data protection

Responsible person

Matchary UG
Manuel Ciftcioglu
Trajanstr. 33, 50678, Cologne

E-mail address:

info@matchary.de

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Contact details.
• Content data.
• Usage Data.
• Meta, communication and procedural data.

Categories of data subjects

• Communication partner.
• User.

Purposes of processing

• Contact inquiries and communication.
• Safety measures.
• Managing and responding to inquiries.
• Feedback.
• Provision of our online offering and user-friendliness.
• Information technology infrastructure.

Relevant legal bases

Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases apply in individual cases, we will inform you of these in the data protection declaration.

• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
• Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) – Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject are infringing on the protection of personal data Data requirements predominate.

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Safety measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, ensuring availability and its separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted and responses are made to data threats. We also take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Transfer of personal data

As part of our processing of personal data, the data may be transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Payment services
We integrate payment services from third-party companies on our website. If you make a purchase from us, your payment details (e.g. name, payment amount,
Account details, credit card number) from the payment service provider for the purpose of
Payment processing processed. The respective contractual terms and conditions apply to these transactions
Data protection regulations of the respective providers. The use of payment service providers is based on Art. 6 Para. 1 lit. b GDPR (contract processing) as well as in
Interest in a payment process that is as smooth, comfortable and secure as possible (Art. 6 Para. 1 lit. f GDPR). If your consent is requested for certain actions, Art. 6 Para. 1 lit. a GDPR is the legal basis for data processing; consents are
Can be revoked at any time in the future.

We use the following payment services/payment service providers on this website:

PayPal
The provider of this payment service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard
Royal, L-2449 Luxembourg (hereinafter “PayPal”).
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Details can be found in PayPal's privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Apple Pay
The payment service provider is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple's privacy policy can be found at: https://www.apple.com/legal/privacy/de-
ww/.

Google Pay
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The
Google's privacy policy can be found here: https://policies.google.com/privacy.

Klarna
The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter
“Klarna”). Klarna offers various payment options (e.g. installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna
collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution.
Details on the use of Klarna cookies can be found at the following link:
https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf. You can find details about this in Klarna’s privacy policy at the following link
read: https://www.klarna.com/de/datenschutz/.

Instant bank transfer
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich
(hereinafter “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately proceed with the payment
to begin fulfilling our obligations. If you choose the payment method
If you have decided on “Sofortüberweisung”, send the PIN and a valid TAN to Sofort GmbH, which they can use to log into your online banking account. Sofort GmbH automatically checks your account balance after logging in and carries out the transfer to us using the TAN you provided. It then immediately sends us a transaction confirmation. After logging in, your sales, the credit limit of the overdraft facility and the existence of other accounts as well as their balances are automatically checked. In addition to the PIN and TAN, the payment details you entered and personal data will also be sent to Sofort GmbH
transmitted. Your personal data includes your first and last name, address,
Telephone number(s), email address, IP address and, if necessary, others for payment processing
Required data.
The transmission of this data is necessary to establish your identity
to be determined beyond doubt and to prevent attempts at fraud.
Details about paying with Sofortüberweisung can be found at the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

American Express
The provider of this payment service is American Express Europe SA, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).
American Express may transfer data to its parent company in the USA.
Data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-
implementing principles/.
Further information can be found in the American Express privacy policy:
https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).
Mastercard may transfer data to its parent company in the USA. The
Data transfer to the USA is based on Mastercard's Binding Corporate Rules.
Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and
https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA
The provider of this payment service is Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, Great Britain (hereinafter “VISA”).
Great Britain is considered a safe third country in terms of data protection law. It means that
Great Britain has a level of data protection equivalent to the level of data protection in the
European Union corresponds.
VISA may transfer data to its parent company in the USA. The data transmission
to the USA is based on the EU Commission's standard contractual clauses. Details
You can find it here: https://www.visa.de/nutzvertrag/visa-globale-
data protection notice/notice-on-jurisdictional-issues-for-the-ewr.html.
Further information can be found in VISA's data protection declaration:
https://www.visa.de/USE Conditions/visa-privacy-center.html.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of using third-party services or disclosing or transferring data to other people, bodies or companies takes place, this only takes place in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligations through so-called standard protection clauses of the EU Commission, if certifications or binding internal data protection regulations exist (Articles 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent for processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or it is not necessary for the purpose). Unless the data is deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Our data protection information may also contain further information on the storage and deletion of data, which applies primarily to the respective processing.

Social media

Facebook
Elements of the social network Facebook are integrated into this website. Provider
This service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2,
Ireland. However, according to Facebook, the collected data is also sent to the USA and
transferred to other third countries.
You can find an overview of the Facebook social media elements here:
https://developers.facebook.com/docs/plugins/?locale=de_DE.
When the social media element is active, a direct connection is created between your
End device and the Facebook server. Facebook thereby receives the information
that you have visited this website with your IP address. If you use the Facebook “Like”
If you click the “Button” while you are logged into your Facebook account, you can
Link content from this website on your Facebook profile. This allows Facebook to
Assign your visit to this website to your user account. We would like to point out that we as
Providers of the pages have no knowledge of the content of the transmitted data or their use
received through Facebook. Further information can be found in the
Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.
If consent has been obtained, the above will be used. service
Basis of Article 6 Paragraph 1 Letter a GDPR and Section 25 TTDSG. Consent is available at any time
revocable. Unless consent has been obtained, the use of the
Service based on our legitimate interest in as comprehensive a service as possible
Visibility on social media.
As far as personal data on our website with the help of the tool described here
collected and forwarded to Facebook are us and Meta Platforms Ireland
Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland together for this
Responsible for data processing (Article 26 GDPR). The shared responsibility
is limited exclusively to collecting the data and passing it on
Facebook. The processing carried out by Facebook after the forwarding is not part of it
of shared responsibility. The obligations we share have become
recorded in a joint processing agreement. The wording of the
The agreement can be found at: https://www.facebook.com/legal/controller_addendum. Loud
We are responsible for providing data protection information when using this agreement
of the Facebook tool and for the data protection secure implementation of the tool
responsible for our website. Facebook is responsible for the data security of Facebook products
responsible. Rights of those affected (e.g. requests for information) regarding Facebook
You can claim the processed data directly from Facebook. If you the

If those affected assert their rights with us, we are obliged to pass these on to Facebook
to forward.
Data transfer to the USA is based on the EU Commission's standard contractual clauses
supported. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-
de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Instagram
Functions of the Instagram service are integrated into this website. These functions
are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand
Canal Harbour, Dublin 2, Ireland.
When the social media element is active, a direct connection is created between your
End device and the Instagram server. Instagram thereby receives information about
your visit to this website.
If you are logged into your Instagram account, you can click on the
Instagram buttons link the content of this website to your Instagram profile. Through this
Instagram can assign your visit to this website to your user account. We point out
point out that we, as providers of the pages, have no knowledge of the content of the transmitted pages
Receive data and its use by Instagram.
If consent has been obtained, the above will be used. service
Basis of Article 6 Paragraph 1 Letter a GDPR and Section 25 TTDSG. Consent is available at any time
revocable. Unless consent has been obtained, the use of the
Service based on our legitimate interest in as comprehensive a service as possible
Visibility on social media.
As far as personal data on our website with the help of the tool described here
collected and forwarded to Facebook or Instagram are us and Meta
Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
jointly responsible for this data processing (Article 26 GDPR). The common one
Responsibility is limited exclusively to the collection of data and
their passing on to Facebook or Instagram. The one that occurs after the forwarding
Processing by Facebook or Instagram is not part of the shared responsibility.
The obligations we share have been agreed upon in an agreement
joint processing recorded. The text of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum. According to this agreement we are for
the provision of data protection information when using Facebook or Instagram
Tools and for the data protection secure implementation of the tool on our website
website responsible. For the data security of Facebook or Instagram products
Facebook responsible. Rights of those affected (e.g. requests for information) regarding the
You can submit data processed by Facebook or Instagram directly to Facebook
make. If you assert your data subject rights with us, we are obliged to do so
forward to Facebook.
Data transfer to the USA is based on the EU Commission's standard contractual clauses
supported. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum

https://help.instagram.com/519522125107875 and https://de-
de.facebook.com/help/566994660333381.
Further information can be found in Instagram's privacy policy:
https://instagram.com/about/legal/privacy/.

Analysis tools and advertising

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is the
Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to monitor the behavior of website visitors
analyze. The website operator receives various usage data, such as: b.
Page views, length of stay, operating systems used and origin of the user. This
Data is assigned to the user’s respective device. An assignment to a user
ID does not occur.
Furthermore, we can use Google Analytics, among other things. Your mouse and scroll movements and
Record clicks. Furthermore, Google Analytics uses various modeling approaches,
to supplement the recorded data sets and uses machine learning technologies
data analysis.
Google Analytics uses technologies that enable user recognition
Enable the purposes of analyzing user behavior (e.g. cookies or device
fingerprinting). The information collected by Google about the use of this website
are usually transferred to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a
GDPR and Section 25 Paragraph 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission's standard contractual clauses
supported. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser plugin
You can prevent Google from collecting and processing your data by:
Download and install the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information about how Google Analytics handles user data in the
Google privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program
Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display advertisements in the Google search engine or on
Third-party websites appear when the user enters certain search terms on Google
(Keyword targeting). Furthermore, targeted advertisements can be displayed on Google
existing user data (e.g. location data and interests) can be played out
(Target group targeting). We as website operators can evaluate this data quantitatively,
For example, by analyzing which search terms are used to display our website
Ads led and how many ads led to corresponding clicks
have.
The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a
GDPR and Section 25 Paragraph 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission's standard contractual clauses
supported. Details can be found here: https://policies.google.com/privacy/frameworks and
https://privacy.google.com/businesses/controllerterms/mccs/.

Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon
House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that we use to create tracking or statistical tools
and incorporate other technologies on our website. The Google Tag Manager
itself does not create user profiles, does not store cookies and does not take any independent ones
analyses. It is only used to manage and display the information integrated via it
Tools. However, Google Tag Manager records your IP address, which is also sent to the
Google's parent company can be transferred to the United States.
The use of the Google Tag Manager is based on Art. 6 Para. 1 lit. f GDPR.
The website operator has a legitimate interest in a quick and uncomplicated process
Integration and management of various tools on your website. Unless one
If the relevant consent has been requested, processing will take place exclusively
Basis of Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TTDSG, insofar as consent
the storage of cookies or access to information on the user's device
(e.g. device fingerprinting) within the meaning of the TTDSG. Consent is available at any time
revocable.

Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider is Google
Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing we can contact people who interact with our online offering
Assign interact to specific target groups in order to then provide them with interest-based information
Display advertising in the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be used with the
Google's cross-device functions can be linked. In this way you can
interest-based, personalized advertising messages depending on your previous
Usage and surfing behavior on a device (e.g. cell phone) has been adapted to you
can also be displayed on another of your devices (e.g. tablet or PC).
If you have a Google account, you can opt for personalized advertising
object under the following link: https://www.google.com/settings/ads/onweb/.
The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a
GDPR and Section 25 Paragraph 1 TTDSG. Consent can be revoked at any time.
Further information and the data protection regulations can be found in the
Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.

Google conversion tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited
(“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can determine whether the user
carried out certain actions. For example, we can evaluate which
Buttons on our website how frequently they are clicked and which products are particularly frequently used
viewed or purchased. This information is used to generate conversion statistics
create. We learn the total number of users who clicked on our ads
and what actions they took. We do not receive any information with which
we can personally identify the user. Google itself uses this for identification
Cookies or comparable recognition technologies.
The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a
GDPR and Section 25 Paragraph 1 TTDSG. Consent can be revoked at any time.
You can find more information about Google conversion tracking in the
Google privacy policy: https://policies.google.com/privacy?hl=de.

TikTok Pixels & TikTok Ads
Within our online offering, the so-called “TikTok Pixel” of the social network is used
TikTok, which is owned by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02
T380, operated in Ireland ("TikTok").
With the help of the TikTok pixel, TikTok is able to recognize you as a visitor to our website
Online offer as a target group for the display of advertisements (so-called “TikTok ads”)
determine. Accordingly, we use the TikTok pixel to display the information we place
Only show TikTok ads to those TikTok users who are also interested in our website
online offer or which have certain characteristics (e.g. interests in certain
topics or products that are determined based on the websites visited),
that we transmit to TikTok (so-called “Custom Audiences”). With the help of the TikTok pixel
We also want to ensure that our TikTok ads meet the potential interest of the
Users comply and do not appear harassing. With the help of the TikTok pixel we can
further the effectiveness of TikTok advertisements for statistical and
For market research purposes, we see whether users click on one
TikTok advertisements were redirected to our website (so-called “conversion”).
The data is processed by TikTok within the framework of the
TikTok data usage policy: https://www.tiktok.com/legal/privacy-
policy?lang=de. Accordingly, general information on the display of TikTok ads, in
TikTok's data usage policy. Special information and details about
You can find out more about TikTok pixels and how they work in the TikTok help section:
https://support.tiktok.com/de.
The use of the TikTok pixel and the storage of “conversion cookies” takes place on
Basis of Article 6 Paragraph 1 Letter a GDPR.
You can opt out of the TikTok Pixel’s collection and use of your data
Contradict the display of TikTok ads. You can find an opt-out option in our
Cookie Statement.

Snap Pixel & Snapchat Ads
For the purpose of analyzing and optimizing our website and services, we use the so-called
“Snap Pixel” from the social network Snapchat, which is owned by Snap Inc., Market Street,
Venice, CA 90291, USA (“Snapchat”).
With the help of the Snap Pixel, Snapchat is able to track visitors to our website
as a target group for the display of advertisements (so-called “Snapchat ads”).
Accordingly, we use the Snapchat pixel to display the Snapchat messages we place.
Only show ads to Snapchat users who are interested in our website
have shown or who have certain characteristics (e.g. interests in certain topics or
Products that are determined based on the websites visited) that we provide
Snapchat (so-called “Custom Audiences”).
With the help of the Snap Pixel, we also want to ensure that our Snapchat ads comply
correspond to the potential interest of the users and do not appear annoying. With the help of
Using Snap Pixels, we can also evaluate the effectiveness of Snapchat advertisements for statistical purposes
and market research purposes by seeing whether users click
were redirected to a Snapchat ad on our website (so-called
“Conversion”).
The data is processed by Snapchat as part of Snapchat
Data Use Policy. Accordingly, general information on the representation of
Snapchat Ads, in Snapchat's Data Use Policy: https://www.snap.com/en-
US/privacy/privacy-center
You can object to this via your browser settings using Snap Pixel
personal data is collected and evaluated through this service.

Use of cookies

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. E.g. to save the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed or functions used in an online offer. Cookies can also be used for various purposes, such as the functionality, security and convenience of online offerings and the creation of analyzes of visitor flows.

Information on consent: We use cookies in accordance with legal regulations. We therefore obtain prior consent from users, unless this is not required by law. In particular, consent is not necessary if the storage and reading of the information, including cookies, is absolutely necessary in order to provide users with a telemedia service they have expressly requested (i.e. our online offering). The revocable consent is clearly communicated to the users and contains information on the respective cookie use.

Notes on data protection legal bases: The data protection legal basis on which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing your data is their declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and improving its usability) or, if this is within the scope of fulfilling our contractual obligations, if the use of cookies is necessary for our purposes to fulfill contractual obligations. We will explain the purposes for which we process cookies in the course of this data protection declaration or as part of our consent and processing processes.

Storage period: With regard to the storage period, a distinction is made between the following types of cookies:

• Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their device (e.g. browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. User data collected using cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and can also object to the processing in accordance with the legal requirements in Art. 21 GDPR. Users can also declare their objection via their browser settings, for example by deactivating the use of cookies (which may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ .

• Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

Further information on processing processes, procedures and services:

• Processing of cookie data on the basis of consent: We use a cookie consent management process, in which users consent to the use of cookies or the processing mentioned within the cookie consent management process and providers can be obtained and managed and revoked by users. The declaration of consent is saved so that it does not have to be asked again and to be able to prove consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is created and stored with the time of consent, information about the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and device used; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

Provision of online offerings and web hosting

We process users' data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

• Types of data processed: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.); Safety measures.
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. The server log files include the address and name of the websites and files accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP address. Addresses and the requesting provider belong. The server log files can be used on the one hand for security purposes, for example to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Shopify

To host our website and display the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data will also be transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc.

All data collected on our website is processed on the provider’s servers. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is guaranteed by an adequacy decision by the European Commission.

For the transfer of data to the USA, the provider relies on standard contractual clauses from the European Commission, which are intended to ensure compliance with European data protection levels.

Contact and inquiry management

When you contact us (e.g. by post, contact form, email, telephone or via social media) as well as within the framework of existing user and business relationships, the information provided by the inquiring person is processed to the extent that this is necessary to answer the contact request and any requested measures.

• Types of data processed: Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
• Affected persons: communication partners.
• Purposes of processing: contact requests and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online offering and user-friendliness.
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Changes and updates to the data protection declaration

We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this data protection declaration, please note that the addresses may change over time and ask you to check the information before contacting us.

Rights of data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

• Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
• Right to revoke consent: You have the right to revoke your consent at any time.
• Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with legal requirements.
• Right to rectification: In accordance with legal requirements, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.
• Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately or, alternatively, to request a restriction on the processing of the data in accordance with the legal requirements.
• Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with legal requirements or to request that it be transmitted to another person responsible.
• Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of your data concerns you personal data violates the requirements of the GDPR.