Privacy Policy

We are very pleased that you have visited our website. The protection of your personal data is very important to us. As a rule, our website can be used without providing any personal data. However, if a data subject wishes to use certain services offered via our website, the processing of personal data may become necessary. Where the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the applicable country-specific data protection regulations. By means of this privacy policy, we would like to inform you and the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, this privacy policy informs data subjects of their rights.

As the controller responsible for processing, Envoria GmbH has implemented numerous technical and organisational measures (TOMs) to ensure the most comprehensive protection possible of personal data processed through this website. Nevertheless, internet-based data transmissions may generally contain security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, for example by telephone.

1. Definition
This Privacy Policy is based on the terminology used by the European legislator for directives and regulations when adopting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this Privacy Policy, we use, among others, the following terms:

1.1. Personal Data
"Personal Data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

1.2. Data Subject
"Data Subject" means any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing.

1.3. Processing
"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

1.4. Restriction of Processing
"Restriction of Processing" means the marking of stored personal data with the aim of limiting their processing in the future.

1.5. Profiling
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

1.6. Pseudonymisation
"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.

1.7. Filing System
"Filing System" means any structured set of personal data which is accessible according to specific criteria, whether centralised, decentralised, or organised according to functional or geographical factors.

1.8. Controller or Controller Responsible for the Processing
"Controller" (or "Controller Responsible for the Processing") means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

1.9. Processor
"Processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

1.10. Recipient
"Recipient" means a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

1.11. Third Party
"Third Party" means a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

1.12. Consent
"Consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1.13. Company
"Company" means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.

2. Responsible party and contact details

2.1. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union, and other provisions with a data protection character is:

Envoria GmbH
Management: Sven Schubert, Stefan Siemers, Thimo Brinkmann, Julian Göbel
Rosa-Bavarese-Straße 3
80339 Munich
Germany

Phone: +49 89 1590 1907 0
Email: info@envoria.com
Website: www.envoria.com

2.2. Contact details of the data protection officer

Any data subject may contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

Envoria GmbH

Rosa-Bavarese-Straße 3

80639 Munich

Email: dataprivacy@envoria.com

3. General Information on Data Processing

3.1. Legal Basis for Processing
Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific purpose. Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, for example, when processing is required for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary for the implementation of pre-contractual measures, such as in the case of inquiries about our products or services.

If we are subject to a legal obligation requiring the processing of personal data, such as for fulfilling tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would, for example, be the case if a visitor on our premises is injured and their name, age, health insurance details, or other vital information must be shared with a doctor, hospital, or another third party. In such cases, the processing would be based on Article 6(1)(d) GDPR.

Finally, processing operations may also be based on Article 6(1)(f) GDPR. Processing not covered by any of the aforementioned legal bases is based on this provision if it is necessary to safeguard a legitimate interest of ours or of a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override those interests. We are entitled to carry out such processing in particular because it is explicitly mentioned by the European legislator. According to Recital 47, second sentence, GDPR, a legitimate interest may be presumed if the data subject is a customer of the controller.

Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest lies in conducting our business activities for the benefit of all our employees and shareholders.

3.2. Storage Duration
The criterion for the duration of storage of personal data is the respective statutory retention period. Once this period expires, the corresponding data are routinely deleted, provided they are no longer required for the performance or initiation of a contract, or unless other legal requirements prevent deletion. Your rights as a data subject under the GDPR remain unaffected.

3.3. Routine Deletion and Blocking of Personal Data
The controller processes and stores the personal data of the data subject only for as long as is necessary to achieve the purpose of storage or as provided for by the European legislator or other legislators in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies, or if a retention period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or deleted in accordance with statutory regulations.

3.4. Recipients or Categories of Recipients
Depending on the purpose for which personal data are collected, we may transfer this data to the following recipients or categories of recipients, or they may be directly involved in the processing of personal data:

IT service providers
Processors

3.5. Transfer to Third Countries
Depending on the purpose for which personal data are collected, transfers to third countries may occur as follows:

Cloudflare
Contact Form
CookieBot
DoubleClick by Google (Google Marketing Platform)
Elfsight
Fontawesome
Google Ads Remarketing
Google AdSense
Google reCAPTCHA
Google Tag Manager
Google User Content
Google Analytics
GoTo Meeting
HubSpot
LinkedIn Insight Tag
Microsoft Universal Event Tracking
Microsoft Clarity
Personio
LinkedIn
YouTube
X (formerly Twitter)

3.6. Rights of the Data Subject

3.6.1. Right to Confirmation
Every data subject has the right granted by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning them are being processed. If a data subject wishes to exercise this right to confirmation, they may contact an employee of the controller at any time.

3.6.2. Right of Access
Every data subject whose personal data are processed has the right granted by the European legislator to obtain from the controller, at any time and free of charge, information about the personal data stored about them, as well as a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:

the purposes of the processing
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
where possible, the planned storage period for the personal data, or, if not possible, the criteria used to determine that period
the existence of a right to request from the controller the rectification or erasure of personal data, or the restriction of processing of personal data concerning the data subject, or to object to such processing
the existence of a right to lodge a complaint with a supervisory authority
if the personal data are not collected from the data subject: any available information as to their source
the existence of automated decision-making, including profiling, pursuant to Articles 22(1) and (4) GDPR, and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject
in addition, the data subject has the right to obtain information about whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be informed of the appropriate safeguards related to the transfer.

If a data subject wishes to exercise this right of access, they may contact an employee of the controller at any time.

3.6.3. Right to Rectification
Every data subject whose personal data are processed has the right granted by the European legislator to request the immediate correction of inaccurate personal data concerning them. In consideration of the purposes of processing, the data subject also has the right to have incomplete personal data completed, including by providing a supplementary statement. If a data subject wishes to exercise this right to rectification, they may contact an employee of the controller at any time.

3.6.4. Right to Erasure (Right to be Forgotten)
Every data subject has the right granted by the European legislator to request the immediate deletion of personal data concerning them from the controller, and the controller is obliged to delete personal data without undue delay if one of the following grounds applies, provided that processing is not necessary:

The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
The data subject withdraws consent on which the processing was based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or objects pursuant to Article 21(2) GDPR.
The personal data have been unlawfully processed.
The deletion of personal data is required to comply with a legal obligation under Union or Member State law to which the controller is subject.
The personal data have been collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.

If one of the above grounds applies and a data subject wishes to request the deletion of personal data stored by us, they may contact an employee of the controller at any time. Our employee will ensure that the deletion request is carried out without undue delay.

If we have made the personal data public and are obliged under Article 17(1) GDPR to delete the personal data, we will take reasonable measures, taking into account available technology and implementation costs, including technical measures, to inform other controllers who are processing the personal data that the data subject has requested the deletion of all links to, copies, or replication of such personal data, unless processing is required. Our employee will initiate the necessary steps on a case-by-case basis.

3.6.5. Right to Restriction of Processing
Every data subject has the right granted by the European legislator to request the restriction of processing from the controller if one of the following conditions applies:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use.
The controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
The data subject has objected to the processing pursuant to Article 21(1) GDPR, pending verification of whether the legitimate grounds of the controller override those of the data subject.

If one of the above conditions applies and a data subject wishes to request restriction of the processing of personal data stored by us, they may contact an employee of the controller at any time. The employee will arrange for the restriction of processing.

3.6.6. Right to Data Portability
Every data subject whose personal data are processed has the right granted by the European legislator to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. Furthermore, they have the right to transmit those data to another controller without hindrance from the controller to which the personal data were provided, where the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In addition, when exercising their right to data portability under Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible, without affecting the rights and freedoms of others. To exercise the right to data portability, the data subject may contact any of our employees at the contact details provided above at any time.

3.6.7. Right to Object
Every data subject whose personal data are processed has the right granted by the European legislator to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.

Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, the data subject has the right to object, on grounds relating to their particular situation, to the processing of personal data for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject may contact one of our employees directly. The data subject is also free to exercise their right to object in connection with the use of information society services, using automated means and technical specifications, regardless of Directive 2002/58/EC.

3.6.8. Automated individual decision-making, including profiling
Every data subject has the right granted by the European legislator not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning them or similarly significantly affects them, as long as the decision:

(1) is not necessary for entering into or performing a contract between the data subject and the controller; or

(2) is permitted under Union or Member State law to which the controller is subject, and suitable measures to safeguard the rights, freedoms, and legitimate interests of the data subject are provided; or

(3) is based on the explicit consent of the data subject.

Where the decision:

(1) is necessary for entering into or performing a contract between the data subject and the controller, or

(2) is based on the explicit consent of the data subject,

we will implement appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, including at least the right to obtain human intervention by the controller, to express their point of view, and to contest the decision.

If the data subject wishes to exercise their rights regarding automated individual decision-making, they may contact an employee of the controller at any time.

3.6.9. Right to Withdraw Consent
Every data subject whose personal data are processed has the right granted by the European legislator to withdraw consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they may contact an employee of the controller at any time.

3.6.10. Right to Lodge a Complaint with the Data Protection Authority
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint pursuant to Article 77 GDPR with the Data Protection Officer mentioned above or with a supervisory authority.

The supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Germany

Our Data Protection Officer is also available at the contact details provided under Section 2.

3.7. Legal or Contractual Requirements for Providing Personal Data
We would like to point out that providing personal data is sometimes legally required (e.g., tax regulations) or may arise from contractual or pre-contractual obligations (e.g., information about the contracting party). In some cases, it may be necessary for a contract to be concluded in order for a data subject to provide us with personal data that we then need to process. For example, a data subject is required to provide us with personal data when we enter into a contract with them. Failure to provide the personal data would result in the contract not being concluded.

Before personal data are provided by the data subject, they should contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for the conclusion of the contract, whether there is an obligation to provide personal data, and what the consequences would be if the personal data were not provided.

3.8. Existence of Automated Decision-Making
As a responsible company, we do not use automated decision-making or profiling.

4. Data Processing on the Website

4.1. Collection of General Data and Information
Our website collects a range of general data and information with each access by a data subject or an automated system. These general data and information are stored in the server log files.

For example, the following may be recorded

Browser type and version used
Operating system used
The website from which an accessing system reaches our website (so-called referrer URL)
The subpages accessed on our website via the accessing system
Date and time of access to the website
An Internet Protocol address (IP address)
The Internet Service Provider of the accessing system
Hostname of the accessing computer

No conclusions about the data subject are drawn from the use of this general data and information. Rather, this information is necessary to:

Correctly deliver and display the content of our website
Optimize the content of our website and the advertising for it
Ensure the permanent functionality of our IT systems and the technology of our website
Provide law enforcement authorities with the information required for prosecution in the event of a cyberattack

These anonymously collected data and information are therefore evaluated by the controller both statistically and with the aim of increasing data protection and data security in our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from all personal data provided by a data subject. A merger of these data with other data sources does not take place.

4.2. Registration on Our Website / Use of Input Masks and Forms
The data subject has the option to register on the controller’s website by providing personal data or by entering personal data into input fields. This may be necessary, for example, to receive a newsletter, contact us via a contact form, register for events, or for similar registration purposes. The personal data transmitted to the controller depend on the input fields used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be passed on to one or more processors, such as a delivery service provider, who also uses the personal data exclusively for internal purposes attributable to the controller.

When you contact us (e.g., via the contact form), personal data are collected. These data are used and stored solely for the purpose of responding to your inquiry and the associated technical administration. The legal basis for processing these data is our legitimate interest in responding to your inquiry pursuant to Article 6(1)(f) GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted after your inquiry has been finally processed; this is the case when it can be concluded that the matter has been fully resolved and no statutory retention obligations prevent deletion.

By registering on the controller’s website, the IP address assigned to the data subject by their Internet Service Provider (ISP), as well as the date and time of registration, are also stored. This data retention is necessary to prevent misuse of our services and, if necessary, to facilitate the investigation of any criminal offenses. In this respect, storing these data is necessary to protect the controller. These data are not passed on to third parties unless there is a legal obligation to do so or they are required for law enforcement purposes.

The voluntary registration of the data subject by providing personal data allows the controller to offer content or services that, due to their nature, can only be provided to registered users or those who explicitly wish to receive them. Data subjects may at any time change the personal data they have provided or request that all personal data be deleted from the controller’s database.

Upon request, the controller will provide each data subject with information at any time regarding which personal data concerning them are stored. Furthermore, the controller will correct or delete personal data at the request or instruction of the data subject, provided that no statutory retention obligations prevent this. All employees of the controller are available as contact persons in this context.

4.3. Data Protection When Subscribing to the Newsletter
After registering for our email newsletter, we will regularly send you information about us, our offers, or the information requested during registration. The only mandatory information required to receive the newsletter is your email address and your name. The provision of additional data is voluntary and is used, for example, to address you personally.

For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you a newsletter if you have explicitly confirmed that you agree to receive newsletters. We will then send you a confirmation email asking you to confirm, by clicking on a corresponding link, that you wish to receive future newsletters.

By clicking the confirmation link, you grant us your consent to use your personal data in accordance with Article 6(1)(a) GDPR. When you register for the newsletter, we also store the IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later time.

The data collected by us when registering for the newsletter are used exclusively for the purpose of advertising via the newsletter. You may unsubscribe from the newsletter at any time using the link provided in the newsletter. Once you have unsubscribed, your email address will be immediately removed from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use the data beyond this where this is legally permitted and about which we inform you in this policy.

4.4. Data Protection in Applications and the Application Process
The controller collects and processes the personal data of applicants for the purpose of managing the application process. Processing may also take place electronically. This is particularly the case when an applicant submits relevant application documents electronically, for example by email or via a web form on the website, to the controller.

If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted no later than six months after the rejection decision has been communicated, unless other legitimate interests of the controller pursuant to Article 6(1)(f) GDPR oppose the deletion.

Another legitimate interest in this context may be, for example, the burden of proof in proceedings under the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG). Detailed information on the processing of personal data in the context of an application process can be found in the information sheet for applicants.

5. Cookies and Consent Management

5.1. Cookies
Our website uses cookies. Cookies are text files that are placed and stored on an information technology system (e.g., computer, laptop, smartphone, tablet) via an internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters through which websites and servers can assign the cookie to the specific internet browser in which the cookie was stored. This enables visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain different cookies. A particular internet browser can be recognized and identified via the unique cookie ID.

Through the use of cookies, we can provide users of this website with more user-friendly services that would not be possible without the use of cookies.

By means of a cookie, the information and offers on our website can be optimized for the benefit of the user. As already mentioned, cookies allow us to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to review the cookie banner and make a selection each time they visit the website or, for example, re-enter their access data on the website, as this information is taken over by the website and the cookie is stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online shop can use a cookie to remember the items that a customer has placed in the virtual shopping cart.

The data subject may prevent the setting of cookies by our website at any time by means of a corresponding setting in the internet browser used, and may thus permanently object to the setting of cookies. Furthermore, cookies that have already been set may be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

5.2. Content Consent Tool
We use a cookie consent tool, also referred to as a “cookie banner” or (more precisely) a “consent banner,” to obtain consent for the cookies mentioned above and for any third-party connections (see the following section).

We use the consent tool “Cookiebot” by Usercentrics to obtain consent. This enables us to provide our website visitors with additional services to which they have consented.

Cookiebot is required for us to fulfill the obligation to provide proof pursuant to Article 7(1) GDPR.

The use of the consent banner is based on Article 6(1)(c) and (f) GDPR. A legitimate interest exists in order to comply with legal obligations and to offer interested website visitors additional services. The processing of personal data for purposes that are not technically necessary is based exclusively on the voluntary consent of website visitors.

Further information on how personal data are handled can be found in the privacy policy of Usercentrics: https://www.cookiebot.com/us/privacy-policy/

5.2.1. Google Consent Mode
Our website uses Google Consent Mode (Basic Mode) to manage the use of Google services (e.g., Google Analytics or Google Ads) in accordance with your data protection consent.

Google Consent Mode allows us to configure Google tags on our website so that they are only activated once you have given your consent to the corresponding data processing via our consent tool.

How it works
When you access our website, no Google services that require consent are activated initially. Only after you have given your consent via our consent banner will the relevant Google tags be loaded and data transmitted to Google.

If you do not provide consent, the respective Google services will not be activated and no personal data will be processed by these services.

If you give your consent, personal data may be processed as part of the use of the respective Google services. This may include, for example:

IP address
Usage data (e.g., visited pages, click behavior)
Device and browser information
Cookie IDs

The specific data processing depends on the respective Google service used (e.g., Google Analytics or Google Ads).

Purpose of Processing
The use of Google Consent Mode allows us to analyze the use of our website and our marketing activities only within the scope of your consent, while ensuring compliance with data protection requirements.

Legal Basis
The processing of personal data in connection with Google services is carried out exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG.

Withdrawal of Consent
You can change or withdraw your consent at any time via our consent tool. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Further information on how Google handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en-us

5.3. Cookie Categories
We use cookies to personalize content and advertisements, provide social media features, and analyze our website traffic. We also share information about your use of our website with our social media, advertising, and analytics partners. These partners may combine this information with other data that you have provided to them or that they have collected as part of your use of their services.

5.3.1. Necessary
Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

5.3.2. Preferences
Preference cookies allow a website to remember information that changes the way the website behaves or looks, such as your preferred language or the region in which you are located.

5.3.3. Statistics
Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

5.3.4. Marketing
Marketing cookies are used to track visitors across websites. The intention is to display advertisements that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

5.3.5. Unclassified
Unclassified cookies are cookies that we are currently in the process of classifying together with the providers of individual cookies.

5.4. Withdrawal and Modification of Consent
You can update your consent at any time using the button at the end of this privacy policy.

6. Services and Tools Used on the Website
As with our entire range of services, we aim to provide you with the best possible user experience. For this reason, we have integrated various applications, plugins, and tools (hereinafter referred to as “tools”) on our website. Depending on their function, these tools may, for example, optimize the loading times of our website, simplify its use, support us in improving our services, or enhance security.

You can adjust the consents managed via the consent tool (cookie settings) at any time using the button at the end of this privacy policy.

The specific details of the tools used are explained below.

6.1. Privacy Policy Regarding the Use of Cloudflare
We have integrated the Cloudflare Content Delivery Network (CDN) on our website. The operating company of Cloudflare is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Cloudflare is a service that enables websites to reduce loading times. This allows websites to load quickly and efficiently even during periods of high traffic. At the same time, Cloudflare protects the websites of its users with an additional firewall and DDoS protection. In order to provide Cloudflare, personal data from your browser may be transmitted to the service. As a result, the provider may collect and store user data such as your IP address, browser version, browser type, or the date of your page visit. Cloudflare states that it processes data in accordance with applicable laws, including the GDPR. Third parties with whom Cloudflare cooperates may only process personal data under the direction of Cloudflare and in accordance with the privacy policy and other confidentiality and security measures. Cloudflare never discloses personal data without our explicit consent. We only process personal data for as long as necessary. Once the purpose of data processing has been fulfilled, the data will be blocked and deleted in accordance with the applicable deletion concept, unless legal provisions prevent deletion. If a cookie is set for you, it will be automatically deleted after the storage period has expired, unless you delete it yourself beforehand.

Purpose of Processing
Cloudflare helps us provide you with a well-functioning experience on our website. With the help of Cloudflare, our website can load significantly faster, while at the same time increasing our protection against threats.

Legal Basis
For the use of this tool, we require your consent, which serves as the legal basis pursuant to Section 25 (1) TDDDG and Art. 6 (1) lit. a GDPR (consent). We obtain this consent through the consent tool described above and document it accordingly.

We also have a legitimate interest in optimizing and securing our online services, which is why we rely on Art. 6 (1) lit. f GDPR (legitimate interest).

However, we only use this tool if you have given us your consent.

The transfer of personal data to the USA through the use of Cloudflare takes place in compliance with the EU-US Data Privacy Framework. Cloudflare, Inc. is an active participant in this data protection framework. Further information can be found at the following link: https://www.dataprivacyframework.gov/

Further information on the handling of personal data can be found in the Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/

Right to Object
In principle, you always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences and knowledge. For example, if you do not want this tool to set cookies and collect information about you and possibly your behavior, you can deactivate the general setting of cookies in your browser settings at any time. However, in individual cases this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.2. Privacy Policy Regarding the Use of Contact Form
We have integrated the “Contact Form” plugin by Pixel & Tonic, 320 SW Century Drive Ste 405 #136, Bend, OR 97702, USA, on our website. Pixel & Tonic is the developer of the content management system Craft CMS, within which the plugin is used.

The plugin enables us to provide contact forms and to collect and process the data entered by users in a structured manner. When a data subject fills out and submits a contact form on our website, the personal data entered in the form is transmitted to our server and stored or processed there for further handling.

Depending on the design of the form, the following data may be processed in particular:

First and last name
Email address
Telephone number (if provided)
Company (if provided)
Message content
IP address
Date and time of submission

The processing is carried out exclusively for the purpose of handling the contact request and the associated technical administration.

The plugin itself does not automatically set marketing or tracking cookies. It is used solely for the technical provision of the contact form functionality.

We process personal data only for as long as necessary. Once the purpose of data processing has been fulfilled, the data will be blocked and deleted in accordance with our deletion policy, unless statutory provisions prevent deletion.

Purpose of Processing
We use this tool to provide users with a simple and structured way to contact us. The transmitted data is used in particular for:

Responding to inquiries
Initiating and carrying out contractual relationships
Communication with prospective customers, clients, and business partners
Technical assurance and documentation of communication

Legal Basis
The processing of data transmitted via the contact form is based on Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest lies in the efficient and secure processing of contact inquiries and in maintaining our business relationships.

If your inquiry aims at the conclusion or performance of a contract, the additional legal basis is Art. 6 (1) lit. b GDPR (performance of a contract or implementation of pre-contractual measures).

The plugin does not store or access information on your end device within the meaning of Section 25 (1) TDDDG beyond what is technically necessary.

Data Transfer
As a rule, no independent transfer of personal data to Pixel & Tonic takes place in the course of using the plugin. The processing of the data entered in the contact form takes place on our servers or by our hosting service provider within the framework of data processing on behalf of the controller in accordance with Art. 28 GDPR.

Should a technical transfer to a third country occur in individual cases, it will take place in compliance with the legal requirements of Art. 44 et seq. GDPR.

Right to Object
In principle, you always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences and knowledge. For example, if you do not want this tool to set cookies and collect information about you and possibly your behavior, you can deactivate the general setting of cookies in your browser settings at any time. However, in individual cases this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.3. Privacy Policy Regarding the Use of Craft CMS
We use the content management system Craft CMS on our website. The operating company of Craft CMS is Pixel & Tonic, Inc., 320 SW Century Dr. Ste 405 #136, Bend, OR 97702, USA.

Craft CMS is a content management system that enables us to create, manage, and provide content on our website. The system is used for the technical provision and operation of our website.

In the course of using Craft CMS, technically necessary data may be processed to ensure the functionality and security of the website. This particularly includes server log data that is automatically recorded by our server.

Examples of data that may be processed include IP addresses, date and time of access, information about the browser used, the operating system, and the pages accessed on our website. This data is required to correctly deliver the content of our website, ensure the stability and security of the systems, and analyze potential technical problems. We process personal data only for as long as necessary. Once the purpose of data processing has been fulfilled, the data will be deleted unless statutory provisions prevent deletion.

Purpose of Processing
We use Craft CMS to technically provide our website, manage content, and ensure a stable and secure presentation of our online services.

Legal Basis
The processing of personal data in connection with the use of Craft CMS is based on Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest lies in the technically error-free presentation as well as the secure and efficient provision of our website.

If personal data is transferred to servers outside the European Union in connection with the use of Craft CMS, this will take place in compliance with the applicable data protection regulations.

Further information on the handling of user data can be found in the privacy policy of Pixel & Tonic at the following link: https://craftcms.com/privacy

The terms of service of Pixel & Tonic can be viewed at the following link: https://craftcms.com/terms-of-service

Right to Object
Since Craft CMS is a technically necessary system for providing our website, there is generally no possibility to object to this data processing if you wish to use our website.

6.4. Privacy Policy Regarding the Use of DoubleClick by Google (Google Marketing Platform)
We have integrated the online marketing tool DoubleClick by Google on our website. The operating company of DoubleClick by Google is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For the European region, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for Google services, with joint responsibility in place.

DoubleClick by Google transmits data to the DoubleClick servers with every impression as well as through clicks or other activities. Each of these data transmissions triggers a cookie request to your browser. If your browser accepts this request, DoubleClick sets a cookie on your system and stores various usage data within it. DoubleClick uses a cookie ID that is required for the technical process. The cookie ID is used, for example, to display advertisements in a browser. DoubleClick may also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplicates. The cookie ID also enables DoubleClick to record conversions. Conversions are recorded, for example, when a user has previously been shown a DoubleClick advertisement and subsequently makes a purchase on the advertiser’s website using the same internet browser.

A DoubleClick cookie does not contain personal data. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier is used to identify campaigns with which the user has already interacted. We process personal data only for as long as necessary. Once the purpose of the data processing has been fulfilled, the data will be blocked and deleted in accordance with our deletion policy, unless statutory provisions prevent deletion. If a cookie is set for you, it will be automatically deleted after the storage period has expired, unless you delete it yourself beforehand.

Purpose of Processing
We use this tool to optimize and display advertising. Among other things, the cookie is used to place and display user-relevant advertisements and to create or improve reports on advertising campaigns. The cookie is also used to prevent the same advertisement from being displayed multiple times.

Each time one of the individual pages of this website operated by us is accessed and on which a DoubleClick component has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective DoubleClick component to transmit data to Google for the purposes of online advertising and the settlement of commissions. As part of this technical procedure, Google obtains knowledge of data that Google also uses to create commission statements. Among other things, Google may be able to understand that the data subject has clicked on certain links on our website.

We also have a legitimate interest in optimizing our services from a technical and economic perspective and in preventing damage to our company. In this respect, we refer to Art. 6 (1) lit. f GDPR (legitimate interest). However, we only use this tool if you have given us your consent.

The transfer of personal data to the USA through the use of Google services takes place in compliance with the EU-US Data Privacy Framework. Google LLC is an active participant in this data protection framework. Further information can be found at the following link: https://www.dataprivacyframework.gov/

Further information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en-us

Google’s terms of service can be viewed at: https://policies.google.com/privacy?hl=en

Right to Object
In principle, you always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences and knowledge. For example, if you do not want this tool to set cookies and collect information about you and possibly your behavior, you can deactivate the general setting of cookies in your browser settings at any time. However, in individual cases this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.5. Privacy Policy Regarding the Use of Elfsight
We have integrated widgets from Elfsight, SL, AD700, Andorra, Escaldes-Engordany, C. de la Constitució, 17 on our website. Elfsight is a provider of website widgets that can be used to display external content (e.g., reviews, social media feeds, forms, or other interactive content).

When an Elfsight widget is integrated, a connection to Elfsight servers is established each time a page containing such a widget is accessed. During this process, technical data from the accessing system is transmitted to Elfsight.

The data processed may include, in particular:

IP address
Date and time of access
Browser type and browser version
Operating system
Referrer URL
Pages accessed
Other technically necessary connection data

As part of providing its widgets, Elfsight may use cookies or similar technologies to ensure the functionality of the widgets and to perform statistical analyses.

Purpose of Processing
We use this tool to expand the functionality and content of our website and to dynamically display certain content. The widgets are used in particular to:

integrate external content (e.g., reviews or social media feeds)
increase the usability of our website
improve the attractiveness and interactivity of our online offering
organize events and activities

The use of this tool allows content to be provided efficiently without having to host it entirely ourselves.

Legal Basis
If cookies or similar technologies are stored on your device or information is accessed from your device through the integration of Elfsight, this takes place exclusively on the basis of your consent pursuant to Section 25 (1) TDDDG.

The legal basis for the subsequent processing of personal data is Art. 6 (1) lit. a GDPR (consent). We obtain and document this consent via our consent management tool.

We also have a legitimate interest in optimizing our online offering from a functional and economic perspective and in presenting our content in a user-friendly manner. The legal basis for this is Art. 6 (1) lit. f GDPR. However, the tool is only used if you have given us your consent.

The transfer of personal data to Andorra through the use of Elfsight takes place in compliance with the adequacy decision pursuant to Art. 45 GDPR of the European Commission. Andorra benefits from such an adequacy decision issued by the European Commission. Further information can be found at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

Further information on the handling of user data can be found in Elfsight’s privacy policy: https://elfsight.com/privacy-policy/

Right to Object
In principle, you always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences and knowledge. For example, if you do not want this tool to set cookies and collect information about you and possibly your behavior, you can deactivate the general setting of cookies in your browser settings at any time. However, in individual cases this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.6. Privacy Policy Regarding the Use of Fontawesome
We have integrated the service Font Awesome on our website. The operating company of Font Awesome is Fonticons Inc., 307 S. Main St., Suite 202, Bentonville, AR 72712, USA.

Font Awesome is a font-based icon library. This means that icons can be freely colored or scaled via the Font Awesome service, for example using CSS in the same way as a normal font. Since the Font Awesome CDN is used to load the icons, data is exchanged with the Fonticons servers. In this process, your IP address is recognized. In addition, Font Awesome collects data about which icon files are downloaded and when they are downloaded. Technical data such as browser version, screen resolution, and the time of page access may also be transmitted.

We process personal data only for as long as necessary. Once the purpose of the data processing has been fulfilled, the data will be blocked and deleted in accordance with our deletion policy, unless statutory provisions prevent deletion. If a cookie is set on your device, it will be automatically deleted after the storage period has expired unless you delete it yourself beforehand. The transfer of personal data to the United States takes place on the basis of the EU-US Data Privacy Framework pursuant to Art. 45 GDPR.

Purpose of Processing
Font Awesome helps us optimize the online presentation of our website. By using icons, we can present information more concisely and in a more understandable way. In addition, Font Awesome allows us to optimize loading speeds by using HTML elements instead of separate image files for icons.

Legal Basis
For the use of this tool, we require your consent, which serves as the legal basis pursuant to Section 25 (1) TDDDG and Art. 6 (1) lit. a GDPR (consent). We obtain and document this consent through the consent tool described above.

We also have a legitimate interest in optimizing our online services and refer to Art. 6 (1) lit. f GDPR (legitimate interest). The tool may also help us identify errors on the website and improve its efficiency. However, we only use this tool if you have given us your consent.

The transfer of personal data to the USA through the use of Font Awesome takes place in compliance with the EU-US Data Privacy Framework. Font Awesome is an active participant in this framework. Further information can be found at: https://www.dataprivacyframework.gov/

Further information on the handling of user data can be found in the Font Awesome privacy policy: https://fontawesome.com/privacy

Right to Object
In principle, you always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences and knowledge. For example, if you do not want this tool to set cookies and collect information about you and possibly your behavior, you can deactivate the general setting of cookies in your browser settings at any time. However, in individual cases this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.7. Privacy Policy Regarding the Use of Google Ads Remarketing
We have integrated Google Ads from Google LLC. The operating company of Google Ads is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For the European region, Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is responsible for all Google services, with shared responsibility.

Google Ads is an online advertising service that allows companies to display ads on Google’s search engine and partner websites. It is designed to deliver ads specifically to potential customers based on keywords, user behavior, and demographic data. When you interact with an ad displayed via Google Ads, your interaction may be assigned a unique ID that is linked to a cookie set on your device (if consent has been given). In this way, Google Ads can "recognize" returning users and assign subsequent interactions to the same ID.

The tool collects data about your behavior with regard to the displayed ads, including which ads were clicked, how often they were viewed, and whether actions (e.g., purchases or sign-ups) were completed as a result. This information is stored in cookies and/or sent to Google Ads servers for processing. Based on this data, we receive detailed reports from Google Ads to evaluate the performance of our campaigns and optimize our advertising strategies.

If you already have a Google account, Google may link this data to your account. However, Google does not provide personal data collected via Google Ads to us unless legally required. We process personal data only as long as it is necessary to achieve the purposes of the advertising campaigns. Once the purpose is fulfilled, the data is blocked and deleted according to our deletion policy, unless statutory retention periods apply. Cookies associated with Google Ads are automatically deleted after their storage period expires unless you manually delete them beforehand.

Purpose of Processing
The purpose of the Google Ads component is to enable targeted advertising and measure the effectiveness of our advertising campaigns. Google uses the collected data and information to display personalized ads based on user interests, evaluate the performance of our ads, provide us with reports on ad interactions and conversions, and offer additional services related to the use of our ads.

Legal Basis
For the use of the tool, we require your consent, which constitutes the legal basis under Section 25 (1) TDDDG and Art. 6 (1) lit. a GDPR (consent). We obtain and document this consent through the consent tool described above.

We also have a legitimate interest in technically and economically optimizing our offering and preventing harm to our company, based on Art. 6 (1) lit. f GDPR (legitimate interest). We may also use the tool to detect website errors, identify attacks, and improve efficiency. However, we only use this tool if you have given us your consent.

The transfer of personal data through the use of Google to the USA is carried out in compliance with the Data Privacy Framework. Google LLC is an active participant in the framework. Further information can be found here: https://www.dataprivacyframework.gov/.

Further information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en

The Google terms of service can be viewed at: https://policies.google.com/terms?hl=en&gl=en.

Right to Object
In principle, you always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences and knowledge. For example, if you do not want this tool to set cookies and collect information about you and possibly your behavior, you can deactivate the general setting of cookies in your browser settings at any time. However, in individual cases, this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.8. Privacy Policy Regarding the Use of Google AdSense
We have integrated the Google AdSense advertising program on our website. The operating company of Google AdSense is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For the European region, Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is responsible for all Google services, with shared responsibility.

Google AdSense is an online service that enables the display of advertisements on websites. The ads are automatically selected based on various factors to provide users with the most relevant content possible.

Google AdSense uses cookies and similar technologies to personalize ads, control their delivery, and perform statistical analyses on ad usage. These technologies may involve the processing of personal data of users.

Examples of data collected include IP addresses, information about the browser used, operating system, visited websites, interactions with ads, and other technical data necessary for the provision and evaluation of advertisements. We process personal data only as long as it is necessary. Once the purpose of the data processing is fulfilled, the data is deleted, unless legal regulations require otherwise. Any cookies set for you will be automatically deleted after the expiration of their storage period, unless you delete them manually beforehand.

Purpose of Processing
We use this tool to display advertisements on our website and thereby operate our online offering economically. Through Google AdSense, we can show ads that are as relevant as possible for users while supporting the financing of our website.

We also have a legitimate interest in operating our online offering economically and providing users with relevant advertising content, based on Art. 6 (1) lit. f GDPR (legitimate interest). However, we only use this tool if you have given us your consent.

Further information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

The Google terms of service can be viewed here: https://policies.google.com/terms?hl=en&gl=en.

Right to Object
In principle, you always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences and knowledge. For example, if you do not want this tool to set cookies and collect information about you and possibly your behavior, you can deactivate the general setting of cookies in your browser settings at any time. However, in individual cases, this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.9. Privacy Policy Regarding the Use of Google reCAPTCHA
We have integrated Google reCAPTCHA by Google LLC on our website. The operating company of Google reCAPTCHA is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For the European region, Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is responsible for all Google services, with shared responsibility.

Google reCAPTCHA allows us to protect ourselves against spam and ensures that we are not overwhelmed by unwanted information. Unlike other CAPTCHA tools that require solving a puzzle, Google reCAPTCHA only requires the user to tick a box to confirm that they are not a bot.

Google reCAPTCHA collects personal data from users to determine whether actions on our website are performed by a human. Examples of data collected include IP addresses, information about the operating system, screen resolution, and cookies that provide information about mouse and keyboard interactions. We process personal data only as long as necessary. Once the purpose of data processing is fulfilled, the data is blocked and deleted according to our deletion policy, unless legal regulations require otherwise. Any cookies set for you will be automatically deleted after their storage period expires, unless you delete them manually beforehand.

Purpose of Processing
We use this tool to protect ourselves from spam software and bots. Google reCAPTCHA is ideal for this purpose, as it provides excellent user-friendliness while effectively performing its function.

Legal Basis
The use of this tool requires your consent, which constitutes the legal basis under Section 25 (1) TDDDG and Art. 6 (1) lit. a GDPR (consent). We obtain and document this consent through the consent tool described above.

We also have a legitimate interest in optimizing our online offering, enhancing security, and preventing harm to our company, based on Art. 6 (1) lit. f GDPR (legitimate interest). However, we only use this tool if you have given us your consent.

Further information on handling user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

The Google terms of service can be viewed here: https://policies.google.com/terms?hl=en&gl=en.

Right to Object
You always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences. For example, if you do not want this tool to set cookies and collect information about you and your behavior, you can deactivate the general setting of cookies in your browser at any time. However, in individual cases, this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.10. Privacy Policy Regarding the Use of Google Tag Manager
We have integrated the Google Tag Manager by Google LLC on our website. The operating company of Google Tag Manager is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For the European region, Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is responsible for all Google services, with shared responsibility.

“Tags” are short pieces of code. These can, for example, record (track) your activities on our website. By integrating Google Tag Manager, we can centrally implement and manage the tags used on our website through various tracking tools. These tags do not necessarily have to be from Google - they can also come from other companies that can be integrated via the Tag Manager. This makes the range of possible uses very broad, such as setting cookies, collecting user and browser data, or embedding buttons. The Tag Manager itself does not set cookies or collect data, as it only functions as a manager for the implemented tags.

Google reserves the right to collect anonymized data about our use of the Tag Manager, provided no data is transmitted that is managed through the tool’s regular functions. We process personal data only as long as necessary. Once the purpose of data processing is fulfilled, the data is blocked and deleted according to our deletion policy, unless legal regulations require otherwise. Any cookies set for you will be automatically deleted after their storage period expires, unless you delete them manually beforehand.

Purpose of Processing
The purpose of Google Tag Manager is to optimize our offering technically and economically and to prevent any harm to our company. Implementing and managing various source codes at the core of our website can be very time-consuming and error-prone. Google Tag Manager supports us by greatly simplifying and centralizing this process and minimizing errors.

Further information on handling user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

The Google terms of service can be viewed here: https://policies.google.com/terms?hl=en&gl=en.

Right to Object
You always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences. For example, if you do not want this tool to set cookies and collect information about you and your behavior, you can deactivate the general setting of cookies in your browser at any time. However, in individual cases, this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.11. Privacy Policy Regarding the Use of Google User Content
We have integrated the third-party service Google User Content on our website. The operating company of Google User Content is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google User Content allows us to embed various Google services such as Google Maps, YouTube videos, or Google Fonts into our website to provide you with a better user experience.

When using Google User Content, personal data may be processed, including your IP address, browser information, and device identifiers. These data are used by Google to provide, improve, and customize the services. We process personal data only as long as it is necessary for the integration of these services. Once the purpose is fulfilled, the data are blocked and deleted according to our deletion policy, unless legal retention obligations prevent this. Cookies set in connection with Google User Content are automatically deleted after their storage period expires, unless you remove them manually beforehand.

Purpose of Processing
The third-party service Google User Content enables us to display interactive maps, videos, and typographic elements on our website and to make our offering more user-friendly.

Legal Basis
The legal basis for processing your data through Google User Content is your consent under Section 25 (1) TDDDG and Art. 6 (1) lit. a GDPR, as well as our legitimate interest in improving our online offering under Art. 6 (1) lit. f GDPR. We obtain your consent via our consent tool and document it accordingly.

The transfer of personal data to the USA through the use of Google services is carried out in compliance with the Data Privacy Framework. Google LLC is an active participant in this framework. Further information can be found here: https://www.dataprivacyframework.gov/.

Further information on how Google handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

The Google terms of service can be viewed here: https://policies.google.com/terms?hl=en&gl=en.

Right to Object
You always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences. For example, if you do not want this tool to set cookies and collect information about you and your behavior, you can deactivate the general setting of cookies in your browser at any time. However, in individual cases, this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.12. Privacy Policy Regarding the Use of Google Analytics
We have integrated the analytics tracking tool Google Analytics (GA) from Google LLC on our website. The operating company of Google Analytics is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For the European region, Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland is responsible for all Google services, with shared responsibility.

Google Analytics is a service for analyzing website traffic and visitor behavior. It involves the collection, compilation, and evaluation of data regarding how visitors interact with websites. When you visit our website for the first time, or if you have deleted existing cookies, the tool assigns you a unique ID upon first recognition, which (if a cookie is set) is linked to the cookie stored on your computer. If you visit our website again and the cookie is still present, you are “recognized” as a returning user, and any new actions are assigned to the existing ID and recorded. This allows the creation and evaluation of pseudonymized user profiles.

The tool generally collects data about your actions on our website, as well as information about the site from which you arrived (so-called referrer), which subpages you visited, and how often and how long you viewed a subpage. After consent is granted, these actions are stored, for example, in cookies and/or sent to Google Analytics servers and processed there. Based on this, we receive reports from Google Analytics, which we use to optimize our offerings. If you already have a Google account, it is possible that Google links this data to your account. However, Google does not share data collected via Google Analytics with us unless legally required.

We process personal data only as long as necessary. Once the purpose of the data processing is fulfilled, the data are blocked and deleted according to our deletion policy, unless legal retention requirements prevent this. Cookies set for you are automatically deleted after the storage period expires unless you delete them manually beforehand.

Purpose of Processing
The purpose of the Google Analytics component is to analyze visitor flows and user behavior on our website. Google uses the collected data to evaluate website usage, compile online reports for us showing activity on our site, and to provide other services related to the use of our website.

Legal Basis
To use this tool, we require your consent, which constitutes the legal basis under Section 25 (1) TDDDG and Art. 6 (1) lit. a GDPR. We obtain this consent via our consent tool and document it accordingly.

We also have a legitimate interest in technically and economically optimizing our offering and preventing harm to our company, as provided under Art. 6 (1) lit. f GDPR. We may also use the tool to detect website errors, identify attacks, and improve efficiency. However, we only use this tool if you have given your consent.

The transfer of personal data to the USA through Google services is conducted in compliance with the Data Privacy Framework. Google LLC is an active participant in this framework. More information can be found here: https://www.dataprivacyframework.gov/.

Further information on how Google handles user data is available in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

The Google terms of service can be accessed here: https://policies.google.com/terms?hl=en&gl=en.

GoToMeeting enables us to conduct virtual meetings, webinars, and video conferences. In this process, personal data of participants is processed.

When using the tool, the data you provide, such as your email address or phone number, is processed. The system also collects information about the duration, start and end times of sessions, the number of participants, and other metadata related to the communication.

Additionally, device and connection data necessary for technical operation are processed. This includes, among other things, your IP address, device type, operating system, client version, and information about your camera, microphone, and speakers.

If you upload or share content during a session, such as chat messages, files, or videos, these are stored on the provider’s servers.

Please note that the processing of these data is primarily determined by the provider. Detailed information can be found in the provider’s privacy policies.

Data collected by us regarding the use of the conferencing tool are deleted as soon as they are no longer needed, you revoke your consent, or request deletion, unless legal retention obligations prevent this. The storage duration of data directly stored by the provider is beyond our control. Detailed information can be found in the provider’s privacy policy.

Purpose of Processing
We use GoToMeeting to conduct virtual meetings, webinars, and video conferences. The processing of data serves the following purposes:

Conducting virtual meetings, webinars, and video conferences
Communication with customers and business partners

Legal Basis
The use of GoToMeeting is based on Art. 6 (1) lit. b GDPR (contract performance) if meetings are conducted to fulfill a contract with you. In other cases, the processing is justified under Art. 6 (1) lit. f GDPR (legitimate interest), as efficient internal and external communication is in our economic interest.

Where consent has been requested, the use of the tool is based on this consent. Consent can be revoked at any time with effect for the future. Participation in a GoToMeeting session is voluntary.

The transfer of personal data to the USA via GoToMeeting is carried out in compliance with the Data Privacy Framework. The GoTo Group, Inc. is an active participant in this framework. More information can be found here: https://www.dataprivacyframework.gov/

Further information on how GoTo Technologies Ireland Unlimited Company handles user data can be found in their privacy policy: https://www.goto.com/company/legal/privacy/us

HubSpot is an American all-in-one platform for inbound marketing, sales, CRM, and customer service. It helps companies grow and improve service quality. HubSpot offers a wide range of tools that can be used depending on the company’s needs. By integrating HubSpot, data such as your IP address, the duration of your visit on our website, your operating system, and clickstream data may be collected and processed.

We process personal data only as long as necessary. Once the purpose of data processing has been fulfilled, the data will be blocked and deleted according to our retention policy, unless legal obligations require otherwise. Any cookies set for you will be automatically deleted after their storage period expires, unless you delete them manually beforehand.

Purpose of Processing
We use HubSpot to facilitate and optimize our daily business operations and to increase your satisfaction. HubSpot plays a central role in our company and is indispensable for us. HubSpot also helps us provide a better user experience on our website.

Legal Basis
The use of the tool requires your consent, which constitutes the legal basis under § 25 (1) TDDDG and Art. 6 (1) lit. a GDPR (consent). We obtain this consent via our consent tool and document it accordingly.

We also have a legitimate interest in optimizing our online offering and therefore rely on Art. 6 (1) lit. f GDPR (legitimate interest). We use this tool only if you have given us your consent.

The transfer of personal data to the USA through HubSpot is carried out in compliance with the Data Privacy Framework. HubSpot, Inc. is an active participant in this framework. More information can be found here: https://www.dataprivacyframework.gov/

Further information about the handling of personal data can be found in HubSpot’s privacy policy: https://legal.hubspot.com/privacy-policy

Right to Object
You always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences. For example, if you do not want this tool to set cookies and collect information about you and your behavior, you can deactivate the general setting of cookies in your browser at any time. However, in individual cases, this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.15. Privacy Policy Regarding the Use of Linkedin Insight Tag
We use LinkedIn Insights, a service for analyzing data on visitors’ interactions with our LinkedIn company profile. This involves collecting, aggregating, and evaluating information about user behavior on the platform. When you visit our LinkedIn page for the first time, or after clearing your cookies, LinkedIn assigns you a unique identifier linked to your account or a cookie stored on your device. If you visit our page again and the identifier is still present, LinkedIn recognizes you as a returning visitor, and new interactions are linked to and recorded under the existing ID. This enables the creation and evaluation of pseudonymized user profiles.

The tool collects data about your interactions with our profile, such as which posts you viewed, liked, or shared, the duration of your visits, and other engagement metrics. It may also record information about your LinkedIn profile, such as job title, industry, location, and company size, provided you have shared this information on LinkedIn. Based on this information, we receive aggregated and anonymized reports from LinkedIn that help us understand how users engage with our content and how we can optimize it.

With your consent, LinkedIn stores these actions in cookies and/or processes them on its servers. If you have a LinkedIn account, the data may be linked to your profile, but LinkedIn does not share personal data with us unless legally required to do so.

We process personal data only as long as necessary for the respective purpose. Once the purpose is fulfilled, the data will be blocked or deleted according to our retention policies, unless legal retention obligations apply. Cookies set by LinkedIn are automatically deleted after their expiration, unless you delete them manually beforehand.

Purpose of Processing
The LinkedIn Insights component is used to analyze visitor interactions and engagement with our LinkedIn company profile. LinkedIn uses the collected data to evaluate how users interact with our profile, create aggregated reports that provide insights into user behavior and activities, and offer additional services related to the analysis and optimization of our content and presence on the platform.

Legal Basis
The processing of personal data is based on our legitimate interest in understanding who visits our company profile and interacts with our content. The legal basis is Art. 6 (1) lit. f GDPR. In individual cases, processing may also be based on consent under Art. 6 (1) lit. a GDPR, which can be withdrawn at any time in accordance with Art. 7 (3) GDPR.

If you contact us via LinkedIn, we use the information you provide to process your request. Once processing is complete, and provided no legal retention periods apply, your data will be deleted.

Responsibility for processing personal data by LinkedIn and the associated rights regarding the use of the service and profile creation lies with the provider. Further details can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

Right to Object
You always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences. For example, if you do not want this tool to set cookies and collect information about you and your behavior, you can deactivate the general setting of cookies in your browser at any time. However, in individual cases, this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.16. Privacy Policy Regarding the Use of Microsoft Universal Event Tracking
We use Microsoft UET (Universal Event Tracking), a web tracking service that helps analyze website traffic and user behavior. This involves collecting, compiling, and evaluating data about how visitors interact with a website. When you visit our website for the first time, or after clearing existing cookies, the tool assigns you a unique ID for recognition. This ID is linked to a cookie stored on your device. If you visit the website again and the cookie remains intact, you are identified as a returning user, and your new actions and behaviors are linked to the existing ID and recorded. This enables the creation and evaluation of pseudonymized user profiles.

The tool collects data about your interactions with our website, such as which pages you visit, the frequency and duration of your visits, and the referring website that brought you to our page. With your consent, these actions are stored in cookies and/or sent to Microsoft servers for processing. Based on this data, we receive reports that allow us to improve and optimize our offerings.

If you have a Microsoft account, Microsoft may link the data collected via UET to your account. However, Microsoft does not share data collected through UET with us unless required by law. We process personal data only as long as necessary. Once the purpose of processing is fulfilled, the data will be blocked and deleted according to our retention policy, unless legal obligations require otherwise. Cookies set for you are automatically deleted after their expiration unless you manually delete them beforehand.

Purpose of Processing
The purpose of the Microsoft UET component is to analyze visitor flows and user behavior on our website. Microsoft uses the collected data and information to evaluate the usage of our website, generate reports detailing user activity on our website, and provide additional services related to the use of our website.

Legal Basis
The use of this tool requires your consent, which constitutes the legal basis under § 25 (1) TDDDG and Art. 6 (1) lit. a GDPR (consent). This consent is obtained through the consent tool described above and documented accordingly.

We also have a legitimate interest in communicating our company and offerings externally, which serves as the legal basis under Art. 6 (1) lit. f GDPR (legitimate interest). We only use this tool if you have given your consent.

The transfer of personal data to the USA through the use of Microsoft is carried out in compliance with the Data Privacy Framework. Microsoft Corporation is an active participant in this framework. More information is available at: https://www.dataprivacyframework.gov/.

Further information on how Microsoft handles personal data can be found in Microsoft’s privacy statement: https://www.microsoft.com/en-us/trust-center/privacy

Right to Object
You always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences. For example, if you do not want this tool to set cookies and collect information about you and your behavior, you can deactivate the general setting of cookies in your browser at any time. However, in individual cases, this may result in certain functions (e.g., shopping carts) on the websites you visit no longer functioning properly, even if you would like them to.

6.17. Privacy Policy Regarding the Use of Microsoft Clarity
We use the Microsoft Clarity analytics tool on our website. The operator of Microsoft Clarity is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For the European region, Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, is responsible for the processing of personal data.

Microsoft Clarity is a web analytics service that enables us to better understand user behavior on our website. Using Microsoft Clarity, we can analyze mouse movements, clicks, scrolling behavior, session recordings, and interactions with individual elements of our website. This information helps us improve the usability of our website and identify potential errors or optimization opportunities.

Microsoft Clarity uses cookies and similar technologies to collect information about user behavior on our website, which may involve the processing of personal data. Examples of data collected include IP addresses, information about the browser used, operating system, screen resolution, pages visited, duration of stay, mouse movements, scrolling behavior, and interactions with individual page elements. These data are typically analyzed in aggregated form. We process personal data only as long as necessary. Once the purpose of processing is fulfilled, the data will be deleted, unless legal obligations require otherwise. If a cookie is set for you, it will be automatically deleted after the storage period expires, unless you have already manually deleted it beforehand.

Purpose of Processing
We use this tool to analyze user behavior on our website in order to continuously improve the usability, structure, and content of our online offering. By evaluating the collected data, we can understand how visitors use our website and identify areas that need optimization.

Legal Basis
The use of this tool requires your consent, which constitutes the legal basis under § 25 (1) TDDDG and Art. 6 (1) lit. a GDPR (consent). This consent is obtained through our consent tool described above and documented accordingly.

We also have a legitimate interest in optimizing and improving the user-friendliness of our online offering, which serves as the legal basis under Art. 6 (1) lit. f GDPR (legitimate interest). We only use this tool if you have given your consent.

The transfer of personal data through the use of Microsoft services to the USA is carried out in compliance with the Data Privacy Framework. Microsoft Corporation is an active participant in this framework. More information is available at: https://www.dataprivacyframework.gov/.

Further information on how Microsoft handles user data can be found in Microsoft’s privacy statement: https://www.microsoft.com/en-us/privacy/privacystatement

Microsoft’s terms of use can be accessed here: https://www.microsoft.com/en-us/servicesagreement

Personio is an HR software that helps companies like ours to simplify and digitize HR processes efficiently. This means that when you apply to us via Personio, your data is processed exclusively on ISO-certified servers in Germany. We process personal data only as long as necessary. Once the purpose of processing is fulfilled, the data will be blocked and deleted according to our retention policy, unless legal obligations prevent deletion. If a cookie is set for you, it will be automatically deleted after the storage period expires, unless you have already manually deleted it beforehand.

Purpose of Processing
Personio allows us to simplify and digitize our human resources management. This includes features that make it easier for you to apply directly via our website.

We also have a legitimate interest in optimizing our online offering, which serves as the legal basis under Art. 6 (1) lit. f GDPR (legitimate interest). We only use this tool if you have given your consent.

Further information on the processing of personal data by Personio can be found in their privacy policy: https://www.personio.com/privacy-policy/

Right to Object
You always have the option to freely manage the setting, administration, and deletion of cookies in your browser according to your preferences. For example, if you do not want this tool to set cookies and collect information about you and your behavior, you can deactivate the general setting of cookies in your browser at any time. However, in individual cases, this may result in certain functions (e.g., job listings) on the websites you visit no longer functioning properly, even if you would like them to.

7. Use of Social Media

7.1. Privacy Policy Regarding the Use of Linkedin
We use LinkedIn as part of our business communication strategy. The platform allows us to present our company, establish professional contacts, and conduct recruiting activities. LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. This company is part of the LinkedIn Corporation, headquartered at Wilton Park House, Wilton Place, Dublin 2, Ireland.

LinkedIn provides us with the "Page Insights" feature, which processes personal data to generate reports about visitors to our company page. This includes information that LinkedIn members have provided, such as their job title, country, industry, years of experience, company size, and employment status. In addition, we receive statistics with customizable filters and settings. We have an agreement with LinkedIn on joint responsibility, which can be accessed here: https://legal.linkedin.com/pages-joint-controller-addendum.

Purpose of Processing
The purpose of processing personal data via LinkedIn is to analyze user interactions and engagement with our company profile and content on the platform. LinkedIn uses the collected data to provide us with aggregated reports that describe visitor activity on our profile in detail, such as demographic insights and interaction patterns. These data also allow LinkedIn to support us with tools and services that optimize our presence on the platform and enhance our communication and networking strategies.

Legal Basis
The processing of personal data is based on our legitimate interest in understanding who visits our company profile and interacts with our content. The legal basis for this is Art. 6 (1) lit. f GDPR. In individual cases, processing may also rely on consent under Art. 6 (1) lit. a GDPR, which can be withdrawn at any time in accordance with Art. 7 (3) GDPR.

If you contact us via LinkedIn, we use the information you provide to process your request. Once processing is complete, and if no legal retention obligations exist, your data will be deleted.

The responsibility for the processing of personal data by LinkedIn and the associated rights regarding the use of the service and the creation of a profile lies with the provider. Further details can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

Right to Object
You always have the option to manage the setting, administration, and deletion of cookies in your browser according to your preferences. For example, if you do not want this tool to set cookies and collect information about you and your behavior, you can disable cookies in your browser settings at any time. However, in individual cases, this may prevent certain functions (e.g., shopping carts) on the websites you visit from working properly, even if you would like them to.

7.2. Privacy Policy Regarding the Use of YouTube
We have embedded videos from the video platform YouTube on our website. The operating company of YouTube is Google LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. It should be noted that YouTube has been a subsidiary of Google since 2006. For the European region, Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is responsible for all Google services, with supervisory authorities recognizing joint responsibility between the two Google companies.

YouTube is an online video platform that allows video publishers to upload video clips for free, and other users can watch, rate, and comment on them at no cost. YouTube permits the publication of all types of videos, so full-length film and TV programs, music videos, trailers, or user-generated videos can all be accessed through the portal.

When you visit our website, at least one cookie is set on pages where a YouTube video is embedded. This stores your IP address and our URL. If you are logged into YouTube during your visit, YouTube can usually associate your interactions with your profile. Data stored in this context may include your approximate location, session duration, bounce rate, and technical information about your browser type.

If you are not logged into your YouTube or Google account, Google stores data with a unique identifier linked to your device, browser, or app. This ensures, for example, that your preferred language settings are retained. However, fewer usage data are stored, as fewer cookies are set.

We process personal data only as long as necessary. Once the purpose of data processing has been fulfilled, the data is blocked and deleted according to our local deletion policy, unless legal retention obligations prevent deletion. If a cookie is set for you, it will automatically be deleted after its expiration period unless you delete it manually before that time.

In addition, we operate our own YouTube account and use it for simple communication with interested parties. YouTube is jointly responsible with us for the data that YouTube transmits to us as a company. The use of YouTube may involve increased risks for users, for example, if access to user data is restricted. We do not have access to these user data. Responsibility lies solely with YouTube. Further information on the processing of personal data by YouTube can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

Purpose of Processing
YouTube allows us to provide you with high-quality content easily. Through videos, we can give you a better understanding of our company, simplify complex topics, and offer a better online experience on our website.

Legal Basis
The use of the tool requires your consent, which forms the legal basis according to § 25 Abs. 1 TDDDG and Art. 6 (1) lit. a GDPR (consent). We obtain this consent via our consent tool and document it accordingly.

We also have a legitimate interest in communicating our company and offerings externally, which is based on Art. 6 (1) lit. f GDPR (legitimate interest).

We use this tool only if you have provided your consent.

The transmission of personal data to the USA via Google is carried out in compliance with the Data Privacy Framework. Google LLC is an active participant in the privacy framework. More information can be found here: https://www.dataprivacyframework.gov/.

Further information on the handling of personal data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

Right to Object
You always have the option to manage the setting, administration, and deletion of cookies in your browser according to your preferences. For example, if you do not want this tool to set cookies and collect information about you and your behavior, you can disable cookies in your browser settings at any time. However, in individual cases, this may prevent certain functions (e.g., shopping carts) on the websites you visit from working properly, even if you would like them to.

7.3. Privacy Policy Regarding the Use of X (formally Twitter)
We have integrated the social network X on our website. The operating company of X is X Corp, 865 FM 1209 Building 2, Bastrop, TX 78602, USA. For the European Union, the EFTA countries, and the United Kingdom, Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for all X services, with joint responsibility being assumed. If you reside in Switzerland, you can also contact Twitter Switzerland GmbH, Wasag Treuhand AG, Bolligenstrasse 18, Bern, 3006, Switzerland.

X is a multilingual, publicly accessible microblogging service where users can publish and share so-called tweets—short messages limited to 280 characters. These messages can be accessed by anyone, including people who are not registered on X. Tweets are also shown to the followers of the respective user. Followers are other X users who follow a user’s tweets. X also allows broad reach through hashtags, links, or retweets.

To our knowledge, merely embedding X functionality in the European Economic Area does not transmit any personal data or information about your web activity to X. Data is only transmitted, stored, and processed when you interact with an embedded X feature, for example, by clicking a button. In such cases, so-called "log data" is stored, including browser cookie IDs, hashed email addresses, demographic data, as well as information about the pages you visited and actions you performed on X.

We process personal data only as long as it is necessary. Once the purpose of data processing is fulfilled, the data is blocked and deleted according to our local deletion policy, unless legal obligations prevent deletion. If a cookie is set on your device, it will automatically be deleted after its storage period expires, unless you delete it manually beforehand. As a precaution, we note that, according to the European Court of Justice (ECJ), there is currently no adequate level of protection for data transfers to the USA. Therefore, various risks exist regarding the legality and security of data processing, including your personal data.

Purpose of Processing
X is suitable for us because we are strongly committed to our services and our company. It is therefore essential for us to communicate our company’s offerings externally. As a microblogging service, the social network is an important part of our public relations activities.

Legal Basis
The use of the tool requires your consent, which forms the legal basis under § 25 Abs. 1 TDDDG and Art. 6 (1) lit. a GDPR (consent). We obtain this consent via our consent tool and document it.

We also have a legitimate interest in communicating our company and offerings externally, which is based on Art. 6 (1) lit. f GDPR (legitimate interest).

We use this tool only if you have provided your consent.

The transmission of personal data to the USA via X is carried out in compliance with the Data Privacy Framework. X is an active participant in the privacy framework. More information can be found here: https://www.dataprivacyframework.gov/.

Further information on the handling of personal data can be found in X’s privacy policy: https://x.com/en/privacy.

Last update: March, 2026

Further information

Information obligations for business partners

Envoria Technical and Organizational Measures

Envoria Information on Subprocessors

Envoria Data Processing Agreement