Age Verification Required

This website contains adult content that may not be suitable for minors.

By continuing, you confirm that you are at least 18 years old and agree to view adult content.

This verification is required by law in many jurisdictions.

By clicking "I am 18 or older", you acknowledge that you meet the age requirements and consent to viewing adult content.

Profile

Fynnley

FurAffinity Telegram Bluesky

Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to shortly as "data") that we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the scope of providing our services and particularly on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

As of: February 29, 2024

Table of Contents

Controller

Ronny Wendt
c/o COCENTER
Koppoldstr. 1
86551 Aichach
GERMANY

Email address:

[email protected]

Impressum/ About Page:

https://fynnley.art/about

Relevant Legal Bases

Relevant legal bases according to the GDPR:Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, in individual cases, more specific legal bases may be relevant, which we will provide you with in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for a specific purpose or purposes.
  • Performance of a Contract and Pre-contractual Inquiries (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate Interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Law for the Protection against Misuse of Personal Data in Data Processing (Bundesdatenschutzgesetz – BDSG). The BDSG contains special provisions concerning the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, and automated individual decision-making, including profiling. Furthermore, state data protection laws of individual federal states may also apply.

Reference to Applicability of GDPR and Swiss DPA: These data protection notices serve the purpose of providing information according to both the Swiss Federal Act on Data Protection (Swiss DPA) and the General Data Protection Regulation (GDPR). For this reason, please note that for broader geographic applicability and understanding, the terms used are those of the GDPR. In particular, terms used in the Swiss DPA such as "processing" of "personal data," "predominant interest," and "sensitive personal data" are replaced with the GDPR terms "processing" of "personal data," "legitimate interest," and "special categories of data." However, the legal significance of these terms will continue to be determined under the Swiss DPA within its scope.

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of their processing, and refers to the data subjects.

Types of Processed Data

  • Master data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.

Categories of Affected Persons

  • Customers.
  • Prospects.
  • Communication Partners.
  • Users.
  • Contest and Competition Participants.
  • Business and Contract Partners.
  • Participants.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact inquiries and communication.
  • Security measures.
  • Office and organizational procedures.
  • Management and response to inquiries.
  • Conducting contests and competitions.
  • Feedback.
  • Marketing.
  • Registration procedures.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

Security Measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as the related access, input, disclosure, availability, and segregation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. Additionally, we consider the protection of personal data in the development or selection of hardware, software, and procedures, in accordance with the principles of data protection, by design and default settings that are privacy-friendly.

TLS encryption (https): To protect the data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Encrypted Backups (AES-256): The backups of your user data are stored in encrypted form. The chosen encryption algorithm complies with modern standards.

Monitoring: Every access to user data is continuously recorded in real time and subjected to thorough review. This system is designed to ensure the highest level of security and confidentiality of the data.

Transmission of Personal Data

In the course of our processing of personal data, it may occur that the data is transmitted to other entities, companies, legally independent organizational units, or individuals or disclosed to them. Recipients of this data may include service providers engaged for IT tasks or providers of services and content embedded in a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data Transmission within the Organization: We may transmit personal data to other entities within our organization or grant them access to this data. If this transfer is for administrative purposes, the sharing of data is based on our legitimate business and operational interests, or it is necessary for the fulfillment of our contractual obligations, or if there is consent from the data subjects or a legal permission.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if the processing occurs as part of using third-party services or disclosing/transmitting data to other individuals, entities, or companies, this will only be done in compliance with legal requirements.

Subject to explicit consent or contractual or legally required transfer (see Article 49 GDPR), we process or allow data to be processed only in third countries with a recognized level of data protection (Article 45 GDPR), in the presence and compliance with contractual obligations through the so-called EU Commission's standard contractual clauses (Article 46 GDPR), or in the presence of certifications or binding internal data protection regulations (see Articles 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

EU-US Trans-Atlantic Data Privacy Framework: As part of the "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection as safe for certain companies from the USA based on the adequacy decision of July 10, 2023. You can find the list of certified companies and further information about the DPF on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English). As part of the privacy policy, we will inform you about the service providers we use that are certified under the Data Privacy Framework.

Deletion of Data

The data processed by us will be deleted in accordance with legal requirements as soon as the consent for processing, which was allowed, is revoked or other permissions cease to apply (e.g., when the purpose for processing these data has ceased to exist or they are no longer necessary for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons, or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Our data protection notices may also provide additional information about the retention and deletion of data that primarily apply to the respective processing activities.

Rights of Data Subjects

Rights of data subjects under the GDPR: You, as data subjects, have various rights under the GDPR, particularly arising from Articles 15 to 21 of the GDPR:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right to Information: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and additional information and a copy of the data in accordance with legal requirements.
  • Right to Rectification: You have the right to obtain the rectification of inaccurate personal data concerning you or to have incomplete data completed in accordance with legal requirements.
  • Right to Erasure and Restriction of Processing: You have the right, in accordance with legal requirements, to obtain the erasure of personal data concerning you without undue delay or, alternatively, to obtain the restriction of processing of the data in accordance with legal requirements.
  • Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format or to request the transmission of that data to another controller in accordance with legal requirements.
  • Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Use of Cookies

Cookies are small text files or other storage mechanisms that store information on devices and retrieve information from devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the used functions of an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as analyzing visitor traffic.

Consent Notes: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, unless it is not required by law. Consent is not necessary, in particular, when storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offering) that they expressly requested. Cookies that are absolutely necessary usually include cookies with functions that serve the display and functionality of the online offering, load balancing, security, storage of user preferences and choices, or similar purposes related to the provision of the main and ancillary functions of the requested online offering by users. The revocable consent is communicated clearly to users and includes information about the respective cookie usage.

Notes on Data Protection Legal Bases: The data protection legal basis on which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, data processed using cookies will be based on our legitimate interests (e.g., in the business operation of our online offering and improving its usability) or, if required to fulfill our contractual obligations, based on the necessity of using cookies to fulfill our contractual obligations. We will clarify the purposes for which we process cookies in this privacy policy or within the context of our consent and processing processes.

Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
  • Persistent Cookies: Persistent cookies remain stored even after the device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user revisits a website. Likewise, data collected from users using cookies can be used for measuring reach. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are persistent and the storage duration can last up to two years.

General Information about Revocation and Objection ("Opt-Out"): Users can revoke their given consents at any time and object to the processing according to legal requirements. Users can, among other things, restrict the use of cookies in their browser settings (although this may also limit the functionality of our online offering). Objection to the use of cookies for online marketing purposes can also be declared through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

  • Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Additional Information about Processing Procedures, Methods, and Services:

  • Processing of Cookie Data based on Consent: We use a cookie consent management process in which users' consents for the use of cookies, as well as the processing and providers mentioned within the scope of the cookie consent management process, are obtained, managed, and revocable by users. The consent declaration is stored to avoid repeated requests and to be able to provide evidence of consent in accordance with legal obligations. The storage can be done server-side and/or in a cookie (known as an opt-in cookie or using similar technologies) to associate the consent with a user or their device. Subject to individual information about the providers of cookie management services, the following applies: The duration of consent storage can be up to two years. In this process, a pseudonymous user identifier is generated and stored along with the time of consent, details about the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and device used; Legal Basis: Consent (Art. 6(1)(a) GDPR).

Providers and Services as Part of Our Business Activities

As part of our business activities, we utilize additional services, platforms, interfaces, or plug-ins from third-party providers (referred to as "Services"), in accordance with applicable legal requirements. The use of these Services is in the interest of proper and lawful business management and to enhance the functionality of our offering.

  • Processed Data Types: Master data (e.g., names, addresses); Payment data (e.g., bank account details, invoices, payment history); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Contract data (e.g., subject matter of the contract, duration).
  • Affected Persons: Customers; Prospective customers; Users (e.g., website visitors, users of business and contract partners).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Office and organizational procedures.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR).

Provision of the Online Offering and Web Hosting

We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Processed Data Types: Usage data (e.g., visited websites, interests in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status). Content data (e.g., entries in online forms).
  • Affected Individuals: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing Processes, Procedures, and Services:

  • Provision of Online Offering on Rented Storage Space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a respective server provider (also referred to as "web host"); Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Provision of Online Offering on Rented Server Hardware: For the provision of our online offering, we use computing capacity and software that we rent or otherwise obtain from a respective server provider (also referred to as "web host"); Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed webpages and files, date and time of access, transferred data volumes, notification of successful retrieval, browser type and version, user's operating system, referrer URL (previously visited page), and typically IP addresses and the requesting provider. Server log files can be used, on the one hand, for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, known as DDoS attacks), and on the other hand, to ensure the utilization and stability of the servers; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally resolved.
  • Email Transmission and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as further information concerning email transmission (e.g., the involved providers) and the contents of the respective emails, are processed. The aforementioned data can also be processed for the purpose of detecting SPAM. Please note that emails are generally not sent encrypted over the internet. In most cases, emails are encrypted during transport, but (unless an end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot assume responsibility for the transmission of emails between the sender and the recipient on our server; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Content Delivery Network (CDN):We use a Content Delivery Network (CDN). A CDN is a service that helps deliver content of an online offering, especially large media files such as graphics or program scripts, faster and more securely using regionally distributed servers connected over the internet; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Hetzner: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://www.hetzner.com; Privacy Policy: https://www.hetzner.com/de/rechtliches/datenschutz. Data Processing Agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.
  • Ionos: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service Provider: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/datenschutzerklaerung/. Data Processing Agreement: https://www.ionos.de/hilfe/datenschutz.
  • Cloudflare: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities, Content-Delivery-Network, Proxy Services); Service Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://www.cloudflare.com; Privacy Policy: https://www.cloudflare.com/privacypolicy/. Data Processing Agreement: https://www.cloudflare.com/gdpr/introduction/.

Registration, Login, and User Account

Users can create a user account. During registration, users are provided with the necessary mandatory information and processed for the purpose of providing the user account based on contractual obligation. The processed data includes, in particular, the login information (username, password, and email address).

As part of using our registration and login functions, as well as accessing the user account, we store the IP address and the timestamp of the respective user action. The storage is based on our legitimate interests and those of the users in protection against abuse and unauthorized use. Generally, this data is not disclosed to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed via email about activities relevant to their user account, such as technical changes.

  • Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms). Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected Individuals: Users (e.g., website visitors, users of online services, users of the game server).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Management and response to inquiries. Provision of our online offering and user-friendliness.
  • Legal Bases: Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 lit. f) GDPR).

Further Information on Processing Procedures, Processes, and Services:

  • Registration with Pseudonyms: Users are allowed to use pseudonyms as usernames instead of real names; Legal Bases: Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b) GDPR).

Community Functions

The community functions provided by us allow users to engage in conversations or exchanges with each other. Please note that the use of community functions is only permitted in accordance with applicable laws, our terms and policies, and the rights of other users and third parties.

  • Processed Data Types: Usage data (e.g., visited web pages, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online services, users of the game server).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations. Security measures.
  • Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further Information on Processing Procedures, Procedures, and Services:

  • User Contributions Are Public: The posts and content created by users are publicly visible and accessible; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • Adjustment of Visibility of Contributions: Users can determine the extent to which the posts and content they create are visible or accessible to the public, specific individuals, or groups, through settings; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • Storage of Data for Security Purposes: The contributions and other inputs of users are processed for the purposes of community and conversation functions and, subject to legal obligations or permissions, are not disclosed to third parties. An obligation to disclose may arise, particularly in the case of illegal contributions, for the purpose of legal enforcement. We note that in addition to the content of the contributions, their timing and the IP address of the users are stored. This is done in order to take appropriate measures to protect other users and the community; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • Right to Delete Content and Information: Deletion of user posts, content, or information is permissible to the extent required after a proper balance, if there are specific indications that they constitute a violation of legal rules, our guidelines, or third-party rights; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • Limited Deletion of Conversation Contributions: Out of consideration for other users, user conversation contributions will remain stored even after termination and account deletion, so that conversations, comments, advice, or other communication between and among users do not lose their meaning or reverse. Usernames will be deleted or pseudonymized, unless they already represented pseudonyms. Users can request complete deletion of conversation contributions from us at any time; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • Protection of Own Data: Users decide for themselves which data they disclose about themselves within our online offering. For example, when users provide personal information or participate in conversations. We ask users to protect their data and to disclose personal information only with caution and only to the necessary extent. In particular, we ask users to note that they must protect their access data especially well and use secure passwords (i.e., primarily using long and random combinations of characters); Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • Processed Data Types: Master data (e.g. names, addresses); Contact details (e.g. email, phone numbers); Usage data (e.g. visited websites, interest in content, access times); Meta, communication, and process data (e.g. IP addresses, timestamps, identification numbers, consent status).
  • Concerned Individuals: Users (e.g. website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Authentication processes.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Contact and Inquiry Management

When contacting us (e.g. by mail, contact form, email, telephone, via Discord, or via social media) and within the scope of existing user and business relationships, the information of the inquiring individuals is processed to the extent necessary to respond to the contact inquiries and any requested measures.

  • Processed Data Types: Contact details (e.g. email, phone numbers); Content data (e.g. inputs in online forms); Usage data (e.g. visited web pages, interest in content, access times); Meta, communication, and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).
  • Affected Individuals: Communication partners.
  • Purposes of Processing: Contact inquiries and communication; Management and response to inquiries; Feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further information on processing procedures, methods, and services:

  • Contact form: When users get in touch with us via our contact form, email, or other communication channels, we process the data provided to us in this context for the purpose of processing the communicated request; Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Contests and Competitions

We process personal data of participants in contests and competitions only in compliance with applicable data protection regulations. This processing is necessary for the provision, execution, and handling of the contest, either based on a contractual requirement, participant consent, or our legitimate interests (e.g., ensuring contest security or protecting our interests from potential misuse by capturing IP addresses when submitting contest entries).

If participant contributions are published as part of the contests (e.g., in the context of voting or presentation of contest entries or winners, or contest-related reporting), please note that participant names may also be published in this context. Participants can object to this at any time.

If the contest takes place within an online platform or social network (e.g., Facebook or Instagram, hereinafter referred to as "online platform"), the terms of use and privacy policies of the respective platforms also apply. In such cases, we would like to highlight that we are responsible for the participant information provided within the scope of the contest, and any inquiries regarding the contest should be directed to us.

Participant data will be deleted as soon as the contest or competition has ended and the data is no longer required to inform the winners or anticipate inquiries related to the contest. In general, participant data will be deleted no later than 6 months after the end of the contest. Winner data may be retained for a longer period to address inquiries about the prizes or fulfill prize obligations; in such cases, the retention period depends on the nature of the prize and may, for example, be up to three years for physical items or services in order to handle warranty claims. Additionally, participant data may be stored for a longer period, such as in the form of reporting about the contest in online and offline media.

If data collected during the contest is also used for other purposes, the processing and retention period will be governed by the privacy policy for that specific use (e.g., in the case of subscribing to a newsletter as part of a contest).

  • Processed Data Types: Master data (e.g., names, addresses); Content data (e.g., entries in online forms); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected Individuals: Participants in contests and competitions.
  • Purposes of Processing: Conducting contests and competitions.
  • Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Surveys and Questionnaires

We conduct surveys and questionnaires to gather information for the respective communicated survey or questionnaire purpose. The surveys conducted by us (hereinafter "surveys") are evaluated anonymously. Processing of personal data only occurs to the extent necessary for the provision and technical execution of the surveys (e.g., processing of IP addresses to display the survey in the user's browser or using a cookie to enable resumption of the survey).

  • Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited web pages, interest in content, access times). Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected Individuals: Communication partners. Participants.
  • Purposes of Processing: Feedback (e.g., collecting feedback via online form).
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

Presence on Social Networks (Social Media)

We maintain online presences within social networks and process user data within this context in order to communicate with active users there or to provide information about us.

We would like to point out that user data may be processed outside the European Union in this context. As a result, risks may arise for users, for example because enforcement of users' rights could be made more difficult.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and resulting interests. These usage profiles can in turn be used to display advertisements within and outside the networks that presumably correspond to users' interests. Cookies are typically stored on users' computers for these purposes, in which user behavior and interests are stored. Furthermore, data can also be stored in the usage profiles regardless of the devices used by users (especially if users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective processing methods and options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Also, in the case of requests for information and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the providers have access to the users' data and can directly take appropriate measures and provide information. If you still need assistance, you can contact us.

  • Processed Data Categories: Contact information (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Usage data (e.g., visited websites, interest in content, access times). Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Concerned Individuals: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Handling contact inquiries and communication; Feedback (e.g., collecting feedback via online forms); Marketing.
  • Legal Basis: Legitimate interests (Art. 6 (1) lit. f) GDPR).

Further Information on Processing, Procedures, and Services:

Plugins and Embedded Functions, as well as Content

We integrate functional and content elements into our online offering, which are provided by the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the presentation of this content or functions. We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may, among other things, contain technical information about the browser and operating system, referring web pages, visit times, as well as further information about the use of our online offering and may also be linked with such information from other sources.

  • Processed Data Types: Usage data (e.g. visited websites, interest in content, access times); meta, communication, and procedure data (e.g. IP addresses, time stamps, identification numbers, consent status); master data (e.g. names, addresses); contact data (e.g. email, phone numbers); content data (e.g. inputs in online forms).
  • Affected Individuals: Users (e.g. website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Integration of Third-Party Software, Scripts, or Frameworks (e.g. jQuery):We integrate software into our online offering that we retrieve from servers of other providers (e.g. function libraries that we use for the presentation or user-friendliness of our online offering). In this process, the respective providers collect users' IP addresses and may process them for the purpose of transmitting the software to users' browsers, as well as for security purposes, evaluation, and optimization of their offering. - We integrate software into our online offering that we retrieve from servers of other providers (e.g. function libraries that we use for the presentation or user-friendliness of our online offering). In this process, the respective providers collect users' IP addresses and may process them for the purpose of transmitting the software to users' browsers, as well as for security purposes, evaluation, and optimization of their offering; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Google Fonts (Partially Hosted on Our Own Server):Provision of font files for user-friendly display of our online offering; Service Provider: The Google Fonts used are hosted on our server, no data is transmitted to Google in advance; However, users have the option to load fonts from the internet, which initiates access to the Google API. Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Google Fonts:Obtaining fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with respect to currentness and loading times, their consistent presentation, and consideration of possible license restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted, which is necessary for providing the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA - When users visit our online offering, their browser sends browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent describing the browser and operating system versions of the website visitors, as well as the referring URL (i.e., the webpage where the Google font should be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and tightly controlled. The requested URL identifies the font families that the user wants to load fonts for. This data is logged so that Google can determine how often a specific font family is requested. In the Google Fonts Web API, the user agent must adjust the font generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referring URL is logged so that the data can be used for production maintenance and an aggregated report on top integrations can be generated based on the number of font requests. According to its own information, Google does not use any of the information collected by Google Fonts to create profiles of end users or display targeted ads; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR);Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Data Transfer: EU-US Data Privacy Framework (DPF). Further Information: https://developers.google.com/fonts/faq/privacy?hl=de.
  • CDNFonts:Fonts, typefaces; Service Provider: CDNFonts.com; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR);Website: https://www.cdnfonts.com/; Privacy Policy: https://www.cdnfonts.com/privacy-policy; Basis for Third-Country Data Transfer: EU-US Data Privacy Framework (DPF).
  • YouTube Videos:Video content; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR);Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Data Transfer: EU-US Data Privacy Framework (DPF). Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for Displaying Ads: https://adssettings.google.com/authenticated.
  • YouTube Videos:Video content; YouTube videos are embedded using a special domain (identified by the "youtube-nocookie" component) in the so-called "Enhanced Privacy Mode," which does not collect cookies for user activities to personalize video playback. However, information regarding user interaction with the video (e.g., remembering the last playback position) may be stored; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR);Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy. Basis for Third-Country Data Transfer: EU-US Data Privacy Framework (DPF).

Definitions

This section provides an overview of the terms used in this Privacy Policy. Insofar as the terms are defined by law, their legal definitions apply. The following Explanations, on the other hand, are primarily intended to serve the purpose of understanding.

  • Personal Data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie), or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Controller: The term "controller" refers to the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of processing personal data.
  • Processing: "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. This term is broad and encompasses practically any handling of data, including collection, evaluation, storage, transmission, or deletion.

Created with the free Privacy Policy Generator by Dr. Thomas Schwenke and translated by PlayV.mp

As of: May 26, 2025