Privacy Policy

Introduction

With the following Privacy Policy, we aim to inform you about the types of your personal data (hereinafter referred to as "data") that we process, the purposes of processing, and the scope of processing. This Privacy Policy applies to all processing of personal data carried out by us, whether in the context of providing our services or specifically on our websites, mobile applications, or external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Date: June 7, 2022

Data Controller

NetStream Europa s.r.o
Komenského 22, 945 01 Komárno, Slovakia

Phone: +43 1 236 22 48
Fax: +43 1 236 60 60 99
Email: office@digiturk.eu

ID Number (IČO): 55 477 054
Tax ID: SK 2122003851
Tax Authority: Financial Administration of the Slovak Republic

Email Address: office@digiturk.eu

Overview of Processing Activities

The following summary outlines the types of data processed, the purposes of processing, and the categories of affected individuals.

Types of Processed Data

• Master data
• Payment data
• Contact data
• Content data
• Contract data
• Usage data
• Meta/communication data

Categories of Affected Individuals

• Customers
• Prospective customers
• Communication partners
• Users
• Contest and competition participants
• Business and contractual partners

Purposes of Processing

• Fulfillment of contractual services and customer support
• Handling contact requests and communication
• Implementation of security measures
• Direct marketing
• Reach measurement
• Tracking
• Office and organizational procedures
• Conversion measurement
• Administration and response to inquiries
• Conducting contests and competitions
• Feedback collection
• Marketing
• Creating user-related profiles
• Provision of our online offering and user-friendliness
• Information technology infrastructure

Relevant Legal Bases

Below is an overview of the legal bases under the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the GDPR, national data protection regulations may apply in your or our country of residence. If specific legal bases are applicable in individual cases, we will notify you in this Privacy Policy.

• Consent (Art. 6(1)(a) GDPR): The data subject has given their consent to the processing of their personal data for one or more specific purposes.
• Contractual performance and pre-contractual inquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided these are not overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

Additional National Regulations in Austria

In addition to the GDPR, national data protection regulations in Austria apply, notably the Federal Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Data Protection Act – DSG). The DSG includes specific provisions on the right to information, rectification, or deletion, the processing of special categories of personal data, processing for other purposes, and transfer as well as automated decision-making in individual cases.

Security Measures

In compliance with legal requirements, we implement appropriate technical and organizational measures to ensure a level of protection commensurate with the risk. These measures take into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.

Key measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to data, as well as access, input, transfer, availability, and separation of the data. Furthermore, we have established procedures to safeguard the exercise of data subject rights, the deletion of data, and responses to data breaches. Additionally, we incorporate data protection principles into the design and selection of hardware, software, and processes, ensuring privacy-friendly default settings.

SSL Encryption (https)

To protect data transmitted via our online offering, we use SSL encryption. You can identify encrypted connections by the "https://" prefix in your browser's address bar.

Transmission of Personal Data

In the course of processing personal data, it may be transmitted to or disclosed to other entities, companies, legally independent organizational units, or individuals. These recipients may include IT service providers or providers of services and content embedded in a website. In such cases, we adhere to legal requirements and enter into appropriate contracts or agreements with the recipients to protect your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if such processing involves third-party services or disclosure/transmission of data to other individuals, entities, or organizations, this occurs only in compliance with legal requirements.

Unless expressly consented to or required by contract or law, we process or allow data to be processed only in third countries with a recognized level of data protection, contractual obligations under EU Commission standard contractual clauses, certifications, or binding internal data protection rules (Articles 44 to 49 GDPR; EU Commission information page: International Data Protection).

Deletion of Data

Data processed by us will be deleted in accordance with legal requirements once consent for processing is withdrawn or other permissions expire (e.g., when the purpose for processing no longer exists or the data is no longer required for that purpose).

If the data cannot be deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be locked and not processed for other purposes. For example, this applies to data that must be retained for commercial or tax reasons, or whose storage is necessary to assert, exercise, or defend legal claims or protect the rights of another natural or legal person.

Our privacy notices may also contain additional details regarding the retention and deletion of data, specific to the respective processing operations.

Cookie Policy

Welcome to Our Cookie Policy
Thank you for visiting our platform. Your trust is our top priority. In this Cookie Policy, we aim to explain which cookies we use, why we use them, and how you can adjust your settings.

1. What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They allow us to save certain information about you and retrieve it during future visits. Cookies help make our platform functional, improve your user experience, and display personalized content or advertising.

In addition to cookies, we use similar technologies such as web beacons, tracking pixels, and software development kits (SDKs) to collect data in a similar manner.

2. Why Do We Use Cookies?

We use cookies for various purposes, including:

• Technical Cookies: To ensure the functionality of our website. These are essential and do not require consent.
• Analytical Cookies: To understand how users interact with our platform and improve its performance.
• Functional Cookies: To save your preferences, such as language or login details, and enhance your user experience.
• Advertising Cookies: To display relevant ads tailored to your interests.

3. Types of Cookies

4. How Long Do Cookies Remain Active?

• Session Cookies: These cookies are deleted as soon as you close your browser.
• Persistent Cookies: These remain stored on your device until they expire or are manually deleted. The maximum storage duration is typically 2 years (up to 4 years in exceptional cases).

5. First-Party and Third-Party Cookies

• First-Party Cookies: Set directly by us to ensure the functionality of our website.
• Third-Party Cookies: Set by third parties to provide additional features such as advertising or analytics. A complete list of third-party providers is available in our Consent Management Platform (CMP).

6. Managing Your Cookie Settings

Via Our Consent Management Platform (CMP):
When you first visit our website, a cookie banner will prompt you to consent to non-essential cookies. You can modify your selection at any time via the cookie settings.

Browser Settings:
You can configure your browser to reject or delete cookies. However, please note that some features of our website may not function correctly if cookies are disabled.

Deleting Cookies:
You can delete stored cookies by clearing your browser history. However, this may also remove saved information such as logins or website preferences.

7. Updates to This Cookie Policy

We reserve the right to update this Cookie Policy as necessary. The date of the most recent update is listed below. Please check this page regularly to stay informed of any changes.

Last Updated: [December 2024]

NetStream Europa s.r.o complies with all provisions and guidelines of the Transparency & Consent Framework by IAB Europe. It uses Consent Management Platform No. 92.

Business Services

We process data of our contractual and business partners, such as customers and interested parties (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships and associated measures, including communication with contractual partners (or pre-contractually), such as responding to inquiries.

We process this data to fulfill our contractual obligations. This includes providing agreed-upon services, fulfilling update obligations, and addressing warranty or other service issues. Additionally, we process the data to protect our rights, manage administrative tasks related to these obligations, and maintain corporate organization. Furthermore, we process data based on our legitimate interests in efficient business management and security measures to protect our contractual partners and business operations from misuse, data breaches, and other risks.

Data is disclosed to third parties only to the extent necessary for these purposes or to fulfill legal obligations. Contractual partners will be informed about additional processing, such as for marketing purposes, within this privacy policy.

We inform contractual partners about the data required for these purposes during or before data collection, for instance, through online forms, specific markings (e.g., colors), symbols (e.g., asterisks), or directly in person.

Economic Analyses and Market Research

For economic purposes and to recognize market trends, contractual partner and user needs, we analyze data related to business transactions, contracts, inquiries, etc. This analysis includes data subjects such as contractual partners, interested parties, customers, visitors, and users of our online services.

The purpose of these analyses includes economic evaluations, marketing, and market research (e.g., determining customer groups with different characteristics). If applicable, registered user profiles and their data (e.g., used services) may be included in the analyses. The results are used internally and not disclosed externally unless anonymized data (summarized values) is shared.

We prioritize user privacy by processing data pseudonymously or, if feasible, anonymously.

Shop and E-Commerce

We process customer data to enable them to select, purchase, or order chosen products, goods, or services, as well as their payment, delivery, or execution. When necessary for order fulfillment, we use service providers like postal, logistics, and shipping companies. Payment transactions are handled by banks and payment service providers.

Processed data includes necessary details for delivery, provision, and billing, as well as contact information for follow-up communication.

• Processed Data Types:
  Master data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, phone numbers), contract data (e.g., contract terms, duration, customer categories), usage data (e.g., visited websites, interests), meta/communication data (e.g., device information, IP addresses).

• Purposes:
  Contractual performance, customer service, security measures, inquiry management, marketing performance tracking, and creating user profiles.

• Legal Basis:
  Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR), legal obligations (Art. 6(1)(c) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Hosting and Online Services

To securely and efficiently provide our online services, we rely on one or more web hosting providers. These providers may handle infrastructure, platform services, computing capacity, storage, databases, security, and technical maintenance.

Processed data includes all data arising from usage and communication related to our online offering. This often includes IP addresses required to deliver content to browsers and any inputs made within our services.

• Processed Data Types:
  Content data (e.g., online form entries), usage data (e.g., visited pages, access times), meta/communication data (e.g., device details, IP addresses).

• Affected Individuals:
  Users (e.g., website visitors, online service users).

• Purposes:
  Delivering online services, ensuring user-friendliness, and maintaining IT infrastructure.

• Legal Basis:
  Legitimate interests (Art. 6(1)(f) GDPR).

Log Files and Access Data

We (or our hosting provider) collect data for every access to the server (server log files). These may include:

• Accessed websites and file names,
• Access dates and times,
• Transferred data volumes,
• Status of successful retrieval,
• Browser type and version,
• User operating system,
• Referrer URL,
• IP addresses,
• Requesting provider.

This data is used for security purposes (e.g., preventing server overload during DDoS attacks) and to ensure server performance and stability.

• Data Retention:
  Log file data is stored for up to 30 days and then deleted or anonymized. Data required for evidence purposes is exempted until the incident is resolved.

• Legal Basis:
  Legitimate interests (Art. 6(1)(f) GDPR).

Registration, Login, and User Accounts

Users can create accounts. During registration, mandatory details are communicated and processed to provide the account. Processed data includes login details (username, password, email address). For security, we also log IP addresses and timestamps of user actions.

• Processed Data Types:
  Master data (e.g., names, addresses), contact data (e.g., email, phone), content data (e.g., form entries), meta/communication data (e.g., device information, IP addresses).

• Purposes:
  Contract fulfillment, security measures, customer service, and inquiry management.

• Legal Basis:
  Contract fulfillment (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).
  
  

  Additional Notes on Processing Activities, Procedures, and Services:

  Data Deletion After Account Termination

  When users terminate their accounts, their data related to the user account will be deleted, provided there are no legal permissions, obligations, or consents from the user requiring retention.

  • Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR).

  No Data Retention Obligation

  It is the responsibility of the users to secure their data before the contract termination date. We reserve the right to irretrievably delete all user data stored during the contract period.

  • Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR).

  ---

  Contact and Inquiry Management

  When you contact us (e.g., via contact form, email, phone, or social media), or as part of existing user and business relationships, we process the information provided by the inquiring individuals to the extent necessary to respond to the contact inquiries and any requested actions.

  The processing of contact inquiries and the management of contact and inquiry data within the scope of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to pre-contractual inquiries. Additionally, it is based on our legitimate interest in responding to inquiries and maintaining user or business relationships.

  • Processed Data Types:
    Contact data (e.g., email addresses, phone numbers); content data (e.g., entries in online forms); usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).

  • Affected Individuals:
    Communication partners.

  • Purposes:
    Contractual services and customer service, responding to inquiries, feedback collection (e.g., via online forms), and ensuring the usability of our online offering.

  • Legal Basis:
    Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

  ---

  Contact Form

  If users contact us through a contact form, email, or other communication methods, we process the data provided to handle the stated concern. Personal data is processed within the context of pre-contractual and contractual business relationships as required for their fulfillment, and otherwise based on our legitimate interests as well as the interests of the communication partners in addressing their concerns and our legal retention obligations.

  • Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

  ---

  Newsletter and Electronic Notifications

  We send newsletters, emails, and other electronic notifications (hereinafter referred to as "newsletters") only with the consent of the recipients or legal permission. If the newsletter’s contents are specifically described during registration, they are decisive for the user’s consent. Otherwise, our newsletters include information about our services and us.

  To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may request additional information, such as a name for personalized addressing or other details necessary for the newsletter’s purposes.

  Double-Opt-In Procedure:
  Newsletter registration occurs in a double-opt-in process. After registration, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent unauthorized registrations. Newsletter subscriptions are logged to comply with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the email service provider are also logged.

  Data Deletion and Processing Restriction:
  We may retain unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, to prove previously given consent. The processing of this data is limited to the purpose of potential defense against claims. A request for individual deletion is possible at any time, provided the prior existence of consent is confirmed. For obligations to permanently observe objections, we reserve the right to store email addresses solely for this purpose in a blocklist ("blocklist").

  The logging of the registration process is carried out based on our legitimate interests for proving its proper execution. If we use a service provider for sending emails, this is based on our legitimate interests in an efficient and secure system.

  ---

  Content

  • Information Types:
    Information about us, our services, promotions, and offers.

  • Processed Data Types:
    Master data (e.g., names, addresses); contact data (e.g., email addresses, phone numbers); meta/communication data (e.g., device information, IP addresses); usage data (e.g., visited websites, interest in content, access times).

  • Affected Individuals:
    Communication partners, users (e.g., website visitors, online service users).

  • Purposes:
    Direct marketing (e.g., via email or post); providing contractual services and customer support.

  • Legal Basis:
    Consent (Art. 6(1)(a) GDPR).

  Opt-Out Option:
  You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe can be found at the end of every newsletter or by contacting us using one of the methods provided above, preferably via email.

  ---

  Measuring Newsletter Open and Click Rates

  Our newsletters include "web beacons" – tiny pixel-sized files retrieved from our server (or a service provider’s server) upon opening the newsletter. This retrieval collects technical information such as:

  • Browser and system details,
  • Your IP address,
  • The time of access.

  This data is used to improve our newsletters technically, e.g., by analyzing technical data, target groups, and reading behavior. This includes determining:

  • Whether the newsletter was opened,
  • When it was opened,
  • Whether links in the newsletter were clicked.

  Legal Basis: Processing is based on your consent in accordance with Art. 6(1)(a) GDPR.

  ---

  Promotional Communication via Email, Post, Fax, or Phone

  We process personal data for promotional communication purposes through various channels, such as email, phone, post, or fax, in compliance with legal requirements.

  Recipients have the right to withdraw consent or object to promotional communication at any time.

  Retention After Objection:
  After withdrawal or objection, we retain the data necessary to prove prior authorization for up to three years based on our legitimate interests. This processing is restricted to the purpose of potential claim defense. To avoid future contact, we may retain data in a blocklist (e.g., email address, phone number, name).

  • Processed Data Types:
    Master data (e.g., names, addresses); contact data (e.g., email addresses, phone numbers).

  • Purposes:
    Direct marketing (e.g., via email or post).

  • Legal Basis:
    Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

  ---

  Sweepstakes and Competitions

  We process personal data of participants in sweepstakes and competitions only in compliance with applicable data protection regulations, insofar as processing is required for the provision, execution, and settlement of the sweepstakes, the participants have consented, or the processing serves our legitimate interests (e.g., to ensure the security of the sweepstakes or protect our interests from abuse, such as collecting IP addresses upon submission).

  • Data Retention:
    Participant data is deleted no later than six months after the sweepstakes or competition ends unless longer retention is necessary to handle follow-up queries or fulfill prize claims.

  • Legal Basis:
    Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR).
    
    

    Web Analysis, Monitoring, and Optimization

    Web analysis (also referred to as "reach measurement") serves to evaluate the visitor flow to our online offering. It may include analyzing behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With reach measurement, we can determine, for instance, the times when our online offering, its features, or content are most used or invite reuse. It also helps us identify areas needing optimization.

    In addition to web analysis, we may use testing procedures to, for example, test and optimize different versions of our online offering or its components.

    Unless otherwise stated below, profiles may be created for these purposes—comprising data combined from usage activities—stored in a browser or device, and later retrieved. Collected data may include visited websites, utilized features, technical details such as the browser used, the operating system, and usage times. If users consent to the collection of location data, either with us or through service providers we use, location data may also be processed.

    IP addresses are also stored but processed using an IP masking method (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data such as email addresses or names are stored during web analysis, A/B testing, and optimization. Pseudonymous data is used, meaning neither we nor the providers of the software used can directly identify the users, only their assigned profile information.

    ---

    Processed Data Types

    • Usage data (e.g., visited websites, content interests, access times).
    • Meta/communication data (e.g., device information, IP addresses).

    Affected Individuals

    • Users (e.g., website visitors, online service users).

    Purposes of Processing

    • Reach measurement (e.g., access statistics, recognition of returning visitors).
    • User profiling (e.g., creating user profiles).
    • Tracking (e.g., interest/behavior-based profiling, use of cookies).
    • Provision of online offerings and user-friendliness.

    Security Measures

    • IP masking (pseudonymization of IP addresses).

    Legal Basis

    • Consent (Art. 6(1)(a) GDPR).

    ---

    Additional Notes on Processing Activities, Procedures, and Services

    Google Analytics

    • Purpose: Web analysis, reach measurement, and user flow analysis.
    • Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Parent company: Google LLC, USA).
    • Legal Basis: Consent (Art. 6(1)(a) GDPR).
    • Website: Google Analytics.
    • Privacy Policy: Google Privacy.
    • Data Processing Agreement: Processor Terms.
    • Standard Contractual Clauses: SCCs for Third-Country Data Transfers.
    • Opt-Out Options:
      • Plugin: Opt-Out Plugin.
      • Ad settings: Ads Settings.

    ---

    Google Analytics 4

    • Purpose: User analysis based on a pseudonymous user ID.
    • Data Processed: Includes data on visited content, searches performed, repeated interactions, usage timing and duration, referral sources, and technical details of devices and browsers. Geographical data (e.g., city or broader regions) may also be processed.
    • Data Protection: Google processes data exclusively through EU domains and servers, truncating IP addresses by default for EU users. Sensitive data collected in the EU is deleted before being transferred outside the region.
    • Provider: Google Ireland Limited (Parent company: Google LLC, USA).
    • Legal Basis: Consent (Art. 6(1)(a) GDPR).

    ---

    Google Tag Manager

    Google Tag Manager allows us to manage website tags through an interface, enabling the integration of other services into our online offering. The Tag Manager itself does not create user profiles or store cookies. Google receives the user’s IP address solely to execute the Tag Manager.

    • Provider: Google Ireland Limited (Parent company: Google LLC, USA).
    • Legal Basis: Consent (Art. 6(1)(a) GDPR).
    • Website: Google Marketing Platform.
    • Privacy Policy: Google Privacy.

    ---

    Online Marketing

    We process personal data for online marketing purposes, including advertising placement or the display of content tailored to users' potential interests and measuring their effectiveness.

    To achieve this, user profiles are created and stored in a file (e.g., "cookie") or similar methods, saving information about the user necessary for presenting the above-mentioned content. This may include viewed content, visited websites, utilized online networks, communication partners, and technical details such as the browser, operating system, usage times, and features used. If users consent to the collection of their location data, it may also be processed.

    While user IP addresses are stored, IP masking (pseudonymization by truncation) is applied for user protection. In general, clear user data (e.g., email addresses or names) is not stored during online marketing procedures; pseudonymized data is used instead.

    User data may be analyzed across multiple websites implementing the same marketing method and combined with other data stored on the marketing provider’s server.

    Processed Data Types

    • Usage data (e.g., visited websites, content interests, access times).
    • Meta/communication data (e.g., device information, IP addresses).

    Purposes of Processing

    • Reach measurement.
    • Tracking (e.g., interest/behavior-based profiling, use of cookies).
    • Marketing.
    • User profiling.
    • Conversion tracking (measuring the effectiveness of marketing campaigns).

    Security Measures

    • IP masking (pseudonymization of IP addresses).

    Legal Basis

    • Consent (Art. 6(1)(a) GDPR).

    Opt-Out Options

    Refer to the respective provider's privacy policies and opt-out options. Alternatively, cookies can be disabled in browser settings, though this may limit website functionality. General opt-out tools include:

    • Europe: Your Online Choices.
    • Canada: Ad Choices Canada.
    • USA: About Ads.
    • Global: Network Advertising Initiative.

   

  Additional Notes on Processing Activities, Procedures, and Services

  ---

  Criteo

  • Purpose: Marketing and advertising.
  • Provider: Criteo GmbH, Gewürzmühlstr. 11, 80538 Munich, Germany.
  • Legal Basis: Consent (Art. 6(1)(a) GDPR).
  • Website: Criteo.
  • Privacy Policy: Criteo Privacy.
  • Opt-Out: Criteo Opt-Out.

  ---

  Google Ad Manager

  • Purpose: Placement of ads in the Google advertising network (e.g., in search results, videos, or websites) and remarketing to display interest-based ads.
  • Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Parent company: Google LLC, USA).
  • Legal Basis: Consent (Art. 6(1)(a) GDPR).
  • Website: Google Marketing Platform.
  • Privacy Policy: Google Privacy.
  • Further Information: Data Processing Details.
  • Data Processing Terms for Advertisers:
    • Controller-to-Controller Terms and SCCs: Google Controller Terms.
    • Processor Terms and SCCs: Google Processor Terms.

  ---

  Google Ads and Conversion Tracking

  • Purpose: Displaying ads in the Google advertising network based on user interest (conversion tracking) and measuring ad performance.
  • Data Processed: Only anonymous data such as the total number of users clicking on ads and being redirected to a conversion-tracked page.
  • Provider: Google Ireland Limited (Parent company: Google LLC, USA).
  • Legal Basis: Consent (Art. 6(1)(a) GDPR).
  • Website: Google Marketing Platform.
  • Privacy Policy: Google Privacy.
  • Further Information: Google Ad Services Details.

  ---

  Customer Reviews and Feedback Procedures

  We participate in review and feedback processes to evaluate, optimize, and promote our services. If users provide feedback through affiliated platforms or processes, the general terms or privacy notices of the respective providers apply. Reviews typically require registration on the relevant platforms.

  To verify the authenticity of the feedback, we may share necessary customer data (e.g., name, email address, order number) with the review platforms with the customer’s consent. This data is solely used to confirm the user's identity.

  • Processed Data Types:
    Contract data (e.g., subject, duration, customer category); usage data (e.g., visited websites, interests); meta/communication data (e.g., device details, IP addresses).

  • Affected Individuals:
    Customers and users (e.g., website visitors, online service users).

  • Purposes:
    Collecting feedback (e.g., via online forms); marketing.

  • Legal Basis:
    Legitimate interests (Art. 6(1)(f) GDPR).

  ---

  Trusted Shops (Trustedbadge)

  • Purpose: Displaying reviews and ratings.
  • Provider: Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Website: Trusted Shops.
  • Privacy Policy: Trusted Shops Privacy.

  ---

  Social Media Presence

  We maintain online presences on social media platforms to communicate with users and provide information about our services.

  Cross-Border Data Processing

  User data may be processed outside the European Union. This could pose risks to users, such as difficulty in enforcing their rights.

  Purpose of Processing

  Data within social networks is typically processed for market research and advertising. For instance, usage profiles may be created based on user behavior and interests to display tailored ads.

  • Data Processed:
    Usage data (e.g., viewed content, interactions); meta/communication data (e.g., device details, IP addresses).

  • Affected Individuals:
    Users of social media platforms.

  • Purposes:
    Communication with users; advertising; market research.

  • Legal Basis:
    Legitimate interests (Art. 6(1)(f) GDPR).