We do not store or collect any personal data. All the data you enter in the app is securely encrypted and only stored on your device. However, we collect anonymised statistics on website visits and app usage. We use the data protection-friendly solutions Umami and Aptabase for this purpose. Both are hosted by us on a server in Germany.

If you have any questions about data protection, please contact us. You can find more legal information below.

Responsible person

Data protection

The use of this website is usually possible without providing personal data. As far as on our pages personal data (such as name, address or e-mail addresses) are collected, this is as far as possible on a voluntary basis. This data will not be passed on to third parties without your express consent. We point out that data transmission over the Internet (eg communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible. The use of contact data published on this website by third parties for the purpose of sending unsolicited advertising and information material is hereby expressly prohibited. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam e-mails. This privacy policy applies to this website, the windows applications and within external online presences, such as social media profiles or other pages (hereinafter collectively referred to as "Online offers").

The terms used are not gender specific.

Last updated: 2024-03-24

Security Measures

We take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the various probabilities of occurrence and the level of risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to data as well as access to, entry into, disclosure of, assurance of availability of, and segregation of data concerning them. Furthermore, we have established procedures to ensure the exercise of data subjects rights, the deletion of data, and responses to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software as well as procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings. SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

Provision of the online offer and web hosting

We process user data in order to be able to provide our online services to them. For this purpose we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the browser or the end device of the user.

Further information on processing procedures, procedures and services:

• Persons affected: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures.
• Types of data processed: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR.

• Collection of access data and log files: Access our online offer is accessed in the form of so-called "server log files". logged. The address and name of the retrieved websites and files, date and time of retrieval, amounts of data transferred, notification of successful retrieval, browser type and version, the users operating system, referrer URL (the previously visited page) and, as a rule, IP Addresses and the requesting provider belong. The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure server utilization and stability; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR; Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or made anonymous. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
• Provision of online offer on rented storage space: We use storage space, computing capacity and software to provide our online offer, which we rent or otherwise obtain from a corresponding server provider (also called "web hoster"); Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR.
• netcup: Services in the field of providing information technology infrastructure and related Services (e.g. storage space and/or computing capacity); Service provider: netcup GmbH, Daimlerstraße 25, D-76185 Karlsruhe, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR; Website: https://www.netcup.de/ ; Privacy Policy: https://www.netcup .de/kontakt/datenschutzerklaerung.php ;

Analysis, monitoring and optimisation

The analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and the app and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognise at what time our online offering or its functions or content are most frequently used or invite reuse. We can also understand which areas require optimisation.

In addition to web analysis, we may also use test procedures, e.g. to test and optimise different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarised for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read out from it. The information collected includes, in particular, websites visited and the elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored for web analysis, A/B testing and optimisation purposes, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.

• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles).
• Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
• Security measures: IP masking (pseudonymisation of the IP address).

Services and service providers used:

• umami: The open-source tool focuses on user privacy. No cookies are used, all data is completely anonymized and no personal data is collected or shared with third parties. The tool is hosted on the same server as this website, which is why no data is transferred to third parties. Website: Umami.is
• Aptabase: A privacy-friendly open-source app analytics tool. All data is completely anonymized and no personal data is collected or shared with third parties. The tool is hosted on the same server as this website in Germany. Website: aptabase.com

Changes and updates to the data protection declaration

• Persons affected: Users (e.g. website visitors, users of online services).
• Purposes of processing: contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing.
• Types of data processed: contact details (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR.

We ask you to inform yourself regularly about the content of our data protection declaration . We will adapt the data protection declaration as soon as the changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this data protection declaration, please note that the addresses can change over time and ask you to check the information before contacting us.

Rights of data subjects

As a data subject, you have various rights under the GDPR, which result in particular from Art. 15 to 21 GDPR:

• Right of withdrawal in the case of consent: You have the right to withdraw your consent at any time.
• Right to information: You have the right to request confirmation as to whether the data in question is being processed and information about this data as well as further information and a copy of the data in accordance with the legal requirements.
• Right to rectification: In accordance with legal requirements, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
• Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately, or alternatively in accordance with the legal requirements Request restriction of the processing of the data.
• Right to data transferability: You have the right to have data relating to you that you have provided to us, in accordance with the legal requirements, in a structured, common and machine-readable format or to request its transmission to another responsible party.
• Right to object: You have the right, for reasons which If your particular situation arises, you can object at any time to the processing of your personal data, which is based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising.
• Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority , in particular in the Member State of your usual place of residence, your place of work or the place of the alleged infringement if you believe that the processing of your personal data violates the provisions of the GDPR.

Definition of Terms

This section provides you with an overview of the terms used in this data protection declaration. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for understanding. The terms are sorted alphabetically.

• Personal data: "Personal data" is any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Profiles with user-related information: The processing of "profiles with user-related information" or "profiles" for short; includes any type of automated processing of personal data that consists of using this personal data to measure certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information regarding demographics, behavior and interests, such as interaction with websites and their content, etc.), to analyze, evaluate or predict them (e.g. interests in specific content or products, click behavior on a website or whereabouts). Cookies and web beacons are often used for profiling purposes.
• Range measurement: The range measurement (also known as web analytics) serves to evaluate the flow of visitors to an online offer and can determine the behavior or interests of visitors in certain information, such as the content of websites, include. With the help of the range analysis, website owners can, for example, see at what time visitors visit their website and what content they are interested in. This allows them, for example, to better adapt the content of the website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for range analysis purposes in order to recognize returning visitors and thus obtain more precise analyzes of the use of an online offer.
• Responsible: As "Responsible" is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
• Affiliate tracking: Affiliate tracking logs links that the linking websites use to direct users to websites that offer products or other services. The operators of the linked websites can receive a commission if users follow these so-called affiliate links and then take advantage of the offers (e.g. buy goods or use services). To do this, it is necessary for the providers to be able to track whether users who are interested in certain offers subsequently perceive them at the instigation of the affiliate links. It is therefore necessary for the functionality of affiliate links that they are supplemented with certain values that become part of the link or are stored in some other way, e.g. in a cookie. The values include in particular the source website (referrer), the time, an online ID of the operator of the website on which the affiliate link was located, an online ID of the respective offer, an online ID of the user and tracking-specific values , such as advertising ID, partner ID and categorizations
• Processing: "Processing" is any process or series of processes carried out with or without the aid of automated processes in connection with personal data. The term goes far and covers practically every handling of data, be it collection, evaluation, storage, transmission or deletion.