration

When you register with us, personal data may be processed, provided you enter data related to a person or data such as the IP address is recorded during processing. Only enter data that we need for registration and for which you have the consent of a third party if you are registering on behalf of a third party. Use a secure password that you do not use elsewhere, and an email address that you regularly check.

The following informs you about the exact nature of the data processing because you should feel comfortable with us!

What is registration?

Registration allows us to accept certain data from you and enables you to log in online later and use your account with us. Having an account with us has the advantage that you do not have to enter everything again each time. This saves time, effort, and ultimately prevents errors in the provision of our services.

Why do we process personal data?

In short, we process personal data to enable the creation and use of an account with us.
Would we not do so, you would have to enter all data each time, wait for our release, and enter everything again. We and many, many customers would not find that so good. How would you find it?

What data is processed?

All data that you have entered during registration, during login, or when managing your data in the account.

During registration, we process the following types of data: 

• Username on the Twitch platform
• Profile picture on the Twitch platform
• Email address on the Twitch platform

During login, we process the data that you enter during login with Twitch, in addition to the login time, background data such as device information and IP addresses.

During account use, we process data that you enter during account use and which are created in the course of using our services.

Storage Duration

We store the entered data at least for the time, as long as the account linked to the data exists with us and is used, as long as contractual obligations exist between us, and, if the contract ends, until the respective claims from it are statute-barred. In addition, we store your data as long as and to the extent that we are subject to legal storage obligations. Thereafter, we keep contract-related accounting records (invoices, contract documents, account statements, etc.) as well as other relevant business documents for the legally required period (usually several years).

Right to Object

You have registered, entered data, and want to revoke the processing? No problem. As you can read above, rights according to the General Data Protection Regulation are very important to us. Of course, you also have the right to revoke the consent for the future. Contact us so that we can make the appropriate changes or deletions. If data is absolutely necessary for the fulfillment of a contract or for billing purposes, this data cannot be deleted prematurely. Please note this in your request.

Legal Basis

The legal basis for the processing of personal data in the context of registration, use of an account, and the associated provision of contractual or pre-contractual measures is Art. 6 Abs. 1 lit. b GDPR. The processing of personal data may also be based on a consent given by you (Art. 6 Abs. 1 lit. a GDPR) or on our legitimate interests (Art. 6 Abs. 1 lit. f GDPR). Our legitimate interest is in providing a user-friendly, efficient, and secure registration process, which serves both our business interests and your expectations.

Webhosting Introduction

What is Webhosting?

Nowadays, when you visit websites, certain information – including personal data – is automatically created and stored, as is the case on this website. This data should ideally be processed sparingly and with reason. By "website", we mean the entirety of all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By "domain", we mean, for example, example.de or sampleexample.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We just call it browser or web browser for short.

To display the website, the browser must connect to another computer where the website's code is stored: the webserver. Running a web server is a complex and costly task, which is why it is usually performed by professional providers, the hosts. They offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay tuned, it gets even better!

During the connection of the browser on your computer (desktop, laptop, tablet, or smartphone) and during the data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.

A picture is worth a thousand words, therefore the following graphic illustrates the interaction between browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and securing its operation
2. Maintaining operational and IT security
3. Anonymous evaluation of access behavior to improve our offer and possibly for prosecution or pursuit of claims

What data is processed?

Even now, as you are visiting our website, our web server, which is the computer where this webpage is stored, usually automatically saves data such as

• the complete Internet address (URL) of the accessed webpage
• Browser and browser version (e.g., Chrome 87)
• the used operating system (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g., https://www.examplequellsite.de/vondabinichgekommen/)
• the hostname and the IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
• Date and time
• in so-called web server log files

How long are data stored?

As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot exclude the possibility that this data will be seen in the presence of unlawful behavior by the authorities.

Legal basis

The legality of processing personal data in the context of web hosting results from Art. 6 Para. 1 lit. f GDPR (Legitimate Interests), because the use of professional hosting with a provider is necessary to present the company on the internet securely and user-friendly and to possibly pursue and defend against claims arising from this.

Typically, there is a contract for processing on behalf (according to Art. 28 f. GDPR) between us and the hosting provider, which ensures compliance with data protection and guarantees data security.

All-Inkl

The provider is ALL-INKL.COM - Neue Medien Münnich, owner René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter All-Inkl). For more details, please refer to the privacy policy of All-Inkl: https://all-inkl.com/datenschutzinformationen/.

The use of All-Inkl is based on Art. 6 Abs. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Abs. 1 lit. a GDPR and § 25 Abs. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Contractual processing

We have concluded a contract for order processing (AVV) for the use of the above service. This is a contract mandated by data protection law, which guarantees that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Web Analytics

In the following, we will inform you whether and how we evaluate data from your visit to this website. The evaluation of the collected data is usually anonymous, and we cannot infer your identity from your behavior on this website.

You can find out more about the possibilities to object to this evaluation of the visit data in the following privacy policy.

What is web analytics?

When you visit our website, certain data is automatically created and stored, including on this website. If you visit our website, our web server (the computer on which this website is stored) automatically saves data such as

• the address (URL) of the accessed website
• browser and browser version
• the operating system used
• the address (URL) of the previously visited page (referrer URL)
• the host name and IP address of the device from which access is made
• date and time

in files (web server log files).

As a rule, web server log files are stored for two weeks and then automatically deleted. We do not pass on this data, but cannot exclude the possibility that this data will be viewed in the event of illegal behavior.

The legal basis, according to Article 6 paragraph 1 f GDPR (lawfulness of processing), is that there is a legitimate interest in enabling the error-free operation of this website by capturing web server log files.

Consent

If web analytics tools are used on this website that require consent, such as Google Analytics, the legal basis for data processing is Article 6 paragraph 1 lit. a GDPR. Your consent to the use of web analytics tools can be revoked at any time by changing the privacy settings.

Since privacy is important to us, user data is pseudonymized wherever possible. Your IP address and other identifying features are anonymized (or at least pseudonymized) as soon as they are received. As a result, only a rough localization is possible.

Details on this can be found below, if technical third-party providers are used for web analytics.

Legal Basis

If you have consented to the use of web analytics tools, the legal basis for the corresponding data processing is this consent. According to Article 6 paragraph 1 lit. a GDPR (Consent), this consent can be revoked at any time.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offer technically and economically. With the help of web analytics, we detect errors on the website, identify attacks, and improve profitability. The legal basis for this is Article 6 paragraph 1 lit. f GDPR (Legitimate Interests).

However, since the privacy of our users is important to us, user data is pseudonymized wherever possible.

More detailed information on the legal basis in relation to the specific web analysis tool can be found in the following sections.

Online Marketing

We use online marketing and targeting measures to show our advertising, especially on social media platforms, only to those users who are also interested in our offer or the services and products we recommend. This is better for users who are not interested in such ads, and it is better for us because it increases the likelihood of successful advertising. For this purpose, cookies are usually used, which create a pseudonymized profile of the user's behavior on a website.

For example, if you see advertisements on our website for products that you were interested in on other websites, this is called “remarketing” or “retargeting”. For these purposes, when you visit other websites that work together with the advertising partners we use, personal data may be processed by these companies and cookies may also be stored by these companies.

Why do we use online marketing?

We want to show our website visitors only advertising that they are interested in. With the help of online marketing tools, especially targeting tools, we can show our visitors more suitable advertising. For those who are interested in our products, services, or contributions, the use of such tools is more efficient and both sides benefit from it.

What data is processed?

For us to be able to target interested parties with our advertising measures, we or advertising partners must recognize visitors to our website. For this recognition, information about the web behavior is stored in the browser and collected. Various factors and web technologies such as cookies or tracking pixels can be used for this. The user behavior data collected in this way is usually stored in pseudonymous profiles.

Possibility to object (opt-out)

You can also decide not to accept cookies and thus not to participate in tracking measures. If you want to change your cookie or advertising settings, this works differently for each browser. Here are instructions on how to manage cookies in your browser:

• Chrome: Delete, enable, and manage cookies in Chrome
• Safari: Manage cookies and website data with Safari
• Firefox: Delete cookies to remove the information websites have stored on your computer
• Internet Explorer: Delete and manage cookies
• Microsoft Edge: Delete and manage cookies

If you do not want cookies, you can set up your browser to always inform you when cookies are to be set. This allows you to decide whether or not to allow each cookie. The procedure varies depending on the browser. The best way to find the instructions is to search Google using the search term “Delete Chrome cookies” or “Disable Chrome cookies” in the case of a Chrome browser.

Legal Basis

If you have consented to the processing of your personal data by online marketing tools, this consent is the legal basis for the processing (Article 6 paragraph 1 lit. a GDPR). In principle, when visiting our website, your personal data will only be processed in the context of online marketing on the basis of your consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offer technically and economically. With the help of online marketing, we detect errors on the website, identify attacks, and improve profitability. The legal basis for this is Article 6 paragraph 1 lit. f GDPR (Legitimate Interests). However, we only use the tools if you have given your consent.

Since we care about your privacy, user data is pseudonymized wherever possible.

More detailed information about the conditions and the respective processing purposes can be found in the following sections or in the privacy policy of the respective tool provider.

Matomo On-Premise Privacy Policy

What is Matomo On-Premise?

We use the privacy-friendly analysis program Matomo On-Premise on our website. With the On-Premise version, Matomo is installed on our own server. This means we act as the operator of the software, and any data we might collect from you is stored directly with us. Thus, data processing remains entirely in our hands. The tool's manufacturer is the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.

Matomo On-Premise is a web analytics platform that takes data protection very seriously and still provides us, as website operators, with accurate statistics about your behavior on our website. A major difference from other analysis programs is the option of data storage on our own server. Matomo On-Premise also offers various options for anonymizing the IP addresses of our website visitors and disabling cookies.

Why do we use Matomo On-Premise?

Many common analysis tools collect vast amounts of personal data and can also pass this data on to third parties. This means that maintaining control over your data becomes very difficult. Data protection is a major concern for us, which is why we have chosen Matomo On-Premise, a much more privacy-friendly alternative. However, we do not want to completely forgo web analysis. After all, statistics about website behavior can help us optimize our service and tailor it to your individual needs.

What data is stored by Matomo On-Premise?

In addition to personal data such as your IP address or details about yourself (e.g., name, address, date of birth) that you actively transmit to us, primarily information about your visitor behavior is stored. This information is mostly not personal data but includes things like the number of visitors to the website, page views, duration of stay, or used search terms. Furthermore, technical data such as browser type, the operating system used, and your screen resolution can be stored. Matomo On-Premise can also collect information about which website you came to us from. The collected data is stored with us and not passed on to third parties or sold.

How long and where is the data stored?

Matomo On-Premise is a self-hosted analytics platform, meaning we store all collected data directly on our own servers. Our server is located in Europe, so data is not processed in third countries, i.e., countries outside the scope of the GDPR.

In general, data is stored with us as long as business purposes require. Unfortunately, we cannot provide exact retention periods at this point because they strongly depend on our individual configurations. If you want to learn more about our data retention duration and our configurations, please do not hesitate to contact us.

How can I delete my data or prevent data storage?

You have the right and the possibility to access your personal data at any time and object to its use and processing. You can also file a complaint with a governmental supervisory authority or simply with us at any time.

In your browser, you also have the option to individually manage, delete, or disable cookies. However, please note that disabled or deleted cookies may have negative effects on the functions of our website. Depending on which browser you use, managing cookies works slightly differently. Under the section “Cookies,” you will find the respective links to the instructions for the most common browsers. If you want to request data deletion, you are welcome to contact us.

Legal basis

The use of Matomo On-Premise requires your consent, which we have obtained with our consent management tool (popup). This consent, according to Art. 6 Para. 1 lit. a GDPR (Consent), is the legal basis for the processing of personal data as it may occur during the collection by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to technically and economically improve our offer. With the help of Matomo On-Premise, we recognize optimization potential for our website and can improve its economic efficiency. The legal basis for this is Art. 6 Para. 1 lit. f GDPR (Legitimate Interests). We only use Matomo On-Premise to the extent you have given consent.

If you want to learn more about data processing through Matomo On-Premise, please feel free to contact us. We also recommend reading Matomo's privacy policy at https://matomo.org/privacy-policy/.

Cookie Consent Management Platform Introduction

What is a Cookie Consent Management Platform?

We use a consent management platform (CMP) software on our website, which facilitates correct and secure handling of scripts and cookies used by us and you. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides a legally required cookie consent for you, and helps us and you to keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or disallow. The following graphic illustrates the relationship between the browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to provide you with the best possible transparency in the area of data protection. Moreover, we are also legally obligated to do so. We want to inform you as well as possible about all tools and all cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can inform you about them in a GDPR-compliant manner. Through the consent system, you can then accept or reject cookies.

What data is processed?

As part of our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to query it every time you visit our website and so that we can also provide evidence of your consent if legally necessary. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent varies. Usually, these data (such as pseudonymous user ID, consent time, details on cookie categories or tools, browser, device information) are stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing further below, provided we have more information on this. In general, we only process personal data as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies are kept for varying lengths of time. Some cookies are deleted after leaving the website, while others can be stored in your browser for several years. The exact duration of data processing depends on the tool used; you should generally be prepared for a storage period of several years. In the privacy policies of the individual providers, you usually find precise information about the duration of data processing.

Right to object

You always have the right and the opportunity to revoke your consent to the use of cookies. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

For information on specific cookie management tools, if available, please refer to the following sections.

Legal basis

If you consent to cookies, personal data from you will be processed and stored via these cookies. If we are allowed to use cookies through your consent (Article 6 (1) lit. a GDPR), this consent also represents the legal basis for the use of cookies or the processing of your data. To be able to manage the consent to cookies and to enable you to grant consent, a cookie consent management platform software is used. The use of this software enables us to operate the website in a legally compliant manner efficiently, which represents a legitimate interest (Article 6 (1) lit. f GDPR).

Introduction to Payment Providers

What is a payment provider?

We use online payment systems on our website that enable us and you to use a secure and smooth payment process. This may also involve sending, storing, and processing personal data to the respective payment provider. Payment providers are online payment systems that allow you to make an order through online banking. The payment process is carried out by the payment provider you choose. We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks that do not offer or accept such payment methods.

Why do we use payment providers on our website?

We naturally want to offer the best possible service on our website and our integrated online shop so that you feel comfortable on our site and use our offers. We know that your time is precious and that payment transactions need to be quick and smooth. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual manner.

What data is processed?

The exact data processed depends, of course, on the respective payment provider. However, generally, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are stored. These are necessary data to carry out a transaction at all. Additionally, contractual data and user data, such as when you visit our website, what content you are interested in, or which sub-pages you click on, may be stored. Your IP address and information about your computer are also stored by most payment providers.

The data are usually stored and processed on the servers of the payment providers. We, as the website operator, do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, it may happen that payment providers forward data to the respective authority. The business and privacy policies of the respective provider always apply to all payment transactions. Therefore, please always check the general terms and conditions and the privacy policy of the payment provider. You also always have the right, for example, to have data deleted or corrected. Please contact the respective service provider regarding your rights (right of revocation, right of access, and right to be affected).

Duration of data processing

We will inform you about the duration of data processing further below if we have more information on this. In general, we only process personal data as long as it is absolutely necessary for the provision of our services and products. If, for example, in the case of accounting, it is required by law, this storage period may be exceeded. Thus, we store booking receipts (invoices, contract documents, bank statements, etc.) related to a contract for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are generated.

Right to object

You always have the right to information, correction, and deletion of your personal data. If you have any questions, you can also contact the responsible parties of the used payment provider at any time. Contact details can be found either in our specific privacy policy or on the website of the respective payment provider.

You can delete, disable, or manage cookies used by payment providers in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may no longer work as a result.

Legal basis

Thus, we offer, in addition to traditional banking/credit institutions, other payment service providers for the settlement of contractual or legal relationships (Art. 6 (1) lit. b GDPR). The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay, or Discover) provide you with a detailed overview of data processing and data storage. Additionally, you can always contact the responsible parties for questions on data protection-related topics.

For information on specific payment providers, if available, please refer to the following sections.

PayPal Privacy Policy

What is PayPal?

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. For Europe, the company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible.

With PayPal, all users can send and receive money electronically. The company was founded in 1998 and now has over 325 million active customers, making it one of the most well-known and largest online payment service providers worldwide.

Why do we use PayPal on our website?

There are several reasons why we use PayPal and offer it on our website. Since PayPal is among the most recognized online payment providers, many of our website visitors use and trust this service. PayPal also offers high security standards for digital money transfers. The service uses various encryption methods to protect your personal data as effectively as possible. We also appreciate the ease of use of PayPal and the possibility of making international payments in various currencies. Generally, transactions are completed very quickly, which is another advantage for both us and you as a customer.

What data does PayPal process?

In its privacy statement, PayPal differentiates between various categories of personal data that can be processed through the use of the service. These include login and contact data, identification and signature data, payment information, information on imported contacts, data from your account profile, device data such as your IP address, location data, and so-called derived data. Derived data refers to information that can be derived from transactions or other data. This can include, for example, purchasing habits, behavior patterns, creditworthiness, or personal preferences.

There are also personal data that are collected by third parties (such as identity verifiers, fraud detection providers, or your bank). These data include information from credit agencies, transaction data, information on legal regulations, technical usage data, location data, and again derived data.

PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons, and widgets to recognize you as a user, customize content, and conduct analyses for interest-based advertising.

How long and where are the data stored?

PayPal stores the data for as long as necessary to fulfill their obligations and as required for the purpose. Personal data necessary for the customer relationship are retained for up to 10 years after the end of the relationship. If PayPal is subject to a legal obligation, the storage period of personal data complies with the applicable law (e.g., bankruptcy law). PayPal also stores personal data as long as necessary if storage is advisable in view of legal disputes.

Since PayPal is a globally operating company, it has data centers around the world where your data can be stored. This means your data can also be stored outside your country and outside the scope of the GDPR on PayPal servers.

How can I delete my data or prevent data storage?

You always have the right to access, correct, or delete and limit the processing of your personal data. You can also revoke your consent to data processing at any time.

If you generally want to disable, delete, or manage cookies, you can find the corresponding links to instructions for the most popular browsers in the "Cookies" section.

Legal basis

We have a legitimate interest in integrating PayPal as an external payment service to make our offer more attractive and to improve it technically and economically. The legal basis for this is Article 6 (1) lit. f GDPR (Legitimate Interests). We point out that you can only use PayPal if you enter into a contractual relationship with PayPal. It may be necessary to provide further data protection and contractual declarations (e.g., consent).

PayPal also processes data from you in the USA, among other places. We point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can pose various risks to the legality and security of data processing.

As the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or for data transfer there, PayPal uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, PayPal commits to maintaining the European level of data protection even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For more information on the Standard Contractual Clauses and the data processed by using PayPal, please refer to the privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Twitch Privacy Policy

We use Twitch on our website, a live streaming portal for video games. The service provider is the American company Twitch Interactive, Inc., 350 Bush Street, 2nd Floor, San Francisco, CA 94104, USA.

We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. The data processing is mainly carried out by Twitch. This may lead to data not being processed anonymously. Furthermore, US governmental authorities may have access to individual data. It is also possible that this data could be linked with data from other Twitch services for which you have an account.

For more information about the data processed by using Twitch, please refer to the privacy policy at https://www.twitch.tv/p/de-de/legal/privacy-notice/.

Single-Sign-On Introductions

What are Single-Sign-On registrations?

On our website, you have the option to quickly and easily sign up for our online service using an account from another provider (e.g., via Facebook). This authentication method is also known as "Single-Sign-On registration." This registration method naturally only works if you are registered with the other provider or have a user account and enter the corresponding access data into the online form. In many cases, you are already logged in, the access data are automatically entered into the form, and you only need to confirm the Single-Sign-On registration via a button. Personal data can also be processed and stored during this registration. This privacy text generally addresses the data processing by Single-Sign-On registrations. For more information, please see the privacy statements of the respective providers.

Why do we use Single-Sign-On registrations?

We want to make your life on our website as easy and pleasant as possible. Therefore, we also offer Single-Sign-On registrations. This saves you valuable time because you only need one authentication. Since you only have to remember and transmit one password, this also increases security. In many cases, your password has already been automatically saved using cookies, and thus the login process on our website only takes a few seconds.

What data is stored through Single-Sign-On registrations?

Although you register on our website via this special registration procedure, the actual authentication is carried out by the respective Single-Sign-On provider. As the website operator, we receive a user ID in the course of authentication. This records that you are logged in under this ID with the respective provider. This ID cannot be used for any other purposes. We may also receive other data, but this depends on the Single-Sign-On providers used. It also depends on which data you voluntarily provide during the authentication process and which data you generally release in your settings with the provider. It usually involves data such as your email address and your username. We do not know and do not store your password needed for registration. It is also important for you to know that data stored with us can automatically be matched with the data of the respective user account through the registration procedure.

Duration of data processing

We will provide further information below if we have more details on the duration of data processing. For example, the social media platform Facebook stores data until it is no longer needed for their purposes. Customer data that are matched with their own user data are deleted within two days. In general, we process personal data only as long as necessary for the provision of our services and products.

Right to object

You always have the right and the option to revoke your consent to the use of Single-Sign-On registrations. This is usually done via opt-out functions of the provider. If available, you will find links to the respective opt-out functions in our privacy texts for the individual tools.

Legal basis

If it has been agreed with you and occurs as part of contract fulfillment (Article 6 Paragraph 1 lit. b GDPR) and consent (Article 6 Paragraph 1 lit. a GDPR), we can employ the Single-Sign-On procedure on these legal grounds.

In addition to consent, we have a legitimate interest in providing you with a fast and simple registration procedure. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate interests). We only use the Single-Sign-On registration to the extent that you have given your consent.

If you no longer want this link to the provider with the Single-Sign-On registration, please dissolve it in your user account with the respective provider. If you also want to delete data from us, cancellation of your registration is necessary.

Twitch Authentication (oAuth 2.0)

We also use the authentication tool Twitch.tv Authentication. The service provider is the American company Twitch Interactive, Inc., 350 Bush Street, 2nd Floor, San Francisco, CA 94104, USA.

When you visit one of our pages equipped with a Twitch plugin, a connection to the Twitch servers is established. This informs the Twitch server which of our pages you have visited. Twitch also obtains your IP address. This applies even if you are not logged in to Twitch or do not have a Twitch account. The information collected by Twitch is transmitted to the Twitch server in the USA.

If you are logged into your Twitch account, you enable Twitch to directly assign your surfing behavior to your personal profile. You can prevent this by logging out of your Twitch account.

We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing is mainly carried out by Twitch. This may lead to data not being processed anonymously. Furthermore, US governmental authorities may have access to individual data. It is also possible that this data could be linked with data from other Twitch services for which you have an account.

For more information about the data processed by using Twitch.tv Authentication, please refer to the privacy policy at https://www.twitch.tv/p/de-de/legal/privacy-notice/.

Web Design Introduction

What is Web Design?

We use various tools on our website that serve our web design. Web design is not just about making our website look pretty, but also about functionality and performance. Of course, the appropriate appearance of a website is also one of the major goals of professional web design. Web design is a sub-area of media design and deals with both the visual and the structural and functional design of a website. The goal is to improve your experience on our website with the help of web design. In web design jargon, this is referred to as user experience (UX) and usability. User experience encompasses all impressions and experiences that a website visitor has on a website. Usability is a sub-aspect of user experience, focusing on the ease of use of a website. Here, the emphasis is mainly on the content, subpages, or products being clearly structured so that you can easily and quickly find what you are looking for. To offer you the best possible experience on our website, we also use so-called web design tools from third-party providers. Therefore, all services that improve the design of our website fall under the "Web Design" category in this privacy statement. This can include, for example, fonts, various plugins, or other integrated web design features.

Why do we use Web Design Tools?

The way you absorb information on a website depends heavily on the structure, functionality, and visual perception of the site. Therefore, good and professional web design has become increasingly important for us. We are constantly working on improving our website and see this as an extended service for you as a website visitor. Furthermore, a beautiful and functional website also has economic benefits for us. After all, you will only visit us and use our offers if you feel completely comfortable.

What Data is Stored by Web Design Tools?

When you visit our website, web design elements can be integrated into our pages that can process data. Exactly which data is involved depends strongly on the tools used. Below, you can see exactly which tools we use for our website. We recommend that you read the respective privacy policy of the tools used for more information about data processing. Usually, you will find there what data is processed, whether cookies are used, and how long the data is stored. For example, with fonts such as Google Fonts, information such as language settings, IP address, browser version, screen resolution, and browser name are automatically transmitted to Google servers.

Duration of Data Processing

The duration of data processing is very individual and depends on the web design elements used. If cookies, for example, are used, the retention period can be as short as a minute or as long as several years. Please inform yourself accordingly. For this purpose, we recommend our general section on cookies as well as the privacy policies of the tools used. Typically, you will find which specific cookies are used and what information is stored in them. Google Font files are stored for one year, for example, to improve website loading times. In general, data is only stored as long as necessary to provide the service. Legal requirements may necessitate longer storage periods.

Right to Object

You always have the right and the option to revoke your consent to the use of cookies or third-party providers. This can be done either through our cookie management tool or other opt-out functions. You can also prevent the collection of data by cookies by managing, disabling, or deleting cookies in your browser. For web design elements (usually with fonts), there are also data that cannot be deleted as easily. This is the case when data is automatically collected and transmitted to a third-party provider (such as Google) upon a page visit. In such cases, please contact the support of the respective provider. For Google, you can reach support at https://support.google.com/?hl=de.

Legal Basis

If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. According to Art. 6 Para. 1 lit. a GDPR (Consent), this consent is the legal basis for the processing of personal data as it may occur during the collection by web design tools. We also have a legitimate interest in improving the web design on our website. After all, we can only provide you with a beautiful and professional web offering then. The corresponding legal basis for this is Art. 6 Para. 1 lit. f GDPR (Legitimate interests). We only use web design tools to the extent that you have given your consent. This is something we want to emphasize here once again.

For information on specific web design tools, please see the following sections, if available.

Google Fonts Local Privacy Policy

We use Google Fonts from Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible. We have integrated the Google fonts locally, i.e., on our web server – not on Google's servers. This means there is no connection to Google servers and thus no data transfer or storage.

What are Google Fonts?

Google Fonts (formerly known as Google Web Fonts) is an interactive directory with over 800 fonts that Google provides for free. With Google Fonts, it was possible to use fonts without uploading them to your own server. However, to prevent any transfer of information to Google servers, we have downloaded the fonts to our server. In this way, we act in compliance with data protection regulations and do not send any data to Google Fonts.