NRG ON

Legal Notice – Privacy Policy

Information pursuant to Section 5 of the German Telemedia Act (TMG)

NRG-ON
Trippstadter Straße 110
67663 Kaiserslautern
Germany

Represented by:
Dr. Jens Nettersheim
Nicolai Alexander Rachul
Katarzyna Gorzedowski

Contact:
Email: info@nrg-on.com

---

Disclaimer

Liability for Content

The content of our website has been created with the utmost care. However, we cannot guarantee the accuracy, completeness, or timeliness of the content. As service providers, we are responsible for our own content on these pages according to general laws (§ 7 para. 1 TMG). According to §§ 8 to 10 TMG, we are not obligated as service providers to monitor transmitted or stored third-party information or to investigate circumstances indicating illegal activity. Obligations to remove or block the use of information under general laws remain unaffected. Liability in this regard is only possible from the time of knowledge of a specific infringement. Upon becoming aware of any such infringements, we will remove the respective content immediately.

Liability for Links

Our offer contains links to external third-party websites, over whose content we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the linked pages is always responsible for their content. The linked pages were checked for possible legal violations at the time of linking. Illegal content was not identifiable at the time of linking. A permanent control of the linked pages without concrete evidence of a violation is not reasonable. Upon becoming aware of any legal violations, we will remove such links immediately.

Copyright

The content and works created by the site operators on these pages are subject to German copyright law. Duplication, processing, distribution, or any form of commercialization beyond the limits of copyright require the written consent of the respective author or creator. Downloads and copies of this site are only permitted for private, non-commercial use. To the extent that content on this site was not created by the operator, third-party copyrights are respected. In particular, third-party content is marked as such. Should you become aware of a copyright infringement, please inform us accordingly. Upon becoming aware of any infringements, we will remove such content immediately.

---

Data Protection

The use of our website is generally possible without providing personal data. Where personal data (e.g., name, address, or email addresses) is collected on our pages, this is always done on a voluntary basis wherever possible. This data will not be passed on to third parties without your explicit consent. Please note that data transmission over the internet (e.g., communication via email) can have security vulnerabilities. Complete protection of data from access by third parties is not possible.

The use of contact data published under the imprint obligation by third parties for sending unsolicited advertising and information materials is expressly prohibited. The operators of the site expressly reserve the right to take legal action in case of unsolicited sending of advertising information, such as spam emails.

---

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” text files stored on your computer, which allow analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to and stored on a Google server in the USA. Google will use this information to evaluate your use of the website, compile reports on website activity for website operators, and provide other services related to website and internet usage. Google may also transfer this information to third parties if required by law or where third parties process this data on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may prevent the installation of cookies by adjusting your browser settings; however, this may limit the full functionality of this website. By using this website, you consent to the processing of data about you by Google as described above and for the stated purpose.

---

Google AdSense

This website uses Google AdSense, an advertising service provided by Google Inc., USA (“Google”). Google AdSense uses “cookies” (text files stored on your computer) and “web beacons” (small invisible graphics) to collect information. The cookie and/or web beacon-generated information about your use of this website (including your IP address) is transmitted to and stored on a Google server in the USA. Google uses this information to evaluate your use of the website with regard to ads, compile reports on website and ad activity for website operators, and provide other related services. Google may also transfer this information to third parties if required by law or where third parties process this data on Google’s behalf. Google will not associate your IP address with other Google data. You can prevent cookie storage and web beacon display by setting your browser to refuse cookies (e.g., in MS Internet Explorer under Tools > Internet Options > Privacy; in Firefox under Options > Privacy > Cookies). However, this may limit full website functionality. By using this website, you consent to data processing by Google as described.

---

Privacy Policy

Preamble

The following privacy policy informs you about the types of personal data (hereinafter also “data”) we collect, the purposes for which we process it, and the scope of such processing in connection with providing our application.

The terms used are gender-neutral.

Date: June 10, 2025

Responsible Party

NRG-ON
Trippstadter Straße 110
67663 Kaiserslautern
Germany

Authorized Representatives: Dr. Jens Nettersheim & Nicolai Alexander Rachul & Katarzyna Gorzedowski

Email: info@nrg-on.com
Imprint: https://nrg-on.com/

---

Overview of Data Processing

The following overview summarizes the types of data processed, the purposes of processing, and the affected categories of persons.

Types of Data Processed

• Master data
• Payment data
• Location data
• Contact data
• Content data
• Contract data
• Usage data
• Meta, communication, and procedural data
• Log data

Categories of Data Subjects

• Service recipients and clients
• Interested parties
• Communication partners
• Users
• Business and contractual partners
• Customers

Purposes of Processing

Business processes and commercial procedures

Provision of contractual services and fulfillment of contractual obligations

Communication

Security measures

Direct marketing

Reach measurement

Tracking

Office and organizational procedures

Conversion measurement

Audience formation

Organizational and administrative procedures

Feedback

Marketing

User profiling

Provision of our online offerings and user-friendliness

IT infrastructure

Public relations

Sales promotion

Business processes and commercial procedures

Applicable Legal Bases

Legal bases according to the GDPR:
Below you will find an overview of the GDPR legal bases on which we process personal data. Please note that, in addition to the GDPR regulations, national data protection laws in your or our country of residence or establishment may apply. Should more specific legal bases be relevant in individual cases, we will inform you accordingly in the privacy policy.

• Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Performance of a Contract or Pre-Contractual Measures (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
• Legal Obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate Interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In Germany, in addition to GDPR, national regulations such as the Federal Data Protection Act (BDSG) and possibly state data protection laws also apply.

---

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to individuals’ rights and freedoms, to ensure a level of security appropriate to the risk.

Measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access, input, transmission, availability, and separation of data. We have also established procedures to exercise data subject rights, ensure data deletion, and respond to data breaches. Furthermore, we integrate data protection by design and by default into the development and selection of hardware, software, and processes.

---

IP Address Masking and Secure Online Connections

Where IP addresses are processed and a full IP address is not necessary, we shorten or mask the IP address by removing or replacing the last parts to prevent or significantly hinder identification of individuals via their IP.

To protect user data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology (HTTPS). TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are fundamental for secure data transmission on the internet, encrypting the data transferred between the user’s browser and our servers. Websites secured with TLS/SSL display “HTTPS” in the URL, indicating a secure encrypted connection.

---

Disclosure and Transfer of Personal Data

In the course of processing personal data, data may be disclosed or transferred to other entities such as service providers responsible for IT tasks or providers of services and content embedded in websites. We comply with statutory requirements and conclude appropriate agreements with these recipients to ensure data protection.

Internal data transfers: Personal data may be shared between departments or units within our organization for administrative purposes based on legitimate interests or contract fulfillment, or with the data subject’s consent or legal permission.

International data transfers:
If personal data is transferred to a third country (outside the EU/EEA), this is always done in compliance with legal requirements. For transfers to the United States, we primarily rely on the Data Privacy Framework (DPF), recognized by the EU Commission as providing an adequate level of protection. In addition, we use standard contractual clauses approved by the EU Commission to ensure contractual data protection obligations.

This dual layer of protection ensures comprehensive security of your data. The DPF provides the primary protection layer, while standard contractual clauses serve as a fallback in case of changes to the DPF.

Information on the certification of individual service providers under the DPF and the availability of standard contractual clauses is provided by the respective providers. Further details and a list of certified companies are available on the U.S. Department of Commerce website: https://www.dataprivacyframework.gov/ (in English).

For transfers to other third countries, appropriate safeguards such as standard contractual clauses, explicit consent, or statutory permissions are applied. Information on third-country transfers and adequacy decisions can be found on the EU Commission’s website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en.

---

General Information on Data Retention and Deletion

We delete personal data processed by us in accordance with legal provisions as soon as the consent has been withdrawn or no other legal basis for processing exists. This applies particularly when the original purpose for processing no longer exists or the data is no longer needed.

Exceptions apply where statutory obligations or overriding interests require longer retention or archiving, e.g., for commercial or tax law retention periods or to safeguard legal claims.

If several retention periods apply, the longest period takes precedence. If a retention period of at least one year is not explicitly tied to a specific date, it begins at the end of the calendar year in which the triggering event occurred. For ongoing contracts, the triggering event is the date of termination or contract expiration.

Business Processes and Procedures

Personal data of service recipients and clients — including customers, clients, or in special cases, legal clients, patients, or business partners as well as other third parties — are processed within the scope of contractual and comparable legal relationships, as well as pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business operations in areas such as customer management, sales, payment transactions, accounting, and project management.

The collected data serves to fulfill contractual obligations and to design business processes efficiently. This includes the execution of business transactions, customer relationship management, optimization of sales strategies, and ensuring internal accounting and financial processes. Additionally, the data supports safeguarding the rights of the controller and promotes administrative tasks and company organization.

Personal data may be disclosed to third parties if necessary for fulfilling the aforementioned purposes or legal obligations.

• Types of processed data: Master data (e.g., full name, residential address, contact details, customer number); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses); content data (e.g., textual or visual messages and contributions as well as related information such as authorship details); contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used). Meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
• Data subjects: Service recipients and clients; prospective clients; communication partners; business and contractual partners; customers.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and economic procedures; security measures; provision of our online offer and user-friendliness.
• Retention and deletion: Deletion according to the specifications in the section “General Information on Data Storage and Deletion.”
• Legal basis: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

• Customer Account: Customers may create an account within our online offering (e.g., customer or user account, referred to as “customer account”). If registration of a customer account is required, customers will be informed accordingly, including the necessary data for registration. Customer accounts are not public and cannot be indexed by search engines. During registration and subsequent logins and use of the customer account, we store customers’ IP addresses along with access times to verify registration and prevent misuse of the customer account. Upon termination of the customer account, the account data will be deleted after the termination date unless it is retained for other purposes beyond the provision of the customer account or is required to be kept for legal reasons (e.g., internal storage of customer data, order processes, or invoices). It is the customers’ responsibility to back up their data upon termination of the customer account.
  Legal basis: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).
• Economic Analyses and Market Research: For the fulfillment of business purposes and the identification of market trends, partner and user preferences, the existing data regarding business transactions, contracts, inquiries, etc. are analyzed. The group of data subjects may include contractual partners, prospects, customers, visitors, and users of the controller’s online offering. The analyses serve business evaluations, marketing, and market research purposes (e.g., identifying customer groups with different characteristics). Where applicable, profiles of registered users along with their service usage data are considered. The analyses are exclusively for the controller and are not disclosed externally, except in cases of anonymous analyses using aggregated, anonymized data. User privacy is respected by processing data for analysis purposes in a pseudonymized or, where feasible, anonymized form (e.g., aggregated data).
  Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

---

Provision of Online Services and Web Hosting

We process users’ data to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the content and functions of our online services to the browser or the user’s device.

• Types of processed data: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); log data (e.g., log files concerning logins or data retrieval and access times); content data (e.g., textual or visual messages and contributions as well as related information such as authorship or creation time).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical equipment such as computers, servers, etc.); security measures.
• Retention and deletion: Deletion according to the specifications in the section “General Information on Data Storage and Deletion.”
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

WordPress.com: Hosting and software for creating, providing, and operating websites, blogs, and other online services; service provider: Automattic Inc., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; legal basis: Legitimate interests (Art. 6(1)(f) GDPR); website: https://wordpress.com; privacy policy: https://automattic.com/de/privacy/; data processing agreement: https://wordpress.com/support/data-processing-agreements/; basis for cross-border data transfers: Data Privacy Framework (DPF), standard contractual clauses (provided by the service provider).

Collection of Access Data and Log Files: Access to our online offering is logged in so-called “server log files.” These server log files may include the address and name of the requested webpages and files, date and time of the request, amount of data transferred, status of the request, browser type and version, the user’s operating system, referrer URL (the previously visited page), as well as usually IP addresses and the requesting provider. Server log files serve security purposes, e.g., to prevent server overload (particularly in the event of malicious attacks, so-called DDoS attacks) and to ensure server stability and load management.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data requiring longer retention for evidentiary purposes is exempt from deletion until the respective case is finally resolved.

STRATO: Services in the area of providing IT infrastructure and related services (e.g., storage space and/or computing capacity); service provider: STRATO AG, Pascalstraße 10, 10587 Berlin, Germany; legal basis: Legitimate interests (Art. 6(1)(f) GDPR); website: https://www.strato.de; privacy policy: https://www.strato.de/datenschutz/; data processing agreement: provided by the service provider.

Use of Cookies

The term “cookies” refers to functions that store information on users’ end devices and read it back. Cookies may be employed for various purposes, such as ensuring the functionality, security, and convenience of online services, as well as for analyzing visitor traffic. We use cookies in accordance with legal requirements. Where necessary, we obtain users’ prior consent. If consent is not required, we rely on our legitimate interests. This applies when storing and reading information is indispensable for providing expressly requested content and functionalities, such as saving settings and ensuring the functionality and security of our online offerings. Consent can be revoked at any time. We provide clear information about its scope and the cookies used.

Legal basis for data protection: Whether we process personal data via cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, as outlined above in this section and in the context of the respective services and procedures.

Storage duration: Regarding storage duration, the following types of cookies are distinguished:

• Temporary cookies (session cookies): These cookies are deleted no later than when a user leaves an online service and closes their device (e.g., browser or mobile application).
• Permanent cookies: These remain stored after the device is closed. For example, they may save login status or preferred content to be displayed immediately when the user revisits a website. Data collected via cookies may also be used for reach measurement. Unless explicit information is provided to users regarding the type and duration of cookies (e.g., during consent collection), users should assume these cookies are permanent and may be stored for up to two years.

General information on withdrawal and objection (opt-out): Users can revoke consents at any time and also object to processing in accordance with statutory provisions, including via browser privacy settings.

• Types of data processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data subjects: Users (e.g., website visitors, users of online services).
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), Consent (Art. 6(1)(a) GDPR).

Additional information on processing operations, procedures, and services:

• Processing of cookie data based on consent: We employ a consent management solution to obtain users’ consent for using cookies or for the procedures and providers named within the consent management system. This process serves to obtain, log, manage, and revoke consents, particularly regarding the use of cookies and similar technologies for storing, reading, and processing information on users’ devices. Within this framework, users’ consents for the use of cookies and related processing, including specific processing and providers named in the consent management procedure, are obtained. Users can manage and revoke their consents. Consent declarations are stored to avoid repeated queries and to provide evidence of consent in compliance with legal requirements. Storage occurs server-side and/or in a cookie (so-called opt-in cookie) or through comparable technologies to associate the consent with a specific user or device. Unless otherwise specified regarding consent management service providers, the following general information applies: Consent storage duration is up to two years. A pseudonymous user identifier is created and stored together with the time of consent, scope details (e.g., categories of cookies and/or service providers), and information about the browser, system, and device used. Legal basis: Consent (Art. 6(1)(a) GDPR).

---

Blogs and Publication Media

We use blogs or comparable online communication and publication tools (hereinafter “publication media”). Reader data is processed solely to the extent necessary for the representation of the publication medium and communication between authors and readers, or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publication media within these data protection notices.

• Types of data processed: Master data (e.g., full name, address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or pictorial messages and posts including information such as authorship or time of creation); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purpose of processing: Feedback collection (e.g., via online forms); provision and usability of our online offer; security measures; organizational and administrative procedures.
• Storage and deletion: Deletion according to the section “General information on data storage and deletion.”
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional notes on processing:

• Comments and posts: If users leave comments or other posts, their IP addresses may be stored on the basis of our legitimate interests to ensure security in case of unlawful content (e.g., insults, prohibited political propaganda). We may be held liable for comments or posts and thus are interested in identifying authors.
• Additionally, we reserve the right to process user data for spam detection on the basis of legitimate interests.
• On the same legal basis, we may store IP addresses during surveys to prevent multiple votes and use cookies accordingly.
• Personal information, contact data, website info, and content submitted via comments or posts will be stored until users object. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

---

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone, or social media) and within existing user and business relationships, the data of the inquiring persons is processed insofar as necessary to answer inquiries and handle requested measures.

• Types of data processed: Master data (e.g., full name, address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or pictorial messages and posts including authorship or creation time); usage data (e.g., page views, duration, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data subjects: Communication partners.
• Purpose of processing: Communication; organizational and administrative procedures; feedback (e.g., collection via online forms); provision and usability of our online offering.
• Storage and deletion: Deletion according to “General information on data storage and deletion.”
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), contract fulfillment and pre-contractual measures (Art. 6(1)(b) GDPR).

Additional notes on processing:

• Contact form: When contacting us via contact form, email, or other communication channels, we process the transmitted personal data to respond to and handle the inquiry. Typically, this includes data such as name, contact information, and, if applicable, further details necessary for appropriate handling. These data are used solely for the purpose of contact and communication. Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

---

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (“newsletter”) only with recipients’ consent or based on legal grounds. If newsletter content is specified during registration, this content is decisive for users’ consent. Usually, providing an email address is sufficient for newsletter registration. For personalized service, we may request a user’s name or additional information if necessary for the newsletter’s purpose.

Deletion and processing restrictions: We may retain unsubscribed email addresses for up to three years on the basis of legitimate interests to prove previously granted consent. Processing of such data is limited to defending potential claims. Individual deletion requests are possible at any time, provided the prior existence of consent is confirmed. For legal obligations to respect objections permanently, we reserve the right to store email addresses solely for this purpose on a suppression list (blocklist).

The registration process is logged based on legitimate interests to document proper procedure. If we contract a service provider for email dispatch, this is based on legitimate interests in an efficient and secure delivery system.

Contents:

Information about us, our services, promotions, and offers.

• Types of data processed: Master data (e.g., full name, residential address, contact details, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, involved persons); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
• Affected persons: Communication partners.
• Purpose of processing: Direct marketing (e.g., by email or postal mail).
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
• Right to object (Opt-Out): You can unsubscribe from our newsletter at any time, i.e., revoke your consent or object to further receipt. A link to unsubscribe is available either at the end of every newsletter or you can use one of the above contact methods, preferably email.

Further information on processing procedures, methods, and services:

• Measurement of open and click rates: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our or, if we use a shipping service provider, their server when the newsletter is opened. During this retrieval, technical information (such as browser and system data), your IP address, and the time of retrieval are collected. This information is used to technically improve our newsletter based on the technical data or target groups and their reading behavior based on their retrieval locations (determined via IP address) or access times. This analysis also includes determining whether and when newsletters are opened and which links are clicked. The information is assigned to individual newsletter recipients and stored in their profiles until deletion. The evaluations serve to identify our users’ reading habits and adapt our content accordingly or send different content according to users’ interests. Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

---

Promotional communication via email, post, fax, or phone

We process personal data for purposes of promotional communication which can be carried out via various channels such as email, telephone, post, or fax, in accordance with legal requirements.

Recipients have the right to revoke given consent at any time or object to promotional communication at any time.

After revocation or objection, we store the data necessary to prove prior authorization for contact or sending for up to three years after the end of the year of revocation or objection, based on our legitimate interests. Processing these data is limited to the purpose of possible defense against claims. Based on legitimate interest in permanently observing user revocations or objections, we also store data required to avoid further contact (e.g., depending on the communication channel, email address, phone number, name).

• Types of data processed: Master data (e.g., full name, residential address, contact details, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or pictorial messages and contributions as well as related information such as authorship or creation time).
• Affected persons: Communication partners.
• Purpose of processing: Direct marketing (e.g., via email or postal mail); marketing; sales promotion.
• Retention and deletion: Deletion according to the section “General information on data storage and deletion.”
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

---

Web analysis, monitoring, and optimization

Web analysis (also called “reach measurement”) serves to evaluate visitor flows on our online offering and can include behavior, interests, or demographic information about visitors (such as age or gender) as pseudonymous values. With reach analysis, for example, we can determine when our online offering or its features or content are used most frequently or invite reuse. It also enables us to identify areas that need optimization.

In addition to web analysis, we may use testing methods to test and optimize different versions of our online offering or its components.

Unless otherwise indicated, profiles can be created for these purposes, i.e., data combined for a usage session, and information can be stored and read in a browser or on a device. Collected data includes visited websites and used elements, technical information such as browser, computer system, usage times. If users have consented to the collection of location data, processing of such data is possible.

IP addresses are stored but we use IP masking (pseudonymization by shortening the IP address) to protect users. Generally, no clear data (such as email addresses or names) are stored within web analysis, A/B testing, or optimization, only pseudonyms. Thus, neither we nor the software providers know the users’ actual identities but only the data stored in profiles for these procedures.

• Legal basis: If we request consent from users for third-party services, consent is the legal basis. Otherwise, processing is based on our legitimate interests (efficient, economical, user-friendly services). Please also see information on cookie use in this privacy policy.
• Types of data processed: Usage data (page views, duration, click paths, usage intensity and frequency, device types and OS, interactions with content/functions); meta, communication, and process data (IP addresses, timestamps, IDs, persons involved).
• Affected persons: Users (e.g., website visitors, online service users).
• Purpose of processing: Reach measurement (access statistics, recognizing returning visitors); creation of user profiles; providing and improving our online services.
• Retention and deletion: Deletion according to “General information on data storage and deletion.” Cookies can be stored up to 2 years unless otherwise stated.
• Security measures: IP masking.
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

---

Further information on processing procedures, methods, and services:

• Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This ID contains no personal data such as names or emails. It helps assign analysis data to a device to see which content users viewed, which search terms they used, reaccessed, or how they interacted with our offering. Usage time, duration, referral sources, and technical device/browser aspects are also stored. Pseudonymous user profiles combining info from different devices are created, with cookies possibly used. Google Analytics does not log or store individual IP addresses for EU users but provides coarse geographic data (city, continent, country, region). IP addresses for EU traffic are used only for geo-derivation then immediately deleted and not stored or used further. Google Analytics data collection queries happen on EU-based servers before processing. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR)
  • Website: https://marketingplatform.google.com/intl/de/about/analytics/
  • Security measures: IP masking
  • Privacy policy: https://policies.google.com/privacy
  • Data processing agreement: https://business.safety.google/adsprocessorterms/
  • Cross-border data transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses
  • Opt-out options: Opt-out plugin https://tools.google.com/dlpage/gaoptout?hl=de, Ad personalization settings https://myadcenter.google.com/personalizationoff
  • More info: https://business.safety.google/adsservices/

---

Online marketing

We process personal data for online marketing purposes, including selling advertising space or displaying promotional and other content (“content”) based on potential user interests, as well as measuring effectiveness.

For this, user profiles are created and stored in a file (the so-called “cookie”) or similar methods are used to store relevant user information for content display. This can include viewed content, visited websites, online networks used, communication partners, and technical details like browser, computer system, usage times, and features used. If users consented to location data collection, this can also be processed.

IP addresses are stored but IP masking (pseudonymization) is used for user protection. Generally, no clear data (like email or names) are stored, only pseudonyms. Neither we nor online marketing providers know actual user identities, only profile data.

Profile data is typically stored in cookies or similar technologies, which may also be read on other sites using the same online marketing methods and analyzed to display content or enriched with other data on the marketing provider’s servers.

In exceptional cases, clear data may be linked to profiles, primarily if users are members of a social network we use for marketing, and the network connects user profiles with such data. Users may enter additional agreements with providers, for example via registration consent.

We generally only receive access to aggregated information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing methods have led to a so-called conversion, i.e., for example, to a contract conclusion with us. Conversion measurement is used solely for the success analysis of our marketing measures.

Unless otherwise stated, please assume that cookies used are stored for a period of two years.

Notes on legal basis: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is the permission granted. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to point you to the information on the use of cookies in this privacy policy.

Notes on revocation and objection:

We refer to the privacy notices of the respective providers and the objection options (“opt-out”) provided by them. If no explicit opt-out option is given, you can disable cookies in your browser settings. However, this may restrict the functions of our online offer. Therefore, we also recommend the following opt-out options, which are offered collectively for the respective regions:

a) Europe: https://www.youronlinechoices.eu

b) Canada: https://www.youradchoices.ca/choices

c) USA: https://www.aboutads.info/choices

d) Cross-region: https://optout.aboutads.info

• Types of data processed: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, detection of recurring visitors); tracking (e.g., interest/behavior-based profiling, use of cookies); audience formation; marketing; user-related profile creation (creating user profiles). Conversion measurement (measuring the effectiveness of marketing measures).
• Storage and deletion: Deletion in accordance with the section “General information on data storage and deletion.” Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for a period of two years).
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6 Para. 1 Sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR).

---

Additional information on processing procedures, methods, and services:

• Google Ads and Conversion Measurement: Online marketing procedures for placing content and advertisements within the service provider’s advertising network (e.g., in search results, videos, websites, etc.) so that they are shown to users who presumably have an interest in the ads. Additionally, we measure the conversion of ads, i.e., whether users have taken the ads as an occasion to interact with them and use the promoted offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 lit. a) GDPR), Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for international data transfers: Data Privacy Framework (DPF); Further information: Types of processing and processed data: https://business.safety.google/adsservices/. Data processing conditions between controllers and standard contractual clauses for data transfers outside the EU: https://business.safety.google/adscontrollerterms.

---

Social media presences

We maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about us.

Please note that user data may be processed outside the European Union. This may pose risks for users because, for example, enforcing user rights could be more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created based on user behavior and resulting interests. These profiles may then be used to display advertisements inside and outside the networks that presumably match user interests. Therefore, cookies are usually stored on users’ devices that save usage behavior and user interests. Also, usage profiles may store data independently of the devices used by users (especially if they are members of the respective platforms and logged in there).

For detailed information about the processing methods and objection options (opt-out), we refer to the privacy policies and information of the operators of the respective networks.

In the case of data access requests and asserting user rights, please note that these are most effectively asserted with the providers themselves. Only they have access to the user data and can directly take corresponding measures and provide information. If you need help, you may contact us.

• Types of data processed: Contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and posts as well as information relating to them, such as authorship or creation time). Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Communication; feedback (e.g., collecting feedback via online forms). Public relations.
• Storage and deletion: Deletion according to the section “General information on data storage and deletion.”
• Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR).

---

Additional information on processing procedures, methods, and services:

• LinkedIn: Social network – We are jointly responsible with LinkedIn Ireland Unlimited Company for collecting (but not further processing) data of visitors used to create “Page Insights” (statistics) for our LinkedIn profiles. These data include information about types of content users view or interact with and the actions they take. Also, details about devices used are collected, such as IP addresses, operating system, browser type, language settings, and cookie data, as well as information from user profiles like job function, country, industry, hierarchy level, company size, and employment status. Privacy information about data processing by LinkedIn can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
  We have concluded a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum,” https://legal.linkedin.com/pages-joint-controller-addendum) regulating security measures LinkedIn must observe and committing LinkedIn to fulfill users’ rights (i.e., users can submit data access or deletion requests directly to LinkedIn). Users’ rights (especially the rights to access, deletion, objection, and complaint to the supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection and transmission of data to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of data is solely the responsibility of LinkedIn Ireland Unlimited Company, especially regarding the transfer of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Basis for international data transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa); Opt-out possibility: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Privacy policy: https://policies.google.com/privacy; Basis for international data transfers: Data Privacy Framework (DPF). Opt-out possibility: https://myadcenter.google.com/personalizationoff.

---

Plugins and embedded functions and content

We embed functional and content elements in our online offer that are obtained from the servers of their respective providers (“third parties”). These may be, for example, graphics, videos, or maps (hereinafter collectively referred to as “content”).

Embedding always requires that the third-party providers process users’ IP addresses, as they could not send the content to the user’s browser without the IP address. The IP address is therefore necessary for displaying these contents or functions. We endeavor to use only content whose providers apply the IP address only for delivering the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These pixel tags can evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contain technical information about the browser and operating system, referring websites, visit time, and other data related to the use of our online offer, and can be linked with such information from other sources.

Notes on legal basis: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also point you to the information on the use of cookies in this privacy policy.

• Types of data processed: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Location data (information about the geographic position of a device or person).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offer and user-friendliness; reach measurement (e.g., access statistics, detection of recurring visitors); tracking (e.g., interest/behavior-based profiling, use of cookies); audience formation; marketing.
• Storage and deletion: Deletion according to the section “General information on data storage and deletion.” Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for a period of two years).
• Legal basis: Consent (Art. 6 Para. 1 Sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR).

---

Additional information on processing procedures, methods, and services:

• Google Maps: We embed maps from the “Google Maps” service by Google. The processed data may include, in particular, IP addresses and users’ location data; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 lit. a) GDPR); Website: https://mapsplatform.google.com/; Privacy policy: https://policies.google.com/privacy. Basis for international data transfers: Data Privacy Framework (DPF).
• YouTube Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 lit. a) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for international data transfers: Data Privacy Framework (DPF). Opt-out possibility: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de; Settings for displaying ads: https://myadcenter.google.com/personalizationoff.

---

Changes and updates

We ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your involvement (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time, and we ask you to verify the information before contacting.