1. Introduction

This website is operated by: allixystudio.It is very important to us to handle the data of our website visitors with confidence and to protect them in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR. Below we explain how we process your data on our website. We use language that is as clear and transparent as possible so that you really understand what happens to your data.

2. General information

2.1 Processing of personal data and other terms

Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) in front of which you are currently sitting. Such data is processed when 'something happens to it'. Here, for example, the IP is transmitted from the browser to our provider and stored there automatically. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR). These and other legal definitions can be found in Art. 4 GDPR.

2.2 Applicable regulations/laws - GDPR, BDSG and TDDDG

The scope of data protection is regulated by laws. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law. In addition, the TDDDG supplements the provisions of the GDPR as far as the use of cookies is concerned.

2.3 The person in charge

The person responsible for data processing on this website is the controller within the meaning of the GDPR. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. You can reach the responsible person under:

allixystudio.
P: +49 162 5681723
M: hello@allixystudio.com

2.4 This is how data is basically processed on this website

As we have already established, there is data (e.g. IP address) that is collected automatically. This data is mainly required for the technical provision of the website. If we also use personal data or collect other data, we will inform you of this or ask for your consent. Other personal data you share with us consciously.

You will find more detailed information below.

2.5 Your Rights

The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the rectification, blocking or erasure of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke your consent at any time.

You can find out in detail what these rights are and how to exercise them in the last section of this Privacy Policy.

2.6 Data protection - Our view

Data protection is more than just a chore for us! Personal data is of great value and careful handling of this data should be a matter of course in our digitalized world. In addition, you as a website visitor should be able to decide for yourself what "happens" to your data, when and by whom. Therefore, we commit ourselves to comply with all legal requirements, collect only the data necessary for us and treat them confidentially.

2.7 Disclosure and deletion

The transfer and deletion of data are also important and sensitive topics. Therefore, we would like to briefly inform you in advance about our general approach to this. A transfer of data only takes place on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called Data Processor and a Data Processing Agreement has been concluded in accordance with Art. 28 GDPR. We delete your data when the purpose and the legal basis for processing cease to exist and the deletion is not contrary to any other legal obligations. A 'good' overview of this is also provided by Art. 17 GDPR. For further information, please refer to this Privacy Policy and contact the responsible person if you have any specific questions.

2.8 Hosting

This website is hosted externally. The personal data collected on this website is stored on the host's servers. This includes the automatically collected and stored log files (see below for more details), as well as all other data provided by website visitors. External hosting is used for the purpose of secure, fast and reliable provision of our website and in this context serves to fulfill the contract with our potential and existing customers. The legal basis for the processing is Art. 6 para. 1 lit. a, b and f GDPR, as well as § 25 para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the terminal device of the website visitor or user within the meaning of the TDDDG. Our hoster only processes data that is necessary for the fulfillment of its service obligation and acts as our Data Processor, which means that it is subject to our instructions. We have concluded a corresponding Data Processing Agreement with our hoster.

We use the following hoster:

Squarespace, Squarespace Ireland Ltd, Le Pole House, Ship Street Great, Dublin 8, Ireland.

https://de.squarespace.com/kontakt

https://de.squarespace.com/data-privacy

2.9Legal basis

The processing of personal data always requires a legal basis. The GDPR provides for the following possibilities in Art. 6 (1) Sentence 1:

a) The data subject has given his/her consent to the processing of personal data concerning him/her for one or more specific purposes;

b) the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject's request;

c) processing is necessary for compliance with a legal obligation to whichthe person responsible is subject to;

d) the processing is necessary in order to protect the vital interests of the data subject or another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested inthe person in charge was transferred;

f) processing is necessary for the purposes of safeguarding the legitimate interests ofof the responsible person(s) orof a/an third party necessary, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override this, in particular where the data subject is a child.

In the following sections, we will provide you with the specific legal basis for the respective processing.

3. What happens on our website

By visiting our website, we process personal data about you. To protect this data as best as possible against unauthorized access by third parties, we use SSL or TLS encryption. You can recognize this encrypted connection by the fact that a https:// or a lock symbol is displayed in the address bar of your browser. In the following, you will learn which data is collected when you visit our website, for what purpose this is done and on what legal basis.

3.1 Data collection when calling up the website

By calling up the website, information is automatically stored in so-called server log files. This is the following information:

• Browser type and version

• Operating system used

• Referrer URL

• Host name of the accessing computer

• Time of the server request

• IP address

This data is temporarily required in order to be able to display our website to you permanently and without problems. In particular, this data serves the following purposes:

• System security of the website

• System stability of the website

• Website troubleshooting

• Connecting to the website

• Website presentation

The data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular the interest in the functionality of the website as well as its security. If possible, this data is stored pseudonymously and deleted after the respective purpose has been achieved. Insofar as the server log files allow the identification of the person concerned, the data is stored for a maximum period of 14 days. An exception exists if a security-relevant event occurs. In this case, the server log files are stored until the elimination and final clarification of the security-relevant event. For the rest, a consolidation with other data does not take place.

3.2 Cookies

3.2.1 General

This website uses so-called cookies. This is a data record, information that is stored in the browser of your terminal device and is related to our website. By setting cookies, the navigation of the website in particular can be made easier for the visitor. In our Cookie Consent Tool you will find all information about the cookies we have in use on our website (if applicable after your consent).

3.2.2 Reject cookies

You can manage all cookies that are not technically necessary directly via our cookie consent tool. The setting of cookies can be prevented by adjusting the settings of your browser. Here you can find the corresponding links to frequently used browsers:

• Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=Cookies+l%C3%B6schen&redirectlocale=en

• Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de

• Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d

• Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac.

• If you use another browser, it is recommended to use the name of your browser and search 'delete and manage cookies' in a search engine and follow the official link to your browser instructions.

However, we must inform you that a comprehensive blocking/deletion of cookies can lead to impairments in the use of the website.

3.2.3 Technically necessary cookies

We use technically necessary cookies on this website to ensure that our website functions without errors and in accordance with applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies. The legal basis for this is, depending on the individual case, Art. 6 para. 1 lit. b, c and/or f GDPR.

3.2.4 Technically unnecessary cookies

We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of the website visitor or to offer functions of the website that are not technically necessary. The legal basis for this is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Technically unnecessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.

3.3 Data processing through user input

3.3.1 Own data collection

We offer the following (service) on our website: Mailing list sign-up. For this purpose, we collect the following data:

• Name

• E-mail address

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose ceases to apply and it is possible in accordance with the legal requirements.

3.3.2 Contact

a) E-mail: When you contact us by email, we process your email address and any other data contained in the email. This data is stored on the mail server and in some cases on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

b) Phone: If you contact us by phone, the call data may be stored pseudonymously on the respective terminal device and with the telecommunications provider used. Personal data collected during the telephone call will only be processed in order to handle your request. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose ceases to apply and it is possible according to the legal requirements.

3.4 Cookie Consent Tool

3.4.1 Squarespace

To ensure that only those cookies are set on our website for which there is a legal basis, we use the consent management tool from Squarespace. This service is provided by Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, Ireland. This service is used to obtain the consent of the website visitor to the storage of certain cookies in his/her browser or the use of certain technologies and to document this in accordance with data protection law. When accessing this website, the consent given by the website visitor(s) or the revocation of consent is stored as a Squarespace cookie in the browser of the website visitor(s). For this purpose, a connection to the servers of Squarespace is established. The legal basis is Art. 6 para. 1 lit. c GDPR. Squarespace is used to obtain the legally required consent for the use of cookies. Until the website visitor requests deletion or Squarespace deletes the data itself or the purpose for storing the data no longer applies, the collected data will be stored. This does not affect the mandatory statutory retention periods.

3.5 Website Builder System

3.5.1 Squarespace

We use Squarespace to create our website. This is a service of Squarespace Ireland Limited, Le Pole House, Ship Street Great, Dublin 8, D08N12C, Ireland. This service allows us to design our website according to our wishes and meet our goal of user-friendliness. Squarespace uses cookies for, among other things, browsing security and to prevent cross-site request forgery (session cookies), as well as for secure transactions. The service is technically necessary to display our website. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Squarespace also processes data in the USA. In case of data transfer to the USA, the standard contractual clauses (SCCs) apply.

More information: https://www.squarespace.com/privacy.

3.6 Newsletter

3.6.1 Brevo

We use Brevo to provide our newsletter. This service is provided by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. This service can be used to organize and analyse the sending of newsletters. The data entered to receive the newsletter is stored on Brevo's servers in Germany. Brevo can be used to analyze interactions with the newsletter. In addition, conversion rates can be determined and newsletter users can be categorized in order to adapt the newsletter to different target groups. This analysis can be objected to via the link in each newsletter message.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time by unsubscribing from the newsletter. The legality of the processing that has already taken place remains unaffected by any revocation. The data will be deleted at the end of the contract between us and Brevo, unless the website visitor withdraws their consent beforehand. If this is the case, the data will be deleted from the distribution list. In addition, after unsubscribing from the newsletter, the e-mail address is stored on a blacklist separately from other data for an indefinite period of time. The legal basis for this is Art. 6 para. 1 lit.f GDPR. It serves the interest of the website visitor as well as our interest in using/operating a newsletter in accordance with the legal requirements.

More details: https://www.brevo.com/de/legal/privacypolicy/.

3.6.2 Brevo

We use the Brevo newsletter service on our website. Brevo is operated by Brevo SAS, 55 Rue d'Amsterdam, 75008 Paris, France. Brevo enables us to send newsletters and manage communication with our subscribers. Personal data such as email address, name and usage data required for sending and analyzing the newsletter are processed. The purpose of data processing is to inform subscribers about news, offers and relevant content. The legal basis for data processing is the consent of the user in accordance with Art. 6 para. 1 lit. a GDPR. Brevo uses cookies to analyze user behavior in connection with the newsletters. These cookies are only set with consent, which can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

Data is stored until the data subject withdraws consent to storage or the purpose for storage no longer applies. Further information on data processing can be found here:https://www.brevo.com/legal/privacypolicy/.

3.7 Analysis and tracking tools

3.7.1 Google Analytics

On our website, we use the Google Analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a web analysis tool that records and evaluates the behavior of visitors to our website. Personal data such as IP address (in abbreviated form), browser and device information, referrer URL, pages visited, length of stay, click behavior, location data and timestamps are processed. This information is usually transmitted to Google servers and stored there. IP anonymization within the EU means that the IP address is truncated before transmission. Data processing is carried out for the purpose of analyzing user behavior, improving our website and optimizing marketing measures. The legal basis is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG, as consent is required for the use of cookies and comparable technologies.

Google Analytics uses cookies and similar technologies to recognize recurring visits and record interactions. These cookies are only set with your consent. A transfer of data to the USA cannot be ruled out. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and also uses standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR to ensure an adequate level of data protection. The stored data is deleted as soon as it is no longer required for analysis purposes or consent is withdrawn. Google generally deletes or anonymizes standard data after 14 months.

Further information on data processing by Google Analytics can be found in Google's Privacy Policy at https://policies.google.com/privacy?hl=de.

3.7.2 Google Conversion Tracking

This website uses Google Conversion Tracking. Google Conversion Tracking is a web analytics service. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Conversion Tracking sets cookies for identification. We learn the number of users and what actions were performed on the website by the website visitors. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. The data will be deleted as soon as they are no longer needed for the processing purposes.

More details: https://policies.google.com/privacy?hl=de.

3.7.3 Google Ads Remarketing

On this website we use Google Ads Remarketing. Google Ads Remarketing is a web analytics service. This service is offered by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads Remarketing sets cookies for the following purpose: website visitors can be assigned to a specific target group and provided with personalized advertising accordingly.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. More details: https://www.google.com/settings/ads/onweb/ & https://policies.google.com/technologies/ads?hl=de.

3.7.4 Google Tag Manager

On this website we use Google Tag Manager. Google Tag Manager is a web analytics service. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager does not store cookies and does not analyze independently. It only serves to manage the tools integrated via it. However, the IP address of the website visitor is recorded, which can be transferred to the parent company of Google in the USA. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the uncomplicated integration and management of various tools on its website.

More details: https://policies.google.com/privacy?hl=en.

3.7.5 Google Ads

We use Google Ads on this website. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. The service enables us to link advertisements in the Google search engine to specific keywords and to place targeted advertisements based on existing user data. Cookies are used for conversion tracking. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

More details: https://privacy.google.com/businesses/controllerterms/mccs/.

3.7.6 Google AdSense

We use Google AdSense on this website. Google AdSense is a service that embeds advertisements into a website. This service is offered by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. When selecting advertising, the so-called "context information" (e.g. location, content of the website) is used in the non-personalized mode. Google AdSense uses cookies to fight against fraud and abuse. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

More details:

• https://privacy.google.com/businesses/controllerterms/mccs/

• https://adssettings.google.com/authenticated

• https://policies.google.com/technologies/ads

• https://www.google.de/intl/de/policies/privacy/

3.7.7 Google DoubleClick

We use Google DoubleClick on this website. Google DoubleClick is an online advertising service. This service is offered by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of Google DoubleClick, interest-based advertisements are displayed to the website visitor throughout the Google advertising network. Google DoubleClick uses cookies to ensure the functions of Google DoubleClick and to display interest-based advertising. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

More details: https://policies.google.com/technologies/ads & https://adssettings.google.com/authenticated

3.7.8 Squarespace Analytics

We use Squarespace Analytics on this website. Squarespace Analytics is a web analytics service. This service is provided by Squarespace Ireland Ltd, Le Pole House, Shipstreet Great, Dublin 8, Ireland. With the help of Squarespace Analytics, it is possible for us to analyze the user behavior of website visitors. The time of access to the website, the geographical location of the visitor, the click and scroll behavior and searches on the website are recorded. For this purpose, browser, network and device information as well as the IP address are collected. Squarespace Analytics uses cookies to create pseudonymous user profiles, which enable the recognition of the user across pages for analysis purposes.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to information in the user's terminal device or the storage of cookies within the meaning of the TDDDG. Otherwise, the use of the service is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in collecting this analysis in order to optimize our website and our advertising. Personal data may be transferred to the parent company of Squarespace Analytics. This is Squarespace inc, 8 Clarkson St, New York, NY 10014, USA. In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

• https://support.squarespace.com/hc/de/articles/360000851908-GDPR-und-Squarespace,

• https://www.squarespace.com/privacy.

3.7.9 Brevo

We use the Brevo analysis service on our website, which is provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Brevo makes it possible to analyze user behavior on our website and improve marketing through targeted tracking of interactions. The processed data includes the IP address, user movements on the website, information about devices used and technical log data. The purpose of data processing is to analyze user behavior in order to improve our website and marketing activities. The legal basis for data processing is Art. 6 para. 1 lit. a GDPR, based on the consent of the user, which can be revoked at any time. Brevo uses analysis cookies to record user behavior. These cookies are only set with your consent. The legal basis for this is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Personal data is transferred to the USA. The service uses the EU Commission's Standard Contractual Clauses (SCC) as guarantees for data protection when transferring data to third countries. The data will be deleted as soon as the purpose of storage ceases to apply or consent is revoked. Statutory retention periods remain unaffected. Further information on data processing by Brevo can be found here: https://www.brevo.com/de/legal/privacypolicy/.

3.8 Social media profiles

In addition to our website, our company is also present on social networks. Here we want to present our company and create the opportunity to get in touch with us. We also use the opportunity to place advertisements and job advertisements on social media. In the following, we provide information about what data we and the respective social network process when you visit and interaction with our profile.

3.8.1 LinkedIn

We operate a LinkedIn profile on https://www.linkedin.com/. This social network is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

a) Interaction with our company profile: When you visit our LinkedIn profile and interact with us via it, we process personal data. personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest interest to provide relevant and interesting content and to enable the use and functionality of our LinkedIn profile Insofar as an inquiry is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

b) Page Insights: LinkedIn provides us with aggregated statistics and insights (called Page Insights) that tell us how people interact with our Company Page. Among other things, we receive information about the number of profiles that view, comment on or otherwise interact with our posts, as well as aggregated demographic and other information that helps us learn about the interaction with our page or LinkedIn profile. Pages Insights provided to us by LinkedIn consist of aggregated data, and LinkedIn does not provide us with any personally identifiable information about members in relation to Page Insights. We also have no way of linking Page Insights to individual members. When placing ads, LinkedIn provides us with information about the types of people who see our ads and about the success of our ads. Personal data is only passed on to us if this person has consented to such processing. We also receive information from LinkedIn that allows us to understand which of our ads led to a purchase being made or an action being taken. The purpose of processing this data is to analyze our reach and to adapt our content and advertisements to user interests. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target group-specific content and place advertisements in order to better market our company and our services. The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

When processing personal data in the course of the so-called Page Insights, the processing is carried out in joint responsibility with LinkedIn in accordance with Art. 26 para. 1 GDPR. To this end, we have entered into a corresponding agreement with LinkedIn, which is available here (https://legal.linkedin.com/pages-joint-controller-addendum) can be viewed. The contact details of LinkedIn are: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For LinkedIn, you can contact the data protection officer at the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

3.8.2 Processing by LinkedIn

In connection with your visit to our company profile, LinkedIn may also process additional personal data. In this case, the processing is carried out under the sole responsibility of LinkedIn and without our knowledge. You can find more information from LinkedIn on this at: https://de.linkedin.com/legal/privacy-policy?trk=%7Berror-page%7D-privacy-policy.

3.8.3 Instagram

We operate an Instagram profile. This social media platform is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

a) Interaction with our company profile: When you visit our Instagram profile and interact with us, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information.

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Instagram profile. Insofar as an inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

b) Insights: As explained in the Meta Privacy Policy under "How do we use your information?" (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect), Meta also collects and uses information to provide analytics services, known as insights, for site operators. This also applies to our Instagram profile. Insights are summarized statistics that are created based on certain interactions of visitors with pages and the content associated with them and are logged by the meta servers. This includes the following information, among others

• How many people see and interact with our products, services or content, such as posts, videos, Instagram pages, listings, stores and advertisements (if the advertisement is shown on meta-products);

• How people interact with our content, websites, apps and services;

• Which group of people interact with our content and which group of people use our services.

Meta provides us with summarized reports and insights that tell us how well our content, features, products and services are performing. We do not receive access to personal data, but only to the summarized reports. To evaluate the reach, we can make settings or set appropriate filters with regard to the selection of a time period, the viewing of a specific post and demographic groupings. This data is anonymized. It is not possible for us to draw conclusions about specific individuals. The purpose of processing this data is to analyze our reach and adapt our content and advertisements to user interests so that visitors can derive the greatest possible benefit from them. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target group-specific content and place advertisements in order to better market our company and our services. The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. When processing personal data in the course of the so-called Insights, the processing is carried out under joint responsibility with Meta in accordance with Art. 26 para. 1 GDPR. We have concluded a corresponding agreement with Meta, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum.).

Meta's contact details are as follows:

• Online contact: https://www.facebook.com/help/contact/1650115808681298

• Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.

• For Instagram, you can contact the data protection officer at the following link: https://www.facebook.com/help/contact/540977946302970.

• Further information about the Insights: https://de-de.facebook.com/help/pages/insights.

• You can find Instagram's full privacy policy here: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Processing of personal data and cookies by Meta: When you access an Instagram page, the IP address assigned to your device is transmitted to Meta. According to Meta, this IP address is anonymized (for "German" IP addresses). Meta also stores information about the end devices of its users (e.g. as part of the "login notification" function); Meta may thus be able to assign IP addresses to individual users. If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is stored on your device. This enables Meta to track that you have visited this page and how you have used it. Meta buttons integrated into websites enable Meta to record your visits to these websites and assign them to your Instagram profile. This data can be used to tailor content or advertising to you.

Further information: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.

3.9 Third-party content

3.9.1 Google Fonts

We use Google Fonts on this website. Google Fonts is a tool that enables a uniform display of fonts (so-called Google Fonts). This service is offered by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. As soon as a website visitor visits a website that uses Google Fonts, the browser used must establish a connection to the Google servers. No cookies are set during this process. However, the IP address of the website visitor is recorded and used for analysis purposes. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to information in the user's terminal device or the storage of cookies within the meaning of the TDDDG. This consent can be revoked at any time.

Details: https://developers.google.com/fonts/faq?hl=de & https://policies.google.com/privacy?hl=de. We use Google Fonts on our website. Here, fonts are provided and used by Google in order to be able to display them accordingly. This service is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

3.9.2 Adobe Fonts

We use Adobe Fonts on this website. Adobe Fonts is a font service that enables a uniform display of fonts (web fonts). This service is provided by Adobe Systems Incorporated (Adobe), 345 Park Avenue, San Jose, CA 95110-2704, USA. As soon as a website visitor visits a website that uses Adobe Fonts, the browser used must connect to Adobe servers in the USA. No cookies are set in this process. However, Adobe receives the IP address of the website visitor. This processing is carried out with consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent is revocable. Otherwise, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the uniform presentation of the typeface on our website, improved loading times and a lower implementation effort. In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply. Details: https://www.adobe.com/de/privacy/eudatatransfers.html & https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

3.9.3 Google reCAPTCHA

This website uses Google reCAPTCHA. Google reCAPTCHA is a plugin offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The service makes it possible to determine whether a data entry is made by a human or by an automated program. This analysis begins automatically in the background as soon as the website is entered. For this purpose, various information is collected, which is transmitted to Google. There is no indication of this analysis. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

More details: https://policies.google.com/privacy?hl=de & https://policies.google.com/terms?hl=de.

3.10 Audio and video conferencing

3.10.1 Google Meet

For communication with customers we use Google Meet. Google Meet is an online conferencing tool. This service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When communicating with this tool via video or audio conferencing, personal data is processed by us and the tool provider. The data collected includes all information you provide when using the tool. In addition, metadata regarding the conference is processed. Furthermore, technical information is processed, which is required for the function of the online communication. Furthermore, all files that are shared within the tool are stored on the servers of the tool provider. Google Meet may also set cookies. These cookies are only set with consent. This consent can be revoked at any time. The legal basis for this is Art 6 para. 1 lit. a GDPR. For the rest, the legal basis for the processing of the data by Google Meet is Art. 6 (1) lit. b GDPR. The communication is related to the fulfillment of a contract or is necessary for the fulfillment of pre-contractual obligations. Furthermore, this tool is used to facilitate communication with our company. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. This data is stored until the person concerned requests deletion, consent to storage is revoked, or the purpose for storage no longer applies. Cookies remain on the end device until the user deletes them. Mandatory legal provisions regarding retention periods remain unaffected.

More details: https://policies.google.com/privacy?hl=de.

3.11 CRM systems

3.11.1 Brevo

We integrate the Brevo CRM system on our website, which is operated by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Brevo provides a platform for managing customer relationships, including communication via email, SMS and other marketing channels, as well as segmenting and analyzing customer interactions. The processed data includes contact data such as e-mail addresses, names, telephone numbers, communication content and interaction data that is generated when using the CRM system. The purpose of data processing is the management and improvement of customer relationships, the implementation of marketing measures and communication with customers. The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR, as it is necessary for the fulfillment of contractual obligations, as well as Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in the efficient management of our customer relationships. Brevo does not set any cookies that are directly required by the CRM function. Personal data is transferred to the USA. The service uses the EU Commission's Standard Contractual Clauses (SCC) as guarantees for data protection when transferring data to third countries. The data is stored for as long as it is required to fulfill the purpose or until the user requests the deletion of the data. Mandatory statutory retention periods remain unaffected.

Further information on data processing by Brevo can be found here: https://www.brevo.com/legal/privacypolicy/.

3.12 Cloud backups

We use cloud backup functions on our website to protect the data and content of the website from data loss, corruption or security incidents. This ensures that the website can be restored quickly and completely in the event of a server failure, a hacker attack or other unforeseen events. If personal data is stored on our website, it is transferred to the servers of the respective provider during backups. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in backing up our data.

We, and the services we use, use the following cloud backup service:

Google GCP: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

• https://cloud.google.com/terms/cloud-privacy-notice?hl=de.

iCloud: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA.

• https://www.apple.com/legal/privacy/de-ww/.

OVHcloud

• https://www.ovhcloud.com/

4.This is also important

Finally, we would like to inform you in detail about your rights and how you will be informed about changes in data protection requirements.

4.1 Yours Rights in detail

4.1.1 Right to information according to Art. 15 GDPR

• You can request information about whether your personal data is being processed. If this is the case, you can request further information about the type and manner of processing. A detailed list can be found in Art. 15 (1) a) to h) GDPR.

4.1.2 Right to rectification according to Art. 16 GDPR

• This right includes the correction of inaccurate data and the completion of incomplete personal data.

4.1.3 Right to deletion according to Art. 17 GDPR

• This so-called 'right to be forgotten' gives you the right, under certain conditions, to demand the deletion of personal data by the controller. This is generally the case if the purpose of the data processing has ceased to exist, if consent has been revoked or if the initial processing took place without a legal basis. You can find a detailed list of reasons in Art. 17 (1) lit. a to f GDPR. Furthermore, this "right to be forgotten" corresponds with the obligation of the controller under Art. 17 (2) GDPR to take appropriate measures to bring about a general erasure of the data.

4.1.4 Right to restriction of processing according to Art. 18 GDPR

• This right is subject to the conditions set out in Art. 18(1)(a) to (d).

4.1.5 Right to data portability according to Art. 20 GDPR

• Here, the basic right to receive one's own data in a common form and to transfer it to another data controller is regulated. However, this only applies to data processed on the basis of consent or a contract pursuant to Art. 20 (1) (a) and (b) and to the extent that this is technically feasible.

4.1.6 Right of objection according to Art. 21 GDPR

• In principle, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling.

4.1.7 Right to "decision in individual cases" according to Art. 22 GDPR

• In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects vis-à-vis you or similarly significantly affects you. However, this right is also subject to restrictions and additions in Art. 22 (2) and (4) GDPR.

4.1.8 Other rights

• The GDPR contains comprehensive rights to inform third parties about whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, this only applies insofar as this is possible or feasible with reasonable effort.

• At this point, we would like to inform you once again of your right to withdraw your consent in accordance with Article 7 (3) of the GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.

• In addition, we would like to inform you about your rights according to §§ 32 ff. BDSG, which, however, are largely congruent with the rights just described.

4.1.9 Right of appeal according to Art. 77 GDPR

• You also have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data relating to you infringes this Regulation.

5.What if tomorrow the GDPR is abolished or other changes take place?

The current status of this Privacy Policy is 02.11.2025. From time to time it is necessary to adapt the content of the Privacy Policy in order to react to actual and legal changes. We therefore reserve the right to amend this Privacy Policy at any time. We will publish the amended version in the same place and recommend that you read the Privacy Policy regularly.