Privacy policy

1) Introduction

By providing this privacy policy, we would like to inform the user about the type, scope, and purpose of the personal data we collect, use, and process. This privacy policy also informs data subjects about their rights.

It is generally possible to use this website without providing any personal data. However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

As part of our service offering or our business activities, we will only process personal data if there is a corresponding legal basis.

The processing of personal data such as the name, address, e-mail address, or telephone number of a data subject is always carried out in accordance with the General Data Protection Regulation and the country-specific data protection regulations that apply to us.

Within this privacy policy, technical terms are explained in a comprehensible manner and, if necessary, links to additional information are provided.

If you have any further questions, please use the links provided or contact us directly using the contact details below. These can also be found in the legal notice.

2a) Scope of application

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes

all online presences (websites, online stores) that we operate
Social media presence and email communication
mobile apps for smartphones and other devices

2b) Explanation of terms used

We always endeavor to write our privacy policy as clearly and comprehensibly as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (e.g. personal data) or certain technical terms (e.g. cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms have been taken from the GDPR and are definitions, we will also quote the GDPR texts here and add our own explanations if necessary.


Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term: “processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data that we process from you. In addition to controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. In addition to service providers such as tax consultants, processors can therefore also be hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.


Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term: “third party” means a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process the personal data;

Explanation: The GDPR basically only explains what a “third party” is not. In practice, a “third party” is anyone who also has an interest in the personal data but is not one of the above-mentioned persons, authorities, or bodies. For example, a parent company can act as a “third party”. In this case, the subsidiary group is the controller and the parent group is the “third party”. However, this does not mean that the parent company may automatically view, collect, or store the personal data of the subsidiary company.

Restriction of processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term: “restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;

Explanation: It is one of your rights that you can request processors to restrict your personal data for further processing operations at any time. For this purpose, specific personal data such as your name, date of birth, or your address are marked in such a way that further processing is no longer possible. For example, you could restrict processing to the effect that your data may no longer be used for personalized advertising.


Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term: “consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: In the case of websites, such consent is usually given via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree or consent to data processing. In most cases, you can also make individual settings and decide for yourself which data processing you allow and which you do not. If you do not give your consent, your personal data may not be processed. In principle, consent can of course also be given in writing, i.e. not via a tool.


Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term “recipient” means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

Explanation: Every person and every company that receives personal data is considered a recipient. This means that we and our processors are also so-called recipients. Only authorities that have an investigation mandate are not considered recipients.

Personal data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term “personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore all data that can identify you as a person. This is usually data such as

  • Name
  • Address
  • e-mail address
  • Postal address
  • Telephone number
  • Date of birth
  • Identification numbers such as social security number, tax identification number, identity card number or matriculation number
  • Bank data such as account number, credit information, account balances and much more.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently identify you as the owner of the connection. Therefore, the storage of an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called “special categories” of personal data, which are also particularly worthy of protection. These include

  • racial and ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic data, such as data taken from blood or saliva samples
  • biometric data (i.e. information on mental, physical or behavioral characteristics that can identify a person)
  • health data
  • data relating to sexual orientation or sex life


Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term “pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

Explanation: Our privacy policy often refers to pseudonymized data. Pseudonymized data means that you can no longer be identified as a person unless other information is added. However, you should not confuse pseudonymization with anonymization. Anonymization removes any personal reference, meaning that this can only be reconstructed with a disproportionate amount of technical effort.


Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term “Processing” means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we refer to processing in our privacy policy, we mean any kind of data processing. As mentioned above in the original GDPR declaration, this includes not only the collection but also the storage and processing of data.

3) Legal basis of the GDPR

In this privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.

As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course read this EU General Data Protection Regulation online at EUR-Lex, the gateway to EU law, at

We only process your data if at least one of the following conditions applies:

Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your data entered in a contact form.

Contract (Article 6(1)(b) GDPR): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.

Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.

Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and efficiently. This processing is therefore a legitimate interest.

Other conditions, such as the performance of recordings in the public interest and the exercise of official authority as well as the protection of vital interests, do not generally arise for us. If such a legal basis is relevant, it will be indicated at the appropriate point.

4) Contact details

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is

Niels Stummeyer
Herzog-Ferdinand-Str. 36
32425 Minden, Germany




5) Storage period

Our general criterion is that we only store personal data for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for the data processing no longer exists. There are certain situations in which we are legally obliged to store certain data even after its original purpose no longer applies, such as for accounting purposes.

If you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to store it.

We will inform you below about the specific duration of the respective data processing if we have further information on this.

6) Communication

Communication summary

If you contact us and communicate by telephone, e-mail, or online form, personal data may be processed.

The data is processed for the handling and processing of your question and the associated business transaction. The data will be stored for as long as required by law.

Affected persons

All those who contact us via the communication channels provided by us are affected by the aforementioned processes.


When you call us, the call data is stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to inquiries. The data will be deleted as soon as the business case has been completed and legal requirements permit.


If you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Online forms

If you communicate with us using an online form, data is stored on the web server used and may be forwarded to one of our e-mail addresses. The data will be deleted as soon as the reason for contacting us and/or the business case has ended and legal requirements permit.

Legal basis

The processing of the data is based on the following legal bases:

Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to store your data and to continue to use it for purposes relating to the business case;

Art. 6 para. 1 lit. b GDPR (contract): It is necessary for the performance of a contract with you or a processor, such as a telephone provider, or we need to process the data for pre-contractual activities, such as the preparation of an offer;

Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to handle customer inquiries and business communication in a professional manner. This requires certain technical facilities, such as email programs, exchange servers, and mobile network operators, in order to operate communication efficiently.

7) Data processing agreement (DPA)

We do not work alone but also use the services of other companies or individuals. Through the cooperation of various companies and service providers, it is possible that we have to pass on personal data for processing. These partners then act as processors with whom we enter into a contract called a processor agreement.

The use of your personal data takes place exclusively on our instructions and is regulated by the DPA in accordance with the GDPR. The agreement must be concluded in writing, although the electronic conclusion of the agreement is also considered “in writing” in this context. Personal data will only be processed on the basis of the contract.

8) Rights according to GDPR

In accordance with Articles 13, 14 GDPR, we inform you of the following rights to which you are entitled in order to ensure fair and transparent processing of data

According to Article 15 GDPR, you have a right to information as to whether we process data about you. If this is the case, you have the right to receive a copy of the data and the following information

  • the purpose for which we are processing the data
  • the categories, i.e. the types of data being processed
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and
  • the right to object to processing
  • that you can lodge a complaint with a supervisory authority
  • the origin of the data if we have not collected it from you
  • whether profiling is carried out, i.e. whether data is automatically analyzed in order to create a personal profile of you.

According to Article 16 GDPR, you have a right to rectification of data, which means that we must correct data if you find errors.

According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the erasure of your data.

According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it any further.

According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.

According to Article 21 GDPR, you have the right to object, which entails a change in processing after enforcement.

If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.

If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.

If data is used for profiling, you can object to this type of data processing at any time. We may then no longer use your data for profiling.

Under Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g. profiling).

According to Article 77 GDPR, you have the right to lodge a complaint. This means that you can lodge a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

9a) Web hosting

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company securely and user-friendly on the Internet and to be able to pursue attacks and claims from this if necessary.

An order processing contract (AVV – see point 7) was concluded between us and the hosting provider in accordance with Art. 28 f. GDPR in order to ensure compliance with data protection and guarantee data security.

Our hosting provider is the company

Hetzner Cloud GmbH
Feringastraße 12A
85774 Unterföhring

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

9a) CDN

Caching with the Quic.Cloud content delivery network

This website uses caching to enable a faster response time and a better user experience.

For this we use the caching provider

QUIC Cloud Inc,
150 Allen Rd, Suite 204,
Basking Ridge, NJ 07920, USA.

Caching potentially stores a duplicate copy of each web page displayed on this website. All cache files are temporary and are never viewed by third parties unless necessary to obtain technical support from the cache plugin provider. The cache files expire according to a schedule set by the website administrator, but can be deleted by the administrator before their natural expiration date if necessary. We may use services to temporarily process and cache your data.

Further information can be found in’s privacy policy at:
As well as the Data Processing Agreement at:
and the GDPR Subprocessors:

10) Security of data processing

As the data controller, we have taken numerous technical and organizational measures to ensure that the personal data processed via this website is protected as well as possible. Nevertheless, it is not guaranteed that internet-based data transmissions are fully protected, as security gaps may occur. For this reason, every data subject has the option of sending their personal data to us by alternative means, such as by telephone.

Article 25 of the General Data Protection Regulation states that security must be considered and appropriate measures taken through the design of technology and data protection-friendly default settings for both software (such as forms) and hardware (such as access to the server room).

We encrypt or pseudonymize personal data where possible. As far as possible, we prevent third parties from deriving personal information from our data, which we can do.

TLS encryption with https

We use HTTPS (the Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transmit data tap-proof on the Internet.

This means that the complete transmission of all data from your browser to our web server is secure – nobody can “listen in”.

We have thus added an additional protective barrier and ensured data protection in accordance with Article 25 (1) GDPR through the technical design. We can guarantee the protection of confidential data by using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet.

You can ensure that we use this security measure for data transmission by using the small lock symbol at the top left of the browser, to the left of the Internet address (such as and the https scheme (instead of http) in our Internet address.

Protection against unauthorized access

In order to protect our services, our access via our website and the stored data in the best possible way, we use tools and work together with contracted providers who, in our opinion and to the best of our ability, meet the appropriate and technical requirements. These tools and providers are listed in this privacy policy under point (16 “Security & Anti-Spam”).

11a) Cookies

We use cookies, local storage, and session storage on some of our websites. This improves the user-friendliness, efficiency, and security of our offer. A technology called Local Storage and Session Storage enables your browser to store information on your computer or mobile device. Cookies are small pieces of information that are saved and stored on a computer system through the use of an internet browser. You can prevent the use of cookies, LocalStorage, and SessionStorage through the settings in your browser.</p

Many websites and servers use cookies. Many cookies have their own cookie ID. A unique name for a cookie is its cookie ID. It consists of a sequence of characters that can be assigned to specific websites and servers where the cookie has been stored. It enables the visited pages and servers to distinguish the individual browser of the data subject from other Internet browsers that use other cookies. The cookie ID can be used to recognize a specific Internet browser.</p

The use of cookies enables the users of this website to provide services that would not be available without the use of cookies.

Through the use of cookies, the information and offers on our website can be customized for the user. As already mentioned, cookies enable us to recognize users of our website. The aim of this recognition is to make it easier for users to use our website. For example, visitors to a website that uses cookies do not have to re-enter their login details each time, as this is done by the website and the cookie stored on the user’s computer system. The cookie of an online store shopping cart is another example. A cookie is used by the online store to store the goods in the customer’s virtual shopping cart.

The data subject has the option at any time to prevent the use of cookies on our website by selecting the appropriate settings on their Internet browser and thus permanently object to their use. It is also possible to delete cookies that have already been saved at any time using an internet browser or other software applications. All common web browsers can do this. If someone deactivates the use of cookies in their web browser, it may not be possible to fully use all the functions of our website.

What types of cookies are there

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly explain the different types of HTTP cookies.

There are 4 different types of cookies:

Necessary cookies

These cookies are necessary to ensure basic website functions. For example, these cookies are needed when a user places a product in the shopping cart, then continues surfing on other pages, and only goes to the checkout later. These cookies ensure that the shopping cart is not deleted even if the user closes their browser window.

Purposeful cookies

These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.</p

Target-oriented cookies

These cookies ensure a better user experience. For example, entered locations, font sizes, or form data are saved.

Advertising cookies

These cookies are also known as targeting cookies. They are used to deliver customized advertising to the user. This can be very practical, but also very annoying.

When you visit a website for the first time, you are usually asked which of these cookie types you would like to allow. And of course, this decision is also saved in a cookie.

11b) Cookie Consent Management

What is a Cookie Consent Management Platform?

We use a Consent Management Platform (CMP) software on our website that makes it easier for us and you to handle scripts and cookies correctly and securely. The software automatically creates a cookie pop-up, scans, and checks all scripts and cookies, provides you with the cookie consent required under data protection law, and helps us and you to keep track of all cookies.

The cookie consent management tool identifies and categorizes all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or do not allow. You can accept or reject the cookies yourself via the consent system.

Real Cookie Banner

We use the “Real Cookie Banner” consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and the related consents. Details on how “Real Cookie Banner” works can be found at

The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR.Our legitimate interest is the management of the cookies and similar technologies used and the related consents.</p

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consent.

12) Registration

If you enter personal data during registration or data such as your IP address is collected, this data may be processed.

Please only enter the data that we require for registration, and if you are registering on behalf of a third party, only enter the data that we require for registration. If possible, use a reliable password that you do not otherwise use and an e-mail address that you check frequently.


On the controller’s website, the data subject can enter their personal data and register. The information about which personal data is passed on to the controller is highlighted on the registration screen. The personal data entered by the data subject is only collected and stored for the internal use of the controller and its own purposes. The controller may pass on the personal data to one or more processors, such as a payment service provider. This processor may also use the personal data exclusively for internal purposes attributable to the controller.

By registering on the website of the Data Controller, the IP address, date, and time of registration are also stored by the Internet Service Provider (ISP) of the data subject. The storage of this data is necessary to prevent the misuse of our services and, if necessary, to enable the investigation of crimes committed. Where it is necessary to store this data to protect the controller. In general, it will not be passed on to third parties unless there is a legal obligation to pass it on or the disclosure serves the purpose of criminal prosecution.

By voluntarily providing personal data, the Data Controller can offer the data subject content or services that are normally only available to registered users. People who are registered can modify or completely delete their personal data provided during registration at any time from the data set by the Data Controller.

Any person affected by the processing may at any time be informed by the Data Controller of what personal data is stored about him/her. In addition, the controller may amend or delete personal data at the request or notice of the data subject, provided that there are no statutory retention obligations to the contrary. In this regard, the data subject may contact any employee of the controller.

Storage period

As long as the account with the data exists and is used by us, as long as there are contractual obligations between us, and until the respective claims are time-barred, we store the data entered. In addition, we store your information for as long as and to the extent that we comply with legal obligations. After this date, we will keep the accounting documents that are part of the contract (invoices, contract deeds, bank statements, etc.) as well as other relevant business records for the time required by law (typically a few years).

Right to object

Have you registered, entered your data, and intend to stop the processing? No problem. As mentioned above, the rights under the General Data Protection Regulation apply both when registering, logging in, and after opening an account with us. To protect your rights, please contact the Data Protection Officer mentioned above. If you already have an account with us, it is easy for you to check or manage your data and texts in the account.

13) Web Analytics

The use of web analytics requires your consent. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as it may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offer technically and economically. With the help of web analytics, we can detect errors in the website, identify attacks, and improve profitability. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). We use the following tools for this purpose:

WP-Statistics (Plugin)

This website uses the WordPress analysis plugin WP-Statistics. The provider of this plugin is The data is used in an anonymized form to create simple statistics for reach measurement. For this purpose, no user profiles are created and no cookies are set. All data collected by WP-Statistics is stored completely anonymously on this web server. It is therefore not possible to personally identify a visitor, even retrospectively.

For more information, please visit:

14) Email Marketing

Why do we use email marketing?

Of course, we would like to stay in touch with you and provide you with the most important information about our company regularly. To achieve this, we use, among other things, email marketing, which is often referred to as a “newsletter” or “mailing list” and is an important part of our online marketing. We will send you our newsletter, lucrative offers, system emails, or other notifications via email, if you agree to this or if it is permitted by law.

To provide you with fast and secure newsletters, we commission a service provider who offers a professional mailing tool for our email marketing. Our email marketing aims to inform you about our products/services and to get closer to our business goals.

What data is processed?

When you register to subscribe to our newsletter on our website, you will be required to confirm membership by email to an email list. Your title, name, address, and telephone number may also be stored, in addition to your IP address and email address. However, only if you agree to the storage of this data. To participate in the service offered, you must enter the mentioned data. Providing it is voluntary, but failure to do so will prevent you from using the Service. In addition, it is possible to store data about your device or your preferred content on our website. We record your consent form so that we can always be sure that it complies with our laws.

Registration procedure “Double-Opt-In”

We use the “Double-Opt-In” procedure to subscribe to our mailing list. For this purpose, we will send you a confirmation request to the e-mail address you provided after you have entered your data for the first time in our mailing list forms, which you must actively confirm yourself. This is done by clicking on the link in the confirmation email. Without this confirmation, you will not be included in the Mailing list.

This is to ensure that we have received your consent to send our information (newsletter) to you and that your information is correct.

Duration of data processing

If you remove your email address from our email/newsletter distribution list, we have the right to retain your email address for a period of up to three years based on our legitimate interests to prove your consent. Only if we must defend ourselves against any claims do we have the right to process this data.

However, if you confirm that you have consented to us subscribing to the newsletter, you have the option of submitting your request for deletion at any time. If you do not permanently opt out of consent, we reserve the right to store your email address in a blacklist. If you voluntarily subscribe to our newsletter, we will of course also keep your e-mail address.

Right to object

You have the option of unsubscribing to the newsletter at any time. To achieve this, you simply need to withdraw your consent to subscribe to the newsletter. Generally, this only requires a few seconds or a click or two. There is a link at the bottom of each email to cancel the newsletter subscription. Please contact us by e-mail if the link in the newsletter is not available so that we can cancel your newsletter subscription immediately.

Legal basis

Our newsletter is sent based on your consent (Article 6 (1) (a) GDPR). This means that we are only allowed to send you a newsletter if you have previously actively subscribed to it. We may also be able to send you promotional messages if you have become our customer and have not objected to the use of your email address for direct marketing.

Information storage

Your data from the registration forms on our website will be stored on the server of our web hosting service provider. The data will not be passed on or processed by other service providers.

SMTP Services

To send the e-mails, we have commissioned service providers (so-called SMTP services) that comply with the requirements of the GDPR. These service providers regulate the technical and secure implementation of the sending of our e-mails as part of our newsletters as well as for service-required e-mails (e.g. with the registration on our website).

For this purpose, we use one or more of the following providers:

Order processing

We have concluded a contract for order processing (DPA within the meaning of point 7 of this data protection declaration) with the service providers listed.

15a) Shopping Tool System


On this website, the shop system SureCart is integrated as a plugin.

SureCart Inc. is the legal entity that operates the Service. SureCart Inc. Address: 2055 Limestone Rd, STE 200-C, Wilmington, Delaware 19808. Through the implemented functions, the above-mentioned data is sent, stored, and processed by SureCart Inc.

In order to operate the Service, SureCart needs to share your personal information with third parties, which are hosting companies, payment providers, license gateways, and support staff.

These sub-processors are:

  • TaxJar for tax calculation
  • CloudFlare to Optimize Storage and Content Delivery
  • UpCloud for Hosting

Why is SureCart used on this site?

SureCart is used to offer our digital products or services on our website in the best possible way. The aim is to provide you with simple, easy, but also the best possible and secure access to our range of products, so that you can get to your desired products easily, quickly and safely. You can view SureCart’s privacy policy here:

15b) Payment service providers and eCommerce

Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as they are necessary for the establishment, content design, or change of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process, and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transfer when concluding a contract for services and digital content

We only transmit personal data to third parties if this is necessary in the context of the execution of the contract, for example to the credit institution commissioned with payment processing.

Any further transmission of the data will not take place or will only take place if you have expressly consented to the transfer. Your data will not be passed on to third parties without explicit consent, for example for advertising purposes.

The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Payment Services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, bank account, credit card number) will be processed by the payment service provider for the purpose of payment processing.

These transactions are subject to the respective contractual and data protection provisions of the respective providers. The payment service providers are used on the basis of Art. 6 (1) (b) GDPR (contract processing) and in the interest of ensuring that the payment process is as smooth, convenient, and secure as possible (Art. 6 (1) (f) GDPR). Insofar as your consent is requested for certain actions, Art. 6 (1) (a) GDPR is the legal basis for data processing; Consents can be revoked at any time in the future.

Without the transmission of your personal data, we will not be able to process a payment through our payment service providers.

For some of the following payment service providers, you will need an account with the respective service provider in order to make the payment using the service provided by the service provider.

The use of payment service providers or the selection of payment options may be restricted due to country-specific conditions.

On this website, we use (depending on the user’s country, used web browser and offered options from the store framework) the following payment services/payment service providers :


The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (PayPal). Details can be found in PayPal’s privacy policy:

In order to make the payment, you need an account with this payment service provider.

Apple Pay

The provider of the payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple’s privacy policy can be found at:

In order to make the payment, you need an account with this payment service provider.

Google Pay

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy policy can be found here:

In order to make the payment, you need an account with this payment service provider.


The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter referred to as “Stripe”). Details can be found in Stripe’s privacy policy at the following link:


The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as “Klarna”). Klarna offers various payment options (e.g. installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found at the following link:

Details can be found in Klarna’s privacy policy at the following link:


The provider of this payment service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (hereinafter referred to as “Paydirekt”). If you make the payment via Paydirekt, Paydirekt collects various transaction data and forwards it to the bank with which you are registered with Paydirekt. In addition to the data required for payment, Paydirekt may collect other data such as delivery address or individual items in the shopping cart as part of the transaction processing. Paydirekt then authenticates the transaction using the authentication procedure stored at the bank for this purpose. The payment amount will then be transferred from your account to our account. Neither we nor third parties have access to your account details. Details on payment with Paydirekt can be found in the terms and conditions and the privacy policy of Paydirekt at:

Instant bank transfer

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter referred to as “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real-time and can immediately start fulfilling our liabilities. If you have opted for the payment method “instant bank transfer”, transmit the PIN and a valid TAN to Sofort GmbH, which they can use to log in to your online banking account. After logging in, Sofort GmbH will automatically check your account balance and carry out the transfer to us with the help of the TAN you have transmitted. She will then immediately send us a transaction confirmation. After logging in, your turnover, the credit limit of the overdraft facility, and the existence of other accounts as well as their holdings are also automatically checked. In addition to the PIN and TAN, the payment data entered by you as well as personal data will also be transmitted to Sofort GmbH. The data about you includes your first and last name, address, telephone number(s), e-mail address, IP address, and, if applicable, other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts. Details on how to pay with Sofortüberweisung can be found at the following links: and

16) Security & Anti-Spam

Why do we use security and anti-spam software?

We attach great importance to security on our website. After all, it’s not just about our safety, but above all about your safety. Unfortunately, cyber threats have become part of everyday life in the world of IT and the Internet. Hackers often try to steal personal data from an IT system with the help of a cyberattack. And therefore, a good defense system is absolutely necessary. A security system monitors all incoming and outgoing connections to our network or computer. In order to achieve even greater security against cyber attacks, we use other external security services in addition to the standardized security systems on our computers. This makes it easier to prevent unauthorized traffic of data and thus protect ourselves from cybercrime.

What data is processed by security and anti-spam software?

Of course, exactly which data is collected and stored depends on the respective service. However, we always try to use only programs that collect data very sparingly or only store data that is necessary for the performance of the service offered. In principle, the service may store data such as name, address, IP address, e-mail address and technical data such as browser type or browser version. Performance and log data can also be collected in order to detect possible incoming threats in good time. This data will be processed within the framework of the Services and in compliance with applicable laws. This also includes the GDPR for US providers (via the standard contractual clauses). In some cases, these security services also work with third-party service providers who may store and/or process data under the direction of and in accordance with the Privacy Policy and other security measures. Data is usually stored via cookies.

Duration of data processing

We will inform you about the duration of the data processing below, if we have further information on this. For example, security programs store data until you or we revoke data storage. In general, personal data will only be stored for as long as is strictly necessary for the provision of the services. In many cases, unfortunately, we lack precise information from the providers about the length of storage.

Right to object

You also have the right and the opportunity to withdraw your consent to the use of cookies or third-party security software providers at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent the collection of data by cookies by managing, disabling or deleting cookies in your browser.

Legal basis

We use the security services mainly on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) in a good security system against various cyber attacks.

Certain types of processing, in particular the use of cookies and the use of security functions, require your consent. If you have consented to your data being processed and stored by integrated security services, this consent is considered the legal basis for data processing (Art. 6 (1) (a) GDPR). Most of the services we use place cookies on your browser to store data. Therefore, we recommend that you read our privacy policy on cookies carefully and look at the privacy policy or cookie policy of the respective service provider.

SolidWP Privacy Policy

We use SolidWP Security, a security plugin for the WordPress content management system, to protect our website. SoildWP is part of StellarWP brands and belongs to the company Liquid Web LLC (2703 Ena Drive, Lansing, MI 48917, USA).

Your information will also be processed by SolidWP in the United States. It is emphasized that the European Court of Justice does not currently have a sufficient level of protection for the transfer of data to the USA. This can lead to a variety of problems for the legality and security of data processing.

SolidWP uses standard contractual clauses (= Art. 46 paras. 2 and 3 GDPR) to process or pass on data to recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, in particular in the USA). The EU Commission offers Standard Contractual Clauses (SCC) to ensure that your data complies with European data protection standards when it is transferred to and stored in third countries (such as the US). Liquid Web is committed to complying with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. The decision and the corresponding standard contractual clauses are available, among others, here:

There is a link to download the Data Processing Addendum on the website

For more information on data processing by SolidWP or Liquid Web, please refer to the Privacy Policy: (WAF)

In order to provide the website securely and as smoothly as possible, we use the provider

When you visit this website, personal data is processed.

Categories of data processed:
Technical connection data of server access (IP address, date, time, page requested, browser information).

Purpose of processing:
Delivery and provision of the website.

Legal basis for processing:
A legitimate interest that overrides the rights and freedoms of data subjects (Art. 6 (1) f GDPR).

Legitimate interests in this context
Strong economic interest in the safe and functioning operation of the technical systems.

A transfer of data takes place:

to the processor

QUIC Cloud Inc.,
150 Allen Rd., Suite 204,
Basking Ridge,
NJ 07920, USA.

Further information can be found in’s privacy policy at:
As well as the Data Processing Agreement at:
and the GDPR Subprocessors:

Duration of processing:

Variable and ends with the cessation of the purpose of processing.

We have concluded a data processing agreement with the service provider (DPA – see point 7) in accordance with Art. 28 et seq. GDPR in order to ensure compliance with data protection and to guarantee data security.

17) Audio & Video


We have embedded YouTube videos on our website. This allows us to present you with interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you access a page on our website that has embedded a YouTube video, your browser automatically connects to the YouTube or Google servers. Depending on the settings, different data is transmitted. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all data processing in Europe.

We also inform you about our offer on YouTube. The YouTube videos are integrated into our website but are stored on YouTube’s server.

When you visit the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. When you play the videos, additional data is transmitted to YouTube, especially with regard to your online usage behavior. The videos will therefore be blocked until you, as a user, agree to YouTube’s consent to cookies. The goal of YouTube is to create a usage profile of you. This happens regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly associated with your account. Since 2006, the YouTube platform has been owned by the Google Group.

YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) in order to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube in order to exercise this right.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:

Since YouTube is a subsidiary of Google, there is a common privacy policy. If you would like to learn more about the handling of your data, we recommend that you read the privacy policy under;

Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield,

Legal basis: Legal basis for data processing (Art. 6(1)(a) GDPR).

To provide video content in the online course area, we use the provider (

When you visit this website, personal data is processed.

Categories of data processed:
 technical connection data of server access (IP address, date, time, page requested, browser information).

Purpose of processing:
Delivery and provision of the website.

The legal basis for processing:
 A legitimate interest that overrides the rights and freedoms of data subjects (Art. 6 (1) f GDPR).

Legitimate interests in this context:
 strong economic interest in the safe and functional operation of the technical systems.

A transfer of data takes place:

to the processor Bunny CDN (

Cesta Komandanta, Staneta 4a,1215 Medvode, Slovenia

Duration of processing: is variable and ends when the purpose of processing ceases to exist.

We have concluded a data processing agreement with

18) Social Media Connection

Facebook Pixel

This website uses Facebook’s visitor action pixels to measure conversions. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected will also be transferred to the USA and other third countries.

In this way, the behavior of site visitors can be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and for future advertising measures to be optimized.

The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable ads to be placed on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of Facebook pixels is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.

You can find further information on how to protect your privacy in Facebook’s privacy policy:

You can also opt out of the Custom Audiences remarketing feature in the Ad Settings section of

If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance:


Mash Share Plugin

To ensure data protection, we use the “Social Media Share Buttons” plugin from MashShare.

We have made all the settings in the plugin so that no personal data is transmitted.

If you click through to a social network or a web-based favorites list, you will leave our website and go to an external website whose privacy policy may differ from ours.

19a) Additional Disclosures for Australian Privacy Act Compliance (AU)

International Transfers of Personal Information
Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

19b) Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)

Data Controller / Data Processor

The GDPR distinguishes between organizations that process personal information for their own purposes (known as “data controllers”) and organizations that process personal information on behalf of other organizations (known as “data processors”). We, located at the address provided in our imprint section, are a Data Controller with respect to the personal information you provide to us.

Legal Bases for Processing Your Personal Information

We will only collect and use your personal information when we have a legal right to do so. In this case, we will collect and use your personal information lawfully, fairly, and in a transparent manner. If we seek your consent to process your personal information, and you are under 16 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose.

Our lawful bases depend on the services you use and how you use them. This means we only collect and use your information on the following grounds:

Consent From You

Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however, this will not affect any use of your information that has already taken place. You may provide a physical address for the purpose of receiving orders. While you may change or delete this address at any time, this will not affect orders that have already been sent. If you have any further inquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.

Performance of a Contract or Transaction

Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you. For example, if you purchase a product, service, or subscription from us, we may need to use your personal and payment information in order to process and deliver your order.

Our Legitimate Interests

Where we assess whether it is necessary for our legitimate interests, such as for us to provide, operate, improve, and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests.

Compliance with Law

In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. If you have any further inquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.

International Transfers Outside of the European Economic Area (EEA)

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

Your Rights and Controlling Your Personal Information

Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

Objecting to processing: You have the right to object to the processing of your personal information that is based on your legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.

Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.

Deletion: You may have a right to request that we delete the personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records. If you ask us to delete your personal information, we will let you know how the deletion affects your use of our website or products and services.

There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request. If you terminate or delete your account, we will delete your personal information within One Business Day days of the deletion of your account. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, like certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.

19c) Additional Disclosures for California Compliance (US)

Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes.
To make such a request, please contact us using the details provided in this privacy policy with “Request for California privacy information” in the subject line. You may make this type of request once every calendar year. We will email you a list of categories of personal information we revealed to other organisations for their marketing purposes in the last calendar year, along with their names and addresses. Not all personal information shared in this way is covered by Section 1798.83 of the California Civil Code.

Do Not Track

Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser “Do Not Track” signals.
We adhere to the standards outlined in this privacy policy, ensuring we collect and process personal information lawfully, fairly, transparently, and with legitimate, legal reasons for doing so.

Cookies and Pixels

At all times, you may decline cookies from our site if your browser permits. Most browsers allow you to activate settings on your browser to refuse the setting of all or some cookies. Accordingly, your ability to limit cookies is based only on your browser’s capabilities. Please refer to the Cookies section of this privacy policy for more information.

CCPA-permitted financial incentives

In accordance with your right to non-discrimination, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels for the goods or services we provide.
Any CCPA-permitted financial incentive we offer will reasonably relate to the value of your personal information, and we will provide written terms that describe clearly the nature of such an offer. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

California Notice of Collection

In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act:
Identifiers, such as name, email address, phone number account name, IP address, and an ID or number assigned to your account.
Customer records, such as billing and shipping address, and credit or debit card data.
Geolocation data.

For more information on information we collect, including the sources we receive information from, review the “Information We Collect” section. We collect and use these categories of personal information for the business purposes described in the “Collection and Use of Information” section, including to provide and manage our Service.

Right to Know and Delete

If you are a California resident, you have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific pieces of personal information we have collected about you.

To exercise any of these rights, please contact us using the details provided in this privacy policy.

Shine the Light

If you are a California resident, in addition to the rights discussed above, you have the right to request information from us regarding the manner in which we share certain personal information as defined by California’s “Shine the Light” with third parties and affiliates for their own direct marketing purposes.
To receive this information, send us a request using the contact details provided in this privacy policy. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code.

20) Conclusion

As you can see from the scope of our privacy policy, we do not take the protection of your personal data lightly.

It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. In doing so, we not only want to tell you which data is processed but also give you an understanding of the reasons for using various software programs. As a rule, privacy policies sound very technical and legal. However, since most of you are not web developers or lawyers, we also wanted to take a different linguistic approach and explain the facts in simple and clear language.

If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible body.