PRIVACY NOTICE

Updated: 12/12/2022

This data protection declaration clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the websites, functions and content associated with it as well as external online presences, such as our social media profile (hereinafter jointly referred to as “online offer”). With regard to the terms used, such as “Processing” or “controller” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Responsible party

Dronai Pro, Ltd.
Ulonu 3, Vilnius
LITHUANIA

E-mail: info@dronaipro.lt

Types of data processed

– Inventory data

Contact details
– Content data
– Contract data
– Payment data
– Usage data
– Meta/communication data

Processing of special categories of data (Art. 9 Abs. 1 GDPR)
No special categories of data are processed.
Categories of persons affected by the processing

– Customers, interested parties, visitors and users of the online offer, business partners.

– Visitors and users of the online offer.
In the following, we also refer to the persons concerned collectively as “users”.

Purpose of processing

– Provision of the online offer, its contents and shop functions.

– Provision of contractual services, service and customer care.
– Answering contact requests and communicating with users.
Marketing, advertising and market research.
– Security measures.

1. Terminology used

(1) “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

(2) “Processing” means any operation or set of operations carried out with or without the aid of automated procedures in connection with personal data. The term goes far and covers practically every handling of data.
(3) “Controller” means the natural or legal person, public authority, agency or other body that alone or jointly with others decides on the purposes and means of processing personal data.

2. Substantial legal foundations
In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures as well as answering inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as the legal basis.
3. Changes and updates to the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes will result in an act of cooperation on your part (e.g. Consent) or any other individual notification is required.

4. Safety measures

(1) We meet in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probability and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of protection appropriate to the risk; the measures include, in particular, ensuring the confidentiality, integrity and availability of data Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data and response to threats to the data. Furthermore, we take into account the protection of personal data already during development, or Selection of hardware, software and procedures, taken into account in accordance with the principle of data protection through technology design and data protection-friendly presets (Art. 25 GDPR).

(2) Security measures include in particular the encrypted transmission of data between your browser and our server.

5. Disclosure and transmission of data

(1) If, in the context of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, acc. Art. 6 para. 1 lit. b GDPR is necessary for the performance of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, economic and legal advisors, customer care, accounting, billing and similar services that allow us to efficiently and effectively fulfill our contractual obligations, administrative tasks and obligations).

(2) If we third parties consent to the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

6. Transmissions to third-party countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we process it in the context of the use of third-party services or disclosure, or Transmission of data to third parties, this only takes place if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the special requirements of Art. 44 et seq. are met. GDPR process. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
7. Rights of the person affected

(1) You have the right to request confirmation as to whether relevant data is being processed and to information about this data as well as to further information and copy of the data in accordance with Art. 15 GDPR.

(2) You have accordingly. Art. 16 GDPR, the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
(3) You have in accordance with Art. 17 GDPR, the right to demand that relevant data be deleted immediately, or alternatively in accordance with Art. 18 GDPR to request a restriction of the processing of the data.
(4) You have the right to demand that the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request their transmission to other responsible persons.
(5) You also have acc. Art. 77 GDPR, the right to lodge a complaint with the competent supervisory authority.

8. Right of revocation

You have the right to revoke consent given acc. Art. 7 para. 3 GDPR with effect for the future.

9. Right of objection

You can object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against processing for direct marketing purposes.

10. Cookies and right of revocation with direct application

(1) “Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. As temporary cookies, or “Session cookies” or “transient cookies” are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart in an online shop or a login status can be stored. “Permanent” or “persistent” refers to cookies that remain stored even after closing the browser. For example, the login status can be saved if users visit it after several days. Likewise, the interests of users who are used for range measurement or marketing purposes can be stored in such a cookie. “Third-party cookies” are cookies from providers other than the person responsible for operating the online offer (otherwise, if they are only their cookies, they are called “first-party cookies”).

(2) We use temporary and permanent cookies and clarify this in the context of our privacy policy.

(3) A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the EU page http://www.youronlinechoices.com/. Furthermore, you can adjust the cookie settings for this online offer via the following link:

Adjust my cookie settings

Please note that not all functions of this online offer may then be used.

11. Deletion of data

(1) The data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer necessary for its purpose and the deletion does not conflict with any legal storage obligations. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.

(2) Germany: According to legal requirements, storage takes place in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) as well as for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.

12. Order processing in the online shop and customer account

(1) We process the data of our customers as part of the ordering processes in our online shop in order to inform them of the selection and ordering of the selected products and services, as well as their payment and delivery, or to enable execution.

(2) The processed data includes inventory data, communication data, contract data, payment data and the persons concerned, our customers, interested parties and other business partners. The processing takes place for the purpose of providing contractual services in the context of the operation of an online shop, billing, delivery and customer service. We use session cookies for the storage of the shopping cart content and permanent cookies for storing the login status.
(3) Processing is carried out on the basis of Art. 6 para. 1 lit. b (execution of order processes) and c (legally required archiving) GDPR. The information marked as necessary for the establishment and performance of the contract is required. We disclose the data to third parties only in the context of delivery, payment or within the framework of legal permits and obligations towards legal advisers and authorities. The data will only be processed in third countries if this is necessary for the fulfillment of the contract (e.g. on customer request upon delivery or payment).
(4) Users can optionally create a user account by being able to view their orders in particular. As part of the registration, the required mandatory information will be communicated to users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention for commercial or tax reasons. Art. 6 para. 1 lit. c GDPR necessary. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation. It is up to the users to secure their data before the end of the contract if they have been terminated.
(5) As part of the registration and re-registration as well as use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user in protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with. Art. 6 para. 1 lit. c GDPR.
(6) The deletion takes place after expiry of legal warranty and comparable obligations, the necessity of the storage of the data is checked every three years; in the case of the statutory archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation); information in the customer account remains until its deletion.

13. Business analysis and market research

(1) In order to operate our business economically, to be able to recognize market trends, customer and user wishes, we analyze the data available to us on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. GDPR, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer. The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we can take into account the profiles of registered users with information, e.g. about their purchase processes. The analyses serve us to increase user-friendliness, the optimization of our offer and business efficiency. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized values.

(2) If these analyses or profiles are personal, they will be deleted or anonymized upon termination of the users, otherwise after two years from the conclusion of the contract. In addition, the macroeconomic analyses and general trend determinations are compiled anonymously if possible.

14. Communication via post, e-mail, fax or telephone

(1) We use means of distance communication for business processing and marketing purposes, such as Mail, telephone or e-mail. We process inventory data, address and contact data as well as contract data of customers, participants, interested parties and communication partners.

(2) The processing is carried out on the basis of Art. 6 para. 1 lit. a, Art. 7 GDPR, Art. 6 para. 1 lit. f DSGVO in conjunction with legal requirements for advertising communications. The contact is only made with the consent of the contact partners or within the scope of the legal permits and the processed data will be deleted as soon as they are not necessary and otherwise with objection/revocation or elimination of the authorization bases or legal archiving obligations.

15. Contact and customer service

(1) When contacting us (via contact form or e-mail), the user’s details are used to process the contact request and its processing acc. Art. 6 para. 1 lit. b) GDPR processed.

(2) We use the CRM system “Gist” of the provider ConvertFox Global, Inc., 251 Little Falls Drive Wilmington DE 19808, USA on the basis of our legitimate interests (efficient and fast processing of user inquiries). For this purpose, we have a contract with ConvertFox Global with so-called Standard contractual clauses are concluded in which ConvertFox Global undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. ConvertFox Global is also certified under the GDPR and thus offers an additional guarantee to comply with European data protection law. The privacy policy can be found at https://getgist.com/privacy/.
(3) We delete the requests if they are no longer necessary. We check the necessity every two years; we store requests from customers who have a customer account permanently and refer to the details of the customer account for deletion. Furthermore, the legal archiving obligations apply.

16. Collection of access data and log files

(1) We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

(2) Log file information is stored for security reasons (e.g. to investigate abuse or fraud) for a maximum period of seven days and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

17. Online presence in social media

(1) We maintain on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

(2) Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within social networks and platforms, e.g. Write articles on our online presences or send us messages.
(3) We use Google Analytics to display the ads placed within advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who have certain characteristics (e.g. have interests in certain topics or products determined on the basis of the websites visited) that we transmit to Google (so-called “Remarketing” or “Google Analytics Audiences”). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interest of users and do not have a harassing effect.

18. NEWSLETTER

(1) With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure as well as your rights of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.

(2) Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter referred to as “newsletter”) only with the consent of the recipients or legal permission. If its contents are specifically described as part of a registration for the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and our company.
(3) Double opt-in and logging: The registration for our newsletter takes place in a so-called Double opt-in procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with foreign e-mail addresses. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. The changes to your data stored with the shipping service provider will also be logged.
(4) Shipping service provider: The newsletters are sent via “Mailchimp”, a newsletter dispatch platform of the provider.
(5) Insofar as we use a shipping service provider, the shipping service provider may use this data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletters or for statistical purposes to determine from which countries the recipients come. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or pass them on to third parties.
(6) Registration data: To register for the newsletter, it is sufficient to enter your e-mail address.
(7) Performance measurement – The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from its server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is first collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined by the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our aim, nor, if used, that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
(8) The dispatch of the newsletter and the performance measurement are based on the consent of the recipients acc. Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG or on the basis of the legal permission acc. § 7 para. 3 UWG.
(9) The registration procedure is logged on the basis of our legitimate interests acc. Art. 6 para. 1 lit. f DSGVO and serves to prove consent to receive the newsletter.
(10) Newsletter recipients can cancel the receipt of our newsletter at any time, i.e. Revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. At the same time, their consent to the measurement of success expires. Unfortunately, a separate revocation of the performance measurement is not possible, in this case the entire newsletter subscription must be cancelled. By unsubscribing from newsletters, the personal data will be deleted, unless their storage is legally required or justified, whereby their processing in this case is limited to these exceptional purposes. In particular, we can store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them for the purpose of sending the newsletter in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is also confirmed.

19. Incorporation of services and contents of third parties

(1) Within our online offer, we rely on our legitimate interests (i.e. Interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) content or service offers from third parties in order to use their content and services, e.g. Include videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the users, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and can contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information on the use of our online offer, as well as can be linked to such information from other sources.

(2) The following presentation offers an overview of third-party providers as well as their contents, together with links to their data protection declarations, which provide further information on the processing of data and, partly already mentioned here, possibilities of objection (so-called Opt-out) included
– If our customers use the payment services of third parties (e.g. PayPal), the terms and conditions and the data protection information of the respective third-party providers apply, which are within the respective websites, or Transaction applications are available.
– External fonts from Google, LLC., (“Google Fonts“). The integration of Google Fonts takes place through a server call to Google (usually in the USA).Privacy policy, opt-out: Maps of the service “Google Maps” provided by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy Google, Opt-Out Google.
– Videos of the platform “YouTube” of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy, Opt-Out.
Functions of the Google+ service are integrated within our online offer. These functions are offered by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link the contents of our pages to your Google+ profile by clicking on the Google+ button. This allows Google to assign the visit to our pages to your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Google+. Privacy Policy, Opt-Out.

20. Google Analytics

(1) We rely on our legitimate interests (i.e. Interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) Google Analytics, a web analysis service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by users is usually transmitted to a Google server in the USA and stored there.

(2) Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.
(3) Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the use of the Internet. Pseudonymous user profiles of the users can be created from the processed data.
(4) We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
(5) The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: Download
(6) Further information on Google’s use of data, setting and objection options can be found on Google’s website: “Google’s use of data when you use websites or apps of our partners“, “Use of data for advertising purposes” and “Manage information that Google uses to show you advertising“.

21. Google Tag Manager

Google Tag Manager is a solution with which we can use so-called can manage website tags via an interface (e.g. Integrate Google Analytics and other Google marketing services into our online offer). The tag manager itself (which implements the tags) does not process any personal data of users. With regard to the processing of users’ personal data, reference is made to the following information on Google services. Terms of use.

22. Google Optimize

(1) The web analysis and optimization service “Google Optimize” is used on our website, which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google Optimize”). We use the Google Optimize service to increase the attractiveness, content and functionality of our website by displaying new functions and content to a percentage of our users and statistically evaluating the change in use. Google Optimize is a subservice of Google Analytics (see section Google Analytics).

(2) Google Optimize uses cookies that enable you to optimize and analyze your use of our website. The information generated by these cookies about your use of our website is usually transmitted to a Google server in the USA and stored there. We use Google Optimize with activated IP anonymization, so that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on the optimization test and the associated website activity and providing us with other services related to website activity and internet usage.

(3) You can prevent the storage of cookies by setting your Internet browser accordingly or via our Cookie Consent Tool. In addition, you can prevent the collection of the data generated by the cookie and related to your use of our website (incl. your IP address) to Google and the processing of this data by Google by downloading and installing the available browser plug-in. Further information on data collection and processing by Google can be found in Google’s privacy policy.

23. Google Re/Marketing Services

(1) We use on the basis of our legitimate interests (i.e. Interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) the marketing and remarketing services (short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

(2) Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.
(3) The Google marketing services allow us to display advertisements for and on our website in a more targeted manner in order to only present users with ads that potentially correspond to their interests. If a user e.g. Ads are displayed for products in which he has been interested on other websites, this is called “remarketing”. For these purposes, when you visit our and other websites on which Google marketing services are active, Google executes a code from Google directly and so-called (Re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file notes which websites the user visits, which content he is interested in and which offers he has clicked on, as well as technical information about the browser and operating system, referring websites, visit time and other information on the use of the online offer. The IP address of the users is also recorded, whereby we inform you as part of Google Analytics that the IP address will be shortened within member states of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases completely transmitted to a Google server in the USA and shortened there. The IP address will not be merged with user data within other Google offers. The above information may also be linked by Google to such information from other sources. If the user subsequently visits other websites, the ads tailored to him can be displayed according to his interests.
(4) The data of users are processed pseudonymously as part of Google marketing services. I.e. For example, Google does not store and process the name or e-mail address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. This means that from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.
(5) The Google marketing services we use include, among other things, the online advertising program “Google Ads.” In the case of Google Ads, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information collected with the help of the cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Google Ads customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users.
(6) We can also use the Google Optimizer service. Google Optimizer allows us to understand the impact of various changes to a website as part of so-called “A/B testing” (e.g. Changes in input fields, design, etc.). For these testing purposes, cookies are stored on users’ devices. Only pseudonymous data of the users is processed.
(7) Further information on Google’s use of data for marketing purposes can be found on the following overview page. You will also find Google’s privacy policy here.
(8) If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google.

24. Facebook, Custom Audiences and Facebook Marketing Services

(1) Within our online offer, on the basis of our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

(2) Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.
(3) With the help of the Facebook pixel, Facebook is on the one hand able to use the visitors of our online offer as a target group for the presentation of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. have interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called “Conversion”).
(4) The processing of data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general information on the presentation of Facebook ads, in Facebook’s data usage policy. Specific information and details about the Facebook pixel and how it works can be found in the Facebook help section.
(5) You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set which types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions for usage-based advertising settings. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
(6) You can also object to the use of cookies that serve to measure reach and advertising purposes via the deactivation page of the network advertising initiative and additionally the US website or the European website.

25. Facebook social plugins

(1) We use on the basis of our legitimate interests (i.e. Interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) Social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can contain interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook social plugins can be viewed here.

(2) Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.
(3) If a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated by him into the online offer. User profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore informs users according to our level of knowledge.
(4) By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, for example, press the Like button or leave a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store his IP address. According to Facebook, only one anonymized IP address is stored in Germany.
(5) The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options for the protection of the privacy of users can be found in Facebook’s privacy policy.
(6) If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his member data stored on Facebook, he must log out of Facebook and delete his cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings or via the US page or the EU page. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

26. Microsoft Bing Ads

(1) On our pages we use the conversion tracking of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Bing Ads stores a cookie on your computer if you have reached our website via a Microsoft Bing ad. Microsoft Bing and we can see in this way that someone clicked on an ad, was redirected to our website and reached a previously specific landing page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is provided.

(2) If you do not want Microsoft to use information about your behavior as explained above, you can refuse the setting of a cookie required for this – for example, via browser setting that generally disables the automatic setting of cookies. You can also prevent the collection of the data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by doing so at the following link. Explain your objection. Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website.

27. Hotjar

(1) On our website, we use Hotjar from Hotjar Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) to statistically evaluate visitor data. Hotjar is a service that analyzes the behavior and feedback of you as a user on our website through a combination of analysis and feedback tools. We receive reports and visual representations from Hotjar that show us where and how you “move” on our site. Personal data is automatically anonymized and never reaches Hotjar’s servers. This means that you are not personally identified as a website user and we still learn a lot about your user behavior.

(2) As already mentioned in the upper section, Hotjar helps us analyze the behavior of our site visitors. These tools that Hotjar offers include heat maps, conversion funnels, visitor recording, incoming feedback, feedback polls and surveys (more information can be found here). In this way, Hotjar helps us to offer you a better user experience and service. On the one hand, it offers a good analysis of online behavior, on the other hand, we also receive good feedback on the quality of our website. Because in addition to all the analysis aspects, we also simply want to know your opinion about our website. And with the feedback tool, exactly that is possible.
(3) In recent years, the importance of user experience on websites has increased sharply. And for good reason. A website should be structured in such a way that you feel comfortable as a visitor and can easily find your way around. Thanks to Hotjar’s analysis tools and feedback tool, we can make our website and our offer more attractive. Hotjar’s heat maps prove to be particularly valuable to us. Heat maps are a form of presentation for the visualization of data. Through Hotjar’s heat maps, for example, we see very well what you like to click, tap and where you scroll.
(4) As you browse through our website, Hotjar automatically collects information about your user behavior. In order to collect this information, we have installed our own tracking code on our website. The following data can be collected via your computer or browser: IP address of your computer (collected and stored in an anonymous format), screen size, browser information (which browser, which version, etc.), your location (but only the country), your preferred language setting, visited websites (subpages), date and time of access to one of our subpages (websites).
In addition, cookies also store data that is placed on your computer (usually in your browser). No personal data is collected in it. In principle, Hotjar does not pass on any collected data to third parties. However, Hotjar expressly points out that it is sometimes necessary to share data with Amazon Web Services. Then parts of your information will be stored on their servers. However, Amazon is bound by a duty of confidentiality not to disclose this data.
Only a limited number of people (Hotjar employees) have access to the stored information. The Hotjar servers are protected by firewalls and IP restrictions (access only to approved IP addresses). Firewalls are security systems that protect computers from unwanted network access. They are intended to serve as a barrier between Hotjar’s secure internal network and the Internet. Furthermore, Hotjar also uses third-party companies such as Google Analytics or Optimizely for your services. These companies may also store information that your browser sends to our website.
The following cookies are used by Hotjar. Since we refer, among other things, to the cookie list from Hotjar’s privacy policy, not every cookie has an exemplary value. The list shows examples of Hotjar cookies used and does not claim to be complete.
(5) We have installed a tracking code on our website, which is transmitted to the Hotjar servers in Ireland (EU). This tracking code contacts Hotjar’s servers and sends a script to your computer or device with which you access our site. The script collects certain data in relation to your interaction with our website. This data is then sent to Hotjar’s servers for processing. Hotjar has imposed a 365-day data retention period on itself. This means that all data that Hotjar has collected and is older than one year will be automatically deleted.
(6) Hotjar does not store any personal data from you for the analysis. The company even advertises with the slogan “We track behavior, not individuals”. You also always have the option of preventing the collection of your data. All you have to do is go to the “Opt-out page” and click on “Disable Hotjar”. Please note that deleting cookies, using the private mode of your browser or using another browser will result in collecting data again. Furthermore, you can also activate the “Do Not Track” button in your browser. In the Chrome browser, for example, you must click on the three bars in the upper right corner and go to Settings. There you will find the option “Send a “Do Not Track” request with browser access” in the “Privacy” section. Now all you have to do is activate this button and no data will be collected from Hotjar.
More details about the privacy policy and what data is collected by Hotjar and in what way can be found here.