This Privacy Policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within the provision of our services, as well as within our online offering and the associated websites, features, and content, along with external online presences, such as our social media profiles (collectively referred to as the “online offering”). With regard to the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Norti Media LLC
30 N Gould St Ste N
Sheridan, Wyoming 82801
United States
EIN: 36-5096110
Phone: +1 307 445-9263
Types of data processed
Inventory data (e.g., personal master data, names, or addresses).
Contact data (e.g., email, phone numbers).
Content data (e.g., text input, photographs, videos).
Usage data (e.g., visited websites, interest in content, access times).
Meta/communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offering (hereinafter referred to collectively as “users”).
Purpose of processing
Providing the online offering, its functions, and content.
Responding to contact inquiries and communicating with users.
Security measures.
Reach measurement/marketing.
Terminology used
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Processing” means any operation or set of operations that is performed on personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
“Profiling” refers to any form of automated processing of personal data intended to evaluate certain personal aspects of a natural person, particularly to analyze or predict aspects related to job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
The “controller” is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” refers to a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Legal basis
In accordance with Article 13 GDPR, we inform you about the legal basis for our data processing activities. For users from the GDPR’s jurisdiction (i.e., the EU and the EEA), unless stated otherwise in the Privacy Policy, the following applies:
The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR.
The legal basis for processing to perform our services and contractual measures, as well as responding to inquiries, is Art. 6(1)(b) GDPR.
The legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR.
In the event that vital interests of the data subject or another natural person require processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
The legal basis for processing required to perform a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) GDPR.
The legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR.
Processing of data for purposes other than those for which they were collected is determined according to the provisions of Art. 6(4) GDPR.
Processing of special categories of data (in accordance with Art. 9(1) GDPR) is governed by Art. 9(2) GDPR.
Security measures
We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
Such measures include securing the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as the access, input, disclosure, availability, and separation of the data concerning them. Additionally, we have set up procedures to ensure the exercise of data subject rights, deletion of data, and response to data endangerment. Furthermore, we consider the protection of personal data during the development, selection of hardware, software, and procedures according to the principle of data protection by design and by default.
Collaboration with processors, joint controllers, and third parties
Should we disclose data to other persons and companies (processors, joint controllers, or third parties), transmit it to them, or otherwise grant them access to the data, this will only occur based on a legal permission (e.g., if a transfer of data to third parties is necessary for contract fulfillment), the users have consented, a legal obligation permits it, or it is based on our legitimate interests.
Should we disclose or transmit data to other companies in our group of companies, or otherwise grant them access, this is done particularly for administrative purposes based on legitimate interests and further on a legal basis.
Transfers to third countries
Should we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation) or should this occur in the context of using third-party services or disclosing or transmitting data to other persons or companies, this will only occur if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Provided legal or contractual permissions, we process or allow data to be processed in a third country only under legal requirements.
Rights of Data Subjects
As a data subject, you have the right to request confirmation as to whether data concerning you is being processed, access to the data, and further information, as well as a copy of the data in accordance with legal provisions.
You have the right to request the completion of data concerning you or the correction of inaccurate data concerning you, in accordance with legal provisions.
You have the right to request that data concerning you be deleted immediately, or alternatively, to request a restriction of the processing of your data in accordance with legal provisions.
You have the right to request to receive data concerning you that you have provided to us in accordance with legal provisions and to request its transmission to other controllers.
Additionally, you have the right to lodge a complaint with the competent supervisory authority in accordance with legal provisions.
Right to Withdraw Consent
You have the right to withdraw consents granted with effect for the future.
Right to Object
You can object to the future processing of data concerning you at any time in accordance with legal provisions. This objection can specifically apply to processing for direct marketing purposes.
Cookies and Right to Object to Direct Marketing
“Cookies” are small files that are stored on users' devices. Various types of information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offering.
Temporary cookies, or “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie may, for example, store the content of a shopping cart in an online shop or a login status.
“Permanent” or “persistent” cookies are cookies that remain stored even after the browser is closed. For example, the login status can be stored if users visit the website after several days. Similarly, the interests of users may be stored in such a cookie, which is used for reach measurement or marketing purposes.
“Third-party cookies” are cookies offered by providers other than the controller who operates the online offering (otherwise, if only their cookies are involved, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies and will provide information about this within our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to functional restrictions of this online offering.
A general objection to the use of cookies for online marketing purposes can be declared for a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Additionally, cookies can be saved by turning them off in the browser settings. Please note that not all features of this online offering may then be used.
Deletion of Data
The data we process will be deleted in accordance with legal requirements or restricted in its processing. Unless expressly stated within this privacy policy, the data we store will be deleted as soon as it is no longer required for its intended purpose, and no legal retention obligations prevent its deletion.
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
Changes and Updates to the Privacy Policy
We kindly ask you to regularly review the content of our privacy policy. We will adapt the privacy policy as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as changes require your cooperation (e.g., consent) or other individual notification.
Business-Related Processing
We also process
Contract data (e.g., contract subject, duration, customer category).
Payment data (e.g., bank details, payment history).
From our customers, prospects, and business partners for the purpose of providing contractual services, customer service, marketing, advertising, and market research.
Order Processing in the Online Shop and Customer Account
We process the data of our customers as part of the ordering process in our online shop to enable them to select and order the chosen products and services, as well as their payment and delivery or execution.
The processed data includes inventory data, communication data, contract data, payment data, and individuals affected by the processing include our customers, prospects, and other business partners. The processing serves to provide contractual services within the operation of an online shop, billing, delivery, and customer services.
User Accounts
Users can optionally create a user account where they can, in particular, view their orders. As part of the registration process, the required mandatory information will be communicated to the users. User accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data with regard to the user account will be deleted, subject to retention for commercial or tax reasons as per legal obligations. Information in the customer account will remain until its deletion followed by archival in case of legal obligation or our legitimate interests (e.g., in the event of legal disputes). It is the responsibility of users to save their data before the end of the contract if they terminate their account.
As part of registration and logins, as well as the use of our online services, we store the IP address and the time of the respective user action. This storage is based on our legitimate interests, as well as those of the users, to protect against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.
Data deletion occurs after the expiration of legal warranty and comparable obligations; the necessity of retaining the data is reviewed every three years. In the case of legal archiving obligations, deletion occurs after their expiration.
Agency Services
We process the data of our clients as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, campaign implementation and processing, server administration, data analysis/consulting services, and training services.
Here, we process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., email, phone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., contract subject, duration), payment data (e.g., bank details, payment history), usage data, and metadata (e.g., as part of evaluating and measuring the success of marketing measures). We generally do not process special categories of personal data unless these are components of a commissioned processing.
The affected individuals include our clients, prospects, and their customers, users, website visitors, or employees, as well as third parties. The purpose of processing is to provide contractual services, billing, and customer service.
The legal basis for processing is derived from Art. 6(1)(b) GDPR (contractual services) and Art. 6(1)(f) GDPR (analysis, statistics, optimization, security measures). We process data necessary for the establishment and fulfillment of contractual services and indicate the necessity of their provision unless this is evident to the parties concerned.
Disclosure to external parties only takes place if it is required as part of an order. When processing data disclosed to us within an order, we act in accordance with the instructions of the clients and the legal requirements.
We delete the data upon the expiration of legal warranty and comparable obligations; the necessity of data retention is reviewed every three years. In the case of legal archiving obligations, deletion occurs after their expiration (6 years per § 257(1) HGB, 10 years per § 147(1) AO). If data is provided to us by the client within an order, it will be deleted as per the specifications of the order, typically upon completion.
Therapeutic Services and Coaching
We process the data of our clients and interested parties, as well as other commissioning parties or contractual partners (collectively referred to as “clients”), in accordance with Art. 6(1)(b) GDPR to provide them with our contractual or pre-contractual services.
The data processed, its type, scope, and purpose, as well as the necessity of its processing, are determined by the underlying contractual relationship. In principle, the processed data includes inventory and master data of clients (e.g., name, address, etc.), contact data (e.g., email address, phone, etc.), contract data (e.g., services used, fees, names of contact persons, etc.), and payment data (e.g., bank details, payment history, etc.).
As part of our services, we may also process special categories of data as per Art. 9(1) GDPR, particularly information about the health of clients, possibly with reference to their sexual life or orientation, ethnic origin, or religious or ideological beliefs.
Such data is processed either based on the explicit consent of the clients in accordance with Art. 6(1)(a), Art. 7, Art. 9(2)(a) GDPR or for health care purposes on the basis of Art. 9(2)(h) GDPR, § 22(1)(1)(b) BDSG.
If required for contractual fulfillment or legally mandated, we disclose or transmit client data as part of communication with other professionals, necessary or typically involved third parties, such as billing agencies or comparable service providers. This is done to the extent required for our services as per Art. 6(1)(b) GDPR, legally required as per Art. 6(1)(c) GDPR, or in the interest of efficient and cost-effective healthcare as a legitimate interest per Art. 6(1)(f) GDPR.
Data deletion occurs when the data is no longer required for fulfilling contractual or legal obligations, including care duties or dealing with warranty or similar obligations. The necessity of retaining data is reviewed every three years.
Contractual Services
We process the data of our contractual partners and interested parties as well as other clients, customers, or contractual partners (hereinafter collectively referred to as “contractual partners”) in accordance with Art. 6(1)(b) GDPR to fulfill our contractual or pre-contractual obligations.
The data processed, its type, scope, and purpose, as well as the necessity of its processing, is determined by the underlying contractual relationship.
The processed data includes the basic data of our contractual partners (e.g., names and addresses), contact data (e.g., email addresses and phone numbers), contract data (e.g., services provided, contractual content, communication, names of contact persons), and payment data (e.g., bank details, payment history).
We do not process special categories of personal data unless these are components of commissioned or contractual processing.
We process data necessary for the establishment and fulfillment of contractual services and point out the necessity of their provision if it is not evident to the contractual partners. Data is disclosed to external individuals or companies only if it is required as part of a contract.
In the context of the use of our online services, we may store the IP address and the time of the respective user action. This storage is based on our legitimate interests, as well as those of the users, to protect against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.
The deletion of data occurs after the expiration of legal warranty and similar obligations. The necessity of retaining the data is reviewed every three years. In the case of legal archiving obligations, the deletion takes place after their expiration.
External Payment Service Providers
We use external payment service providers through whose platforms users and we can carry out payment transactions (e.g., PayPal, Klarna, Skrill, Giropay, Visa, Mastercard, American Express).
In the context of fulfilling contracts, we use payment service providers on the basis of Art. 6(1)(b) GDPR. Additionally, we use external payment service providers based on our legitimate interests per Art. 6(1)(f) GDPR to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data, such as name and address, bank data (e.g., account or credit card numbers), passwords, TANs, and checksums, as well as contract, summary, and recipient-related information. This data is necessary to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. This means we do not receive account or credit card information but only information confirming or declining the payment.
In some circumstances, the payment service providers may transmit the data to credit agencies. This transmission is for identity and credit checks. For this, we refer to the terms and conditions and privacy policies of the payment service providers.
For payment transactions, the terms and conditions and the privacy policies of the respective payment service providers apply, which are available on the respective websites or transaction applications.
Administration, Financial Accounting, Office Organization, and Contact Management
We process data as part of administrative tasks, organization of our operations, financial accounting, and compliance with legal obligations, such as archiving. Here, we process the same data that we process within the provision of our contractual services.
The legal basis for processing is Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR. The individuals affected include customers, prospects, business partners, and website visitors. The purpose of and our interest in processing lies in administration, financial accounting, office organization, and archiving of data, thus serving to maintain our business operations, fulfill our tasks, and provide our services.
The deletion of data regarding contractual services and contractual communication corresponds to the information specified for these processing activities.
We disclose or transmit data to the financial administration, consultants (e.g., tax consultants or auditors), and other fee agencies and payment service providers.
Economic Analyses and Market Research
To run our business economically, recognize market trends, and meet the wishes of our contractual partners and users, we analyze the data available to us regarding business transactions, contracts, inquiries, etc.
We process inventory data, communication data, contract data, payment data, usage data, and metadata based on Art. 6(1)(f) GDPR, whereby the individuals affected include contractual partners, prospects, customers, visitors, and users of our online offering.
The analyses are carried out for business evaluations, marketing, and market research purposes. We may consider the profiles of registered users with information about the services they have used. The analyses serve to increase user-friendliness, optimize our offering, and improve business efficiency.
The analyses are solely for our purposes and are not disclosed externally unless they are anonymous evaluations with aggregated values.
If these analyses or profiles are personal, they are deleted or anonymized upon termination of the users, otherwise two years after contract termination.
Participation in Affiliate Programs
Within our online offering, we use industry-standard tracking measures based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering) as per Art. 6(1)(f) GDPR, provided these are necessary for the operation of the affiliate system. Below, we clarify the technical background for users.
The services offered by our contractual partners can also be advertised and linked on other websites (so-called affiliate links or after-purchase systems, e.g., links or third-party services offered after concluding a contract). The operators of the respective websites receive a commission if users follow the affiliate links and subsequently utilize the offers.
In summary, it is necessary for our online offering that we can track whether users interested in affiliate links and/or the offers available with us subsequently utilize the offers on the initiative of the affiliate links or our online platform. For this purpose, affiliate links and our offers are supplemented with certain values that can be part of the link or set elsewhere, e.g., in a cookie. These values include, in particular, the origin website (referrer), time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, and tracking-specific values such as advertising media IDs, partner IDs, and categorizations.
The online identifiers used by us are pseudonymized values. This means that the online identifiers themselves do not contain any personal data such as names or email addresses. They only help us determine whether the same user who clicked on an affiliate link or was interested in an offer via our online offering has utilized the offer. However, the online identifier is personal insofar as the partner company and we have access to the online identifier along with other user data. Only in this way can the partner company inform us whether the user has utilized the offer and we can, for example, pay out the bonus.
Amazon Affiliate Program
Based on our legitimate interests (i.e., interest in the economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we are a participant in the Amazon EU affiliate program, which is designed to provide a medium for websites to earn advertising fees by placing ads and links to Amazon.de (so-called affiliate system). As an Amazon affiliate, we earn from qualifying purchases.
Amazon uses cookies to track the origin of orders. Among other things, Amazon can recognize that you have clicked on the partner link on this website and subsequently purchased a product from Amazon.
Further information on Amazon's data use and opt-out options can be found in the company's privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.
Note: Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliated companies.
Digistore24 Affiliate Program
We participate in the affiliate program of Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany, based on our legitimate interests (i.e., interest in the economic operation of our online offering as per Art. 6(1)(f) GDPR). This program is designed to provide a medium for websites to earn advertising fees by placing advertisements and links to Digistore24. Digistore24 uses cookies to track the origin of a contract conclusion. Among other things, Digistore24 can recognize that you clicked on the partner link on this website and subsequently concluded a contract with or via Digistore24.
Further information on the use of data by Digistore24 and opt-out options can be found in their privacy policy: https://www.digistore24.com/page/privacy.
Privacy Notices for Job Applications
We process applicant data only for the purpose and within the scope of the application process in accordance with legal requirements. Applicant data is processed to fulfill our (pre)contractual obligations within the application process in accordance with Art. 6(1)(b) GDPR and, if the processing of data becomes necessary for us in the context of legal proceedings, also based on Art. 6(1)(f) GDPR (in addition to § 26 BDSG in Germany).
The application process requires that applicants provide us with their application data. If we provide an online form, the necessary applicant data will be indicated. Otherwise, it arises from the job descriptions and generally includes personal information, postal and contact addresses, and the documents belonging to the application, such as cover letters, CVs, and certificates. Additionally, applicants can voluntarily provide us with additional information.
By submitting the application to us, applicants agree to the processing of their data for purposes of the application process in accordance with the type and scope set out in this Privacy Policy.
Where special categories of personal data as defined in Art. 9(1) GDPR are voluntarily disclosed within the application process, their processing is additionally based on Art. 9(2)(b) GDPR (e.g., health data such as disability status or ethnic origin). If special categories of personal data are requested from applicants within the application process, their processing is additionally based on Art. 9(2)(a) GDPR (e.g., health data, if required for professional purposes).
If provided, applicants can submit their applications via an online form on our website. The data will be encrypted and transmitted in accordance with the state of the art.
Applicants can also send us their applications via email. However, please note that emails are generally not sent in encrypted form, and applicants are responsible for encryption. Therefore, we cannot assume responsibility for the transmission path of the application between the sender and receipt on our server.
In case of a successful application, the data provided by applicants may be further processed by us for employment purposes. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
The deletion will occur after six months to allow us to answer any follow-up questions about the application and to meet our obligations under the Equal Treatment Act.
Registration Function
Users can create a user account. During the registration process, the required mandatory information will be communicated to the users and processed on the basis of Art. 6(1)(b) GDPR for the purpose of providing the user account. The processed data includes login information (e.g., name, password, and email address). The data entered during registration will be used for the purposes of using the user account and its purpose.
Users can be informed about information relevant to their user account, such as technical changes, via email. If users have terminated their user account, their data related to the user account will be deleted, subject to retention due to legal obligations. It is the users' responsibility to secure their data prior to the end of the contract if they terminate their account.
As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. This storage is based on our legitimate interests, as well as those of the users, to protect against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.
The IP addresses are anonymized or deleted after no later than seven days.
Contacting Us
When contacting us (e.g., via contact form, email, phone, or social media), the user’s details are processed to handle the contact request and its processing in accordance with Art. 6(1)(b) GDPR (in the context of contractual/pre-contractual relationships) and Art. 6(1)(f) GDPR (other inquiries).
User information may be stored in a Customer Relationship Management System (“CRM System”) or a comparable request organization system.
We delete the requests when they are no longer necessary. We review the necessity every two years. In addition, the legal archiving obligations apply.
Newsletter
The following section informs you about the contents of our newsletter, the registration, sending, and statistical evaluation procedures, and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
Newsletter Content
We send newsletters, emails, and other electronic notifications with promotional information (hereinafter referred to as "newsletter") only with the consent of the recipients or a legal permission. If the content of a newsletter is specifically described during the registration process, it is decisive for the user's consent. Otherwise, our newsletters contain information about our services and us.
Double-Opt-In and Logging
The registration for our newsletter takes place in a so-called double-opt-in process. This means you will receive an email after registration asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else’s email address. The registrations for the newsletter are logged to provide proof of the registration process in accordance with legal requirements. This includes storing the login and confirmation times as well as the IP address. The changes to your data stored by the mailing service provider are also logged.
Registration Data
To sign up for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for personal address in the newsletter.
Statistical Surveys and Analyses
The newsletters contain a so-called "web beacon," a pixel-sized file retrieved from our server or, if we use a mailing service provider, from their server when the newsletter is opened. This retrieval initially collects technical information, such as information about the browser and your system, as well as your IP address and time of retrieval.
This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on retrieval locations (determined with the help of the IP address) or access times. The statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. This information can be assigned to individual newsletter recipients for technical reasons. However, it is neither our aim nor, if used, that of the mailing service provider to observe individual users. The evaluations serve to recognize the reading habits of our users and adapt our content to them or send different content according to the interests of our users.
Termination/Revocation
You can cancel the receipt of our newsletter at any time, i.e., revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. We may retain unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to demonstrate prior consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed.
Newsletter - Mailing Service Provider
The newsletter is sent using a mailing service provider [NAME, ADDRESS, COUNTRY]. The privacy policy of the mailing service provider can be viewed here: [LINK TO PRIVACY POLICY]. The mailing service provider is used based on our legitimate interests under Art. 6(1)(f) GDPR and a data processing agreement under Art. 28(3)(1) GDPR.
The mailing service provider may use the recipient's data in pseudonymous form, i.e., without assignment to a user, to optimize or improve their services, e.g., for technical optimization of the shipping and presentation of the newsletters or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to address them themselves or pass the data on to third parties.
Newsletter - Performance Measurement
The newsletters contain a so-called "web beacon," a pixel-sized file retrieved from our server or, if we use a mailing service provider, from their server when the newsletter is opened. In the process of retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is collected.
This information is used to technically improve the services based on the technical data, or target groups and their reading behavior based on retrieval locations (identified using the IP address) or access times.
The statistical evaluations also include determining whether newsletters are opened, when they are opened, and which links are clicked. This information can be assigned to individual newsletter recipients for technical reasons. However, it is neither our objective nor that of the mailing service provider to observe individual users. The evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Unfortunately, a separate revocation of performance measurement is not possible; in this case, the entire newsletter subscription must be canceled.
Hosting and Email Delivery
The hosting services we use are for the purpose of providing the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, and technical maintenance services, which we use for operating this online offering.
In this context, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, metadata, and communication data from customers, prospective customers, and visitors to this online offering on the basis of our legitimate interests in the efficient and secure provision of this online offering in accordance with Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
Collection of Access Data and Log Files
We, or our hosting provider, collect data on the basis of our legitimate interests under Art. 6(1)(f) GDPR about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, data volume transferred, notification of successful access, browser type along with version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
Log file information is stored for security reasons (e.g., to investigate misuse or fraudulent actions) for a maximum of 7 days and then deleted. Data that must be retained for further purposes is excluded from deletion until the respective incident is finally clarified.
Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC ("Google"), based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering as per Art. 6(1)(f) GDPR). Google uses cookies. The information generated by the cookie about the use of the online offering by users is generally transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use Google Analytics with activated IP anonymization. This means that users’ IP addresses are truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
The IP address transmitted by the user's browser will not be merged with other data held by Google. Users can prevent the storage of cookies by configuring their browser settings accordingly. Furthermore, users can prevent the collection of data generated by the cookie and related to their use of the online offering by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Further information on Google's use of data, settings, and objection options can be found in Google's privacy policy (https://policies.google.com/privacy) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
The personal data of users is deleted or anonymized after 14 months.