Privacy Policy
1. General Information
The following information provides a simple overview of what happens to your personal data when you visit this website or use our app. Personal data includes all data with which you can be personally identified. For detailed information on data protection, please refer to our privacy policy listed below this text.
Data Collection on this Website and App
Concerned Individuals
This privacy policy is directed at all individuals who visit this website or use our app. All references to persons refer to all genders and the associated language forms, especially diverse, female, and male. Each term referring to individuals is to be understood with the addition "(m/f/d)."
Who is responsible for data collection on this website and app?
Responsible for the processing described here is: The Coffee Break Company UG (limited liability), Bertoldstraße 23, Phone: +49(0)15208524110, hello@thecoffeebreak.com. The managing director is Mr. Kamil Derezinski.
How do we collect your data?
Your data is collected, on the one hand, by you providing it to us. This may involve data that you enter into a contact form, for example. Other data is automatically collected or with your consent when you visit the website or use the app through our IT systems. These are primarily technical data (e.g., internet browser, operating system, or time of access). This data is collected automatically when you enter this website or use the app.
What do we use your data for?
Some of the data is collected to ensure the error-free provision of the website and app. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to obtain free information about the origin, recipient, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have a right of appeal to the competent supervisory authority. For this and for further questions on data protection, you can contact us at any time.
Analysis Tools and Third-Party Tools
When visiting this website or using the app, your behavior can be statistically evaluated. This is done primarily with so-called analysis programs. Detailed information about these analysis programs can be found in the following privacy policy.
2.1 Hosting
We host the content of our website with the following provider:
Squarespace
The provider is Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland (hereinafter Squarespace). Squarespace is a tool for creating and hosting websites. When you visit our website, your data is processed on Squarespace's servers. This may also involve the transmission of personal data to Squarespace's parent company, Squarespace Inc., 8 Clarkson St, New York, NY 10014, USA. Squarespace also stores cookies that are necessary for the display of the site and to ensure security (essential cookies). The use of Squarespace is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. If consent has been requested, the processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of TTDSG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://support.squarespace.com/hc/de/articles/360000851908-DSGVO-und-Squarespace.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant- detail?contact=true&id=a2zt0000000GnjcAAC&status=Active
2.2 App Data Storage
The app includes the following additional services for data storage:
MongoDB:
Purpose: Used for securely storing user email addresses.
Data Security: Encrypted at rest and in transit.
Location: Data is stored on servers compliant with GDPR and other relevant data protection standards.
AWS S3 Buckets:
Purpose: Used for storing user profile pictures.
Data Security: Profile images are securely uploaded and stored using encryption.
Access Controls: Strict access policies limit access to authorized personnel only.
2.3 Sign in
With Apple
We offer the option to sign in using "Sign in with Apple." When you choose this option, Apple provides us with certain personal information, including your Apple ID, name, and email address. If you select the "Hide My Email" feature, we will receive a randomly generated email address that forwards messages to your actual email.
The processing of this data is based on Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (our legitimate interest in providing a secure and user-friendly login option).
For more details on Apple's data processing practices, please refer to Apple's Privacy Policy:
https://www.apple.com/legal/privacy/
With Google
We provide the option to sign in using your Google account. If you choose this method, Google shares certain personal data with us, including your Google ID, name, and email address.
The processing of this data is carried out under Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (our legitimate interest in offering a secure and convenient authentication process).
For further details on Google's data processing practices, please see Google’s Privacy Policy:
https://policies.google.com/privacy
3. General Information and Mandatory Information
The operators of these pages and the app take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website or app, various personal data is collected.
Personal data are data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g., communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
Note on the responsible body
The responsible party for data processing on this website and app is:
The Coffee Break Company UG (limited liability) Bertoldstraße 23 79098 Freiburg im Breisgau
Phone: +49 (0) 15208524110 Email: info@thecoffeebreakcompany.com
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, e-mail addresses, etc.).
Storage period
Unless a specific storage period is mentioned within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
General information about the legal bases of data processing on this website
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6(1)(a) GDPR serves as the legal basis. In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6(1)(f) GDPR serves as the legal basis for processing. The legal basis for the use of tools from companies based in data protectionally insecure third countries and US tools whose providers are not certified according to the EU-US Data Privacy Framework (DPF) is also Art. 6(1)(f) GDPR. If the tools are active, your personal data may be transferred to and processed in these states. Please note that in data protectionally insecure third countries, a level of data protection comparable to that of the EU cannot be guaranteed. We would like to point out that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. After that, data transfer to the USA is permissible if the recipient is certified under the "EU-US Data Privacy Framework" (DPF) or has appropriate additional guarantees. Information on transfers to third countries, including data recipients, can be found in this privacy policy.
Recipients of personal data
In the course of our business activities, we work with various external entities. This may involve the transmission of personal data to these external entities. We only pass on personal data to external entities if this is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest in the transfer according to Art. 6(1)(f) GDPR, or if another legal basis allows the transfer of data. When using contract processors, we only pass on personal data of our customers on the basis of a valid contract for contract processing. In the case of joint processing, a contract for joint processing is concluded.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent already given at any time. The legality of the data processing carried out until the revocation is not affected by the revocation.
Right of objection to data collection in special cases, as well as to direct advertising (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6(1)(e) or (f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation, including profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21(1) GDPR). If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling to the extent that it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21(2) GDPR).
Complaint right to the competent supervisory authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
Information, correction, and deletion
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient, and the purpose of data processing, and, if necessary, a right to correction or deletion of this data. For this purpose and for further questions on the subject of personal data, you can contact us at any time.
Right to Restriction of Processing
You have the right to request the restriction of processing of your personal data. To do so, you can contact us at any time. The right to restriction of processing exists in the following cases:
If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. During the verification period, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data has been or is being carried out unlawfully, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of processing of your personal data instead of deletion.
If you have objected pursuant to Art. 21(1) GDPR, an assessment must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing of your personal data.
If you have restricted the processing of your personal data, these data – except for their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.
SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to Promotional Emails
We hereby object to the use of contact data published within the scope of the imprint obligation for sending unsolicited advertising and information materials. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.
Fonts
This website provides font files from Google Fonts and Adobe Fonts and displays these fonts. To display this website correctly, these third parties may receive personal data about you, including:
Information about your browser, network, or device
Information about this website and the page you visit on the website
Your IP address
4. Data Collection on this Website - Cookies
Our websites use so-called "cookies." Cookies are small data packets that do not cause any damage to your end device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your end device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your end device until you delete them yourself or automatic deletion occurs through your web browser. Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of specific services from third-party companies within websites (e.g., cookies for processing payment services). Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are necessary for the electronic communication process, for the provision of certain functions you request (e.g., for the shopping cart function), or for the optimization of the website (e.g., cookies for measuring web audiences) and do not fall into the category of necessary cookies, are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent has been requested for the storage of cookies and similar recognition technologies, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); the consent can be revoked at any time. You can set your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website. Information on the cookies placed on your device can be found in Squarespace's cookie usage guide.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
These data are not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website, for which the server log files must be collected.
Contact Form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent. The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory statutory provisions, especially retention periods, remain unaffected. We share this information with Squarespace, our provider for online shop hosting, so that it can provide website services. We also share this information for storage purposes with Mailchimp (Mailchimp Privacy Statement).
Inquiries via Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all personal data derived from it (name, inquiry), will be stored and processed by us for the purpose of processing your concern. We will not pass on this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time.
The data you send us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your concern has been processed). Mandatory statutory provisions, especially statutory retention periods, remain unaffected.
5. Social Media
Sharing Buttons
This website contains sharing buttons that allow you to share pages or other content of this website for the following third-party services: LinkedIn, X, Instagram, Facebook, TikTok. When you click on a sharing button, these third parties may receive your personal data, including:
Information about your browser, network, and device
Details about the webpage or content you shared or intend to share
Your IP address
This website integrates elements of the Facebook social network. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.
An overview of Facebook social media elements can be found here.
If the social media element is active, a direct connection is established between your device and the Facebook server. Facebook receives information that you have visited this website with your IP address. If you click on the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook's privacy policy at https://de-de.facebook.com/privacy/explanation.
If consent (consent) has been obtained, the use of the above service is based on Art. 6(1)(a) GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the most comprehensive visibility on social media. To the extent that personal data is collected on our website and forwarded to Facebook using the described tool, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the
collection of data and its transmission to Facebook. The processing by Facebook after the forwarding is not part of the joint responsibility. The obligations jointly incumbent on us have been recorded in an agreement on joint processing. The wording of the agreement can be found here. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Data subjects' rights (e.g., requests for information) regarding data processed by Facebook can be asserted directly against Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here, https://de-de.facebook.com/help/566994660333381, and https://www.facebook.com/policy.php.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
X (formerly Twitter)
This website incorporates features of the X service (formerly Twitter). These features are offered by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For data processing of persons living outside the USA, the subsidiary Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible. If the social media element is active, a direct connection is established between your device and the X server. X (formerly Twitter) thereby receives information about your visit to this website. By using X (formerly Twitter) and the "Re-Tweet" or "Repost" function, the websites you visit are linked to your X (formerly Twitter) account and made known to other users. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by X (formerly Twitter). Further information can be found in X (formerly Twitter)'s privacy policy at https://twitter.com/de/privacy.
If consent (consent) has been obtained, the use of the above service is based on Art. 6(1)(a) GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the most comprehensive visibility on social media. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here.
You can change your privacy settings with X (formerly Twitter) in the account settings under https://twitter.com/account/settings.
This website incorporates features of the Instagram service. These features are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. Instagram can thus associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
If consent (consent) has been obtained, the use of the above service is based on Art. 6(1)(a) GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the most comprehensive visibility on social media. To the extent that personal data is collected on our website and forwarded to Facebook or Instagram using the described tool, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transmission to Facebook or Instagram. The processing by Facebook or Instagram after the forwarding is not part of the joint responsibility. The obligations jointly incumbent on us have been recorded in an agreement on joint processing. The wording of the agreement can be found here. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the data protection-compliant implementation of the tool on our website. For the data security of Facebook or Instagram products, Facebook is responsible. Data subjects' rights (e.g., requests for information) regarding data processed by Facebook or Instagram can be asserted directly against Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here, https://privacycenter.instagram.com/policy/, and https://de-de.facebook.com/help/566994660333381.
Further information can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
The social network "LinkedIn" of LinkedIn Ireland Unlimited Company (Ireland - EU) is used on this website. However, it cannot be ruled out that data may be transmitted to or integrated with the parent company, LinkedIn Corporation (USA). Details about the processing by this third-party provider are described here: LinkedIn Privacy Policy>](https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.)). The use of this third-party provider is not precluded by the fact that data transmission to or integration with the US-based parent company cannot be excluded. The processing of personal data through this tool only occurs if individuals consent to the associated data transfer to the USA (cf. Article 49(1)(a) GDPR). This is done concerning the local controller insofar as they control the data processing. If the providers of the presented social network or medium control the processing (for example, if individuals visit the social network independently of an action on this website), there is no transmission by the controller to the USA. Therefore, the local controller is not required to provide further guarantees under Article 44ff. GDPR. In this case, there is at most a relationship under Article 26 GDPR between the local controller and the provider of the social network.
The controller also maintains a company or product page with this provider, which is linked on this website. If individuals click on this link (referring to the link to the company or product page), they will be directed to the profile of the controller.
The controller has integrated a plugin from this provider of a social network or medium on this website. If individuals click on this plugin, they will be directed to the profile of the controller. The controller uses the so-called two-click solution. This means that after the click, personal data is not generally transferred to the provider of the plugin. The provider can be identified based on the design of the plugin (e.g., by the logo). The controller enables individuals to communicate directly with the provider of the plugin via the button. Only if they click on the highlighted field and activate it will the provider receive information that individuals have visited this website. Only then will the above-mentioned data be transmitted. By activating the plugin, personal data of individuals is thus transmitted to the provider mentioned here and may be stored in the USA or transmitted there. This data transfer occurs regardless of whether individuals have an account with the mentioned provider and are logged in. If they are logged in with the provider, their data collected by the local controller is directly assigned to the account they maintain with the mentioned provider. It is advisable to regularly log out after using a social network, especially before activating the button, as individuals can thereby avoid being associated with their profile with the provider.
The controller uses "LinkedIn Ads." With the advertising materials of this tool, the local controller can draw attention to its offers within the presented social network or medium. In relation to the data of advertising campaigns, the local controller can determine how successful individual advertising measures are. The goal is to show individuals advertisements that are of interest to them, make this website more interesting for them, and carry out a fair calculation of advertising costs. These advertising materials are delivered by the provider mentioned here. If individuals arrive at this website via an advertisement presented by this provider, a cookie is stored on their computer by the tool. These cookies are not intended to personally identify individuals. Typically, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wishes to be addressed) are stored as analysis values for this cookie. Due to the tool used, the browser of individuals automatically establishes a direct connection to the server of the provider mentioned here. The controller has no influence on the scope and further use of the data collected by the use of this tool. However, they share their knowledge: By integrating the advertising materials of this tool, the provider mentioned here receives information that individuals have accessed the corresponding part of this website or clicked on an advertisement by the controller. If individuals are registered with a service of this provider, it can assign the visit to their account. But even if individuals are not registered with the provider mentioned here or have not logged in, there is a possibility that the provider obtains and stores their IP address. Individuals can prevent participation in this tracking procedure in various ways: Either by adjusting their browser software accordingly, especially by suppressing third-party cookies, which means that they will not receive ads from third-party providers. Or by deactivating cookies. More information about the processing by this third-party provider can be found here.
TikTok
The social network "TikTok," jointly offered by TikTok Technology Limited (Ireland - EU) and TikTok Information Technologies UK Limited (United Kingdom of Great Britain and Northern Ireland), is used on this website. However, the privacy policy of the providers indicates that they may also transfer data to other companies in their "corporate group," without specifying which companies belong to it. Despite publicly contrary statements, it cannot be ruled out that data may be processed by companies in the USA and/or the People's Republic of China, particularly by the parent company Beijing
Bytedance Technology Ltd. (People's Republic of China). In cases where the controller and the providers of the presented social network or medium are jointly responsible, they have agreed to joint responsibility under Article 26 GDPR. In all other cases, the provider of the social network or medium has been commissioned under Article 28 GDPR. Details about the processing by these third-party providers can be found here. The use of this third-party provider is not precluded by the fact that neither data transmission to the USA nor to the People's Republic of China can be excluded. The processing of personal data through this tool only occurs if individuals consent to the associated data transfer to the USA or the People's Republic of China (cf. Article 49(1)(a) GDPR). This is done concerning the local controller insofar as they control the data processing. If the providers of the presented social network or medium control the processing (for example, if individuals visit the social network independently of an action on this website), there is no transmission by the controller to the USA. Therefore, the local controller is not required to provide further guarantees under Article 44ff. GDPR. In this case, there is at most a relationship under Article 26 GDPR between the local controller and the provider of the social network.
The controller also maintains a company or product page with this provider, which is linked on this website. If individuals click on this link (referring to the link to the company or product page), they will be directed to the profile of the controller.
The controller has integrated a plugin from this provider of a social network or medium on this website. If individuals click on this plugin, they will be directed to the profile of the controller. The controller uses the so-called two-click solution. This means that after the click, personal data is not generally transferred to the provider of the plugin. The provider can be identified based on the design of the plugin (e.g., by the logo). The controller enables individuals to communicate directly with the provider of the plugin via the button. Only if they click on the highlighted field and activate it will the provider receive information that individuals have visited this website. Only then will the above-mentioned data be transmitted. By activating the plugin, personal data of individuals is thus transmitted to the provider mentioned here and may be stored in the USA or transmitted there. This data transfer occurs regardless of whether individuals have an account with the mentioned provider and are logged in. If they are logged in with the provider, their data collected by the local controller is directly assigned to the account they maintain with the mentioned provider. It is advisable to regularly log out after using a social network, especially before activating the button, as individuals can thereby avoid being associated with their profile with the provider.
The controller uses the "TikTok Pixel." This is an analytics tool that allows the controller to measure the effectiveness of advertising. It is typically used to understand and track user actions on a website. The controller has implemented the pixel on this website by placing the pixel code in the header of the website. When individuals visit the website and perform an action (e.g., complete a purchase), the pixel is triggered, and the action is reported. This way, the controller learns when a user takes an action and can analyze it. There is also the possibility of enhanced matching, which the controller also uses and whose use is also covered by consent. The pixel also allows the transmission of user data (e.g., first name, last name, email address, etc.) to the providers and enriching it with existing tracking data. This makes it possible to collect data from individuals who do not use this social medium or capture users who are not logged in to this social medium during the visit to this website. As a result, individuals are tracked across this social medium. More information about the processing by this third-party provider can be found here.
The controller uses "TikTok Ads." With the advertising materials of this tool, the local controller can draw attention to its offers within the presented social network or medium. In relation to the data of advertising campaigns, the local controller can determine how successful individual advertising measures are. The goal is to show individuals advertisements that are of interest to them, make this website more interesting for them, and carry out a fair calculation of advertising costs. These advertising materials are delivered by the provider mentioned here. If individuals arrive at this website via an advertisement presented by this provider, a cookie is stored on their computer by the tool. These cookies are not intended to personally identify individuals. Typically, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wishes to be addressed) are stored as analysis values for this cookie. Due to the tool used, the browser of individuals automatically establishes a direct connection to the server of the provider mentioned here. The controller has no influence on the scope and further use of the data collected by the use of this tool. However, they share their knowledge: By integrating the advertising materials of this tool, the provider mentioned here receives information that individuals have accessed the corresponding part of this website or clicked on an advertisement by the controller. If individuals are registered with a service of this provider, it can assign the visit to their account. But even if individuals are not registered with the provider mentioned here or have not logged in, there is a possibility that the provider obtains and stores their IP address. Individuals can prevent participation in this tracking procedure in various ways: Either by adjusting their browser software accordingly, especially by suppressing third-party cookies, which means that they will not receive ads from third-party providers. Or by deactivating cookies. More information about the processing by this third-party provider can be found here>](https://ads.tiktok.com/i18n/home?)).
Google Ads
The social network "Google," and particularly the tool "Google Ads" of Google Ireland Ltd. (Ireland - EU), is used on this website, which has been commissioned under Article 28 GDPR. However, it cannot be ruled out that data may be transmitted to or integrated with the parent company, Google LLC (USA). Details about the processing by this third-party provider can be found here. The use of this third-party provider is not precluded by the fact that data transmission to or integration with the US-based parent company cannot be excluded. The processing of personal data only occurs if individuals consent to the associated data transfer to the USA (cf. Article 49(1)(a) GDPR).
In this context, the controller, especially in the search engine provided by the local provider, places ads (so-called Ads). When individuals interact with the controller (e.g., visit this website), there is a possibility that the controller, with their consent, identifies individuals as suitable recipients of the Ads using cookies. When individuals then visit this social medium, they are recognized, and the above-mentioned Ads are shown to them. The purpose is to present the controller, analyze user behavior regarding interaction with this website, and communicate with individuals through the presented social network or medium (possibly promotional). These advertising materials are delivered by Google through so-called "Ad Servers." The controller uses Ad Server cookies, which measure certain parameters for performance measurement, such as ad impressions or clicks by individuals. If individuals reach this website via a Google ad, a cookie is stored on their computer by Google Ads. These cookies usually expire after 30 days and are not intended to personally identify individuals. Typically, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wishes to be addressed) are stored as analysis values for this cookie. These cookies enable Google to recognize the internet browser of individuals. If a user visits specific pages of this website and the cookie stored on their computer has not yet expired, Google and the controller can recognize that the individual clicked on the ad and was redirected to this website. Due to the marketing tools used, the browser of individuals automatically establishes a direct connection to the server of Google.
Individuals can prevent participation in this tracking procedure in various ways:
a) by adjusting their browser software accordingly (in particular, suppressing third-party cookies prevents them from receiving ads from third-party providers),
b) by deactivating cookies for conversion tracking by adjusting their browser to block cookies from the domain "www.googleadservices.com" (see here), with this setting being deleted when individuals delete the cookies.
Google Remarketing:
The social network "Google," and particularly the tool "Google Remarketing" of Google Ireland Ltd. (Ireland - EU), is used on this website, which has been commissioned under Article 28 GDPR. However, it cannot be ruled out that data may be transmitted to or integrated with the parent company, Google LLC (USA). Details about the processing by this third-party provider can be found here. The use of this third-party provider is not precluded by the fact that data transmission to or integration with the US-based parent company cannot be excluded. The processing of personal data only occurs if individuals consent to the associated data transfer to the USA (cf. Article 49(1)(a) GDPR).
In this context, the controller, especially in the search engine provided by the local provider, places ads (so-called Ads). When individuals interact with the controller (e.g., visit this website), there is a possibility that the controller, with their consent, identifies individuals as suitable recipients of the Ads using cookies. When individuals then visit this social medium, they are recognized, and the above-mentioned Ads are shown to them. The purpose is to present the controller, analyze user behavior regarding interaction with this website, and communicate with individuals through the presented social network or medium (possibly promotional). These advertising materials are delivered by Google through so-called "Ad Servers." The controller uses Ad Server cookies, which measure certain parameters for performance measurement, such as ad impressions or clicks by individuals. If individuals reach this website via a Google ad, a cookie is stored on their computer by Google Ads. These cookies usually expire after 30 days and are not intended to personally identify individuals. Typically, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wishes to be addressed) are stored as analysis values for this cookie. These cookies enable Google to recognize the internet browser of individuals. If a user visits specific pages of this website and the cookie stored on their computer has not yet expired, Google and the controller can recognize that the individual clicked on the ad and was redirected to this website. Due to the marketing tools used, the browser of individuals automatically establishes a direct connection to the server of Google.
Individuals can prevent participation in this tracking procedure in various ways:
a) by adjusting their browser software accordingly (in particular, suppressing third-party cookies prevents them from receiving ads from third-party providers),
b) by deactivating cookies for conversion tracking by adjusting their browser to block cookies from the domain "www.googleadservices.com" (see here), with this setting being deleted when individuals delete the cookies.
6. Analytics
This website collects personal data that serves as the basis for our website analytics. This includes information about your browser, network, and device; websites you visited before coming to this website; and your IP address. This information may also include details about your use of this website, including clicks, internal links, visited pages, scrolling, searches, and timestamps. We share this information with Squarespace, our provider for website analytics, to learn more about traffic and activity on this website.
Google Analytics
In the context of analyzing user behavior, the analytics tool "Google Analytics" of Google Ireland Ltd. (Ireland - EU) is used, which has been commissioned under Article 28 GDPR. Details about the processing by this third-party provider can be found here. It should be noted that the IP address is truncated by the provider within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a server of the provider in the USA and truncated there. The IP address transmitted by the browser as part of using this tool is not merged with other data by the provider. The tool is also used for cross-device analysis of visitor flows, which is done via a user ID. Individuals can disable cross-device analysis in their customer account under "My Data," "Personal Data." It should be noted that this tool uses the "_anonymizeIp()" extension, which processes IP addresses in a shortened form, eliminating personal reference. If data collected about individuals is personally identifiable, this is immediately excluded, and the personal data is promptly deleted. The processing is not precluded by the fact that the data is transmitted to the USA, possibly in collaboration with Google LLC (USA). The processing of personal data only occurs if individuals consent to the associated data transfer to the USA (cf. Article 49(1)(a) GDPR).
Google Tag-Manager:
In the context of analyzing user behavior, the central control tool "Google Tag-Manager" of Google Ireland Ltd. (Ireland - EU) is used, which has been commissioned under Article 28 GDPR. Details about the processing by this third-party provider can be found here. It should be noted that this tool allows the controller to integrate various codes and services in an organized and simplified manner on this website. The tool implements tags and triggers the tags embedded with it. When a tag is triggered, the provider may also process personal data. It cannot be ruled out that the provider may transmit the data to a server in a third country. However, this processing is not precluded by the fact that the data is transmitted to the USA, possibly in collaboration with Google LLC (USA). The processing of personal data only occurs if individuals consent to the associated data transfer to the USA (cf. Article 49(1)(a) GDPR).
7. Newsletter
Newsletter Data
If you wish to subscribe to the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We share your contact information with Squarespace, our website hosting provider, so that Squarespace can send these emails on our behalf to you. The processing of the data entered into the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You can revoke the consent given for the storage of data, the email address, and its use for sending the newsletter at any time, for example, via the "Unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you provide us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter with us or the newsletter service provider, and will be deleted after unsubscribing from the newsletter or when the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the scope of our legitimate interests pursuant to Art. 6(1)(f) GDPR. Data stored by us for other purposes remains unaffected by this. After unsubscribing from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist, if necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in compliance with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
1. General Information
The following information provides a simple overview of what happens to your personal data when you visit this website or use our app. Personal data includes all data with which you can be personally identified. For detailed information on data protection, please refer to our privacy policy listed below this text.
Data Collection on this Website and App
Concerned Individuals
This privacy policy is directed at all individuals who visit this website or use our app. All references to persons refer to all genders and the associated language forms, especially diverse, female, and male. Each term referring to individuals is to be understood with the addition "(m/f/d)."
Who is responsible for data collection on this website and app?
Responsible for the processing described here is: The Coffee Break Company UG (limited liability), Bertoldstraße 23, Phone: +49(0)15208524110, hello@thecoffeebreak.com. The managing director is Mr. Kamil Derezinski.
How do we collect your data?
Your data is collected, on the one hand, by you providing it to us. This may involve data that you enter into a contact form, for example. Other data is automatically collected or with your consent when you visit the website or use the app through our IT systems. These are primarily technical data (e.g., internet browser, operating system, or time of access). This data is collected automatically when you enter this website or use the app.
What do we use your data for?
Some of the data is collected to ensure the error-free provision of the website and app. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to obtain free information about the origin, recipient, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have a right of appeal to the competent supervisory authority. For this and for further questions on data protection, you can contact us at any time.
Analysis Tools and Third-Party Tools
When visiting this website or using the app, your behavior can be statistically evaluated. This is done primarily with so-called analysis programs. Detailed information about these analysis programs can be found in the following privacy policy.
2.1 Hosting
We host the content of our website with the following provider:
Squarespace
The provider is Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland (hereinafter Squarespace). Squarespace is a tool for creating and hosting websites. When you visit our website, your data is processed on Squarespace's servers. This may also involve the transmission of personal data to Squarespace's parent company, Squarespace Inc., 8 Clarkson St, New York, NY 10014, USA. Squarespace also stores cookies that are necessary for the display of the site and to ensure security (essential cookies). The use of Squarespace is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. If consent has been requested, the processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of TTDSG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://support.squarespace.com/hc/de/articles/360000851908-DSGVO-und-Squarespace.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant- detail?contact=true&id=a2zt0000000GnjcAAC&status=Active
2.2 App Data Storage
The app includes the following additional services for data storage:
MongoDB:
Purpose: Used for securely storing user email addresses.
Data Security: Encrypted at rest and in transit.
Location: Data is stored on servers compliant with GDPR and other relevant data protection standards.
AWS S3 Buckets:
Purpose: Used for storing user profile pictures.
Data Security: Profile images are securely uploaded and stored using encryption.
Access Controls: Strict access policies limit access to authorized personnel only.
2.3 Sign in
With Apple
We offer the option to sign in using "Sign in with Apple." When you choose this option, Apple provides us with certain personal information, including your Apple ID, name, and email address. If you select the "Hide My Email" feature, we will receive a randomly generated email address that forwards messages to your actual email.
The processing of this data is based on Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (our legitimate interest in providing a secure and user-friendly login option).
For more details on Apple's data processing practices, please refer to Apple's Privacy Policy:
https://www.apple.com/legal/privacy/
With Google
We provide the option to sign in using your Google account. If you choose this method, Google shares certain personal data with us, including your Google ID, name, and email address.
The processing of this data is carried out under Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (our legitimate interest in offering a secure and convenient authentication process).
For further details on Google's data processing practices, please see Google’s Privacy Policy:
https://policies.google.com/privacy
3. General Information and Mandatory Information
The operators of these pages and the app take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website or app, various personal data is collected.
Personal data are data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g., communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
Note on the responsible body
The responsible party for data processing on this website and app is:
The Coffee Break Company UG (limited liability) Bertoldstraße 23 79098 Freiburg im Breisgau
Phone: +49 (0) 15208524110 Email: info@thecoffeebreakcompany.com
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, e-mail addresses, etc.).
Storage period
Unless a specific storage period is mentioned within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
General information about the legal bases of data processing on this website
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6(1)(a) GDPR serves as the legal basis. In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6(1)(f) GDPR serves as the legal basis for processing. The legal basis for the use of tools from companies based in data protectionally insecure third countries and US tools whose providers are not certified according to the EU-US Data Privacy Framework (DPF) is also Art. 6(1)(f) GDPR. If the tools are active, your personal data may be transferred to and processed in these states. Please note that in data protectionally insecure third countries, a level of data protection comparable to that of the EU cannot be guaranteed. We would like to point out that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. After that, data transfer to the USA is permissible if the recipient is certified under the "EU-US Data Privacy Framework" (DPF) or has appropriate additional guarantees. Information on transfers to third countries, including data recipients, can be found in this privacy policy.
Recipients of personal data
In the course of our business activities, we work with various external entities. This may involve the transmission of personal data to these external entities. We only pass on personal data to external entities if this is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest in the transfer according to Art. 6(1)(f) GDPR, or if another legal basis allows the transfer of data. When using contract processors, we only pass on personal data of our customers on the basis of a valid contract for contract processing. In the case of joint processing, a contract for joint processing is concluded.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent already given at any time. The legality of the data processing carried out until the revocation is not affected by the revocation.
Right of objection to data collection in special cases, as well as to direct advertising (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6(1)(e) or (f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation, including profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21(1) GDPR). If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling to the extent that it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21(2) GDPR).
Complaint right to the competent supervisory authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
Information, correction, and deletion
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient, and the purpose of data processing, and, if necessary, a right to correction or deletion of this data. For this purpose and for further questions on the subject of personal data, you can contact us at any time.
Right to Restriction of Processing
You have the right to request the restriction of processing of your personal data. To do so, you can contact us at any time. The right to restriction of processing exists in the following cases:
If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. During the verification period, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data has been or is being carried out unlawfully, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of processing of your personal data instead of deletion.
If you have objected pursuant to Art. 21(1) GDPR, an assessment must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing of your personal data.
If you have restricted the processing of your personal data, these data – except for their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.
SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to Promotional Emails
We hereby object to the use of contact data published within the scope of the imprint obligation for sending unsolicited advertising and information materials. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.
Fonts
This website provides font files from Google Fonts and Adobe Fonts and displays these fonts. To display this website correctly, these third parties may receive personal data about you, including:
Information about your browser, network, or device
Information about this website and the page you visit on the website
Your IP address
4. Data Collection on this Website - Cookies
Our websites use so-called "cookies." Cookies are small data packets that do not cause any damage to your end device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your end device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your end device until you delete them yourself or automatic deletion occurs through your web browser. Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of specific services from third-party companies within websites (e.g., cookies for processing payment services). Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are necessary for the electronic communication process, for the provision of certain functions you request (e.g., for the shopping cart function), or for the optimization of the website (e.g., cookies for measuring web audiences) and do not fall into the category of necessary cookies, are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent has been requested for the storage of cookies and similar recognition technologies, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); the consent can be revoked at any time. You can set your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website. Information on the cookies placed on your device can be found in Squarespace's cookie usage guide.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
These data are not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website, for which the server log files must be collected.
Contact Form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent. The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory statutory provisions, especially retention periods, remain unaffected. We share this information with Squarespace, our provider for online shop hosting, so that it can provide website services. We also share this information for storage purposes with Mailchimp (Mailchimp Privacy Statement).
Inquiries via Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all personal data derived from it (name, inquiry), will be stored and processed by us for the purpose of processing your concern. We will not pass on this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time.
The data you send us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your concern has been processed). Mandatory statutory provisions, especially statutory retention periods, remain unaffected.
5. Social Media
Sharing Buttons
This website contains sharing buttons that allow you to share pages or other content of this website for the following third-party services: LinkedIn, X, Instagram, Facebook, TikTok. When you click on a sharing button, these third parties may receive your personal data, including:
Information about your browser, network, and device
Details about the webpage or content you shared or intend to share
Your IP address
This website integrates elements of the Facebook social network. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.
An overview of Facebook social media elements can be found here.
If the social media element is active, a direct connection is established between your device and the Facebook server. Facebook receives information that you have visited this website with your IP address. If you click on the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook's privacy policy at https://de-de.facebook.com/privacy/explanation.
If consent (consent) has been obtained, the use of the above service is based on Art. 6(1)(a) GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the most comprehensive visibility on social media. To the extent that personal data is collected on our website and forwarded to Facebook using the described tool, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the
collection of data and its transmission to Facebook. The processing by Facebook after the forwarding is not part of the joint responsibility. The obligations jointly incumbent on us have been recorded in an agreement on joint processing. The wording of the agreement can be found here. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Data subjects' rights (e.g., requests for information) regarding data processed by Facebook can be asserted directly against Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here, https://de-de.facebook.com/help/566994660333381, and https://www.facebook.com/policy.php.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
X (formerly Twitter)
This website incorporates features of the X service (formerly Twitter). These features are offered by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For data processing of persons living outside the USA, the subsidiary Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible. If the social media element is active, a direct connection is established between your device and the X server. X (formerly Twitter) thereby receives information about your visit to this website. By using X (formerly Twitter) and the "Re-Tweet" or "Repost" function, the websites you visit are linked to your X (formerly Twitter) account and made known to other users. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by X (formerly Twitter). Further information can be found in X (formerly Twitter)'s privacy policy at https://twitter.com/de/privacy.
If consent (consent) has been obtained, the use of the above service is based on Art. 6(1)(a) GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the most comprehensive visibility on social media. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here.
You can change your privacy settings with X (formerly Twitter) in the account settings under https://twitter.com/account/settings.
This website incorporates features of the Instagram service. These features are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. Instagram can thus associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
If consent (consent) has been obtained, the use of the above service is based on Art. 6(1)(a) GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the most comprehensive visibility on social media. To the extent that personal data is collected on our website and forwarded to Facebook or Instagram using the described tool, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transmission to Facebook or Instagram. The processing by Facebook or Instagram after the forwarding is not part of the joint responsibility. The obligations jointly incumbent on us have been recorded in an agreement on joint processing. The wording of the agreement can be found here. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the data protection-compliant implementation of the tool on our website. For the data security of Facebook or Instagram products, Facebook is responsible. Data subjects' rights (e.g., requests for information) regarding data processed by Facebook or Instagram can be asserted directly against Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here, https://privacycenter.instagram.com/policy/, and https://de-de.facebook.com/help/566994660333381.
Further information can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
The social network "LinkedIn" of LinkedIn Ireland Unlimited Company (Ireland - EU) is used on this website. However, it cannot be ruled out that data may be transmitted to or integrated with the parent company, LinkedIn Corporation (USA). Details about the processing by this third-party provider are described here: LinkedIn Privacy Policy>](https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.)). The use of this third-party provider is not precluded by the fact that data transmission to or integration with the US-based parent company cannot be excluded. The processing of personal data through this tool only occurs if individuals consent to the associated data transfer to the USA (cf. Article 49(1)(a) GDPR). This is done concerning the local controller insofar as they control the data processing. If the providers of the presented social network or medium control the processing (for example, if individuals visit the social network independently of an action on this website), there is no transmission by the controller to the USA. Therefore, the local controller is not required to provide further guarantees under Article 44ff. GDPR. In this case, there is at most a relationship under Article 26 GDPR between the local controller and the provider of the social network.
The controller also maintains a company or product page with this provider, which is linked on this website. If individuals click on this link (referring to the link to the company or product page), they will be directed to the profile of the controller.
The controller has integrated a plugin from this provider of a social network or medium on this website. If individuals click on this plugin, they will be directed to the profile of the controller. The controller uses the so-called two-click solution. This means that after the click, personal data is not generally transferred to the provider of the plugin. The provider can be identified based on the design of the plugin (e.g., by the logo). The controller enables individuals to communicate directly with the provider of the plugin via the button. Only if they click on the highlighted field and activate it will the provider receive information that individuals have visited this website. Only then will the above-mentioned data be transmitted. By activating the plugin, personal data of individuals is thus transmitted to the provider mentioned here and may be stored in the USA or transmitted there. This data transfer occurs regardless of whether individuals have an account with the mentioned provider and are logged in. If they are logged in with the provider, their data collected by the local controller is directly assigned to the account they maintain with the mentioned provider. It is advisable to regularly log out after using a social network, especially before activating the button, as individuals can thereby avoid being associated with their profile with the provider.
The controller uses "LinkedIn Ads." With the advertising materials of this tool, the local controller can draw attention to its offers within the presented social network or medium. In relation to the data of advertising campaigns, the local controller can determine how successful individual advertising measures are. The goal is to show individuals advertisements that are of interest to them, make this website more interesting for them, and carry out a fair calculation of advertising costs. These advertising materials are delivered by the provider mentioned here. If individuals arrive at this website via an advertisement presented by this provider, a cookie is stored on their computer by the tool. These cookies are not intended to personally identify individuals. Typically, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wishes to be addressed) are stored as analysis values for this cookie. Due to the tool used, the browser of individuals automatically establishes a direct connection to the server of the provider mentioned here. The controller has no influence on the scope and further use of the data collected by the use of this tool. However, they share their knowledge: By integrating the advertising materials of this tool, the provider mentioned here receives information that individuals have accessed the corresponding part of this website or clicked on an advertisement by the controller. If individuals are registered with a service of this provider, it can assign the visit to their account. But even if individuals are not registered with the provider mentioned here or have not logged in, there is a possibility that the provider obtains and stores their IP address. Individuals can prevent participation in this tracking procedure in various ways: Either by adjusting their browser software accordingly, especially by suppressing third-party cookies, which means that they will not receive ads from third-party providers. Or by deactivating cookies. More information about the processing by this third-party provider can be found here.
TikTok
The social network "TikTok," jointly offered by TikTok Technology Limited (Ireland - EU) and TikTok Information Technologies UK Limited (United Kingdom of Great Britain and Northern Ireland), is used on this website. However, the privacy policy of the providers indicates that they may also transfer data to other companies in their "corporate group," without specifying which companies belong to it. Despite publicly contrary statements, it cannot be ruled out that data may be processed by companies in the USA and/or the People's Republic of China, particularly by the parent company Beijing
Bytedance Technology Ltd. (People's Republic of China). In cases where the controller and the providers of the presented social network or medium are jointly responsible, they have agreed to joint responsibility under Article 26 GDPR. In all other cases, the provider of the social network or medium has been commissioned under Article 28 GDPR. Details about the processing by these third-party providers can be found here. The use of this third-party provider is not precluded by the fact that neither data transmission to the USA nor to the People's Republic of China can be excluded. The processing of personal data through this tool only occurs if individuals consent to the associated data transfer to the USA or the People's Republic of China (cf. Article 49(1)(a) GDPR). This is done concerning the local controller insofar as they control the data processing. If the providers of the presented social network or medium control the processing (for example, if individuals visit the social network independently of an action on this website), there is no transmission by the controller to the USA. Therefore, the local controller is not required to provide further guarantees under Article 44ff. GDPR. In this case, there is at most a relationship under Article 26 GDPR between the local controller and the provider of the social network.
The controller also maintains a company or product page with this provider, which is linked on this website. If individuals click on this link (referring to the link to the company or product page), they will be directed to the profile of the controller.
The controller has integrated a plugin from this provider of a social network or medium on this website. If individuals click on this plugin, they will be directed to the profile of the controller. The controller uses the so-called two-click solution. This means that after the click, personal data is not generally transferred to the provider of the plugin. The provider can be identified based on the design of the plugin (e.g., by the logo). The controller enables individuals to communicate directly with the provider of the plugin via the button. Only if they click on the highlighted field and activate it will the provider receive information that individuals have visited this website. Only then will the above-mentioned data be transmitted. By activating the plugin, personal data of individuals is thus transmitted to the provider mentioned here and may be stored in the USA or transmitted there. This data transfer occurs regardless of whether individuals have an account with the mentioned provider and are logged in. If they are logged in with the provider, their data collected by the local controller is directly assigned to the account they maintain with the mentioned provider. It is advisable to regularly log out after using a social network, especially before activating the button, as individuals can thereby avoid being associated with their profile with the provider.
The controller uses the "TikTok Pixel." This is an analytics tool that allows the controller to measure the effectiveness of advertising. It is typically used to understand and track user actions on a website. The controller has implemented the pixel on this website by placing the pixel code in the header of the website. When individuals visit the website and perform an action (e.g., complete a purchase), the pixel is triggered, and the action is reported. This way, the controller learns when a user takes an action and can analyze it. There is also the possibility of enhanced matching, which the controller also uses and whose use is also covered by consent. The pixel also allows the transmission of user data (e.g., first name, last name, email address, etc.) to the providers and enriching it with existing tracking data. This makes it possible to collect data from individuals who do not use this social medium or capture users who are not logged in to this social medium during the visit to this website. As a result, individuals are tracked across this social medium. More information about the processing by this third-party provider can be found here.
The controller uses "TikTok Ads." With the advertising materials of this tool, the local controller can draw attention to its offers within the presented social network or medium. In relation to the data of advertising campaigns, the local controller can determine how successful individual advertising measures are. The goal is to show individuals advertisements that are of interest to them, make this website more interesting for them, and carry out a fair calculation of advertising costs. These advertising materials are delivered by the provider mentioned here. If individuals arrive at this website via an advertisement presented by this provider, a cookie is stored on their computer by the tool. These cookies are not intended to personally identify individuals. Typically, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wishes to be addressed) are stored as analysis values for this cookie. Due to the tool used, the browser of individuals automatically establishes a direct connection to the server of the provider mentioned here. The controller has no influence on the scope and further use of the data collected by the use of this tool. However, they share their knowledge: By integrating the advertising materials of this tool, the provider mentioned here receives information that individuals have accessed the corresponding part of this website or clicked on an advertisement by the controller. If individuals are registered with a service of this provider, it can assign the visit to their account. But even if individuals are not registered with the provider mentioned here or have not logged in, there is a possibility that the provider obtains and stores their IP address. Individuals can prevent participation in this tracking procedure in various ways: Either by adjusting their browser software accordingly, especially by suppressing third-party cookies, which means that they will not receive ads from third-party providers. Or by deactivating cookies. More information about the processing by this third-party provider can be found here>](https://ads.tiktok.com/i18n/home?)).
Google Ads
The social network "Google," and particularly the tool "Google Ads" of Google Ireland Ltd. (Ireland - EU), is used on this website, which has been commissioned under Article 28 GDPR. However, it cannot be ruled out that data may be transmitted to or integrated with the parent company, Google LLC (USA). Details about the processing by this third-party provider can be found here. The use of this third-party provider is not precluded by the fact that data transmission to or integration with the US-based parent company cannot be excluded. The processing of personal data only occurs if individuals consent to the associated data transfer to the USA (cf. Article 49(1)(a) GDPR).
In this context, the controller, especially in the search engine provided by the local provider, places ads (so-called Ads). When individuals interact with the controller (e.g., visit this website), there is a possibility that the controller, with their consent, identifies individuals as suitable recipients of the Ads using cookies. When individuals then visit this social medium, they are recognized, and the above-mentioned Ads are shown to them. The purpose is to present the controller, analyze user behavior regarding interaction with this website, and communicate with individuals through the presented social network or medium (possibly promotional). These advertising materials are delivered by Google through so-called "Ad Servers." The controller uses Ad Server cookies, which measure certain parameters for performance measurement, such as ad impressions or clicks by individuals. If individuals reach this website via a Google ad, a cookie is stored on their computer by Google Ads. These cookies usually expire after 30 days and are not intended to personally identify individuals. Typically, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wishes to be addressed) are stored as analysis values for this cookie. These cookies enable Google to recognize the internet browser of individuals. If a user visits specific pages of this website and the cookie stored on their computer has not yet expired, Google and the controller can recognize that the individual clicked on the ad and was redirected to this website. Due to the marketing tools used, the browser of individuals automatically establishes a direct connection to the server of Google.
Individuals can prevent participation in this tracking procedure in various ways:
a) by adjusting their browser software accordingly (in particular, suppressing third-party cookies prevents them from receiving ads from third-party providers),
b) by deactivating cookies for conversion tracking by adjusting their browser to block cookies from the domain "www.googleadservices.com" (see here), with this setting being deleted when individuals delete the cookies.
Google Remarketing:
The social network "Google," and particularly the tool "Google Remarketing" of Google Ireland Ltd. (Ireland - EU), is used on this website, which has been commissioned under Article 28 GDPR. However, it cannot be ruled out that data may be transmitted to or integrated with the parent company, Google LLC (USA). Details about the processing by this third-party provider can be found here. The use of this third-party provider is not precluded by the fact that data transmission to or integration with the US-based parent company cannot be excluded. The processing of personal data only occurs if individuals consent to the associated data transfer to the USA (cf. Article 49(1)(a) GDPR).
In this context, the controller, especially in the search engine provided by the local provider, places ads (so-called Ads). When individuals interact with the controller (e.g., visit this website), there is a possibility that the controller, with their consent, identifies individuals as suitable recipients of the Ads using cookies. When individuals then visit this social medium, they are recognized, and the above-mentioned Ads are shown to them. The purpose is to present the controller, analyze user behavior regarding interaction with this website, and communicate with individuals through the presented social network or medium (possibly promotional). These advertising materials are delivered by Google through so-called "Ad Servers." The controller uses Ad Server cookies, which measure certain parameters for performance measurement, such as ad impressions or clicks by individuals. If individuals reach this website via a Google ad, a cookie is stored on their computer by Google Ads. These cookies usually expire after 30 days and are not intended to personally identify individuals. Typically, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wishes to be addressed) are stored as analysis values for this cookie. These cookies enable Google to recognize the internet browser of individuals. If a user visits specific pages of this website and the cookie stored on their computer has not yet expired, Google and the controller can recognize that the individual clicked on the ad and was redirected to this website. Due to the marketing tools used, the browser of individuals automatically establishes a direct connection to the server of Google.
Individuals can prevent participation in this tracking procedure in various ways:
a) by adjusting their browser software accordingly (in particular, suppressing third-party cookies prevents them from receiving ads from third-party providers),
b) by deactivating cookies for conversion tracking by adjusting their browser to block cookies from the domain "www.googleadservices.com" (see here), with this setting being deleted when individuals delete the cookies.
6. Analytics
This website collects personal data that serves as the basis for our website analytics. This includes information about your browser, network, and device; websites you visited before coming to this website; and your IP address. This information may also include details about your use of this website, including clicks, internal links, visited pages, scrolling, searches, and timestamps. We share this information with Squarespace, our provider for website analytics, to learn more about traffic and activity on this website.
Google Analytics
In the context of analyzing user behavior, the analytics tool "Google Analytics" of Google Ireland Ltd. (Ireland - EU) is used, which has been commissioned under Article 28 GDPR. Details about the processing by this third-party provider can be found here. It should be noted that the IP address is truncated by the provider within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a server of the provider in the USA and truncated there. The IP address transmitted by the browser as part of using this tool is not merged with other data by the provider. The tool is also used for cross-device analysis of visitor flows, which is done via a user ID. Individuals can disable cross-device analysis in their customer account under "My Data," "Personal Data." It should be noted that this tool uses the "_anonymizeIp()" extension, which processes IP addresses in a shortened form, eliminating personal reference. If data collected about individuals is personally identifiable, this is immediately excluded, and the personal data is promptly deleted. The processing is not precluded by the fact that the data is transmitted to the USA, possibly in collaboration with Google LLC (USA). The processing of personal data only occurs if individuals consent to the associated data transfer to the USA (cf. Article 49(1)(a) GDPR).
Google Tag-Manager:
In the context of analyzing user behavior, the central control tool "Google Tag-Manager" of Google Ireland Ltd. (Ireland - EU) is used, which has been commissioned under Article 28 GDPR. Details about the processing by this third-party provider can be found here. It should be noted that this tool allows the controller to integrate various codes and services in an organized and simplified manner on this website. The tool implements tags and triggers the tags embedded with it. When a tag is triggered, the provider may also process personal data. It cannot be ruled out that the provider may transmit the data to a server in a third country. However, this processing is not precluded by the fact that the data is transmitted to the USA, possibly in collaboration with Google LLC (USA). The processing of personal data only occurs if individuals consent to the associated data transfer to the USA (cf. Article 49(1)(a) GDPR).
7. Newsletter
Newsletter Data
If you wish to subscribe to the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We share your contact information with Squarespace, our website hosting provider, so that Squarespace can send these emails on our behalf to you. The processing of the data entered into the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You can revoke the consent given for the storage of data, the email address, and its use for sending the newsletter at any time, for example, via the "Unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you provide us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter with us or the newsletter service provider, and will be deleted after unsubscribing from the newsletter or when the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the scope of our legitimate interests pursuant to Art. 6(1)(f) GDPR. Data stored by us for other purposes remains unaffected by this. After unsubscribing from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist, if necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in compliance with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.