Privacy Policy

Print Manage Consent

Disclaimer: This is a translation of the original German Privacy Policy. This translation is provided for informational purposes only. In case of discrepancies or legal disputes, the German version shall prevail and be legally binding.

A. Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations for the processing of personal data in the context of the portals “nextpit.de”, “nextpit.com”, “nextpit.it”, “nextpit.es”, “nextpit.fr”, “nextpit.com.br” (hereinafter “the portal”) is:

beebuzz media Berlin GmbH
Strelitzer Straße 58
10115 Berlin
Germany
E-mail: support@nextpit.com
Website: www.nextpit.de

B. Contact details of the data protection officer

The data protection officer of the controller can be contacted as follows:

Die Datenschutzkonzept GmbH
Adelsweg 13
53909 Zülpich

Telephone: 02225 99539950
E-mail: info@datenschutzkonzept.com

https://datenschutzkonzept.com/

C. Processing of personal data

The following terms are used in the following description:

Visitors: Persons who access the portal without registering (no use of the portal's functionalities and services possible).

User: Persons who have registered to use the portal and use the portal as part of a user relationship on the basis of the controller's terms of use.

I. Visiting our portal and contact

1. Visit to our portal

1.1 Description of data processing

When you visit our portal, the browser used on your device automatically sends information to the server of our portal/website. The following information is collected:

  • The IP address of the visitor
  • Date and time of access
  • Information about the browser type and version used
  • The visitor's operating system
  • Websites from which the visitor's system accesses our website

This data is also stored in so-called log files of our system, whereby the IP address is anonymized. This data is not stored together with other personal data of the visitor.

Nor is this data passed on to third parties. In strict compliance with the relevant data protection regulations, our carefully selected service providers involved in the hosting and maintenance of our systems may be recipients of the data. This takes place on the basis of order processing agreements by which the service providers are contractually bound and we remain responsible for the processing of the data in this respect.

1.2 Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the visitor's computer. For this purpose, the visitor's IP address must be stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the files are used to optimize the website and to ensure the security of our information technology systems.

1.3 Legal basis of the processing

The legal basis for the temporary storage of data and storage in log files is Art. 6 para. 1 lit. f) GDPR.

The necessary legitimate interest in data processing lies in the processing purposes mentioned above under point 1.2.

1.4 Duration of processing / deletion of the data

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected or processed. In the case of the collection and storage of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case no later than thirty days after collection.

1.5 Right to object

In accordance with Art. 21 GDPR, you have the right to object to the processing of data in accordance with Section 1.1 at any time for reasons arising from your particular situation. We will then no longer process this data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

To exercise a corresponding objection, the visitor can contact us in particular by e-mail using the e-mail address support@nextpit.com.

In the event of a justified objection, the data will be deleted.

2. Contact form and e-mail contact

2.1 Description and scope of data processing

There is a contact form on our website that can be used to contact us electronically. If a visitor makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are

  • Name
  • e-mail address
  • Message itself

The following data is also stored when the message is sent:

  • The IP address of the visitor
  • Date and time

Your consent is obtained for the processing of the data when you send the message using the contact form and reference is made to this privacy policy.

Alternatively, you can contact us via the e-mail address provided. In this case, the visitor's personal data transmitted with the e-mail will be stored.

The data will be used exclusively for processing the respective request. The data will not be passed on to third parties in this context. In strict compliance with the relevant data protection regulations, our carefully selected service providers involved in the hosting and maintenance of our systems may be recipients of the data. This takes place on the basis of order processing agreements by which the service providers are contractually bound and we remain responsible for the processing of the data in this respect.

2.2 Purpose of data processing

The processing of personal data from the input screen or your email inquiry is solely for the purpose of processing the contact. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

2.3 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR if the visitor has given consent (for inquiries via the contact form).

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

2.4 Duration of the processing

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation or request with the visitor has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of 30 days from the collection of the data.

2.5 Right of objection or revocation

Visitors have the option at any time to withdraw their consent to the processing of personal data that they have given when using the contact form. The processing of the data up to the point of revocation is not affected by the revocation.

If the visitor contacts us by email, they can object to the storage of their personal data at any time in accordance with Art. 21 GDPR. In such a case, the conversation cannot be continued.

To exercise a corresponding objection or revocation, the visitor can contact us in particular by e-mail using the e-mail address support@nextpit.com.

The data stored in the course of making contact will be deleted in the aforementioned cases.

II. Registration and user profile

1. Registration with nextpit

1.1 Description and scope of processing

In order to be able to use the services and functionalities offered within the framework of the portal, registration as a user is required. The following data is required for this:

  • e-mail address
  • Password (stored as SHA hash)
  • User name (freely selectable)
  • Acceptance of terms of use and privacy policy
  • Newsletter user settings

The following metadata is also stored when the registration request is sent:

  • The IP address of the user
  • Date and time the registration was sent
  • Language used
  • Type of registration (via email, Facebook or Google; the Facebook and Google user ID may be stored)
  • User agent of the user's end device
  • Date of validation of the user account (confirmation of registration)
  • Receipt of welcome message

Without the aforementioned data, it is not possible to conclude or execute the contract. The processing of this data is therefore necessary.

Except for metadata, this data is entered via a corresponding input screen. All data is stored by us. This data is processed for the conclusion and execution of the user contract for the use of the services and functionalities of the portal.

With the exception of the username, this data cannot be viewed publicly via the portal.

If the user uses their Facebook or Google account to register, we receive the user's email address directly via Facebook or Google. The collection of a password by the controller is not necessary in this constellation. In this context, reference is also made to the Facebook and Google data protection notices.

In strict compliance with the relevant data protection regulations, our carefully selected service providers involved in the hosting and maintenance of our systems may be recipients of the data. This is done on the basis of order processing agreements, which contractually bind the service providers and in this respect we remain responsible for the processing of the data.

1.2 Purpose of the processing

The processing of the data collected during registration serves to conclude and execute the user contract with the user regarding the use of the portal and its services and functionalities.

The metadata also serves to prevent misuse of the registration and to ensure the security of our information technology systems.

1.3 Legal basis for processing

The legal basis for the processing of the access data collected during registration is Art. 6 para. 1 lit. b) GDPR.

1.4 Duration of the processing

After the user contract for the use of the portal's services has been fully processed or the user's profile has been deleted, the data will be deleted or processing restricted to the extent necessary for tax and commercial law retention obligations. The data will be deleted at the latest after expiry of the corresponding statutory retention periods, unless the user has expressly consented to further use of the data.

2. Profile details of the user

2.1 Description and scope of processing

For the publicly visible presentation of the user on the portal, the user has the option of completing their user profile with voluntary information. The following optional data may be collected and stored:

  • Profile picture
  • About me text
  • List of the user's end devices
  • Forum signature
  • Link to the user's Google, Twitter, Facebook and YouTube profile

The aforementioned data can be viewed publicly via the portal and is processed for the purpose of executing the contract or performing the functionalities offered as part of the portal. In particular, this data is also processed for the user's own presentation.

In strict compliance with the relevant data protection regulations, our carefully selected service providers involved in the hosting and maintenance of our systems may be recipients of the data. This takes place on the basis of order processing agreements by which the service providers are contractually bound and we remain responsible for the processing of the data in this respect.

2.2 Purpose of the processing

The processing of the data collected during registration serves to implement the user contract with the user regarding the use of the portal and its services and functionalities.

2.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. b) GDPR.

2.4 Duration of the processing

After complete processing of the user contract or deletion of the user profile, the data will be deleted or processing restricted to the extent necessary for tax and commercial law retention obligations. Your data will be deleted at the latest after expiry of the relevant statutory retention periods, unless the user has expressly consented to further use of the data.

III. Comments, forum and gamification

1. Comments

1.1 Description and scope of processing

Users have the opportunity to comment on articles published on the portal.

Users submit their comments using a corresponding input form. They also have the option of subscribing to notifications from the portal by email when users reply to their comment. Other users can also be informed about the user's responses.

If the user sends the comment, it will be published and saved on the portal for public viewing. The comment is published and saved with a link to the username and profile picture of the user as well as the date and time of the comment.

Otherwise, the comment data will not be passed on to third parties. In strict compliance with the relevant data protection regulations, only our carefully selected service providers involved in the hosting and maintenance of our systems may be recipients of the data. This takes place on the basis of order processing agreements, by which the service providers are contractually bound and we remain responsible for the processing of the data in this respect.

1.2 Purpose of the processing

The processing of the data serves the use of the comment function and serves in particular the interaction, exchange and opinion-forming within the framework of the portal.

This processing is therefore carried out to implement the functionalities of the portal provided as part of the user relationship and used by the user.

1.3 Legal basis of the processing

The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR.

1.4 Duration of the processing

Users have the option of deleting comments they have posted at any time. In these cases, the comment data will be deleted.

2. Forum

2.1 Description and scope of processing

Users have the opportunity to participate in the forum within the portal by writing and publishing posts. To do this, the user must first select the forum using the corresponding input form, then leave a title and message. If the user publishes their post (save post), it will be published on the portal with their user name and profile photo and the date and time of the post.

The user also has the opportunity to reply to, rate and monitor posts in the forum. The user can view and manage his saved messages and the forums he has observed in the forum overview in his profile.

Apart from this, forum data is not passed on to third parties. In strict compliance with the relevant data protection regulations, only our carefully selected service providers involved in the hosting and maintenance of our systems may be recipients of the data. This takes place on the basis of order processing agreements by which the service providers are contractually bound and we remain responsible for the processing of the data in this respect.

2.2 Purpose of the processing

The processing of the data serves the utilization of the participation opportunity in the forum and therefore in particular the information, the exchange and the formation of opinions within the framework of the portal.

This processing is therefore carried out to implement the functionalities of the portal provided within the framework of the user relationship and used by the user.

2.3 Legal basis of the processing

The legal basis for this processing of project data is Art. 6 para. 1 lit. b) GDPR.

2.4 Duration of the processing

When the purpose of processing ceases to apply, i.e. after the user contract has been fully processed or the user's profile has been deleted, the link between the posts in the forum and the user in question is terminated. The posts then no longer allow any conclusions to be drawn about the person of the user.

3. Gamification

3.1 Description and scope of processing

As part of the portal, users have the opportunity to measure their user activity on the portal playfully and to compare it with other users. Users can receive credit points for various actions on the portal and collect them in a corresponding points account.

The so-called gamification events are saved to the user's profile; these are actions within the portal for which the user can earn credit points. The user can reach different levels depending on their score. In addition, the score, the level reached and the corresponding position in the ranking are saved. However, only the corresponding user ranking is publicly visible.

Forum data will not be passed on to third parties. In strict compliance with the relevant data protection regulations, our carefully selected service providers involved in the hosting and maintenance of our systems may be recipients of the data. This takes place on the basis of order processing agreements by which the service providers are contractually bound and we remain responsible for the processing of the data in this respect.

3.2 Purpose of the processing

The processing of the aforementioned data serves to document user activity on the portal for use by the user in the context of the playful competition, so-called gamification.

This processing is therefore carried out to implement the functionalities of the portal provided as part of the user relationship and used by the user.

3.3 Legal basis of the processing

The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR.

3.4 Duration of the processing

For the duration of the use of the portal by the user (user relationship), the corresponding data is stored and processed within the scope of the corresponding functionality. When the purpose of processing ceases to apply, i.e. after the user contract has been fully processed or the user's profile has been deleted, the reference of this data to the user is terminated while retaining this data. This means that the data can no longer be used to identify the user.

IV. Newsletter and messages

1. Newsletter (using Kit)

1.1 Description and scope of processing

Within the portal, visitors and users have the option of subscribing to the newsletter free of charge. When registering, the user's consent to receive the newsletter is obtained and documented. In addition, it is pointed out in particular that the consent given by the user can be revoked at any time with immediate effect.

To receive the newsletter, we require your name and e-mail address.

Registration takes place in a so-called double opt-in procedure. This means that the user expressly consents to receiving the newsletter and receives a confirmation email with an activation link after registering. In order to be able to prove the registration process in accordance with the legal requirements, registrations for the newsletter are logged. This includes storing the time of registration and confirmation.

The newsletter is sent on our behalf via the mailing service “Kit”, a newsletter distribution platform of the US provider Kit, Inc, 750 W Bannock St. #761, Boise ID 83701 (hereinafter “Kit”).

We have concluded a “Data Processing Agreement” with Kit in accordance with Section 28 GDPR, in which we oblige Kit to protect our customers' data and not to pass it on to third parties.

The mailing service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of mailing, the presentation of the newsletter or for statistical purposes. The mailing service provider will not write its own emails to newsletter recipients.

The newsletters contain a so-called “web beacon”. This is a pixel-sized file that is retrieved from the kit server when the newsletter is opened. As part of your retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This technical data is used to analyze the target groups, reading behavior, access times and retrieval points of the recipients.

The statistical surveys also include an analysis of whether the newsletters sent are opened by the respective recipients, when they are opened and which links are clicked on.

This technical information is used to continuously improve the newsletter. The evaluations are used to recognize the reading habits of the individual newsletter recipients and to adapt the content we provide to our newsletter subscribers accordingly or to send various individualized contents.

1.2 Purpose of the processing

The data is processed for the purpose of sending the newsletter.

1.3 Legal basis of the processing

The processing of data in connection with the sending of the newsletter is based on your consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR.

1.4 Right of revocation

The user's consent can be revoked at any time with effect for the future and the corresponding subscription to the newsletter can be canceled. The revocation can be made by sending an email to support@nextpit.com or via the unsubscribe link in the newsletter. This option is also indicated separately in each newsletter.

In this case, the lawfulness of the processing of the e-mail address remains unaffected until the time of revocation.

1.5 Recipient

The recipient of your data is the provider of the services.

1.6 Transfer to a third country

Kit uses so-called standard contractual clauses (SCC) within the meaning of Art. 46 (2) and (3) GDPR as the basis for data processing by recipients based in third countries or for data transfer to third countries. SCCs are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Kit undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission.

You can find more information about Kit's standard contractual clauses at https://Kit.com/security.

You can find out more about the data processed through the use of Kit in the privacy policy at https://Kit.com/privacy.

1.7 Duration of processing

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored for as long as the subscription to the selected newsletter is active. The email address will then be deleted unless the user has given us consent to use it for other purposes or we are legally entitled to process the email address for other purposes.

1.8 Obligation to provide data

Your personal data is provided solely on the basis of your voluntary consent. Unfortunately, we cannot send you our newsletter without your consent.

2. Private messages

2.1 Description and scope of processing

As an essential functionality of the portal, users have the option of sending private messages to each other via a portal-internal messaging system. Every user of the portal can receive messages from other users, but it is only possible to send private messages once you have reached level 3 of the gamification status (see section C.III.3.). The messages are then sent by the portal to the corresponding user by e-mail after the message has been sent. The recipient receives an e-mail from the portal in which the sender's message is transmitted.

The message is sent via a corresponding sending form within the portal. In this case, the user only has to enter their message and decide whether they would like to receive a copy of the message. The usernames of the users serve as the sender and recipient identifiers. Apart from the usernames and the message content, no other data of the users involved is included in the transmitted private message. The user has the option of rejecting the receipt of private messages in the settings of their user profile.

2.2 Purpose of processing

The purpose of the processing is to send private messages via the portal, which is an essential functionality of the portal in the context of the user relationship with the user.

2.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. b) GDPR.

V. Cookies, web analysis and other third-party services

1. Cookies

1.1 Description and scope of processing

Cookies are used on the portal. These are small text files that are stored on your end device and assigned to the browser you are using and through which certain information flows to the place that sets the cookie.

We use such cookies to make your visit to our portal attractive, to enable the use of certain functions and to display suitable products to you.

Some cookies used on the portal are deleted again at the end of the respective session, i.e. after you close your browser (so-called session cookies). Other cookies, on the other hand, remain on your end device even after the session has ended and enable us to recognize your browser the next time you visit our portal (persistent cookies).

The duration of the storage of the respective cookies can be found in the overview in the cookie settings of your browser. You can also set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. In this respect, we refer you to the respective cookie settings in the respective browsers.

However, we would like to point out that if the setting of cookies is prevented, the functionality of our portal may be restricted.

The cookies used also collect data about your usage behavior on the portal. However, the data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the respective user.

Name Purpose Duration
JSESSIONID Session cookie is used to identify logged-in users. SESSION
np_theme Technically necessary cookie that determines the appearance (dark mode/light mode) of the website 1 year
lf_k Technically necessary cookie. Enables automatic login. 180 days
ga-disable Technically necessary cookie. Enables the deactivation of Google Analytics tracking. Permanent if set.
markedChangesDisabled Technically necessary cookie. Enables the display and hiding of changed text in the article that was marked by the author. 1 year
1.2 Purpose of the processing

The purpose of processing is, on the one hand, to simplify the use of websites for users. In addition, some functions of our portal cannot be offered without the use of cookies. For these, it is also necessary for the browser to be recognized even after a page change.

Cookies are used for analysis purposes in order to improve the quality of our website and its content. Through these analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

The aforementioned purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f) GDPR.

1.3 Legal basis of the processing

The legal basis for the processing of data using cookies is Art. 6 para. 1 lit. f) GDPR.

1.4 Duration of the processing

The cookies are stored on your end device and transmitted from it to our portal. Therefore, the respective user has full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the cookie settings in your Internet browser. Cookies already stored on your device can be deleted at any time. This can also be done automatically. However, if cookies are deactivated for our portal, it may no longer be possible to use all functions of the portal to their full extent.

Consent with Sourcepoint

This website uses Sourcepoint's consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Sourcepoint Technologies, Inc, 228 Park Avenue South, #87903, New York, NY 10003-1502, USA (represented in the EU by: Sourcepoint GmbH, Friedrichstraße 68, 10117 Berlin, Germany), website: https://sourcepoint.com (hereinafter “Sourcepoint”).

When you enter our website, the following personal data is transferred to Sourcepoint:

  • Your consent(s) or the withdrawal of your consent(s)
  • your IP address
  • Your unique ID (“Unique ID”)
  • Information about your browser
  • Information about your end device
  • Time of your visit to the website

Furthermore, Sourcepoint stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Sourcepoint cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

Sourcepoint is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be recorded.

2. Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

2.1 IP anonymization

Google Analytics IP anonymization is activated. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

2.2 Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

2.3 Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

2.4 Google signals

We use Google signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users.

3. Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can analyze which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

You can find more information about Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=en.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

4. Google AdSense

This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

With the help of Google AdSense, we can display targeted advertisements from third-party companies on our website. The content of the advertisements is based on your interests, which Google determines based on your previous user behavior. Furthermore, contextual information such as your location, the content of the website you have visited or the Google search terms you have entered are also taken into account when selecting the appropriate advertisement.

Google AdSense uses cookies, web beacons (invisible graphics) and similar recognition technologies. This allows information such as visitor traffic on these pages to be analyzed.

The information collected by Google AdSense about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with other data stored by you.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://adssettings.google.com/authenticated

You can find more information about Google's advertising technologies here: https://policies.google.com/technologies/ads and https://www.google.de/intl/de/policies/privacy/

5. Google Marketing Platform

This website uses functions of the “Google Marketing Platform” (and services such as “Google Ad Manager”, hereinafter “GMP”, formerly “DoubleClick”). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

GMP is used to show you interest-based advertisements throughout the Google advertising network. With the help of GMP, the advertisements can be targeted to the interests of the respective viewer. For example, our advertising can be displayed in Google search results or in advertising banners linked to GMP.

In order to be able to display interest-based advertising to users, Google must be able to recognize the respective viewer and assign the websites visited, clicks and other information on user behavior to them. Google uses cookies or comparable recognition technologies (e.g. device fingerprinting) for this purpose. The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the user concerned.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Further information on how to object to the advertisements displayed by Google can be found at the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated

We work with the following partners to provide the ads:

  • Index Exchange Online Advertising Exchange (“Index Platform”), a service of Index Exchange, 74 Wingold Avenue, Toronto, Ontario M6B1P5, Canada. Information about the surfing behavior of website visitors is collected for marketing purposes in purely anonymous form and cookies are set for this purpose. No personal data is collected or stored in this process. You can object to the collection, processing and recording of the data generated by Index Exchange at any time by opting out of cookies at https://optout.networkadvertising.org/?c=1. You can view the privacy policy of this service provider here: https://www.indexexchange.com/privacy/
  • OpenX Technologies (OpenX Poland sp. z o.o., Aleja 29 Listopada 20, 31-401 Krakow, Poland). You can view the privacy policy of this service provider here: https://www.openx.com/privacy-center/ad-exchange-privacy-policy/
    You can object to the collection, processing and recording of data generated by OpenX Technologies at any time by accessing https://www.aboutads.info/choices in your browser and opting out of cookies.
  • Sovrn (Sovrn, 5541 Central Avenue, Suite 100, Boulder, CO 80301, USA). In order to show you relevant and interesting advertising, Sovrn's technology counts the number of web visits to our partners' websites. Cookies, web beacons or similar technologies are used for this purpose. No personal data is collected or stored in the process. You can object to the collection, processing and recording of the data generated by Sovrn at any time by accessing https://info.evidon.com/pub_info/15620?v=1&nt=0&nw=false in your browser and opting out of cookies. You can view the privacy policy of this service provider here: https://www.sovrn.com/legal/privacy-policy/
  • Magnite Inc. (1250 Broadway, 15th Floor, New York, New York 10001)In order to show you relevant and interesting advertising, Magnite's technology counts the number of web visits to our partners' websites. Cookies, web beacons or similar technologies are used for this purpose. No personal data is collected or stored in the process. You can object to the collection, processing and recording of the data generated by Magnite at any time by accessing https://www.magnite.com/legal/consumer-online-profile-opt-out/ in your browser and opting out of cookies. You can view the privacy policy of this service provider here: https://www.magnite.com/legal/website-privacy-policy/

6. Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyzes run completely in the background. Website visitors are not informed that an analysis is taking place.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

7. Sentry

7.1 Description and scope of processing

We use Sentry, a service for error analysis, as part of our portal. This service is provided by Functional Software Inc, 132 Hawthorne Street, San Francisco, California 94107, USA (“Sentry”).

When an error occurs on our portal, an error analysis is sent to Sentry. The IP address and browser data of the visitor or user are transmitted.

7.2 Purpose of the processing

To ensure the technical stability of our portal, Sentry is used to log system errors.

7.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. f) GDPR, whereby our legitimate interest arises from the stated purpose.

7.4 Recipient

The recipient of your data is the service provider.

7.5 Transfer to a third country

The information generated by Sentry is usually transferred to a server of the service provider located in the USA and stored there. We have concluded a “Data Processing Agreement” with Sentry in accordance with Art. 28 GDPR for the data protection-compliant processing of your data when carrying out the error analysis.

Sentry uses standard contractual clauses (SCC) within the meaning of Art. 46 (2) and (3) GDPR as the basis for data processing for recipients based in third countries or for data transfer to third countries. Through these clauses, Sentry undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA.

The data processing terms (Data Processing Addendum), which correspond to the standard contractual clauses, can be found at https://sentry.io/legal/dpa/5.0.0/.

You can find out more about the data processed through the use of Sentry in the Privacy Policy at https://sentry.io/privacy/.

7.6 Duration of processing

The data is stored for a maximum of 90 days after the analysis and then deleted without residue.

8. Axiom

Our website uses the Axiom service (provided by Axiom, Inc., 548 Market Street, PMB 64661, San Francisco, CA 94104-5401, USA), a platform for data processing and analysis.

8.1 Description and scope of processing

Axiom enables us to collect, analyze, and optimize data from various sources to improve our processes and services.

In the course of using Axiom, the following personal data may be processed:

  • Usage data (e.g., access times, pages visited, IP addresses)
  • Interaction data (e.g., click behavior, user interactions with our website)
8.2 Purpose of the processing

The processing of this data serves to:

  • Optimize our website and services,
  • Conduct analyses to enhance the user experience,
  • Identify and resolve technical issues.
8.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. f) GDPR, whereby our legitimate interest arises from the stated purpose.

8.4 Recipient

The recipient of your data is the service provider.

8.5 Transfer to a third country

The collected data is transmitted to Axiom's servers for processing. Axiom may transfer data to countries outside the European Union, including the United States. We have entered into an agreement with Axiom to ensure an adequate level of data protection.
For more information on Axiom’s data processing, please refer to Axiom’s Privacy Policy: https://axiom.co/privacy

8.6 Duration of processing

Data is only stored for as long as necessary for the purposes mentioned above or as required by legal retention obligations.

9. VG Wort tracking pixels

Our website includes texts in which a so-called tracking pixel (METIS counting pixel) is integrated. The provider is Verwertungsgesellschaft WORT - VG WORT (association with legal capacity by virtue of the award), Untere Weidenstraße 5, 81543 Munich (hereinafter VG Wort).

The pixel counts the views of texts and forwards them anonymously to VG Wort in order to determine the distributions for the authors. The VG Wort pixel is used on the basis of our legitimate interest in receiving remuneration for the texts published on our website for our authors and for ourselves (Art. 6 para. 1 lit. f GDPR). Conflicting interests of website visitors are not apparent, as the data is transmitted to VG Wort in anonymized form.

10. Heise.de price comparison

10.1 Description and scope of processing

On our website, we use widgets, e.g. with price information, tables or images (widgets) from Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hanover (Heise Medien) on our website. The widgets serve, among other things, to provide an overview of the prices of various providers. At the same time, it is possible to access the offer directly via an affiliate link. The widgets themselves are made available via a programming interface of Preisvergleich Internet Services AG, Rothschildplatz 3 Top 3.01, A-1020 Vienna (Geizhals).

When you, as a visitor to our website, call up a web page with a widget, your IP address, user agent string and standard header are transmitted to Heise Medien. This is technically necessary in order to be able to respond to requests.

In addition, product images and graphics from Geizhals are loaded to display the widgets and your IP address, user agent string and standard header are transmitted to Geizhals for purely technical reasons.

The processing of the data required by you is carried out on the basis of Art. 6 para. 1 f) GDPR exclusively to safeguard our legitimate interests, in particular for IT security purposes. Cookies are not used for this data processing.

You can view Heise's privacy policy here: https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.htm

You can view Geizhals.de's privacy policy here: https://unternehmen.geizhals.at/datenschutzerklaerung/.

10.2 Purpose of the processing

The purpose of the data processing described above is the optimization and economic design of the operation of our portal. This also constitutes our legitimate interest in this processing.

10.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR.

10.4 Recipient

The recipient of your data is the respective service provider.

10.5 Duration of the processing

The data that is transmitted to Heise Medien is stored for a maximum of 7 days and then deleted or anonymized so that it is no longer possible to assign the calling client.

The storage period at Geizhals is 14 days before this data is deleted.

11. Kit newsletter widgets

11.1 Description and scope of processing

As part of our portal, we use so-called newsletter widgets, a service provided by Kit, Inc (750 W Bannock St #761, Boise ID 83701), to subscribe to newsletters.

Each time you access a page that offers one or more Kit newsletter widgets, a direct connection is established between your browser and Kit's servers and information about your visit and your IP address is transmitted to Kit and stored there.

Name Purpose Duration
ckid To check whether the user is already registered for the newsletter. If yes, the newsletter widget is hidden undefined
cksubscribed-* To check whether the user is already registered for the newsletter. If yes, the newsletter widget is hidden. Assigns the user an ID that is used for tracking purposes undefined

11.2 Purpose of the processing

The purpose of the data processing described above is only to display the newsletter widget to visitors or users who have not yet subscribed to a newsletter.

11.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR.

11.4 Recipient

The recipient is Kit, Inc (750 W Bannock St. #761, Boise ID 83701)

We have concluded a “Data Processing Agreement” with Kit, in which we oblige Kit to protect our customers' data and not to pass it on to third parties.

11.5 Transfer to a third country

Kit uses standard contractual clauses (SCC) within the meaning of Art. 46 (2) and (3) GDPR as the basis for data processing with recipients based in third countries or for data transfer to third countries. Through these clauses, Kit undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA.

You can find more information about Kit's standard contractual clauses at https://Kit.com/security

You can find out more about the data processed through the use of Kit in the privacy policy at https://Kit.com/privacy.

11.6 Duration of processing

The data transmitted when the newsletter widget is displayed is not stored by Kit. The duration of the values stored in the local storage are stored indefinitely and can be deleted by the user at any time in the corresponding browser settings.

12. Social Media

12.1 Description and scope of processing

We use content and service offers from third-party providers to integrate their content (e.g. photos and videos). Data is only transferred to the respective provider if you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR via the “Activate content” button or in the consent management service settings under “Show social content”. If you have not given your consent, a placeholder will be displayed and the content will not be integrated, which means that no content will be transmitted to third-party providers. You can revoke your consent at any time in the privacy settings.

The integration of content from third-party providers requires that the third-party providers receive the user's IP address in order to send the content to the user's browser. Third-party providers may also use “pixel tags” (also known as “web beacons”) for statistical or marketing purposes. The pixel tags enable an analysis of visitor traffic and can also provide further information (e.g. browser type and version, device type, operating system).

Pseudonymous data can be stored as cookies on the user's device. The cookies may contain technical information (browser, operating system, device type, websites visited, time of visit, other information on user behavior) and may be linked to information from other sources.

The following presentation provides an overview of third-party providers and their content, along with links to their privacy policies, which contain further information on the processing of data and, in some cases already mentioned here, opt-out options. Detailed information on data processing in connection with the use of our social media offerings, opt-out options and the assertion of information rights can be found in the privacy policy of the respective platform operator.

Name Purpose Duration
_fbp The "_fbp" cookie identifies browsers, for example, to provide analysis services for advertising and websites. 90 days
Name Purpose Duration
sp_t The cookie is used to integrate Spotify audio content on the website. It also stores information about the player's usage behavior. Storage period: 1 year
sp_landing The cookie is used to integrate Spotify audio content on the website. It also stores information Storage duration: 1 day
12.2 Purpose of the processing

When our social media offers are accessed, personal data is processed that must be transmitted to display the content of third-party providers.

This is done on the basis of our legitimate interests (analysis, optimization and economic operation of our portal as well as the use of effective and diverse information options).

12.3 Legal basis of the processing

Data will only be transferred to the respective provider if you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR via the “Activate content” button or in the consent management service settings under “Show social content”. For the legal basis on which the respective providers process your data, please refer to the privacy policy of the respective provider.

12.4 Duration

Specific information on the storage period can be found in the privacy policies of the respective providers linked above.

The following applies to Vimeo:The data will remain stored by Vimeo until the provider no longer has an economic reason for storing it. In this case, the data will then be deleted or anonymized.

13. CommunicationAds

13.1 Description and scope of processing

We use communicationAds, a service provided by communicationAds GmbH & Co. KG Kaiserstraße 23, 90403 Nuremberg, which is used to display tariff comparisons on our portal.

When you, as a visitor to our website, call up a web page with a widget, your IP address, user agent string and standard header are transmitted to communicationAds. This is technically necessary in order to be able to respond to requests.

In addition, product images and graphics are loaded by communicationAds to display the widgets and your IP address, user agent string and standard header are transmitted to communicationAds for purely technical reasons.

You can view the privacy policy of this service provider here: https://www.communicationads.net/en-gb/aboutus/privacy/.

The central service of communicationAds is the provision of so-called white label information offers (e.g. comparison calculators) and the measurement of advertising success (“tracking”). As part of tracking, cookies are used to document transactions (e.g. leads or sales, i.e. a tariff application, for example). These serve the sole purpose of correctly assigning the success of advertising media or advertising integrations as part of billing with our advertisers and websites. In this context, communicationAds does not collect any personal data. The corresponding cookies are stored under the URL www.communicationads.net and are structured as follows

Name Purpose Duration
pp*
(* is replaced by pseudonymized ID of the advertiser)
Allocation of transactions 9 weeks

No storage of personal data takes place.

13.2 Purpose of the processing

The purpose of the data processing described above is the optimization and economic design of the operation of our portal. This also constitutes our legitimate interest in this processing.

13.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR.

13.4 Recipient

The recipient of your data is the provider of the services.

13.5 Duration of the processing

If personal data is involved, the data will be stored for the duration of the provision of the services and additionally for a reasonable period for the defense and assertion of legal claims.

Non-personal data may be stored indefinitely.

14. contentpass

On our website, we offer you a service for ad-free and tracking-free access. This service is called contentpass and is offered by Content Pass GmbH, Wolfswerder 58, 14532 Kleinmachnow, Germany. When you subscribe to the service, contentpass becomes your contractual partner. You can find more information about this service at contentpass.net.

In order to display and offer you this service on our website, contentpass processes your IP address on our behalf at the beginning of your website visit. For the registration and contract processing of contentpass and the associated data processing, contentpass is the controller within the meaning of the GDPR. We are solely responsible for processing your IP address. For more information on data processing at contentpass, please read their privacy policy.

The basis for the data processing of the IP address, as part of our order processing with contentpass, is our legitimate interest in offering you the opportunity to access our website without advertising and tracking and your interest in using our website practically without advertising and tracking [Art. 6 para. 1 sentence 1 lit. f.) GDPR]. In addition, we hereby fulfill the legal obligation to obtain legally compliant consent to data processing requiring consent [Art. 6 para. 1 lit. c) GDPR].

You can log in to your contentpass account here and register for contentpass here.

15. Cleverpush

15.1 Push notifications

You can register to receive push notifications. For this purpose, we use the “CleverPush” service, which is operated by CleverPush GmbH, Brauhausstraße 15A, 22041 Hamburg (“CleverPush”).

You will receive regular information about news, best lists, test reports, deals and apps relating to smartphones, tablets, wearables, smart homes and energy via our push notifications.

To sign up for the push notifications, you must confirm the request from your browser or end device to receive the notifications. This process is documented and saved by CleverPush. The time of registration and a push token or device ID are stored for this purpose. This data is used on the one hand to send you the push notifications and on the other hand as proof of your registration. The legal basis for this processing is your consent and thus Art. 6 para. 1 lit. a GDPR.

CleverPush also evaluates our push notifications statistically. CleverPush can thus recognize whether and when our push notifications were displayed and clicked on. This enables us to determine which push notifications are of interest to recipients in order to tailor future messages to the presumed interests of all recipients and thus increase interest in our offer. In addition to the push token or device ID, we also store the thematic focus of the app on which the push notifications were activated (e.g. business, sport, etc.). We also use this information to send push notifications to the relevant subscribers that are in their presumed interests. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. A push token or device ID is only assigned to a specific person if we are legally obliged to do so, to defend against claims against us, if this is necessary as evidence, and for the possible prosecution of violations of the law.

You can revoke your consent to the storage and use of your personal data to receive our push notifications at any time, with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Furthermore, you can object to the use of personal data described above on the basis of Art. 6 para. 1 lit. f at any time. Please withdraw your consent for this purpose. You can revoke your consent in the setting provided for receiving push notifications in the settings of your device or browser.

Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your data will therefore be stored for as long as the subscription to our push notifications is active.

The unsubscription process is explained in detail at the following link: https://cleverpush.com/faq.

To speed up the retrieval of content (e.g. images) and to defend against attacks, CleverPush uses the services of cloudflare.com, an offer from Cloudflare, Inc. as part of order processing based on the standard contractual clauses.

CleverPush does not store any data on Cloudflare's servers that contain personal data, but only general content such as texts or images. When you access this content, the device you are using establishes a connection to Cloudflare and the IP address of the device you are using is processed.

You can unsubscribe from the notifications at the following link: https://www.nextpit.com?cleverPushUnsubscribe=true.

16. Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

17. Hotjar

This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe(https://www.hotjar.com).

Hotjar is a tool for analyzing your user behavior on this website. Hotjar allows us to record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you remain with the mouse pointer in a certain place. Hotjar uses this information to create so-called heat maps, which can be used to determine which areas of the website visitors prefer to look at.

We can also determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.

Hotjar uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or the use of device fingerprinting).

Insofar as consent has been obtained, the use of the aforementioned service is based exclusively on Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, this service is used on the basis of Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

17.1 Deactivating Hotjar

If you wish to deactivate data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/

Please note that Hotjar must be deactivated separately for each browser or end device.

For more information about Hotjar and the data collected, please refer to Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy

17.2 Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

VI. Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights.

Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created from user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on the user's computer, in which the user's usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of users' personal data is based on our legitimate interests in effective user information and communication with users in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. If users are asked by the respective providers to consent to data processing (i.e. to give their consent, e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.

For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information from the providers. In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

VII. Audio and video conferencing

Data processing

Among other things, we use online conferencing tools to communicate with our customers. The individual tools we use are listed below. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conferencing tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” in connection with the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that is required to process the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

If content is exchanged, uploaded or provided in any other way within the tool, this is also stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy policies of the tools used, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.

Storage duration

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used

We use the following conference tools:

Google Meet

We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on data processing can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

VIII. Partner programs

1. Amazon affiliate program

beebuzz media Berlin GmbH is a participant in the Amazon EU affiliate program, which is designed to provide a medium for websites to earn advertising fees through the placement of advertisements and links to amazon.com.

For example, if you click on an advertising link for a product and then buy it from Amazon, we will receive a payment for this. Affiliate technologies such as cookies are used to track that you have come from our site and to be able to make the corresponding payment to us. The processing is therefore only used to record the transactions and to create the reports. The cookies are only set when you actually click on the link and are redirected to the affiliate's offer.

The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You can find more information at https://www.amazon.com/gp/help/customer/display.html?nodeId=201909010

In certain cases, a direct connection to Amazon servers is established to display product images. Your IP address and header data are transmitted to the target server by the request of your web browser. This integration takes place on the basis of our legitimate interests in order to be able to display the product offers.

2. eBay partner program

beebuzz media Berlin GmbH is a participant in the affiliate program of eBay Partner Network, Inc, 2145 Hamilton Ave, San Jose, CA 95125, USA, which is designed to provide a medium for websites to earn advertising fees by placing advertisements and links to ebay.de.

For example, if you click on an advertising link for a product and then buy it on eBay, we receive a payment for this. These affiliates use technologies such as cookies to track that you have come from our site and to be able to make the corresponding payment to us. The processing is therefore only used to record the transactions and to create the reports. The cookies are only set when you actually click on the link and are redirected to the affiliate's offer.

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can find more information at https://partnernetwork.ebay.com/page/network-agreement#privacy-notice

In certain cases, a direct connection to eBay servers is established to display product images. Your IP address and header data are transmitted to the target server by the request of your web browser. This integration takes place on the basis of our legitimate interests in order to be able to display the product offers.

IX. Hosting and Content Delivery Networks (CDN)

1. External hosting

1.1 Description and scope of processing

Our portal is hosted by an external service provider (hoster). The host of this portal is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

Hetzner's data centers are located in data center parks in Nuremberg and Falkenstein. Hetzner Online GmbH is certified in accordance with DIN ISO/IEC 27001. The certificate demonstrates adequate security management, data security, confidentiality of information and the availability of IT systems.

As part of our cooperation, we do not pass on any personal data about your visit to our website directly to Hetzner. However, it is possible that Hetzner may at least potentially gain access to personal data, e.g. in the course of maintenance work. Since such cases also constitute so-called commissioned data processing in accordance with Art. 28 GDPR, we have concluded a data protection contract with Hetzner in accordance with this provision. This also ensures the protection of your personal data.

You can view the privacy policy of this service provider here: https://www.hetzner.com/legal/privacy-policy.

2. CDN Cloudflare

2.1 Description and scope of processing

As part of our portal, we use the Cloudflare service, a service provided by Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare offers a globally distributed content delivery network (CDN) with DNS, load balancing and image optimization. Technically, the information transfer between your browser and our portal is routed via Cloudflare's network. This enables Cloudflare to analyze the data traffic between your browser and our portal and to act as a filter between our servers and potentially malicious data traffic from the Internet. Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here. The use of Cloudflare is based on our legitimate interest in providing our portal as error-free and securely as possible.

For security reasons, browser requests from dubious sources (hackers, malware, spammers, etc.) are rejected.

You can view the privacy policy of this service provider here: https://www.cloudflare.com/privacypolicy/.

In order to ensure data protection-compliant processing, we have concluded an order processing contract with Cloudflare.

Cloudflare uses the following cookies, which are essential for our portal

Name Purpose Duration
__cflb Security of the portal and IT systems from a few seconds up to 24 hours

The duration of storage is up to 24 hours.

2.2 Purpose of the processing

The purpose of the processing is to protect against hacker attacks, spammers, reliability through load balancing and optimization of images. Cloudflare thus contributes to the security of the visitor, the portal and our IT systems. This is also our legitimate interest in processing the data.

2.3 Legal basis of the processing

Our legitimate interest also arises from the purpose of the processing. The legal basis for processing the data is Art. 6 para. 1 lit. f) GDPR.

2.4 Recipients and transfer to third countries

The recipient of your data is the provider of the service. Insofar as personal data is also transferred to the USA and stored there, the data protection-compliant processing of this data is guaranteed by an order processing contract with Cloudflare. The data processing terms (Data Processing Addendum), which correspond to the standard contractual clauses, can be found at https://www.cloudflare.com/cloudflare-customer-dpa/.

You can view the privacy policy of this service provider here: https://www.cloudflare.com/privacypolicy/.

2.5 Duration of the processing

Personal data (such as the IP address) is stored for 30 days.

3. nextpit CDN

As part of our portal, we use a so-called content delivery network (CDN) to transmit static web content such as images, videos and scripts.

The following CDNs are hosted by Hetzner Online GmbH and can be accessed under these domains:

  • fs.npstatic.com
  • static.npstatic.com
  • fscl01.fonpit.de
  • fscl02.fonpit.de

The following CDNs are hosted at Cloudflare and can be reached under these domains:

  • *.nextpit.workers.dev
  • tools.nextpit.com

X. General information on storage duration

Unless an explicit storage period is specified in this declaration, personal data will be stored for as long as is necessary for the respective specified purposes and fulfillment of our legal obligations. Insofar as statutory retention obligations exist (e.g. from § 147 AO, § 257 HGB), the data will be stored for at least the duration of the statutory retention period.

D. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against us, the controller (unless already set out above under D in connection with the respective processing of your data):

1. Right to information

In accordance with Art. 15 GDPR, you can request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing is taking place, you can request the following information from the controller:

  1. the purposes for which the personal data are processed
  2. the categories of personal data being processed
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
  4. the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period
  5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
  6. the existence of a right to lodge a complaint with a supervisory authority
  7. all available information about the origin of the data if the personal data is not collected from the data subject
  8. the existence of automated decision-making, including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

In accordance with Art. 16 GDPR, you have a right to rectification and/or completion of your data vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

3. Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you in accordance with Art. 18 GDPR:

  1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
  4. if you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

4.1 Obligation to erasure

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  4. The personal data concerning you has been processed unlawfully.
  5. The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

4.2 Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

4.3 Exceptions

The right to erasure does not exist in particular if the processing is necessary

  1. to exercise the right to freedom of expression and information
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  3. for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h) and lit. i) GDPR and Art. 9 para. 3 GDPR;
  4. for the assertion, exercise or defense of legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged pursuant to Art. 19 GDPR to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients by the controller.

6. Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

  1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
  2. the processing is carried out by automated means.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

E. Data security

1. Login status

1.1 Description and scope of processing

For the security of user data and the IT systems of the portal, the following user data is collected and stored in connection with login attempts as part of a so-called login status:

  • IP addresses of the last ten logins
  • Date of the last ten logins
  • Date of the last failed login
  • Total number of failed logins

The data is stored by nextpit and cannot be viewed by the public. Otherwise, the login data will not be passed on to third parties. In strict compliance with the relevant data protection regulations, our carefully selected service providers involved in the hosting and maintenance of our systems may be recipients of the data. This takes place on the basis of order processing agreements, by which the service providers are contractually bound and we remain responsible for the processing of the data in this respect.

1.2 Purpose of the processing

The purpose of processing is to ensure the security of user data and the security of the portal's IT systems.

1.3 Legal basis of the processing

The legal basis for processing is Art. 6 para. 1 lit. b) GDPR.

1.4 Duration of the processing

The user's login data will be deleted when the purpose of processing ceases to apply, i.e. regularly after the user contract has been fully processed or the user's profile has been deleted.

2. Encryption

To secure your data when you visit our website, we use the widely used SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.