1. Introduction

With this privacy policy, we aim to inform you about the types of personal data (hereinafter referred to as "data") we process, the purposes of processing, and the scope of processing. This privacy policy applies to all processing of personal data conducted by us, both in the context of providing our services and specifically on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

2. Controller

Pink Aviation Services Luftverkehrsunternehmen GmbH & Co KG
Endresstraße 79/4
1230 Vienna

3. Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the categories of affected individuals.

Types of Data Processed

    Inventory Data
    Payment Data
    Contact Data
    Content Data
    Contract Data
    Usage Data
    Meta/Communication Data

Special Categories of Data

    Health Data
    Data related to sexual life or sexual orientation
    Religious or philosophical beliefs
    Data revealing racial or ethnic origin

Categories of Affected Individuals

    Customers
    Prospects
    Communication Partners
    Users
    Business and Contract Partners

Purposes of Processing

    Provision of contractual services and customer support
    Contact inquiries and communication
    Direct marketing
    Reach measurement
    Office and organizational procedures
    Administration and response to inquiries
    Feedback
    Marketing
    Profiles with user-related information
    Provision of our online services and user-friendliness

4. Relevant Legal Bases

Below is an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the GDPR regulations, national data protection regulations in your or our country of residence may also apply. If specific legal bases are relevant in individual cases, we will inform you in the privacy policy.

    Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
    Contract Fulfillment and Pre-contractual Inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
    Legal Obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
    Legitimate Interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless such interests are overridden by the data subject’s interests or fundamental rights and freedoms that require protection of personal data.

In addition to the GDPR, national regulations on data protection in Austria apply, including the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains specific regulations on the right to information, the right to correction or deletion, the processing of special categories of personal data, processing for other purposes, and automated decision-making on a case-by-case basis.

5. Security Measures

We implement technical and organizational measures to ensure an appropriate level of protection considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities and severity of threats to the rights and freedoms of individuals.

Measures include ensuring the confidentiality, integrity, and availability of data through control of physical and electronic access to data, as well as access, input, transfer, availability, and segregation of data. We have also established procedures to handle data subject rights, data deletion, and responses to data breaches. We take data protection into account already when developing or selecting hardware, software, and procedures according to the principle of data protection by design and by default.

SSL Encryption (https): To protect data transmitted via our online services, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in your browser’s address bar.

6. Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and read information from end devices. For example, to store login status in a user account, shopping cart contents in an e-shop, accessed content, or features used on an online service. Cookies can be used for various purposes, such as functionality, security, and comfort of online services, as well as for visitor flow analysis.

Consent Information: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless not legally required. Consent is not necessary if storing and reading information, including cookies, is strictly necessary to provide users with a telemedia service (i.e., our online service) explicitly requested by them. Revocable consent is clearly communicated to users and includes information about the respective use of cookies.

Legal Basis for Data Processing: The legal basis for processing personal data with cookies depends on whether we ask for user consent. If consent is given, the legal basis is the expressed consent. Otherwise, data processed using cookies is based on our legitimate interests (e.g., in operating and improving the usability of our online services) or, if necessary for fulfilling our contractual obligations, where the use of cookies is required to meet our contractual duties. We will inform users about the purposes for which cookies are processed within this privacy policy or during our consent and processing procedures.

Storage Duration: The following types of cookies are distinguished in terms of storage duration:

    Temporary Cookies (also: Session or Session Cookies): These are deleted at the latest when a user leaves an online service and closes their end device (e.g., browser or mobile application).
    Persistent Cookies: These remain stored even after closing the end device. For instance, login status may be saved, or preferred content directly displayed when a user visits a website again. Persistent cookies may also be used for reach measurement. If we do not explicitly inform users about the type and duration of cookies (e.g., during consent collection), users should assume that cookies are persistent and may be stored for up to two years.

General Information on Withdrawal and Objection (Opt-Out): Users may withdraw their consents at any time and also object to processing in accordance with legal provisions in Art. 21 GDPR (further information on objection will be provided within this privacy policy). Users may also declare their objection through browser settings.

Further Information on Processing Processes, Procedures, and Services:

    Processing of Cookie Data Based on Consent: We use a cookie consent management procedure in which user consents to the use of cookies or processes and providers mentioned in the cookie consent management procedure are obtained, managed, and can be withdrawn. The consent declaration is stored to avoid repeating the consent request and to demonstrate compliance with legal obligations. Storage may be server-side and/or in a cookie (so-called opt-in cookie or using similar technologies) to associate the consent with a user or their device. Subject to specific details about cookie management service providers, the following applies: The duration of consent storage can be up to two years. A pseudonymous user identifier is created and saved with the time of consent, details about the scope of consent (e.g., which categories of cookies and/or service providers) as well as browser, system, and used end device.

7. Business Services

We process data of our contractual and business partners, such as customers and prospects (collectively referred to as “contractual partners”) within the framework of contractual and similar legal relationships, as well as related measures and in communication with contractual partners (or pre-contractually), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations, including obligations to provide agreed services, update obligations, and remedies for warranty and other performance issues. Additionally, we process data to protect our rights and for administrative tasks related to these obligations, as well as for business organization. Furthermore, we process data based on our legitimate interests in proper and economical business management and in security measures to protect our contractual partners and business operations from misuse, data threats, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services, subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the scope of applicable law, we disclose data to third parties only to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Additional forms of processing, such as for marketing purposes, will be communicated to contractual partners within this privacy policy.

We inform contractual partners about the data required for the aforementioned purposes before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete data after the expiration of legal warranty and similar obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it needs to be kept for legal archiving purposes (e.g., for tax purposes, typically 10 years). Data disclosed to us by a contractual partner in the context of an order will be deleted according to the order's specifications, generally after the end of the order.

If we use third-party providers or platforms to provide our services, the terms and privacy notices of the respective third-party providers or platforms apply in the relationship between users and providers.

8. Payment Procedures

As part of contractual and other legal relationships, due to legal obligations, or otherwise based on our legitimate interests, we offer affected individuals efficient and secure payment options and use additional service providers alongside banks and credit institutions (collectively referred to as "Payment Service Providers").

The data processed by Payment Service Providers include personal data such as name and address, banking data such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, amount, and recipient-related information. This information is necessary to carry out transactions. However, the data entered is only processed and stored by the Payment Service Providers. We do not receive account or credit card-related information, but only information confirming or denying the payment. In some cases, the data may be transmitted by the Payment Service Providers to credit agencies for identity and credit checks. For this purpose, we refer to the terms and conditions and privacy notices of the Payment Service Providers.

The terms and conditions and privacy notices of the respective Payment Service Providers apply to payment transactions, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and the exercise of rights to withdrawal, information, and other affected rights.

    Processed Data Types: Personal data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
    Affected Persons: Customers; Prospects.
    Purposes of Processing: Provision of contractual services and customer service.
    Legal Bases: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b DSGVO); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f DSGVO).

Further Information on Processing Processes, Procedures, and Services:

    American Express: Payment processing services; Service provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany; Website: American Express; Privacy Policy: Privacy Policy.
    Mastercard: Payment processing services; Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Website: Mastercard; Privacy Policy: Privacy Policy.
    Visa: Payment processing services; Service provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB; Website: Visa; Privacy Policy: Privacy Policy.

9. Provision of the Online Offer and Web Hosting

To provide our online offer securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or managed servers) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space, and database services, as well as security services and technical maintenance services.

Data processed as part of providing the hosting offer may include all user-related information that arises during the use and communication of our online offer. This typically includes the IP address, which is necessary to deliver the content of online offers to browsers, and all inputs made within our online offer or from websites.

    Processed Data Types: Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
    Affected Persons: Users (e.g., website visitors, users of online services).
    Purposes of Processing: Provision of our online offer and user-friendliness.
    Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f DSGVO).

Further Information on Processing Processes, Procedures, and Services:

    Email Sending and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as additional information regarding email sending (e.g., involved providers) and the content of the respective emails, are processed. The mentioned data may also be processed for spam detection purposes. Please note that emails are generally not encrypted during transmission over the internet. While emails are usually encrypted during transmission, unless end-to-end encryption is used, they are not encrypted on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission path of emails between the sender and reception on our server.
    Collection of Access Data and Log Files: We (or our web hosting provider) collect data on each access to the server (so-called server log files). Server log files may include the address and name of retrieved websites and files, date and time of retrieval, transmitted data volumes, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. Server log files may be used for security purposes, such as avoiding server overloads (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure server load and stability; deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.
    World4You: Homepage and web hosting; Service provider: WordPress.

10. Communication via Messenger

We use messengers for communication purposes and therefore ask you to note the following information about the functionality of messengers, encryption, use of metadata from communication, and your right to object.

You can also contact us via alternative methods, such as telephone or email. Please use the contact options provided to you or those listed within our online offer.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication contents (i.e., the content of the message and attached images) are encrypted from end to end. This means that the content of messages is not visible, not even to the messenger providers themselves. You should always use an up-to-date version of the messengers with activated encryption to ensure the encryption of message contents.

We also inform our communication partners that although messenger providers cannot see the content, they can determine that and when communication partners are communicating with us, as well as process technical information about the communication partners' devices and, depending on their device settings, also location information (so-called metadata).

Notes on Legal Bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for processing their data is their consent. Otherwise, if we do not ask for consent and they, for example, contact us on their own initiative, we use messengers in relation to our contractual partners as a contractual measure and in the case of other prospects and communication partners based on our legitimate interests in quick and efficient communication and fulfilling the needs of our communication partners for communication via messengers. Furthermore, we point out that we do not transmit the contact data provided to us to the messengers for the first time without your consent.

Withdrawal, Objection, and Deletion: You can withdraw consent at any time and object to communication with us via messengers at any time. In the case of communication via messengers, we delete the messages according to our general deletion policies (e.g., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we assume that we have answered any requests from communication partners, provided no reference to a previous conversation is expected and no legal retention obligations oppose deletion.

Reservation of Reference to Other Communication Channels: Finally, we reserve the right, for your safety, not to respond to inquiries via messenger. This is the case, for example, if contractual details require special confidentiality or if a response via messenger does not meet formal requirements. In such cases, we refer you to more appropriate communication channels.

    Processed Data Types: Contact data (e.g., email, phone numbers); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Content data (e.g., entries in online forms).
    Affected Persons: Communication partners.
    Purposes of Processing: Contact requests and communication; Direct marketing (e.g., via email or postal mail).
    Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a DSGVO); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f DSGVO).

Further Information on Processing Processes, Procedures, and Services:

    Apple iMessage: Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Website: Apple; Privacy Policy: Privacy Policy.
    Instagram: Messaging via the social network Instagram; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: Instagram; Privacy Policy: Privacy Policy.
    Meta: (formerly Facebook Messenger); Messaging via the social network Facebook Messenger; Service provider: Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA; Website: Meta; Privacy Policy: Privacy Policy.

11. Integration of Third-Party Services and Content

We use content and services from third-party providers within our online offer to integrate their content and services, such as videos, fonts, or social media posts (collectively referred to as "Content"). This always requires the third-party providers to know the IP address of the users, as they would not be able to send the content to their browsers without the IP address. The IP address is therefore required for the display of this content or services. We strive to use only content whose respective providers use the IP address solely for the delivery of the content.

Furthermore, third-party providers may use pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The pixel tags enable the evaluation of information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visiting times, and other details on the use of our online offer.

Notes on Legal Bases: If we ask users for their consent before integrating third-party content, the legal basis for processing is their consent. Otherwise, users' data is processed based on our legitimate interests in providing our online offer effectively and securely (Art. 6 Para. 1 S. 1 lit. f DSGVO).

Further Information on Processing Processes, Procedures, and Services:

    YouTube: Integration of videos; Service provider: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA; Website: YouTube; Privacy Policy: Privacy Policy.
    Google Maps: Integration of maps; Service provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: Google Maps; Privacy Policy: Privacy Policy.

12. Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as "reach measurement") is used to evaluate visitor traffic to our online offering and may include pseudonymous data about visitor behavior, interests, or demographic information such as age or gender. With reach analysis, we can, for example, determine when our online offering or its features or content are used most frequently or invite repeat use. We can also identify areas that need optimization.

In addition to web analysis, we may use testing methods to, for example, test and optimize different versions of our online offering or its components. Unless otherwise specified below, profiles, i.e., aggregated data related to a usage event, may be created for these purposes and information may be stored and read from a browser or device. The collected information includes, in particular, visited websites and used elements, as well as technical details like the browser used, the computer system used, and usage times. If users have consented to the collection of their location data, these location data may also be processed.

User IP addresses are also stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users. Generally, clear data of users (such as email addresses or names) are not stored in the context of web analysis, A/B testing, and optimization, but pseudonymous data is used. This means that neither we nor the providers of the software used know the actual identity of the users but only the information stored in their profiles for the purposes of the respective processes.

Legal Basis Notes: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

    Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
    Affected Persons: Users (e.g., website visitors, online service users).
    Purposes of Processing: Reach measurement (e.g., access statistics, detection of recurring visitors); Profiles with user-related information (creating user profiles).
    Security Measures: IP masking (pseudonymization of the IP address).
    Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a DSGVO); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f DSGVO).

Further Information on Processing Processes, Procedures, and Services:

    Google Analytics: Web analysis, reach measurement, and user flow measurement; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: Google Analytics; Privacy Policy: Privacy Policy; Additional information: Types of processing and processed data: Privacy Information; Data processing terms for Google advertising products and standard contractual clauses for data transfers to third countries: Data Processing Terms.

13. Presences on Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.

Please note that user data may be processed outside the European Union. This may pose risks for users, such as difficulties in enforcing user rights.

Additionally, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and resulting interests. These usage profiles can then be used to display advertisements within and outside the networks that are presumed to match users' interests. For these purposes, cookies are generally stored on users' devices, storing usage behavior and interests. Furthermore, usage profiles may also store data independent of the devices used by users (especially if users are members of the respective platforms and are logged in).

For a detailed description of the respective processing forms and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

Even in the case of requests for information and the assertion of data subject rights, we point out that these are most effectively asserted with the providers. Only the providers have access to users' data and can directly take appropriate measures and provide information. If you still need assistance, you can contact us.

    Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
    Affected Persons: Users (e.g., website visitors, online service users).
    Purposes of Processing: Contact requests and communication; Feedback (e.g., collecting feedback via online forms); Marketing.
    Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f DSGVO).

Further Information on Processing Processes, Procedures, and Services:

    Instagram: Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA; Website: Instagram; Privacy Policy: Privacy Policy.
    Facebook Pages: Profiles within the social network Facebook – We, along with Facebook Ireland Ltd., are responsible for the collection (but not further processing) of data from visitors to our Facebook page (so-called "Fanpage"). This data includes information on the types of content users view or interact with, or actions they take (see "Things You and Others Do and Provide" in the Facebook Data Policy: Facebook Data Policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in the Facebook Data Policy: Facebook Data Policy). As explained in the Facebook Data Policy under "How Do We Use This Information?", Facebook also collects and uses information to provide analytical services, called "Page Insights," to page operators to help them understand how people interact with their pages and related content. We have entered into a special agreement with Facebook ("Information on Page Insights," Page Insights Terms), which specifically regulates the security measures Facebook must adhere to and in which Facebook has agreed to fulfill data subject rights (e.g., users can make requests for information or deletion directly to Facebook). The rights of users (in particular, rights to information, deletion, objection, and complaints to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (see Page Insights Information); Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: Facebook; Privacy Policy: Privacy Policy; Standard Contractual Clauses (ensuring data protection standards for processing in third countries): EU Data Transfer Addendum; Further information: Joint Responsibility Agreement: Page Insights Terms.
    Facebook Groups: Interest groups within the Facebook social network – We use the "Groups" feature on the Facebook platform to create interest groups where Facebook users can interact with each other or with us and exchange information. In this process, we process personal data of group members as far as necessary for the purpose of group use and moderation. Our policies within the groups may contain additional provisions and information about the use of the group. This data includes information on first and last names, as well as publicly or privately shared content, and data related to the status of group membership or group-related activities, such as joining or leaving, as well as time information on the aforementioned data. We also refer to the processing of user data by Facebook itself. This data includes information on the types of content users view or interact with, or actions they take (see "Things You and Others Do and Provide" in the Facebook Data Policy: Facebook Data Policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in the Facebook Data Policy: Facebook Data Policy). As explained in the Facebook Data Policy under "How Do We Use This Information?", Facebook also collects and uses information to provide analytical services, called "Insights," for group operators to help them understand how people interact with their groups and related content; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: Facebook; Privacy Policy: Privacy Policy; Standard Contractual Clauses (ensuring data protection standards for processing in third countries): EU Data Transfer Addendum; Data Processing Agreement: Data Processing Terms.
    YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: Privacy Policy; Opt-out option: Google Ads Settings.

14. Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or maps (collectively referred to as "Content").

Integration always requires that the third-party providers of these contents process the IP address of the users, as they would not be able to send the content to their browsers without the IP address. The IP address is thus necessary for displaying this content or functions. We strive to use only such content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags allow for the evaluation of information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users' devices and may include, among other things, technical information about the browser and operating system, referring websites, visit times, and other details about the use of our online offer, as well as be connected with such information from other sources.

Legal Basis Notes: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in providing efficient, economical, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

    Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms).
    Affected Persons: Users (e.g., website visitors, online service users).
    Purposes of Processing: Provision of our online offering and user-friendliness; Provision of contractual services and customer service.
    Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a DSGVO); Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b DSGVO); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f DSGVO).

Additional Information on Processing Processes, Procedures, and Services:

    Google Fonts: We integrate the fonts ("Google Fonts") provided by Google. The data of users is used solely for the purpose of displaying the fonts in the users' browsers. The integration is based on our legitimate interests in a technically secure, maintenance-free, and efficient use of fonts, their uniform presentation, and consideration of any licensing restrictions for their integration; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: Google Fonts; Privacy Policy: Google Privacy Policy.

    YouTube Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: YouTube; Privacy Policy: YouTube Privacy Policy; Opt-Out Option: Opt-Out Plugin: Google Analytics Opt-Out, Settings for Ad Display: Google Ad Settings.

15. Management, Organization, and Tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning, and delivering our services. In selecting third-party providers and their services, we adhere to legal requirements.

In this context, personal data may be processed and stored on the servers of the third-party providers. This can include various data that we process in accordance with this privacy policy. This data may include, in particular, basic data and contact information of users, data related to transactions, contracts, other processes, and their contents.

If users are referred to third-party providers or their software or platforms in the course of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore request that users review the privacy notices of the respective third-party providers.

Legal Basis Notes: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Additionally, their use may be part of our (pre)contractual services if the use of third-party providers is agreed upon in this context. Otherwise, users' data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

    Processed Data Types: Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Basic data (e.g., names, addresses); Contact data (e.g., email, phone numbers).
    Affected Persons: Communication partners; Users (e.g., website visitors, online service users).
    Purposes of Processing: Contact requests and communication; Office and organizational procedures.
    Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a DSGVO); Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b DSGVO); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f DSGVO).

Additional Information on Processing Processes, Procedures, and Services:

    Doodle: Online scheduling; Service provider: Doodle AG, Werdstrasse 21, Postfach, 8021 Zürich, Switzerland; Website: Doodle; Privacy Policy: Privacy Policy.
    WeTransfer: File transfer over the internet; Service provider: WeTransfer BV, Oostelijke Handelskade 751, Amsterdam, 1019 BW, Netherlands; Website: WeTransfer; Privacy Policy: Privacy Policy.

Last updated in June 2024

Data protection