Privacy Policy

Introduction

Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information about how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations.

Controller within the meaning of data protection law

fitnessRAUM.de GmbH für Sport und Fitness online

Kirchstr. 18

69115 Heidelberg, Germany

Data Protection Officer

Proliance GmbH / www.datenschutzexperte.de

Data Protection Officer

Leopoldstraße 21

80802 Munich

When contacting our Data Protection Officer, please specify the company to which your request relates. Please refrain from enclosing sensitive information such as a copy of an identification document with your request.

Definitions

Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

Access to and storage of information in terminal equipment

By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.

In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of § 25 (1) s. 1, (2) no. 2 TTDSG.

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of § 25 (1) TTDSG with your consent pursuant to Art. 6 (1) lit. a GDPR. The consent can be revoked at any time with effect for the future.

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.

Web Hosting

This website is hosted by an external service provider (hoster). This website is hosted in the EU. Personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website. We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 (1) lit. f GDPR. We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.

For further hosting services (including the hosting of photos), we also use the provider "AWS" (Amazon Web Services EMEA SARL, 38, avenue John F. Kennedy, 1855 Luxembourg) on this website. Personal data (including the IP address) may be transmitted to this provider when you visit the website. We have concluded a Data Processing Agreement with AWS in accordance with the requirements of Art. 28 GDPR, in which we commit AWS to protect the data of our customers and not to pass them on to third parties. Since a transfer of personal data by AWS to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Amazon.com, Inc. and other AWS affiliates are certified under the EU-U.S. Data Privacy Framework and are therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search. For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.

Server- Logfiles

Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server:

Date and time of the request
Name of the requested file
Page from which the file was requested
Access status
Web browser used and operating system used
(Full) IP address of the requesting computer
Transmitted amount of data

We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you. The log files are processed for the purpose of evaluating system security and stability as well as for administrative purposes. The log files serve to evaluate system security and stability as well as administrative purposes. The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 (1) lit. f GDPR.

For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. After 180 days at the latest, the data is made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. This data is not evaluated in anonymous form except for statistical purposes. This data is not combined with data from other data sources.

Contact form and e-mail

If you send us an enquiry using the contact form or by e-mail, we will store the information you provide on the form or in your e-mail, including your contact details, for the purposes of processing your enquiry and for any follow-up enquiries. Under no circumstances will we pass on this information without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR and, where applicable, Art. 6 (1) lit. b GDPR if your request is for the purpose of concluding a contract. Your data will be deleted after processing your request, unless there is a legal obligation to retain the data. You can object to the processing of your personal data at any time in the case of Art. 6 (1) lit. f GDPR.

Registration and customer account

You have the option to register for certain services (programmes and courses) offered on our website and thereby create a customer account. As part of the registration and set-up process, we process the following personal information:

First name, last name, title
e-mail address
Password
Date and time of registration
Your customer account will enable you to use other parts of our service and to log in to the services you have purchased. We also store the following information in this account

Additional identification information: Member ID
Contract data: Membership type, membership status, subscription interval, contract status, contract term, contract number.
Payment information (including credit card details, direct debit details, PayPal)
The legal basis for the processing of the data required for the provision of the customer account and the provision of the requested services (programmes/courses) is Art. 6 (1) lit. b GDPR.

In the customer account you also have the opportunity to provide further optional information to personalise your customer profile and training plan:

Profile picture, gender
Community settings (settings for publishing profile picture and nickname)
Weekly goals (calories burned and minutes worked)
Activities (activity type, duration, calories)
Training plan/diary
Favourites (saved courses, course ratings, user notes on courses)
Fitness profile: weight, height, age, waist/hip, waist/hip, chest/chest circumference and body mass index (BMI) calculated from these data.
The legal basis for the processing of this data is your consent pursuant to Art. 6 (1) lit. a GDPR or according to Art. 9 (2) lit. a GDPR, insofar as special categories of personal data are processed. You may revoke your consent at any time with effect for the future by deleting the relevant data in your customer account.

In your customer account you also have the option to give consent to the processing of your e-mail address for the purpose of sending newsletters, training reminders and reminder mails. The legal basis for processing this data is your consent pursuant to Art. 6 (1) lit. a GDPR. Further information about our newsletters can be found in the "Newsletter" section. The technical service provider “Brevo” (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany) is used to send out our membership-related info e-mails. We concluded a Data Processing Agreement with the provider. The data is stored on Brevo's servers primarily in Germany and France. Due to affiliated companies of Brevo and other sub-processors used by Brevo, a transfer of personal data to countries outside the EU/EEA (e.g. U.S.) is possible. Therefore, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have contractually agreed with the provider that he will ensure the conclusion of standard contractual clauses in accordance with Art. 46 (2) lit. c GDPR or other appropriate safeguards in accordance with Art. 44 et seqq. GDPR. These obligate the recipients of the data in countries outside the EU to process the data in accordance with the level of protection in Europe. When conducting surveys, we use the technical service provider “MailChimp" (The Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA). We concluded a Data Processing Agreement with the provider. Since a transfer of personal data to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. The Rocket Science Group is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search. For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.

Your data will be deleted as soon as the user account on our website is deleted and unless there is a legal obligation to retain the data. You can initiate a change and/or deletion of your user account, including the data you have provided, either directly via your customer account or by sending a message to .

Use of payment service providers

To place an order in our online shop, it is necessary for the conclusion of the contract that you provide us with your (personal) data. This data is required for the processing of your order. Mandatory information required for the processing of the contract is marked separately, other information is voluntary. We process the information you provide to process your order. For this purpose, we may pass on your payment details to our house bank. The legal basis for this is Art. 6 (1) lit. b GDPR.

You can also voluntarily create a customer account, which allows us to store your details for future purchases. If you create an account under "My Data", the data you provide will be stored by us for this purpose. The legal basis for this is your consent in accordance with Art. 6 (1) lit. a GDPR. You may revoke your consent at any time with effect for the future. In the customer area we also offer you the possibility to delete your user account at any time.

Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. After two years, however, we restrict the processing of your data, i.e. your data will only be used to comply with legal obligations.

To prevent unauthorised third-party access to your personal information, particularly financial information, the order process is encrypted using TLS technology.

In connection with the purchase of our products through our online shop, we offer our customers efficient and secure payment options and, in addition to banks and credit institutions (collectively, "Payment Service Providers"), we use other Payment Service Providers for this purpose.

Depending on which payment option you choose when placing your order, we will pass on the data required to process the payment to the bank or payment service provider entrusted with the payment. The necessary data transfer to the payment service providers is based on Art. 6 (1) lit. b GDPR (necessity for the fulfilment of the contract) as well as Art. 6 (1) lit. f GDPR (legitimate interest in a convenient and secure payment process).

The data processed by the payment service providers include inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information, but also meta/communication data (device information, IP addresses). The information is required to carry out the transactions. However, the data entered is only processed and stored by the payment service providers under their own responsibility. In other words, we do not receive any account or credit card information, only information confirming or denying the payment. Under certain circumstances, the Payment Service Providers may transmit the data to credit reference agencies. The purpose of this transfer is to verify identity and creditworthiness. Please refer to the terms and conditions and privacy policies of the payment service providers.

The general terms and conditions and the data protection information of the respective payment service providers apply to the payment transactions and can be accessed within the respective websites or transaction applications. We also refer you to them for further information and to exercise your right of objection, information and other rights as a data subject.

Services used and service providers:

Credit card and direct debit: Unzer GmbH (Unzer), Schöneberger Str. 21 a, D-10963 Berlin; Die Datenschutzerklärung von Unzer findest du unter: https://www.unzer.com/de/datenschutz/
PayPal: Payment services; Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; PayPal's privacy policy can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Advertising

If we have obtained your e-mail address from you in connection with the sale of a product or service and have indicated this at the time of collection, we may use this address for direct advertising of our own similar goods or services. The legal basis for this processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR (§ 7 Abs. 3 UWG). You can object to this use at any time without incurring any costs other than the transmission costs according to the basic rates.

Newsletter

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we need your e-mail address as mandatory information. If you register for the newsletter without having an active membership with fitnessRAUM.de, we use the so-called double opt-in procedure for security reasons. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you agree to receive newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the e-mail address, wish to receive future newsletters. By confirming, you give us your consent in accordance with Art. 6 (1) lit. a GDPR that we may use your personal data for the purpose of sending the requested newsletter.

When you register for the newsletter, in addition to the e-mail address required to send the newsletter, we also store the IP address used to register for the newsletter, as well as the date and time of registration and confirmation, in order to be able to detect any misuse at a later date. The legal basis for this is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

You can unsubscribe from the newsletter at any time using the link provided in each newsletter or by sending an e-mail to the above-mentioned contact details of the controller. Once you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the collected data, or the continued processing is otherwise legally permitted.

Our email newsletters are sent via the technical service provider “Brevo” (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany) to whom we pass the information you provide when registering for the newsletter. We concluded a Data Processing Agreement with the provider. The data is stored on Brevo's servers primarily in Germany and France. Due to affiliated companies of Brevo and other sub-processors used by Brevo, a transfer of personal data to countries outside the EU/EEA (e.g. U.S.) is possible. Therefore, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have contractually agreed with the provider that he will ensure the conclusion of standard contractual clauses in accordance with Art. 46 (2) lit. c GDPR or other appropriate safeguards in accordance with Art. 44 et seqq. GDPR. These obligate the recipients of the data in countries outside the EU to process the data in accordance with the level of protection in Europe.

Based on your consent according to Art. 6 (1) lit. a GDPR, our provider uses this information to send the newsletter and track your interaction with our newsletters for statistical analysis on our behalf. For this purpose, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This allows us to determine whether a newsletter message has been opened and, if so, which links have been clicked. Conversion tracking may also be used to analyse whether a pre-defined action (e.g. purchase of a product on our website) was taken after clicking on the link in the newsletter. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). The data is collected under a pseudonym and is not linked to your other personal data; a direct personal reference is therefore excluded. This data is used exclusively for statistical analysis of newsletter campaigns. The results of this analysis may be used to better tailor future newsletters to the interests of the recipients. If you wish to revoke your consent to data analysis for statistical purposes, you must unsubscribe from the newsletter.

Comments and Community

As a registered customer of our website, you can leave comments on individual courses and articles. To do this, we need your name or the pseudonym you have chosen in your customer account. Your comment will be linked to your account. This link is made for security reasons and to be able to contact you if a comment infringes the rights of a third party or contains illegal content.

The storage and publication of comments is based on your consent (Art. 6 (1) lit. a GDPR). You may withdraw your consent at any time. All you need to do is send us an informal e-mail. The lawfulness of data processing already carried out shall remain unaffected by the revocation.

The storage of additional information (link to customer account) is based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR in the traceability of the comments and their authors, as we can be prosecuted for illegal content on our website, even if it was created by users. We reserve the right to delete comments if they are objected to as unlawful by third parties.

Reward Programm „Friends 4 Friends“

Our website gives you the opportunity to refer friends and earn rewards for yourself and the person you refer. We need your name and e-mail address, in order to verify your eligibility to participate in the referral program and to process the rewards. The legal basis for the processing of personal data for these purposes is consent pursuant to Art. 6 (1) lit. a GDPR. This consent can be revoked at any time with effect for the future by contacting the above-mentioned contact details of the controller. However, in the event of revocation of consent, the processing of the reward cannot be guaranteed.

Job Application

If you apply for a job at our company by email, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number and email address of the user) as well as other data provided by you regarding your background (e.g. CV, qualifications, degrees and work experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability).

Your personal data generally is collected directly from you during the application process and is encrypted during electronic transmission. The primary legal basis for this is § 26 para. 1 BDSG. In addition, consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 26 para. 2 BDSG can be a legal basis. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.

Within our company, only those persons and positions (e.g. human resources) have access to your personal data which absolutely need to carry out the application procedure or to fulfil our legal obligations. Your applications will be forwarded to the responsible person for examination. Under no circumstances will your personal data be passed on to third parties without authorisation.

Your data for an application for a specific job advertisement will be stored and processed by us during the ongoing application process. Once the application process has been completed (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after the application process has been completed. The data of selected applicants will be stored securely for up to one year, provided that the applicants have given their consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 26 para. 2 BDSG. You can revoke your consent at any time with effect for the future. For this purpose, an informal e-mail to the contact details of the person responsible listed above is sufficient. If you are accepted, your application documents will be transferred to the personnel file.

Google Fonts

We use "Google Fonts" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: "Google"). Google Fonts enables us to use external fonts. For this purpose, the required Google Fonts are loaded into your browser cache by our web server when you access our website. This is necessary so that your browser can display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display.

The fonts are hosted by us and therefore are not loaded by an external provider. This requires the processing of your IP address.

We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly. The legal basis for the data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR).

Cookies

Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behaviour or display advertising.

The processing of data using strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the technically error-free delivery of our services. For details on the processing purposes and legitimate interests, please refer to the following explanations on the specific data processing.

The processing of personal data using other cookies is based on consent in accordance with Art. 6 (1) lit. a GDPR. The consent can be revoked at any time with effect for the future. Insofar as such cookies are used for analysis and optimisation purposes, we will inform you separately about this in this privacy policy and obtain your consent in accordance with Art. 6 (1) lit. a GDPR.

You can set your browser to

be informed about the setting of cookies,
only allow cookies in individual cases,
exclude the acceptance of cookies for certain cases or generally,
activate the automatic deletion of cookies when the browser is closed.
The cookie settings can be managed under the following links for each browser:

Die Cookie-Einstellungen können unter den folgenden Links für die jeweiligen Browser verwaltet werden:

Google Chrome
Mozilla Firefox
Edge (Microsoft)
Safari
Opera

You can also manage cookies of many companies and functions used for advertising individually. To do so, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be "tracked" for behavioural advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Google Chrome
Mozilla Firefox
Edge (Microsoft)
Safari
Opera

Change cookie settings

You can withdraw or change your cookie preferences at any time. You can do this by accessing the cookie settings again via the link in the footer of our website (at the bottom of our website).

Google Tag Manager

This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user's IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it will remain for all tracking tags as long as they are implemented with the Google Tag Manager.

We use the Google Tag Manager based on your consent pursuant to Art. 6 (1) lit. a GDPR.

Since a transfer of personal data by Google to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.

YouTube (No Cookies)

On our website we embed videos from "YouTube", a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). The legal basis for the processing of your personal data is your given consent according to Art. 6 (1) lit. a GDPR.

When the display of the embedded YouTube videos is started by your consent, a server call is made, usually to a Google server in the United States. This server is informed of the page you have accessed, and the IP address of the visitor's browser is transmitted to Google and stored by Google.

If you are signed in to Google, your information may also be associated with your account when you click on a video. If you do not want your data associated with your YouTube profile, you must sign out before activating the button. Google will store this information in the form of a user profile and use it for the purposes of advertising, market research and/or improving the user experience on its websites. In particular, this analysis is used (including for users who are not logged in) to display relevant advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To do so, please contact Google directly.

Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy

Google Analytics 4

This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which can be utilized to analyze the use of websites.

When using Google Analytics 4, so-called "cookies" are used. The information collected by cookies about your use of the website (including the IP address transmitted by your terminal device, of which the last digits are shortened, see below) is usually transmitted to a Google server and stored and processed there. This may also result in the transmission of information to the servers of Google LLC, a company based in the U.S., where the information is further processed.

When using Google Analytics 4, the IP address transmitted by your terminal device during your use of the website is always collected and processed automatically and by default only in a shortened form, so that a direct reference of the collected information to your person is excluded. This automatic anonymization is carried out by Google shortening the IP address transmitted by your terminal device within member states of the European Union (EU) or other contracting states of the Agreement on the European Economic Area (EEA) by the last digits.

On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports about your website activities and usage behavior, and to provide us with other services related to your website and internet usage. In this context, the shortened IP address transmitted by your terminal device in the context of Google Analytics 4 will not be merged with other data from Google. The data collected during the use of Google Analytics 4 will be retained for 12 months and then deleted.

Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the involvement of third-party information via a special function, the so-called "demographic characteristics". This makes it possible to determine and distinguish between groups of website users for the purpose of targeted marketing measures. However, data collected via the "demographic characteristics" cannot be assigned to a specific person and thus not to you personally. This data collected via the "demographic characteristics" function is retained for 12 months and then deleted.

All processing described above, in particular the placement of Google Analytics cookies for the storage and reading of information on the terminal device used by you for the use of the website, will only take place if you have given us your express consent for this in accordance with Art. 6 (1) lit. a GDPR. Without your consent, Google Analytics 4 will not be used during your visit to the website.

As an extension of Google Analytics 4, the "UserIDs" function is also used for this website. By assigning individual UserIDs, we can have Google create cross-device reports (so-called "cross-device tracking"). This means that your usage behavior can also be analyzed across devices if you have given your corresponding consent to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a GDPR, if you have set up a personal account by registering on this website and are logged into your personal account on different end devices with your relevant login data. The data collected in this way shows, among other things, which end device was used to click on an ad for the first time and which end device was used for conversion.

We have concluded a so-called data processing agreement with Google for our use of Google Analytics 4, by which Google is obliged to protect the data of our website users and not to pass it on to third parties.

Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at the following link: https://policies.google.com/privacy

Details on the processing triggered by Google Analytics 4 and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites

Google Ads

We use "Google Ads" on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Ads is used by us for marketing and optimisation purposes, in particular to display ads that are relevant and interesting to you.

If you have given us your consent to do so in accordance with Art. 6 (1) s. 1 lit. a GDPR, we can use Google Ads to draw attention to our attractive offers by using advertising material on external websites. This enables us to determine how successful individual advertising measures are.

These advertising media is delivered by Google via so-called "AdServers". We use AdServer cookies for this purpose, through which certain parameters for measuring success, such as the display of the ads or clicks by users, can be measured.

If you reach our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually expire after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: Unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be contacted). These cookies enable Google to recognize your web browser. If a user visits certain pages of an ad client's website and the cookie stored on their computer has not expired, Google and the client will be able to tell that the user clicked on the ad and was redirected to that page. A different cookie is associated with each ad client. As a result, cookies cannot be tracked through the websites of ad clients. We ourselves do not collect and process any personal data in the advertising measures mentioned above. We only receive statistical evaluations from Google. By means of these evaluations we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out and save your IP address.

Further information on data use by Google, on setting and objection options as well as on data protection can be found on the following Google websites:

- Privacy policy: https://policies.google.com/privacy

- Google website statistics: https://services.google.com/sitestats/en.html

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. Please note that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the storage of cookies by setting your web browser to block cookies from the domain "www.googleadservices.com" (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted if you delete your cookies. In addition, you can deactivate interest-related advertisements by clicking on the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.

Google Marketing Platform (formerly DoubleClick)

This website uses DoubleClick of the Google Marketing Platform, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland ("Google").

DoubleClick uses cookies to serve ads that are relevant to you. This involves assigning a pseudonymous identification number (ID) to your browser or device to help us verify which ads have been displayed on your browser and which ads have been viewed. This can improve campaign performance or, for example, prevent you from seeing the same ad more than once. Google may also use cookie IDs to track conversions related to ad requests. For example, when a user sees a campaign manager ad and later visits the advertiser's website using the same browser and makes a purchase. According to Google, the cookies do not contain any personal information. If you have given us your consent, the data will be processed in accordance with Art. 6 (1) lit. a GDPR.

Due to the technology used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and save your IP address.

For more information about the Google Marketing Platform, please visit https://marketingplatform.google.com/about/ and for general information about Google's privacy policy, please visit https://www.google.de/intl/de/policies/privacy.

Meta Pixel

We use "Meta Pixel" on our website, a service of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Irland (hereinafter referred to as: "Meta/Facebook").

Provided you have given us your consent in accordance with Art. 6 (1) lit. a GDPR, we use Meta Pixel for marketing and optimisation purposes, in particular to place relevant and interesting advertisements on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying advertisements.

Meta Pixel enables Meta to display our ads on Facebook, so-called "Facebook Ads" only to those Facebook users who were visitors to our website, in particular those who showed interest in our online offer. In this case, Meta Pixel also enables us to check whether a user was redirected to our website after clicking on our Facebook Ads. Among other things, Meta Pixel uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device. If you are logged into Facebook with your user account, the visit to our online offer will be noted in your user account. The data collected about you is anonymous to us, so we cannot draw any conclusions about the identity of the user. However, this data can be linked by Facebook with your user account there. If you have a user account on Facebook and are registered, Facebook can assign the visit to your user account.

Since a transfer of personal data by Meta to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search

Further information on data protection from the third party provider can be found on the following Facebook website: https://www.facebook.com/about/privacy.

Information on Meta Pixel can be found on the following Facebook website: https://www.facebook.com/business/help/651294705016616

You can make the relevant settings for which types of advertisements are displayed to you within Facebook on the following Facebook website:

https://www.facebook.com/settings?tab=ads.

We would like to point out that this setting is deleted when you delete your cookies. In addition, you can deactivate cookies that are used to measure reach and advertising purposes via the following websites:

http://optout.networkadvertising.org/
http://www.aboutads.info/choices
http://www.youronlinechoices.com/uk/your-ad-choices/

Please note that this setting is also deleted when you delete your cookies.

Microsoft Advertising (Bing Ads and Bing Conversion)

Our website uses Bing Ads from Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") for marketing and analytics purposes.

This service allows us to track activity on our site when you visit our site from a Bing ad. This is done by placing a cookie (small text file) on your device when you click on a Microsoft Bing ad, if you have given your consent under Art. 6 (1) lit. a GDPR. We also use a UET tag on our websites. This is a code that, in combination with the cookie, is used to store pseudonymised data about the use of the website in the event of your consent. The tag, in combination with the cookie, collects pseudonymised data to track what actions you take on our websites after clicking on a Microsoft Ads advertisement. The information collected may include the time you spent on the site, the areas of the site you visited, and the ad that brought you to the site. In particular, Microsoft and we learn the total number of users who clicked on an ad and reached a predefined landing page. Microsoft processes and uses the cookies to create usage profiles using pseudonyms, to analyse user behaviour and to display advertisements. In addition, Microsoft may track your usage across several of your electronic devices through cross-device tracking.

Microsoft stores this information for 180 days.

Since a transfer of personal data to Microsoft Corporation based in the U.S. takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and is thus committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search.

For more information about Microsoft's privacy practices, visit https://privacy.microsoft.com/de-de/privacystatement.

AWIN Affiliate Programme

We use the performance advertising network of AWIN AG, Landsberger Allee 104 BC, 10249 Berlin on our website. AWIN is a German affiliate network and acts as an interface between merchants and affiliates.

Affiliate marketing is an Internet-based form of distribution that enables commercial website operators, known as merchants or advertisers, to display advertising on third-party websites, i.e. with distribution partners, also known as affiliates or publishers, which is usually remunerated through click or sales commissions. Through the affiliate network, the merchant provides an advertising medium, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on its own websites or promoted through other channels, such as keyword advertising or e-mail marketing.

As part of its services, AWIN uses tracking cookies on the end devices of users who visit or use its customers' websites or other online offerings in order to document transactions (e.g. leads and sales). AWIN's tracking cookies store information about when a particular advertising medium was clicked on by an end device. AWIN's tracking cookies also store a unique sequence of numbers, which cannot be assigned to the individual user, to document an advertiser's affiliate programme, the publisher and the time of the user's action (click or view). AWIN also collects information about the device from which a transaction is made, such as the operating system and the calling browser. The purpose of storing this data is to process commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. AWIN. To the extent that the information also contains personal data, the described processing is based on consent in accordance with Art. 6 (1) lit. a GDPR.

AWIN's privacy policy can be found at https://www.awin.com/de/rechtliches/privacy-policy.

Widget by ausgezeichnet.org

On our website we use a so-called "rating widget" from AUBII GmbH, Große Bleichen 21, 20354 Hamburg (ausgezeichnet.org). A widget is a functional and content-related element that is integrated into our online offer and displays variable information. It may, for example, take the form of a seal or similar element, sometimes referred to as a "badge".

The content of the widget is displayed within our online offering, but is retrieved from the servers of the widget provider. This is the only way to ensure that the content is up to date. For the display, a data connection must be established from the website called up within our online offer to the server of AUBII GmbH and the latter receives certain technical data (access data, including IP address), which are necessary to deliver the content of the widget to the browser of the user.

Furthermore, AUBII GmbH receives information that users have visited our online offer. This information can be stored in a cookie and can be used by AUBII GmbH to recognise which online offers participating in the evaluation process have been visited by the user. The information can be stored in a user profile and used for advertising or market research purposes.

The legal basis for the processing of personal data in this context is our legitimate interest according to Art. 6 (1) lit. f GDPR in providing information on the evaluation of our services and products. Further information on data protection at ausgezeichnet.org can be found here: https://www.ausgezeichnet.org/datenschutz/

External links

Social media and other companies' websites are only embedded as a link to the relevant service. Clicking on the embedded text/image link will take you to the relevant provider's website. No user information is transmitted until after you have been redirected to the relevant provider. Please refer to the privacy policies of the websites you visit for information on the use of your personal data when using the website.

Data Transfer and Recipients

Your personal data is not transferred to third parties, unless

we have explicitly pointed this out in the description of the respective data processing.
you have given your explicit consent in accordance with Art. 6 (1) s. 1 lit. a GDPR,
the transfer pursuant to Art. 6 (1) s. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
there is a legal obligation to transfer data pursuant to Art. 6 (1) s. 1 lit. c GDPR, and
required by Art. 6 (1) s. 1 lit. b GDPR for the execution of contractual relationships with you.
In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of e-mails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.

Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

Storage period

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

Your Rights

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:

The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.

The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.

The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.

The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.

The right to withdraw your given consent pursuant to Art. 7 (3) GDPR with effect in the future at any time.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.

The right to withdraw your given consent pursuant to Art. 7 (3) GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 (1) lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.

If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to

Necessity of providing personal data

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place.

Subject to change

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

Status of this privacy policy: 2023-10-09

Privacy Policy Social Media

1. Introduction and general information about social media

The protection of your personal data is very important to us. In the following, you will find information on the processing of your data that is collected through your use of our social media presences on social networks and platforms. Your data will be processed in accordance with applicable laws and regulations.

1.1. General information about the controller

The controller named at the beginning of this privacy policy (hereinafter "we/us/our"). maintains presences or "fan pages" on various social media – platforms. For the processing of your personal data in connection with your visit to our presence or our "fan page" on the platforms Facebook and LinkedIn, we are jointly responsible with the operators of the respective platform mentioned here under 1., insofar as they provide us with aggregated information on visitors to our fan page or our presence ("Insights"). Detailed information on the scope of processing in joint responsibility related to the respective providers can be found in the second section of this Privacy Policy.

1.1.1. Joint controllership

The operators of the platforms for Facebook and Instagram are: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, a subsidiary of Meta Platforms, Inc, 1601 Willow Rd Menlo Park, CA 94025-1452, USA.

The operator of the LinkedIn platform is: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W Maude Ave Sunnyvale, CA, 94085-2810 USA.

We have concluded an agreement with the operators pursuant to Art. 26 GDPR regarding joint responsibility for the processing of your personal data regarding facebook (Controller Addendum). This agreement specifies the data processing operations for which we or the respective operator are responsible when you visit our Fanpage or our presence on the platform of the respective operator. You can view this agreement under the following link:

Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

1.1.2. Own responsibility of platform providers

If your personal data is processed by one of the social media platform providers listed below, this processing is carried out under the platform operator's own responsibility within the meaning of Art. 7 No. 4 GDPR. For the assertion of your data subject rights, we point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. Should you still require assistance, please feel free to contact us at any time.

Instagram, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Irland
YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
XING incl. kununu (New Work SE), Am Strandkai 1, 20457 Hamburg, Germany

1.1.3. Own responsibility of fitnessRAUM.de GmbH

For the processing of your personal data in the cases mentioned under 1.4. to 1.7. which is not carried out by the operators mentioned under 1.1.2. solely we are responsible.

1.2. Data transfer, recipients and data transfers to third countries

If we pass on personal data to the providers of social media platforms, the latter are recipients of the data within the meaning of Art. 4 (9) GDPR. Since personal data is transferred to countries outside the EU (e.g. U.S.) when visiting and interacting with the social media platforms used by us, further appropriate safeguards are required to ensure the level of data protection under the GDPR.

Facebook: Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, the provider states that it uses standard contractual clauses in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe, see here: https://facebook.com/privacy/policy/
LinkedIn: states to use appropriate safeguards for third country transfers, including in particular standard contractual clauses, to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: https://www.linkedin.com/help/linkedin/answer/a1343190?trk=microsites-frontend_legal_privacy-policy
In cases where providers process your personal data under their own responsibility (1.1.2.), we have no influence on the processing thereof by the provider and its use of such data (at least after transmission of the data). For more information, please check the privacy policy of the respective provider and, if necessary, use the opt-out / personalization options regarding data processing by the provider:

Instagram

Privacy Policy/Opt-out: http://instagram.com/about/legal/privacy/
Instagram (Meta Platforms, Inc.) is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, the provider states that it uses standard contractual clauses in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe, see here: http://instagram.com/about/legal/privacy/
YouTube/Google

Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de
Opt-out: https://adssettings.google.com/authenticated
Google (Google LLC) is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, the provider states that it uses standard contractual clauses in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe, see here: https://policies.google.com/privacy?hl=de&gl=de
XING incl. kununu (New Work SE)

Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung
Opt-Out: https://nats.xing.com/optout.html?popup=1&locale=de_DE
According to its privacy policy, Xing uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU:: https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person/drittlaender

1.3. Access to and storage of information in terminal equipment (cookies)

When you visit our Facebook fan page or other social media sites, one or more cookies are set on your terminal device by the platform provider. Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertising.

By interacting with our Facebook fan page or our other social media appearances, information (e.g. your IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data according to the GDPR.

The activity or validity period of cookies can vary greatly, but you can delete them manually at any time using your web browser settings. If you have technical questions about this, please contact the manufacturer of your web browser. Further information on the use of cookies and their legal basis can be found in the respective provider's privacy policy. Links to the respective data protection statements can be found above under "Data transfer and recipients". If you have any further questions, please contact the provider of the respective social media platform directly.

1.4. Data processing for market research and advertising purposes

Generally, personal data is processed on the company website for market research and advertising purposes of the provider of the social media platform. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. In addition, an extensive evaluation of your interactions on the social media platform is carried out by the provider. By means of the collected data, usage profiles can be created. These are used to place advertisements within and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles regardless of the devices you use. This is regularly the case if you are a member of the respective platforms and logged in to them. You can find more information on this in the data protection information of the respective provider.

When you visit our social media site or interact with it, we may receive personal data from you, which we, in addition to the provider, also process under our own responsibility, other than in the cases mentioned in section 2. of this privacy policy. This may be information that you actively provide (comments, likes, and information you provide publicly, such as your profile picture or name).

Collection of information about who has viewed our social media presence: Depending on the provider and your settings on the provider's platform, it may also be the case that we are informed about who has viewed our appearance or page within the platform. The provider LinkedIn supplies us with information about which LinkedIn user has visited our LinkedIn presence.

Our access to the aforementioned data results from the operation of our social media presence; no further processing of this data by us takes place except in the cases mentioned in this privacy policy. We have a legitimate interest in the operation of our social media presence and the associated processing of personal data that you actively publish or make available to us in accordance with Art. 6 (1) (1) (f) GDPR. Our legitimate interest lies in the promotion as well as in making available an effective communication and interaction option with our company.

1.5. Data processing when you contact us

We collect personal data ourselves when you contact us, for example, via a contact form or through a messenger service of the respective platform, such as Facebook Messenger. Which data is collected depends on the information you provide and the contact data you have submitted or made available. This data is stored by us for the purpose of processing the request and to answer any follow-up questions. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR and, if applicable, Art. 6 (1) lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after your request has been processed, provided that there are no legal obligations to retain data. We assume that processing is complete if it can be inferred from the circumstances that the matter in question has been conclusively resolved.

1.6. Data processing for contract management

If your contact via a social network or other platform aims at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the performance of the contract or for the implementation of pre-contractual measures or for the performance of the requested services. The legal basis for the processing of your data in this case is Art. 6 (1) lit. b GDPR. Your data will be deleted if it is no longer required for the performance of the contract or if it is determined that the pre-contractual measures do not lead to the conclusion of a contract corresponding to the purpose of the contact. Please note, however, that it may be necessary to store personal data of our contractual partners even after the conclusion of the contract in order to comply with contractual or legal obligations.

1.7. Data processing on the basis of consent

If you are asked by the respective providers of the platforms to give your consent to processing for a specific purpose, the legal basis of the processing is Art. 6 (1) lit. a., Art. 7 GDPR. Given consent can be revoked at any time with effect for the future.

2. Processing in joint responsibility with the provider of the social media platform

2.1. Facebook-Fanpage (Insights feature)

2.1.1. Data processing regarding "page insights" when visiting our Facebook fan page

When you visit our Facebook fan page, your personal data will be processed by Facebook as the operator of the platform and by us as the operator of the fan page. Insofar as this data processing takes place in connection with the Insights functionality of Facebook (Meta Platforms Ireland Ltd. or Meta Platforms Inc.), we are jointly responsible for such processing with Facebook (Art. 26 (1) GDPR).

Page Insights (https://www.facebook.com/business/a/page/page-insights) is a function provided by Facebook, which allows the operator of a Facebook fan page (us) to obtain summarized data about the interaction of visitors.

Page Insights may be based on personal data collected in connection with a person's visit to or interaction with our site and in connection with content provided. Please be aware of what personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes even if you are not logged into Facebook or do not have a Facebook account. For example, user profiles can be created from the usage behavior and resulting interests of the users. The user profiles can in turn be used, for example, to display advertisements within and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies that are stored on your terminal device. Furthermore, data that is independent of the devices utilized by the users may also be stored in the user profiles; in particular, if the users are members of the respective platforms and logged in to them.

We only receive summarized (aggregated) data from Facebook, which does not allow any conclusions to be drawn about individual persons.

Your personal data is processed by us for advertising and marketing purposes. (E.g.: increasing the reach and awareness of our fan page through target group-specific design of posts, evaluation of the success of marketing campaigns).

The legal basis for the processing of your personal data relating to Facebook Insights is the consent the Facebook user gives to Facebook (Art. 6 (1) lit. a GDPR.)

For information on the purposes Facebook pursues with the processing of your personal data and the legal basis for this data processing, please refer to Facebook's privacy policy.

Please note that we have no influence on the data collection and further processing within the responsibility of Facebook. As a result, we can not provide information about the extent to which, where and for how long the data is stored by Facebook. Furthermore, we cannot state to what extent Facebook complies with existing deletion obligations, what evaluations and links are made with the data on the part of Facebook and to whom the data is passed on by Facebook.

Information on the processing of your personal data, which is processed by Facebook for its own purposes, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/

2.1.2. Your rights as an affected person of the data processing

If you as a visitor to the site would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both Facebook and us. You can independently adjust your advertising settings in your user account. To do so, click on the following link and log in:

https://www.facebook.com/settings?tab=ads oder http://www.youronlinechoices.com

You can (also) restrict the visibility of your Facebook account towards us via the Facebook settings.
For further details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/

2.1.3. Facebook’s data protection officer

To contact Facebook's data protection officer, you can use the online contact form provided by Facebook under the following link https://www.facebook.com/help/contact/540977946302970.

2.2. LinkedIn

2.2.1. Data processing regarding "page insights" when visiting our LinkedIn page

When you visit our LinkedIn presence, your personal data will be processed by LinkedIn as operator of the platform and by us as operator of our presence within the platform. Insofar as this data processing takes place in connection with the Insights functionality of LinkedIn (LinkedIn Ireland Unlimited Company. or LinkedIn Corporation.), we are jointly responsible for it with LinkedIn (Art. 26 (1) GDPR).

LinkedIn Page-Insights (https://legal.linkedin.com/pages-joint-controller-addendum) is a function provided by LinkedIn, which allows the operator of a LinkedIn page (us) to receive summarized data about the interaction of visitors.

LinkedIn evaluates your interaction with our LinkedIn presence as part of the Page Insights function and also uses the personal information provided by you (professional activity, industry, country, etc.). The evaluated data is made available to us by LinkedIn, but only in aggregated form (i.e. LinkedIn does not provide us with specific information on individual users as part of this function, but only summarized information). We use this aggregated data for the target group-specific presentation of our LinkedIn page and generally for its optimization with regard to the above-mentioned advertising purposes.

We have a legitimate interest in these advertising purposes and the processing of your data is based on Art. 6 (1) lit. f GDPR.

For information on the purposes LinkedIn pursues with the processing of your personal data and the legal basis for this data processing, please refer to LinkedIn's privacy policy.

Please note that we have no influence on the data collection and further processing within the responsibility of LinkedIn. As a result, we can not provide information about the extent to which, where and for how long the data is stored by LinkedIn. Furthermore, we cannot state to what extent LinkedIn complies with existing deletion obligations, what evaluations and links are made with the data on the part of LinkedIn and to whom the data is passed on by LinkedIn.

2.2.2. Your rights as an affected person of the data processing

If you as a visitor to the site would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both LinkedIn and us. You can independently adjust your advertising settings in your user account.

For further information on data processing by LinkedIn, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

2.2.3 LinkedIn’s data protection officer

To contact the data protection officer of LinkedIn, you can use the contact form under the link https://www.linkedin.com/help/linkedin/ask/TSO-DPO.