Privacy Policy

We have prepared this Privacy Policy (Version 05/30/2026-113219913) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter “data”) we, as the data controller—and the processors we have commissioned (e.g., providers)—process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important points as simply and transparently as possible. Where transparency is aided by it, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that, within the scope of our business activities, we process personal data only when there is a corresponding legal basis for doing so. This is certainly not possible if one provides explanations that are as brief, unclear, and legally technical as those that are often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information here that you were not previously aware of.
If you still have questions, please contact the responsible party listed below or in the legal notice, follow the provided links, and review additional information on third-party websites. You can, of course, also find our contact information in the legal notice.

Scope of Application

This Privacy Policy applies to all personal data processed by our company and to all personal data processed by companies we have engaged (processors). By “personal data,” we mean information as defined in Article 4(1) of the GDPR, such as a person’s name, email address, and mailing address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:

all online platforms (websites, online stores) that we operate

social media platforms and email communication

mobile apps for smartphones and other devices

In short: This Privacy Policy applies to all areas in which personal data is processed in a structured manner within the company via the aforementioned channels. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Basis

In the following Privacy Policy, we provide you with transparent information regarding the legal principles and regulations—that is, the legal bases of the General Data Protection Regulation—that enable us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the portal for EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679 .

We process your data only if at least one of the following conditions applies:

Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.

Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we enter into a purchase agreement with you, we need personal information in advance.

Legal obligation (Article 6(1)(c) GDPR): We process your data if we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes. These typically contain personal data.

Legitimate Interests (Article 6(1)(f) GDPR): In cases of legitimate interests that do not infringe upon your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and economically efficiently. This processing therefore constitutes a legitimate interest.

Other conditions, such as processing for the public interest, the exercise of official authority, or the protection of vital interests, generally do not apply to us. Should such a legal basis nevertheless be relevant, it will be indicated in the appropriate section.

In addition to the EU Regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Data Protection Act), or DSG for short.

In Germany, the Federal Data Protection Act (BDSG) applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the controller

If you have any questions regarding data protection or the processing of personal data, you will find the contact details of the controller below, in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR):
xxx
xxx
xxx Austria
Authorized representative: xxx
Email: xxx
Phone: xxx
Legal notice: xxx

Retention Period

It is our general policy to store personal data only for as long as is strictly necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally required to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as soon as possible, provided there is no legal obligation to retain it.

We provide information below regarding the specific duration of each data processing activity, provided we have further details on the matter.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights to which you are entitled to ensure fair and transparent data processing:

Under Article 15 of the GDPR, you have the right to request information regarding whether we process your data. If this is the case, you have the right to receive a copy of the data and to be informed of the following: the purpose for which we are processing the data; the categories, i.e., the types of data being processed; who receives this data and, if the data is transferred to third countries, how security is ensured; how long the data will be stored; the existence of the right to rectification, erasure, or restriction of processing, and the right to object to processing; that you may lodge a complaint with a supervisory authority (links to these authorities are provided below); the source of the data, if we did not collect it from you; whether profiling is carried out, i.e., whether data is automatically analyzed to create a personal profile of you.

Under Article 16 of the GDPR, you have the right to rectification of the data, which means that we must correct the data if you find any errors.

Under Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the deletion of your data.

Under Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but may not use it further.

Under Article 20 of the GDPR, you have the right to data portability, which means that we must provide you with your data in a commonly used format upon request.

Under Article 21 of the GDPR, you have the right to object, which, once exercised, results in a change to the processing. If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then review as soon as possible whether we can legally comply with this objection. If data is used for direct marketing, you may object to this type of data processing at any time. We may no longer use your data for direct marketing thereafter. If data is used for profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling after that.

Under certain circumstances, you have the right under Article 22 of the GDPR not to be subject to a decision based solely on automated processing (such as profiling).

Under Article 77 of the GDPR, you have the right to lodge a complaint. This means you can file a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights—do not hesitate to contact the controller listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you may file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/ . In Germany, there is a data protection officer for each federal state. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) at . The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Director: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email address: [email protected]
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data to countries outside the scope of the GDPR (third countries) if you consent to such processing or if there is another legal basis for doing so. This applies in particular when the processing is required by law or necessary to fulfill a contractual relationship, and in any case only to the extent that this is generally permitted. In most cases, your consent is the primary reason we process data in third countries. The processing of personal data in third countries such as the U.S., where many software providers offer services and have their server locations, may result in personal data being processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, an adequate level of protection for data transfers to the U.S. currently exists only if a U.S. company that processes personal data of EU citizens in the U.S. is an active participant in the EU-U.S. Data Privacy Framework. For more information, please visit: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by U.S. services that are not active participants in the EU-U.S. Data Privacy Framework may result in data being processed and stored without anonymization. Furthermore, U.S. government authorities may, in some cases, access specific data. Additionally, collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. Whenever possible, we strive to use server locations within the EU, provided this option is available.
We provide more detailed information about data transfers to third countries, where applicable, in the relevant sections of this Privacy Policy.

Data Processing Security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In doing so, we make it as difficult as possible, within our capabilities, for third parties to infer personal information from our data.

Article 25 of the GDPR refers to “data protection by design and by default,” meaning that security must always be considered and appropriate measures implemented for both software (e.g., forms) and hardware (e.g., access to the server room). We will discuss specific measures below, where necessary.

TLS encryption with HTTPS

TLS, encryption, and HTTPS sound very technical—and they are. We use HTTPS (which stands for "Hypertext Transfer Protocol Secure") to transmit data over the internet in a way that prevents eavesdropping.
This means that the entire transmission of all data from your browser to our web server is secured—no one can “eavesdrop.”

In doing so, we have introduced an additional layer of security and comply with data protection through technology design ( Article 25(1) GDPR ). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small padlock icon in the top left corner of the browser, to the left of the web address (e.g., examplepage.de), and by the use of the https scheme (instead of http) as part of our web address.
If you would like to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find useful links to further information.

Communication

Communication Summary
👥 Data subjects: Anyone who communicates with us via phone, email, or online form
📓 Data processed: e.g., phone number, name, email address, form data entered. You can find more details on this under the respective contact method
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Retention period: Duration of the business transaction and as required by law
⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interests)

When you contact us and communicate via phone, email, or online form, personal data may be processed.

The data is processed for the purpose of handling and addressing your inquiry and the related business transaction. The data is stored for as long as necessary or as required by law.

Data Subjects

The aforementioned processes affect everyone who contacts us via the communication channels we provide.

Phone

When you call us, the call data is stored in pseudonymized form on the respective device and with the telecommunications provider used. Additionally, data such as your name and phone number may subsequently be sent via email and stored for the purpose of responding to your inquiry at . The data will be deleted as soon as the business matter has been resolved and legal requirements permit.

Email

When you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data is stored on the email server. The data is deleted as soon as the business matter has been resolved and legal requirements permit.

Online Forms

When you communicate with us via an online form, data is stored on our web server and may be forwarded to one of our email addresses. The data is deleted as soon as the business transaction is completed and legal requirements permit.

Legal Basis

The processing of data is based on the following legal grounds:

Art. 6(1)(a) GDPR (Consent): You give us consent to store your data and to use it for purposes related to the business transaction;

Art. 6(1)(b) GDPR (Contract): It is necessary for the performance of a contract with you or a processor, such as a telephone provider, or we must process the data for pre-contractual activities, such as preparing a quote;

Art. 6(1)(f) GDPR (Legitimate Interests): We aim to handle customer inquiries and business communications in a professional manner. To do so, certain technical tools—such as email programs, Exchange servers, and mobile network operators—are necessary to ensure efficient communication.

Cookies

Cookies Summary
👥 Data subjects: Website visitors
🤝 Purpose: Depends on the specific cookie. More details can be found below or from the software manufacturer that sets the cookie.
📓 Data Processed: Depends on the specific cookie used. More details can be found below or from the software provider that sets the cookie.
📅 Storage period: Depends on the specific cookie; can vary from hours to years
⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are really useful little helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files stored on your computer by our website. These cookie files are automatically placed in the cookie folder, which is essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser sends the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you’re used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following diagram illustrates a possible interaction between a web browser, such as Chrome, and the web server. In this scenario, the web browser requests a website and receives a cookie from the server, which the browser reuses as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware.” Cookies also cannot access information on your PC.

Here is an example of what cookie data might look like:

Name: _ga
Value: GA1.2.1326744211.152113219913-9
Purpose: To distinguish website visitors
Expiration date: after 2 years

A browser should be able to support these minimum sizes:

At least 4096 bytes per cookie

At least 50 cookies per domain

At least 3000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services we employ and are explained in the following sections of this privacy policy. Here, we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic website functionality. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing other pages, and only proceeds to checkout later. These cookies ensure that the shopping cart is not cleared, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. Additionally, these cookies are used to measure the loading time and the website’s performance across different browsers.

Functional cookies
These cookies improve user-friendliness. For example, they save entered locations, font sizes, or form data.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver personalized advertising to the user. This can be very convenient, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these cookie types you would like to allow. And, of course, this decision is also stored in a cookie.

If you’d like to learn more about cookies and aren’t afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265 , the Internet Engineering Task Force (IETF) Request for Comments titled “HTTP State Management Mechanism.”

Purpose of processing via cookies

The purpose ultimately depends on the specific cookie. You can find more details below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small tools for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Cookie retention period

The storage duration depends on the specific cookie and is specified in more detail below. Some cookies are deleted after less than an hour, while others may remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also “Right to Object” below). Furthermore, cookies based on consent will be deleted at the latest upon revocation of your consent, although the lawfulness of the storage until that point remains unaffected.

Right to Object – How Can I Delete Cookies?

You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to see which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set your browser to always notify you when a cookie is about to be set. This allows you to decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It’s best to search for instructions on Google using the search terms “delete cookies Chrome” or “disable cookies Chrome” if you’re using the Chrome browser.

Legal Basis

The so-called “Cookie Directive” has been in effect since 2009. It stipulates that the storage of cookies requires your consent (Article 6(1)(a) of the GDPR). However, reactions to this directive still vary widely among EU countries. In Austria, however, this directive was implemented in Section 165(3) of the Telecommunications Act (2021). In Germany, the Cookie Directive was not implemented as national law. Instead, this directive was largely implemented in Section 15(3) of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.

For strictly necessary cookies, even in the absence of consent, there are legitimate interests (Article 6(1)(f) GDPR), which are of an economic nature in most cases. We aim to provide website visitors with a pleasant user experience, and certain cookies are often strictly necessary for this purpose.

Where non-essential cookies are used, this is done only with your consent. The legal basis for this is Article 6(1)(a) of the GDPR.

The following sections provide more detailed information about the use of cookies, provided that the software used employs cookies.

Web Hosting Introduction

Web Hosting Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Professional hosting of the website and ensuring its operation
📓 Data processed: IP address, time of website visit, browser used, and other data. More details can be found below or with the respective web hosting provider.
📅 Retention period: Depends on the respective provider, but generally 2 weeks
⚖️ Legal basis: Art. 6(1)(f) GDPR (Legitimate Interests)

What is web hosting?

When you visit websites today, certain information—including personal data—is automatically generated and stored, including on this website. This data should be processed as sparingly as possible and only for a valid reason. By “website,” we mean the entirety of all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By “domain,” we mean, for example, example.de or sampleexample.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You’re probably familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We refer to them simply as browsers or web browsers.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and resource-intensive task, which is why it’s usually handled by professional providers. These providers offer web hosting and ensure reliable, error-free storage of website data. That’s a lot of technical terms, but please stick with it—it gets even better!

When the browser on your computer (desktop, laptop, tablet, or smartphone) establishes a connection and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a period of time to ensure proper operation.

A picture is worth a thousand words, so the following diagram illustrates the interaction between the browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

Professional hosting of the website and ensuring its operation

To maintain operational and IT security

Anonymous analysis of access behavior to improve our services and, if necessary, for law enforcement or the pursuit of claims

What data is processed?

Even as you visit our website right now, our web server—the computer on which this website is hosted—typically automatically stores data such as

the complete Internet address (URL) of the accessed webpage

browser and browser version (e.g., Chrome 87)

the operating system used (e.g., Windows 10)

the address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)

the hostname and IP address of the device from which the site is accessed (e.g., COMPUTERNAME and 194.23.43.121)

Date and time

in files, known as web server log files

How long is data stored?

As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not share this data, but we cannot rule out the possibility that authorities may access this data in the event of unlawful conduct.

In short: Your visit is logged by our provider (the company that hosts our website on special computers (servers)), but we do not share your data without your consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting is based on Art. 6(1)(f) GDPR (protection of legitimate interests), as the use of professional hosting with a provider is necessary to present the company on the internet in a secure and user-friendly manner and to be able to investigate any attacks or claims arising therefrom.

There is generally a contract between us and the hosting provider regarding data processing in accordance with Art. 28 et seq. of the GDPR, which ensures compliance with data protection regulations and guarantees data security.

External Web Hosting Provider Privacy Policy

Below you will find the contact details of our external hosting provider, where you can learn more about data processing in addition to the information above:

Web Host: GoHighLevel Inc., 400 North Saint Paul St., Suite 920, Dallas, TX 75201, USA
DNS/Proxy: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA
Email: Google LLC (Google Workspace)

You can learn more about data processing with this provider in the Privacy Policy .

Email Marketing Introduction

Email Marketing Summary
👥 Data subjects: Newsletter subscribers
🤝 Purpose: Direct marketing via email, notification of system-related events
📓 Processed data: Data entered during registration, but at a minimum the email address. You can find more details on this in the respective email marketing tool used.
📅 Retention period: Duration of the subscription
⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is email marketing?

To keep you up to date, we also use email marketing. In doing so, provided you have consented to receiving our emails or newsletters, we will process and store your data. Email marketing is a subset of online marketing. It involves sending news or general information about a company, products, or services via email to a specific group of people who are interested in them.

If you wish to participate in our email marketing (usually via newsletter), you typically just need to sign up with your email address. To do so, you fill out an online form and submit it. However, we may also ask for your title and name so that we can address you personally.

Generally, signing up for newsletters works using the so-called “double opt-in process.” After you sign up for our newsletter on our website, you will receive an email asking you to confirm your newsletter subscription. This ensures that the email address belongs to you and that no one has signed up using someone else’s email address. We, or a notification tool we use, log every single registration. This is necessary so that we can also verify the legally correct registration process. Typically, the time of registration, the time of the registration confirmation, and your IP address are stored. Additionally, any changes you make to your stored data are also logged.

Why do we use email marketing?

Of course, we want to stay in touch with you and always keep you updated on the most important news about our company. To do this, we use email marketing—often simply referred to as a “newsletter”—as an essential part of our online marketing. Provided you consent to this or it is permitted by law, we will send you newsletters, system emails, or other notifications via email. When we use the term “newsletter” in the following text, we mainly mean emails sent on a regular basis. Of course, we do not want to bother you in any way with our newsletters. That is why we always strive to provide only relevant and interesting content. For example, you can learn more about our company, our services, or our products. Since we are constantly improving our offerings, our newsletter will also keep you informed whenever there is news or when we are currently offering special, lucrative promotions. If we engage a service provider that offers a professional mailing tool for our email marketing, we do so to be able to provide you with fast and secure newsletters. The purpose of our email marketing is fundamentally to inform you about new offers and to help us achieve our business goals.

What data is processed?

When you subscribe to our newsletter via our website, you confirm your membership in an email list via email. In addition to your IP address and email address, your title, name, address, and phone number may also be stored. However, this only occurs if you consent to this data storage. The data marked as such is necessary for you to participate in the service offered. Providing this information is voluntary, but failure to do so will prevent you from using the service. Additionally, information about your device or your preferred content on our website may also be stored. You can find more information about data storage when you visit a website in the section “Automatic Data Storage.” We record your declaration of consent so that we can always demonstrate that it complies with our laws.

Duration of Data Processing

If you unsubscribe your email address from our email/newsletter distribution list, we may store your address for up to three years based on our legitimate interests so that we can still prove your consent at that time. We may only process this data if we need to defend ourselves against any claims.

However, if you confirm that you have given us consent to subscribe to the newsletter, you may submit an individual request for deletion at any time. If you permanently withdraw your consent, we reserve the right to store your email address on a block list. As long as you have voluntarily subscribed to our newsletter, we will, of course, retain your email address.

Right to Object

You can cancel your newsletter subscription at any time. To do so, you simply need to revoke your consent to subscribe to the newsletter. This usually takes only a few seconds or one or two clicks. In most cases, you’ll find a link at the very bottom of each email to cancel your newsletter subscription. If you really can’t find the link in the newsletter, please contact us by email and we’ll cancel your subscription immediately.

Legal Basis

We send our newsletter based on your consent (Article 6(1)(a) of the GDPR). This means we may only send you a newsletter if you have actively subscribed to it beforehand. In some cases, we may also send you promotional messages, provided you have become our customer and have not objected to the use of your email address for direct marketing.

Information about specific email marketing services and how they process personal data can be found—where available—in the following sections.

Mailgun Privacy Policy

Mailgun Privacy Policy Summary
👥 Data Subjects: Newsletter subscribers
🤝 Purpose: Direct marketing via email, notification of relevant events
📓 Data processed: Data entered during registration, but at a minimum the email address.
📅 Retention period: Duration of the subscription
⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is Mailgun?

We use Mailgun on our website, an email API service for our email marketing. The service provider is the American company Mailgun Technologies Inc., 112 E Pecan St #1135, San Antonio, TX 78205, USA.

Mailgun was founded in 2010 with the goal of providing developers and businesses with powerful APIs and tools for sending, receiving, and tracking emails. Since its founding, the company has continued to grow and offers features such as email sending, SMTP services, mail processing, real-time tracking, spam filtering, and automatic scaling. In August 2020, Thoma Bravo acquired a majority stake in Mailgun. Mailgun is now one of the largest providers supporting companies worldwide in implementing efficient email communication.

By using Mailgun, personal data such as your IP address, geographic data, or contact information may be collected, stored, and processed. In this privacy policy, we provide more details about Mailgun’s data processing so that you are fully informed.

Why do we use Mailgun on our website?

We use an email marketing service to stay in touch with you. We want to keep you updated on what’s new with us or share the attractive offers currently available in our program. For our marketing efforts, we always seek the simplest and best solutions. That’s why we chose Mailgun’s service. Although the software is very easy to use, it offers a wide range of helpful features.

Using the design templates provided, we customize each newsletter individually, and thanks to “responsive design,” our content is displayed clearly and attractively on your smartphone (or other mobile device).

The email marketing service also provides us with helpful analytics. This means that when we send a newsletter, we can see, for example, whether and when you opened it. The software also detects and records whether you clicked on any links in the newsletter and which ones. This information is extremely helpful in tailoring and optimizing our service to your needs and preferences. After all, we naturally want to offer you the best possible service. In addition to the data mentioned above, data regarding your user behavior is also stored.

What data is processed by Mailgun?

When you subscribe to our newsletter via our website, you confirm your membership in a Mailgun email list via email. To enable Mailgun to verify that you have subscribed to the “list provider,” the date of subscription, the time, and your IP address are stored.

With the help of Mailgun, we can keep you up to date with the latest news and developments in our company directly from the source. However, you should be aware that during the newsletter sign-up process, all data you enter (such as your email address or your first and last name) is stored and managed on our server and by Mailgun. This data is also considered personal information. During the sign-up process, you also consent to us sending you the newsletter, and we refer you to this privacy policy. Additionally, data such as click behavior within the newsletter may be processed. This information is used to send you emails and to enable certain other Mailgun features (such as newsletter analytics).

How long and where is the data stored?

Generally, data is deleted by Mailgun once it is no longer needed for its own purposes. There are, of course, exceptions, particularly when legal obligations require the data to be retained for a longer period. Web server logs containing your IP address and technical data are also deleted by Mailgun when you unsubscribe from our newsletter. According to Mailgun’s privacy policy, personal data is deleted within a maximum of 90 days following a request for deletion.

Mailgun is an American company, and the data is therefore also stored and processed in the United States.

Right to Object

You can cancel your newsletter subscription at any time. To do so, you simply need to revoke your consent to the newsletter subscription. This usually takes only a few seconds or one or two clicks at . In most cases, you will find a link at the very bottom of each email to cancel your newsletter subscription. If you really cannot find the link in the newsletter, please contact us by email and we will cancel your newsletter subscription immediately. After unsubscribing, your personal data will be deleted from our server and from the Mailgun servers. You have the right to receive information about your stored data free of charge and, if applicable, the right to have it deleted, blocked, or corrected.

Legal Basis

If you have consented to the use of Mailgun, this consent serves as the legal basis for the corresponding data processing. According to Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as may occur during collection by Mailgun.

We also have a legitimate interest in using Mailgun to optimize our online service and to design attractive and informative newsletters for you. The corresponding legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). If consent is not required, the newsletter is sent based on the legitimate interest in direct marketing (Article 6(1)(f)), provided this is legally permitted. We record your registration process so that we can always demonstrate that it complies with our laws.

Mailgun processes your data, among other places, in the United States. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. This may entail various risks regarding the lawfulness and security of data processing.

As the basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, and Norway—specifically, in the United States) or for data transfers to such countries, Mailgun uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through these clauses, Mailgun commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the U.S. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about the Standard Contractual Clauses and the data processed through the use of Mailgun, please refer to the Privacy Policy at https://www.mailgun.com/de/rechtliches/datenschutzerklaerung/.

Privacy Policy EN DE Terms & Conditions Impressum

No spam · Unsubscribe anytime