Introduction

In this Privacy Policy, we explain which of your personal data we use for what purposes and within which scope. This Privacy Policy applies to every instance in which we process personal data, including within the scope of the provision of our services as well as on our web pages, in mobile applications, and within the scope of external websites such as social media profiles (hereinafter referred to as “online services”).

Contents

• Introduction
• Controller
• Data Processing
• Data Privacy Officer
• Legal Basis
• Security Measures
• Transfer and Disclosure of Personal Data
• Data Processing in Third Countries
• Use of Cookies
• Provision of Online Services and Web Hosting
• Contact
• Web Analysis, Monitoring, Optimization
• Online Marketing
• Plugins, Embedded Functions, and Content
• Erasure of Personal Data
• Rights of the Data Subject
• Terminology
• Revisions and Updates to the Privacy Policy

Controller

LGH Service GmbH
Mommsenstr. 6
D-04329 Leipzig

Authorized representatives: Kai Thalmann, CEO
E-mail address: info@lgh-leipzig.de
Telephone: +49 (0) 341 2597700

Data Privacy Officer

Dr. Jürgen Fechner
Walter-Markov-Ring 42
04288 Leipzig
+49 (0) 171 8266933

Data Processing

The following overview summarizes the types of personal data processed and the purposes of processing, and it also lists the data subjects.

Types of Personal Data Processed

• User data (e.g., names, addresses).
• Content data (e.g., text entries, photographs, videos).
• Contact information (e.g., e-mail addresses, telephone numbers).
• Meta/communication data (e.g., device information, IP addresses).
• Usage data (e.g., websites visited, interest in content, access times).
• Location data (data that indicates the location of the user’s device).

Data Subject Categories

• Interested parties.
• Communication partners.
• Users (e.g., website visitors, users of online services).

Purpose of Data Processing

• Providing our online services, user friendliness.
• Conversion tracking.
• Interest-based and behavioral marketing
• Contact requests and communication.
• Profiling (creating user profiles).
• Remarketing.
• Web analytics (e.g., visitor statistics, repeat visitors).
• Tracking (e.g., interest-based/behavioral profiling, use of cookies).
• Contractual services.

Legal Basis

The following section explains the legal basis for our processing of personal data. Please note that in addition to the provisions of the General Data Protection Regulation (GDPR), other national data protection regulations may apply for your country of residence/domicile. If a special legal basis is additionally applicable in individual cases, we will inform you of this fact within the scope of the Privacy Policy.

• Consent (GDPR Art. 6 (1) (1) (a)) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
• Performance of a contract and steps prior to entering into a contract (GDPR Art. 6 (1) (1) (b)) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (GDPR Art. 6 (1) (1) (f)) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data privacy regulations in Germany: In addition to the provisions of the General Data Protection Regulation, national data privacy regulations apply in Germany. These include, in particular, the German Federal Data Protection Act (BDSG). The BDSG includes special regulations regarding the data subject’s right of access, right to erasure, and right to object, as well as regarding the processing of special categories of personal data, processing for other purposes, the transfer of data, and automated individual decision-making, including profiling. It also governs data processing for employment-related purposes (BDSG Section 26), particularly as regards hiring decisions, carrying out or terminating the employment contract, and consent from employees. Moreover, state data privacy laws in the individual German states may be applicable.

Security Measures

In accordance with applicable legal regulations, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the latest technology, the costs of implementation, and the nature, scope, context, and purposes of processing and the extent of the risk to the rights and freedoms of natural persons.
In particular, these measures include safeguarding the confidentiality, integrity, and availability of personal data by controlling physical and electronic access to the personal data as well as safeguarding other forms of access to, input, transmission, availability, and separation of the data. In addition, we have established procedures to ensure that data subjects’ rights are respected, that data is erased, and that we are able to respond to threats to personal data. Moreover, we take the protection of personal data into account at an early stage: during the development or selection of hardware, software, and procedures, in accordance with the principle of privacy by design and privacy by default.
Shortening IP addresses: We will shorten your IP address or have it shortened in cases where doing so is possible and your IP address does not need to be stored. If your IP address is shortened (also known as IP masking), the last byte (the last two digits) of your IP address will be deleted (in this context, an IP address is an individual identifier assigned to an Internet connection by the online access provider). Shortening the IP address is intended to make it impossible or much more difficult to identify a person based on their IP address.

Transfer and Disclosure of Personal Data

Within the scope of our processing of personal data, the data may be transferred to other bodies, companies, legally independent organizational units, or persons, or it may be disclosed to them. Recipients of this personal data may include payment institutions within the context of payment transactions, service providers commissioned with IT jobs, or providers of services or content embedded in a website. In such cases, we observe the legal requirements and enter into the requisite contracts or agreements with the recipients of your personal data in order to protect your data.
Data transfer within the corporate group: We may transfer personal data to other companies within our corporate group or grant them access to personal data. If the data is transferred for administrative purposes, the data is transferred based on our legitimate business and financial interests, or it is transferred in order to fulfill our contractual obligations, or if the data subject has provided consent or the transfer is permitted by law.

Data Processing in Third Countries

To the extent that we process personal data in a third country (i.e., a country outside of the European Union (EU), the European Economic Area (EEA)), or process personal data in the context of services provided by third parties, or disclose or transfer personal data to other individuals, bodies, or companies, this only occurs in compliance with applicable legal regulations.
Except in cases of express consent or transfer required by contract or law, we process the personal data or have it processed only in third countries that have a recognized level of data protection, that have a contractual obligation through standard protection clauses of the EU Commission, or that present certifications or binding internal data protection regulations (GDPR Article 44 to 49, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after the user’s visit to an online service. This stored information may include the language settings on a website, the login status, a shopping cart, or the location where a video was viewed, for example. The term “cookies” also includes other technologies that fulfill the same functions as cookies (if user information is stored using pseudonymous online identifiers, also referred to as “user IDs,” for example).

• Temporary cookies (also known as session cookies): At the latest, temporary cookies are deleted after a user has left an online service and closed the browser.
• Permanent cookies: Permanent cookies remain stored even after the browser is closed. This allows the login status to be saved or preferred content to be displayed directly when the user visits a website again, for example. These cookies can also be used to store users’ interests for the purposes of web analytics or marketing.
• First-party cookies: We set first-party cookies ourselves.
• Third-party cookies: Third-party cookies are primarily used by advertisers (known as third parties) to process user information.
• Necessary (or essential) cookies: Cookies can be necessary for the operation of a website (e.g., to save logins or other user input) or for security reasons.
• Statistics, marketing, and personalization cookies: Cookies are generally also used for web analytics and to store a user’s interests or behavior (e.g., viewing certain content, using functions, etc.) on individual websites in a user profile. These profiles are used to display content to users that corresponds to their potential interests, for example. This procedure is also referred to as “tracking”, i.e., tracking the potential interests of users. To the extent that we use cookies or “tracking” technologies, we will inform you separately in our Privacy Policy or during the process of obtaining consent.

Information on the legal basis: The legal basis on which we use cookies to process your personal data depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is your declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g., our interest in operating or improving our online services in a business-oriented manner), or, in cases where the use of cookies is necessary, on the basis of fulfilling our contractual obligations.

Retention period: Unless we provide you with explicit information regarding the retention period of permanent cookies (e.g., within the scope of a cookie opt-in), please assume that the retention period can be up to two years.

General information on withdrawal of consent and objection (opt out): Depending on whether processing is based on consent or legal permission, you have the option to object to the processing of your data using cookie technologies or to revoke consent (collectively referred to as “opt-out”) at any time. You can initially state your objection via your browser settings, e.g., by deactivating the use of cookies (which may also restrict the functionality of our online services). You can also object to the use of cookies for online marketing purposes, particularly in the case of tracking, for a large number of services via the websites https://optout.aboutads.info and http://www.youronlinechoices.com. In addition, you will find further information on objecting to cookies as part of the information provided about the service providers and cookies used.

Processing cookie data on the basis of consent: Before we process data or have data processed as part of our use of cookies, we ask users for their consent, which can be withdrawn at any time. Before consent has been expressly granted, however, we may use some cookies that are absolutely necessary for the operation of our online services.

• Types of data processed: Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
• Data subjects: Users (e.g., website visitors, users of online services).
• Legal basis: Consent (GDPR Art. 6 (1) (1) (a)), legitimate interests (GDPR Art. 6 (1) (1) (f)).

Provision of Online Services and Web Hosting

In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers. Our online services can be accessed from their servers (or the servers they manage). For these purposes, we may use infrastructure and platform services, computing capacity, storage space, database services, security services, and technical maintenance services.
The personal data processed within the context of the provision of hosting services may include all information relating to the users of our online services that is collected in the course of use and communication. This regularly includes the user’s IP address, which is required for delivering the contents of online services to browsers, and all entries made within our online services or from websites.

Collection of access data and log files: We ourselves (or our web hosting provider) collect personal data each time the server is accessed. These files are known as server log files. Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, the referrer URL (the previously visited page), and, as a general rule, the IP addresses and the requesting provider.
The server log files can be used for security purposes – such as preventing servers from being overloaded, especially in the case of DDoS attacks – and to ensure the stability and optimal load balancing of the servers.

• Types of data processed: Content data (e.g., text entries, photographs, videos), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
• Data subjects: Users (e.g., website visitors, users of online services).
• Legal basis: Legitimate interests (GDPR Art. 6 (1) (1) (f)).

Contact

When contacting us (e.g., by contact form, e-mail, telephone, or social media), data about the persons submitting the contact request is processed to the extent necessary to respond to the contact requests and complete any requested actions.
We respond to contact requests within the framework of contractual or pre-contractual relationships in order to fulfill our contractual obligations, to respond to (pre-)contractual requests, and on the basis of legitimate interests in responding to the requests.

• Types of data processed: User data (e.g., names, addresses), contact information (e.g., e-mail addresses, telephone numbers), content data (e.g., text entries, photographs, videos).
• Data subjects: Communication partners.
• Purpose of data processing: Contact requests and communication.
• Legal basis: Performance of a contract and steps prior to entering into a contract (GDPR Art. 6 (1) (1) (b)), legitimate interests (GDPR Art. 6 (1) (1) (f)).

Web Analysis, Monitoring, Optimization

Web analytics allows us to evaluate the streams of visitors to our online services and can record users’ behavior, interests, or demographic information (such as age or gender) as pseudonymized values. The process allows us to identify when our online services or their functions are accessed most frequently, for example, or to invite users to use them again. We can also determine which areas require optimization.

In addition to web analysis, we can also use a testing process to allow us to test different versions of our online services or to test and optimize their components, for example.

User profiles can be created for this purpose and stored in a file called a “cookie,” or similar processes can be used for the same purpose. This information may include content viewed, websites visited, elements used on the websites, and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this data may also be processed, depending on the provider.

The users’ IP addresses will also be stored. However, we use an IP masking process (i.e., pseudonymization by shortening the IP address) to protect users. Generally speaking, we do not store any non-pseudonymized user data (such as e-mail addresses or names) in the context of web analysis, A/B testing, or optimization; we only store pseudonymous data. This means that neither we nor the providers of the software used are aware of the users’ actual identity; we only have access to the information stored in their profiles for the purposes of the processes in question.

Information on the legal basis: If we ask users for their consent in the context of third-party providers, the legal basis for processing personal data is this consent. Otherwise, users’ personal data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information in this Privacy Policy on how cookies are used.

• Types of data processed: Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purpose of data processing: Web analytics (e.g., visitor statistics, repeat visitors), tracking (e.g., interest-based/behavioral profiling, use of cookies), conversion tracking, profiling (creating user profiles).
• Security measures: IP masking (IP address pseudonymization)
• Legal basis: Consent (GDPR Art. 6 (1) (1) (a)), legitimate interests (GDPR Art. 6 (1) (1) (f)).

Services and service providers used:
Google Analytics: Web analytics; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: https://policies.google.com/privacy.

Online Marketing

We process personal data for the purposes of online marketing, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of its effectiveness.

User profiles are created for this purpose and stored in a file called a “cookie,” or similar processes are used to store the user information relevant for displaying the aforementioned content. This information may include content viewed, websites visited, online networks used, communication partners, and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this data may also be processed.

The users’ IP addresses will also be stored. However, we use available IP masking processes (i.e., pseudonymization by shortening the IP address) to protect users. Generally speaking, we do not store any non-pseudonymized user data (such as e-mail addresses or names) in the context of online marketing; we only store pseudonymous data. This means that neither we nor the providers of the online marketing processes are aware of the users’ actual identity; we only have access to the information stored in their profiles.

The information in these profiles is usually stored in the cookies or using similar processes. These cookies can generally also use the same online marketing process on other websites, and they can be read and analyzed for the purposes of displaying content. Additionally, they can be supplemented with further personal data and stored on the server of the online marketing technology provider.

In exceptional cases, non-pseudonymized data may be allocated to the profiles. This is the case if, for example, the users are members of a social network whose online marketing process we use, and the network links the users’ profiles with the aforementioned data. Please note that users may enter into additional agreements with providers, e.g., by consenting as part of a registration process.
As a general rule, we only have access to aggregated information about the performance of our advertisements. However, as part of the process of conversion tracking, we can determine which of our online marketing processes led to a conversion, i.e., entering into a contract with us, for example. Conversion tracking is used solely for the purpose of analyzing the performance of our marketing activities.

Unless otherwise stated, the standard retention period for cookies is two years.

Information on the legal basis: If we ask users for their consent in the context of third-party providers, the legal basis for processing personal data is this consent. Otherwise, users’ personal data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information in this Privacy Policy on how cookies are used.

• Types of data processed: Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
• Data subjects: Users (e.g., website visitors, users of online services), interested parties.
• Purpose of data processing: Tracking (e.g., interest-based/behavioral profiling, use of cookies), remarketing, conversion tracking, interest-based and behavioral marketing, profiling (creating user profiles), web analytics (e.g., visitor statistics, repeat visitors).
• Security measures: IP masking (IP address pseudonymization)
• Legal basis: Consent (GDPR Art. 6 (1) (1) (a)), legitimate interests (GDPR Art. 6 (1) (1) (f)).
• Objection (opt out): We refer to the privacy policies of the respective service providers and the options to object (opt out). If no explicit opt-out option is indicated, it is possible to deactivate cookies in your browser settings. However, doing so may limit the functions of our online services. Consequently, we would recommend the following opt-out options, which are offered for specific regions here:
  a) Europe: https://www.youronlinechoices.eu.
  b) Canada: https://www.youradchoices.ca/choices.
  c) USA: https://www.aboutads.info/choices.
  d) International: https://optout.aboutads.info.

Services and service providers used:

• Google Analytics: Online marketing and web analysis; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
  Website: https://marketingplatform.google.com/intl/en/about/analytics/;
  Privacy Policy: https://policies.google.com/privacy;
  Objection (opt out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en,
  Ad personalization settings: https://adssettings.google.com/authenticated.

Plugins, Embedded Functions, and Content

We integrate functional and content elements into our online services that are drawn from the servers of their respective providers (hereinafter referred to as “third-party providers”). These elements may include graphics, videos, social media buttons, or posts (hereinafter referred to collectively as “content”).

The integration of these elements always requires the third-party providers of this content to process users’ IP addresses, as the providers cannot send content to users’ browsers without these IP addresses. Consequently, users’ IP addresses are required to display this content or these functions. We endeavor to only use content for which the respective providers require users’ IP addresses solely in order to deliver the content. Additionally, third-party providers can use pixel tags (invisible graphics also known as web beacons) for statistical or marketing purposes. These pixel tags allow information such as user traffic on the pages of this website to be evaluated. This pseudonymized information can also be stored in cookies on the user’s device and may include technical information about the user’s browser and operating system, linked websites, the time of the user’s visit, and further information about the use of our online services, and it may be liked to this type of information from other sources.

Information on the legal basis: If we ask users for their consent in the context of third-party providers, the legal basis for processing personal data is this consent. Otherwise, users’ personal data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information in this Privacy Policy on how cookies are used.

• Types of data processed: Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses), location data (data that indicates the location of the user’s device).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purpose of data processing: Providing our online services, user friendliness, contractual services, and other service.
• Legal basis: Legitimate interests (GDPR Art. 6 (1) (1) (f)).

Services and service providers used:

• Google Fonts: We use fonts from the provider Google (Google Fonts); within this context, users’ personal data is used solely for the purpose of displaying the fonts in users’ browsers. The fonts are used on the basis of our legitimate interest in a technologically secure, no-maintenance, efficient use of fonts, in the consistent appearance of the fonts, and taking into account licensing restrictions for the use of the fonts. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
  Website: https://fonts.google.com/;
  Privacy Policy: https://policies.google.com/privacy.
• Google Maps: We use maps from the “Google Maps” service provided by Google. Personal data processed may include users’ IP addresses and location data, in particular; however, this data may not be collected without users’ consent (generally granted within the settings on their mobile devices). Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
  Website: https://cloud.google.com/maps-platform; Privacy Policy: https://policies.google.com/privacy;
  Objection (opt out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en,
  Ad personalization settings: https://adssettings.google.com/authenticated.
• Google reCAPTCHA: We also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The primary purpose of this function is to determine whether an entry was made by a natural person or is a form of misuse resulting from machine-based or automated processing. The service comprises sending the IP address and, if necessary, other data Google requires for the reCAPTCHA service to Google, and it is operated in accordance with GDPR Art. 6 (1) (f) on the basis of our legitimate interest in ensuring individual responsibility online and preventing abuse and spam. The use of Google reCAPTCHA may involve the transfer of personal data to the servers of Google LLC in the USA. Further information about Google reCAPTCHA and Google’s Privacy Policy can be found here: https://www.google.com/intl/en/policies/privacy/.
• Polylang: For the multilingualism of our website we use the program Polylang. Polylang is a product of WP SYNTEX, 28, rue Jean Sebastien Bach, 38090 Villefontaine, France. Cookies from Polylang are set exclusively to recognize and record the language used or chosen by the user. These cookies are generally stored for one year, after which they are deleted. We have deactivated the cookie storage of Polylang. The website always starts in the German version. Further information on data protection compliance can be found here: https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law/

Erasure of Data

The data we process will be erased in accordance with statutory provisions as soon as the consent required for its processing is revoked or other permissions no longer apply (e.g. if the purpose for processing this data no longer applies or if the data is no longer required for that purpose).
If the data is not erased because it is required for other legally permissible purposes, the processing of the data will be limited to those purposes, i.e., the data will be restricted and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons, or for which storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural person or legal entity.

Rights of the Data Subject

As a data subject, you are entitled to various rights under GDPR, which arise from Articles 15 to 21 of GDPR, in particular:

• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is based on GDPR Article 6 (1) (e) or (f), including profiling based on those provisions. Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for these marketing purposes, which include profiling to the extent that it is related to this direct marketing.
• Right to withdrawal of consent: You have the right to withdraw your consent at any time.
• Right of access: You have the right to request confirmation as to whether your personal data will be processed; you also have a right to be informed of this data and to receive further information and a copy of the data in accordance with the provisions of the law.
• Right to rectification: In accordance with the provisions of the law, you have the right to request to request the completion of your personal data or the rectification of your incorrect personal data.
• Right to erasure and right to restriction of processing: In accordance with the provisions of the law, you have the right to demand that the relevant personal data be erased immediately, or, alternatively, to demand that the processing of the data be restricted in accordance with the provisions of the law.
• Right to data portability: You have the right to receive your personal data, which you have provided to us, in a structured, conventional, and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.
• Complaint to the supervisory authority: You also have the right, in accordance with the provisions of the law, to file a complaint with a supervisory authority, particularly in the member state where you have your primary residence, workplace, or in the location of the alleged violation, if you are of the view that the processing of your personal data violates GDPR.

One potential supervisory authority:

Data Privacy Officer of the State of Saxony
Mr. Andreas Schurig
Devrientstr. 5
01067 Dresden, Germany
Telephone: +49 (0) 351 85471 101
Fax: +49 (0) 351 85471 109
Website: www.datenschutz.sachsen.de

E-mail: saechsdsb@slt.sachsen.de

Terminology

This section provides you with an overview of the terminology used in the Privacy Policy. Many of the terms are drawn from the law and are primarily defined in GDPR Article 4. The legal definitions are binding. The following explanations are primarily intended to improve comprehensibility and may not be complete. The terms are in alphabetical order.

• Conversion tracking: Conversion tracking refers to a process for determining the effectiveness of marketing activities. To that end, a cookie is generally stored on users’ devices within the websites where the marketing activities take place, and then accessed again on the target website. This allows us to determine if the ads we place on other websites are effective, for example.
• IP masking: IP masking refers to a method wherein the final byte (the last two digits) of an IP address is deleted so that the IP address can no longer be used to clearly identify a specific person. Consequently, IP masking is a means of pseudonymizing data processing, particularly in online marketing.
• Interest-based and behavioral marketing: Interest-based and/or behavioral marketing refers to a process that allows users’ interest in ads and other content to be predetermined as precisely as possible. The process is based on information regarding users’ previous behavior (e.g., their visits to certain websites and how much time they spent there, their purchasing behavior or interactions with other users) that is stored in their profile. Cookies are generally used for this purpose.
• Personal data: Personal data refers to all information relating to an identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable if the person can be directly or indirectly identified, particularly by establishing a link to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or to one or more special characteristics that indicate the physical, physiological, genetic, psychological, financial, cultural, or social identity of this natural person.
• Profiling: Profiling refers to any type of automated processing of personal data that consists of using this data to analyze, evaluate, or predict certain personal aspects (e.g., interest in certain content or products, the way a user clicks on a website, or the user’s location) relating to a natural person. Depending on the type of profiling, this may include information regarding age, gender, location and movement data, interaction with websites and their contents, purchasing behavior, or social interaction with other people). Cookies and web beacons are often used for profiling purposes.
• Web analytics: Web analytics evaluates the streams of visitors to an online service and can document the users’ behavior or interest in certain information, such as the content of websites. Website operators can use web analytics to determine what times visitors visit their website and what content they are interested in, for example. This allows them to better adapt the content of their website to their visitors’ needs, for instance. Pseudonymized cookies and web beacons are often used for web analytics purposes in order to identify repeat visitors and, consequently, generate more detailed analyses of how the online services are used.
• Remarketing: Remarketing or retargeting refers to recording the products a user is interested in on a website for advertising purposes in order to remind the user of these products on other websites in the context of ads, for example.
• Tracking: Tracking refers to when users’ behavior can be traced across multiple online services. Generally, information regarding users’ behaviors and interests on the online services used is stored in cookies or on the tracking technology providers’ servers (known as profiling). This information can subsequently be used to display ads to users that are predicted to correspond to their interests.
• Controller: The controller is the natural person or legal entity, authority, institution, or other body that – either alone or with others – makes decisions regarding the purposes of and tools used for the processing of personal data.
• Processing: Processing is any process, with or without the assistance of automation, or any series of such processes carried out in connection with personal data. The term is broadly defined and comprises practically any form of handling personal data, including collection, evaluation, storage, transfer, and erasure.

Revisions and Updates to the Privacy Policy

We would ask you to please review our Privacy Policy on a regular basis. We will update our Privacy Policy as soon as changes to our data processing make it necessary. We will inform you as soon as the changes require action from you (e.g., consent) or another form of individual notification is required.
To the extent that this Privacy Policy includes addresses and contact details of companies and organizations, please note that addresses may change over time; consequently, we would ask you, as a general rule, to verify the information before making contact.

Source: Datenschutz-Generator.de, Dr. Thomas Schwenke
Adapted by: Dr. Jürgen Fechner