Privacy Policy.

1. Data protection at a glance

General information
Below is a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our privacy policy set out below this text.

Data collection on this website

Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact details in the "Information on the responsible body" section of this privacy policy.

How do we collect your data?
Some of your data is collected when you provide it to us. This could, for example, be data you enter into a contact form.
Other data is collected automatically or after your consent when you visit the website by our IT systems. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?
Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your user behaviour. If contracts are concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders or other enquiries.

What rights do you have regarding your data?
You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time with regard to this topic or if you have any further questions on the subject of data protection.

Analysis tools and third-party tools
When you visit this website, your surfing behaviour may be statistically evaluated. This is mainly done using so-called analysis programmes.
Detailed information on these analysis programmes can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

External hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
The external hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the end device of the user (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.
Our host(s) will only process your data to the extent necessary to fulfil their service obligations and follow our instructions with regard to this data.
We use the following host(s):
Aruba S.p.A.
via San Clemente, 53
24036 Ponte San Pietro (BG)
Italy

Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General information and mandatory information

Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.

Information on the responsible body
The controller responsible for data processing on this website is:
MMM – Messner Mountain Museum GmbH
Magdalena Messner
Europaallee 2, I-39012 Meran (BZ)
Telephone: +39 0471 631264
E-mail: info@messner-mountain-museum.it
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Storage period
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a justified deletion request or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.

General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data pursuant to Art. 9 para. 1 GDPR are processed. In the case of express consent to the transfer of personal data to third countries, the data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of § 25 para. 1 TDDDG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. The data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The relevant legal bases in each individual case are explained in the following paragraphs of this privacy policy.

Recipients of personal data
Within the scope of our business activities, we work with various external bodies. In some cases, the transfer of personal data to these external bodies is necessary. We only pass on personal data to external bodies if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the disclosure or if another legal basis permits the disclosure of the data. When using order processors, we only pass on personal data of our customers on the basis of a valid order processing contract. In the case of joint processing, a joint processing contract is concluded.

Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)
IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).
IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to lodge a complaint with the competent supervisory authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged breach. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right to data portability
You have the right to receive the personal data that we process automatically on the basis of your consent or in performance of a contract in a common, machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on your consent or on a contract and the processing is carried out using automated procedures.
If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Information, correction and deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, the right to correction or deletion of this data. You can contact us at any time with regard to this topic or if you have any further questions on the subject of personal data.

Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:
• If you dispute the accuracy of your personal data stored by us, we generally need time to check this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
• If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
• If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to advertising e-mails
We hereby object to the use of contact data published as part of the imprint obligation to send unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

4. Data collection on this website

Cookies
Our internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies can be used to evaluate user behaviour or for advertising purposes.
Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
You can find out which cookies and services are used on this website in this privacy policy.

Consent with Cookie Notice & Compliance
Our website uses the consent technology of Cookie Notice & Compliance for GDPR to obtain your consent to the storage of certain cookies on your end device or the use of certain technologies and to document this consent in a data protection-compliant manner.
Cookie Notice & Compliance for GDPR is installed locally on our servers, so no connection is made to third-party servers. Cookie Notice & Compliance for GDPR stores a cookie in your browser to assign the consents you have given or their revocation. The cookie remains active for 1 month. Otherwise, your data will be stored until you ask us to delete it, the consent cookie is deleted independently or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.
The use of Cookie Notice & Compliance for GDPR is carried out to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:
• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address
Merging this data with other data sources is not carried out.
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be recorded.

Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Enquiries by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry including all personal data derived from it (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

5. Analysis tools and advertising

Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to the parent company of Google in the United States.
The use of the Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the end device of the user (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.
The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and the user's origin. This data is summarised in a user ID and assigned to the respective end device of the website visitor.
We can also use Google Analytics to record your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement the recorded data sets and uses machine learning technologies in data analysis.
Google Analytics uses technologies that enable the user to be recognised for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

IP anonymisation
Google Analytics IP anonymisation is activated. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Order processing
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Ads
The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available at Google (e.g. location data and interests) (audience targeting). We can quantify the success of our advertising campaigns by analysing the data generated in this way. For example, we can analyse which search terms led to the display of our advertisements and which advertisements led to corresponding clicks.
The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.
The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing, we can assign people who interact with our online offering to certain target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. This means that interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have a Google account, you can object to personalised advertising under the following link: https://adssettings.google.com/anonymous?hl=en.
The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.
Further information and the privacy policy can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=en.
The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Conversion Tracking, Google and we can recognise whether the user has carried out certain actions. For example, we can evaluate which buttons on our website are clicked how often and which products are viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that would allow us to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.
You can find more information about Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=en.
The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Meta Pixel (formerly Facebook Pixel)
This website uses the visitor action pixel from Meta for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Meta, the data collected is also transferred to the USA and other third countries.
This allows the behaviour of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Meta ad. This allows the effectiveness of Meta ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.
The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile at Facebook or Instagram is possible and Meta can use the data for its own advertising purposes in accordance with the Meta data usage policy (https://de-de.facebook.com/about/privacy/). This enables Meta to place advertisements on Facebook pages, Instagram and outside of Facebook and Instagram. We as the website operator cannot influence this use of the data.
The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.
If personal data is collected on our website and transmitted to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transmission to Meta. The processing that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Meta tool and for the data protection-compliant implementation of the tool on our website. For the data security of Meta products, Meta is responsible. You can assert your rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Meta. If you assert the data subject rights with us, we are obliged to forward them to Meta.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Further information on protecting your privacy can be found in Meta's privacy policy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the remarketing function "Custom Audiences" in the ad settings area at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/4452.

Meta Conversion API
We have integrated the Meta Conversion API on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Meta, the data collected is also transferred to the USA and other third countries.
The Meta Conversion API enables us to record the interactions of website visitors with our website and transmit them to Meta in order to improve advertising performance on Facebook and Instagram.
For this purpose, in particular the time of the visit, the website called up, your IP address and your user agent and, if applicable, further specific data (e.g. purchased products, shopping basket value and currency) are recorded. A complete overview of the data that can be recorded can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.
The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.
If personal data is collected on our website and transmitted to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transmission to Meta. The processing that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Meta tool and for the data protection-compliant implementation of the tool on our website. For the data security of Meta products, Meta is responsible. You can assert your rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Meta. If you assert the data subject rights with us, we are obliged to forward them to Meta.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Further information on protecting your privacy can be found in Meta's privacy policy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the remarketing function "Custom Audiences" in the ad settings area at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/4452.

6. Newsletter

Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter. No further data is collected or only collected on a voluntary basis. We use newsletter services for the newsletter service, which are described below.

Rapidmail
This website uses Rapidmail to send newsletters. The provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany.
Rapidmail is a service that can be used to organise and analyse the sending of newsletters, among other things. The data you enter for the purpose of subscribing to the newsletter is stored on Rapidmail's servers in Germany.

Data analysis by Rapidmail
Rapidmail enables us to analyse our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked. In this way, we can determine which links were clicked particularly often.
We can also see whether certain previously agreed-upon conditions are met. For example, we can see whether a previously agreed-upon target group has been reached. Rapidmail also enables us to classify newsletter recipients into different categories. The newsletter recipients can be subdivided according to age, gender or place of residence, for example. This enables us to send newsletters that are more tailored to the respective target groups.
If you do not want Rapidmail to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
You can find more information on the analysis functions of Rapidmail at the following link: https://de.rapidmail.wiki/kategorien/statistiken/.
Rapidmail's privacy policy can be found at: https://www.rapidmail.de/datenschutz.

Legal basis
The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period
The data you store with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected by this.
After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
Further information can be found in Rapidmail's security notices at: https://www.rapidmail.de/datensicherheit.

7. Plugins and tools

Vimeo
This website uses plugins from the Vimeo video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with a Vimeo plugin, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address, even if you are not logged in to Vimeo or do not have a Vimeo account. This information is transmitted to a Vimeo server in the USA.
If you are logged in to your Vimeo account, you enable Vimeo to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account.
Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognise website visitors.
The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the end device of the user (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". Details can be found here: https://vimeo.com/privacy.
Further information on the handling of user data can be found in Vimeo's privacy policy at: https://vimeo.com/privacy.
The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5711.

OpenStreetMap
We use the map service from OpenStreetMap (OSM).
We integrate the OpenStreetMap map material on the server of the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a secure third country in terms of data protection law. This means that the United Kingdom has a level of data protection that is comparable to the level of data protection in the European Union. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation. This may include your IP address and other information about your behaviour on this website being transmitted to the OSMF. OpenStreetMap may store cookies in your browser or use comparable recognition technologies for this purpose.
The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy findability of the locations we specify on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the end device of the user (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.