Privacy

1. Introduction
Below, we inform you about the processing of personal data when using
our website https://pronutraquest.com

our social media profiles.

Personal data is any data that relates to a specific natural person, e.g. their name or IP address.
1.1. Contact Details
The data controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is AValueQuest Consulting GmbH, Hegewiese 14, 61389 Schmitten, Germany, email: contact@avaluequestconsulting.com . We are legally represented by Hartmut von Schwiderski

Our data protection officer is

Hartmut von Schwiderski

Hegewiese 14

61389 Schmitten

https://www.avaluequestconsulting.com

Email: contact@avaluequestconsulting.com

1.2. Scope of data processing, processing purposes and legal bases

The scope of data processing, processing purposes, and legal bases are explained in detail below. The following are generally possible legal bases for data processing:

Article 6 paragraph 1 sentence 1 letter a GDPR serves as our legal basis for processing operations for which we obtain consent.

Article 6(1)(b) GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g., when a website visitor purchases a product from us or we perform a service for them. This legal basis also applies to processing necessary for pre-contractual measures, such as inquiries about our products or services.

Article 6(1)(c) GDPR applies if we fulfill a legal obligation by processing personal data, as may be the case, for example, in tax law.

Article 6(1)(f) GDPR serves as the legal basis when we can rely on legitimate interests for the processing of personal data, e.g. for cookies that are necessary for the technical operation of our website.

1.3. Data processing outside the EEA
Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data during the transfer is guaranteed, where available (e.g. for Great Britain, Canada and Israel), by adequacy decisions of the EU Commission (Art. 45 para. 3 GDPR).

If no adequacy decision exists (e.g., for the USA), the legal basis for data transfer is generally, unless we provide a different indication, standard contractual clauses. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. According to Article 46(2)(b) GDPR, they guarantee the security of data transfers. Many providers have issued additional contractual guarantees beyond the standard contractual clauses, which protect the data beyond the scope of these clauses. These include, for example, guarantees regarding data encryption or the third party’s obligation to inform data subjects if law enforcement agencies wish to access their data.

1.4. Data Retention Period

Unless expressly stated otherwise in this Privacy Policy, the data we store will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted, i.e., the data will be blocked and not processed for other purposes. This applies, for example, to data that we are required to retain for commercial or tax law reasons

1.5. Rights of those affected

Data subjects have the following rights with regard to their personal data:

Right to information,

Right to rectification or erasure,

Right to restriction of processing,

Right to object to processing,

Right to data portability,

Right to withdraw consent at any time

Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data. Contact details for the data protection supervisory authorities can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html .

1.6. Obligation to provide data

Customers, prospective customers, or third parties are only required to provide us with personal data within the context of a business relationship or other relationship that is necessary for establishing, executing, and terminating the business relationship or other relationship, or that we are legally obligated to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service, or we may no longer be able to perform an existing contract or other relationship.

Mandatory fields are marked as such.

1.7. No automatic decision-making in individual cases

We generally do not use fully automated decision-making pursuant to Article 22 GDPR for establishing and maintaining a business relationship or other relationship. Should we use these procedures in individual cases, we will inform you separately if required by law.

1.8. Contacting Us

When you contact us, e.g., by email or telephone, we store the data you provide (e.g., names and email addresses) in order to answer your questions. The legal basis for this processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in responding to inquiries addressed to us. We delete the data collected in this context once storage is no longer necessary, or restrict processing if there are statutory retention obligations

1.9. Competitions

We occasionally offer competitions via our website or other means. We process the data requested in these competitions to determine and notify the winners. We then delete the data. We may also offer competitions only to existing customers. In this case, we only process the name to determine the winners and the contact details to notify them. It is in our legitimate interest to offer competitions for customer acquisition or to interact with our existing customers. The legal basis for this data processing is Article 6(1)(f) GDPR

1.10. Customer Surveys

From time to time, we conduct customer surveys to better understand our customers and their needs. We collect the data requested in each survey. It is in our legitimate interest to better understand our customers and their needs, so the legal basis for the associated data processing is Article 6(1)(f) GDPR. We delete the data once the survey results have been evaluated

2. Newsletter and email communication
We reserve the right to inform customers who have already used our services or purchased goods from us about our offers from time to time via email or other electronic means, unless they have objected to this. The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest lies in direct marketing (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time without additional costs, for example, via the link at the end of each email or by sending an email to our email address provided above.

Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration solely for sending the newsletter. Registration is completed by selecting the corresponding field on our website, by ticking the corresponding box in a paper document, or by any other unambiguous action, thereby declaring the interested party’s consent to the processing of their data. The legal basis for this processing is Article 6(1)(a) of the GDPR. Consent can be withdrawn at any time, for example, by clicking the corresponding link in the newsletter or by contacting us at the email address provided above. Data processing prior to withdrawal remains lawful even in the event of withdrawal.

2.1 Unsubscribe from email notifications
You have the right to unsubscribe from our email notifications at any time. We respect your decision and make it as easy as possible for you to stop receiving our emails.
Unsubscribe options:
Every email we send you contains a clearly visible unsubscribe link at the bottom. Clicking this link will take you directly to a page where you can confirm your unsubscription. The unsubscription will take effect immediately, and you will no longer receive any promotional or newsletter emails from us
Alternatively, you can also unsubscribe via the following methods:
You can send us an email with the subject “Unsubscribe” to support@pronutraquest.de . Please include the email address you wish to remove from the mailing list in your message. We will process your unsubscription within 48 hours.
Please note that even after unsubscribing from marketing emails, you may still receive important transactional communications if you are a customer. These include, for example, order confirmations, invoices, or important information about your account, as these are necessary for us to fulfill our contractual obligations.
Should you still receive further promotional emails from us after unsubscribing, please contact us immediately at the email address above so that we can resolve the problem as quickly as possible.
2.2 Newsletter distribution via GoHighLevel
Based on the consent of the recipients (Art. 6 para. 1 sentence 1 lit. a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients.

We send newsletters using the GoHighLevel tool:

Corporate HQ: 400 North Saint Paul St., Suite 920, Dallas, Texas 75201, USA

The provider processes content, usage, meta/communication data and contact data.

2.3 Postal advertising and your right to object
Furthermore, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g., to send you interesting offers and information about our products by mail. This serves our legitimate interest in contacting our customers for advertising purposes, which outweighs your interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

3. Data processing on our website

3.1. Informational use of the website

When you use our website for informational purposes only, i.e., when visitors do not separately provide us with information, we collect the personal data that your browser transmits to our server in order to ensure the stability and security of our website. This constitutes our legitimate interest, and the legal basis for this processing is Article 6(1)(f) GDPR.

This data includes:

IP address

Date and time of the request

Time zone difference to Greenwich Mean Time (GMT)

Content of the request (specific page)

Access status/HTTP status code

Amount of data transferred in each case

Website from which the request originated

Browser

Operating system and its interface

Language and version of the browser software

This data is also stored in log files. It is deleted when its storage is no longer necessary, at the latest after 14 days.
3.2. Web hosting and provision of the website

Our website is hosted by GoHighLevel. The provider is GoHighLevel, Corporate HQ: 400 North Saint Paul St., Suite 920, Dallas, Texas 75201, USA.

The provider processes personal data transmitted via the website, such as content, usage, meta/communication data, or contact information. Further information can be found in the provider’s privacy policy at https://www.gohighlevel.com/privacy-policy .

It is in our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

We use the GoHighLevel content delivery network for our website. The provider is GoHighLevel, Corporate HQ: 400 North Saint Paul St., Suite 920, Dallas, Texas 75201, USA. The provider processes personal data transmitted via the website, such as content, usage, meta/communication, or contact data. Further information can be found in the provider’s privacy policy at [link to privacy policy].

https://www.gohighlevel.com/privacy-policy

We have a legitimate interest in using sufficient storage and delivery capacities to ensure optimal data throughput even during peak loads. The legal basis for the described data processing is therefore Article 6(1)(f) GDPR

3.2.2 Cloudflare

We use a Content Delivery Network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service allows us to deliver large media files, such as graphics, page content, or scripts, more quickly via a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website, in accordance with Article 6(1)(f) GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

3.3. Contact Form

When you contact us via the contact form on our website, we store the data requested there and the content of the message

The legal basis for this processing is our legitimate interest in responding to inquiries addressed to us. Therefore, the legal basis for this processing is Article 6(1)(f) GDPR.

We delete the data collected in this context once storage is no longer necessary, or restrict processing if there are legal retention obligations.

3.4. Job postings

We publish job openings in our company on our website, on pages linked to the website, or on third-party websites

The data provided during the application process is processed for the purpose of carrying out the application procedure. Insofar as this data is necessary for our decision to establish an employment relationship, the legal basis is Article 88 Paragraph 1 GDPR in conjunction with Section 26 Paragraph 1 BDSG (German Federal Data Protection Act). We have marked or indicated the data required for the application procedure accordingly. If applicants do not provide this data, we cannot process their application.

Providing further information is voluntary and not required for an application. If applicants provide additional information, this is based on their consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

We ask applicants to refrain from including information about political opinions, religious beliefs, and similarly sensitive data in their CV and cover letter. This information is not required for an application. If applicants nevertheless include such information, we cannot prevent its processing within the context of processing the CV or cover letter. In this case, such processing is based on the applicant’s consent (Art. 9 para. 2 lit. a GDPR).

Finally, we process applicants’ data for further application procedures if they have given us their consent to do so. In this case, the legal basis is Article 6(1)(a) GDPR.

We pass on the applicants’ data to the responsible employees in the human resources department, to our data processors in the field of recruiting and to other employees involved in the application process.

If we enter into an employment relationship with the applicant following the application process, we will only delete the data after the employment relationship has ended. Otherwise, we will delete the data no later than six months after an applicant has been rejected.

If applicants have given us their consent to use their data for further application processes, we will only delete their data one year after receiving the application.

3.5. Reviews
Website visitors can leave reviews on our website for our goods, services, or our company in general. For this purpose, we process metadata and communication data in addition to the data entered. We have a legitimate interest in receiving feedback from website visitors regarding our offerings. Therefore, the legal basis for data processing is Article 6(1)(f) GDPR. If we use a third-party tool for this purpose, information about it can be found under “Third-party providers”.

If you have given us your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR during or after your order, we will use your email address to remind you to submit a review of your order via the rating system we use.

This consent can be revoked at any time by sending a message to the contact details provided.

3.6. Customer Account

Website visitors can open a customer account on our website. We process the data requested in this context based on the website visitor’s consent. The legal basis for this processing is therefore Article 6(1)(a) GDPR

You can withdraw your consent at any time, for example, using the contact details provided in our privacy policy. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw your consent, we will delete your data unless we are legally obligated or entitled to retain it.

3.7. Offer of goods

We offer goods via our website. In connection with the order process, we process the following data:

Name,

Address,

Telephone number,

Email address,

Packstation,

Payment details (bank account, credit card, etc.).

The data is processed for the performance of the contract concluded with the respective website visitor (Art. 6 para. 1 sentence 1 lit. b GDPR).
We will forward the aforementioned data to DHL insofar as this is necessary for processing the order.

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR, as it is necessary for the performance of the contract.

3.8. Payment service providers

We use payment processors to process payments; these processors are themselves data controllers within the meaning of Article 4 No. 7 GDPR. Insofar as they receive data and payment information entered by us during the ordering process, we thereby fulfill the contract concluded with our customers (Article 6 Paragraph 1 Sentence 1 Letter b GDPR).

These payment service providers are:

Amazon Payments Europe sca, Luxembourg

American Express Europe SA

Apple Inc., USA (for Apple Pay)

Google Ireland Limited, Ireland (for Google Pay)

Klarna Bank AB (publ), Sweden (“Klarna on Account”)

Klarna Bank AB (publ), Sweden (“Klarna Sofort”)

Mastercard Europe SA, Belgium

PayPal (Europe) S.à rl et Cie, SCA, Luxembourg

Shopify Inc., Canada (for Shop Pay)

Stripe Payments Europe, Ltd., Ireland

Visa Europe Services Inc., United Kingdom

3.9. Technically necessary cookies
Our website uses cookies. Cookies are small text files that are stored in the web browser on the device of a website visitor. Cookies help to make our website more user-friendly, effective, and secure. Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter referred to as “technically necessary cookies”), the legal basis for the associated data processing is Article 6(1)(f) GDPR. We have a legitimate interest in providing customers and other website visitors with a functional website.

Specifically, we use technically necessary cookies for the following purpose(s):

Cookies that save the shopping cart,

Cookies that remember search terms,

Cookies that store login data and

Cookies that payment providers set for payment processing and do not analyze user behavior.

3.10. Third-party providers
3.10.1. GoHighLevel
We use GoHighLevel to operate an online shop. The provider is GoHighLevel, Corporate HQ: 400 North Saint Paul St., Suite 920, Dallas, Texas 75201, USA. The provider processes meta/communication data (e.g., device information, IP addresses).

The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider’s privacy policy at https://www.gohighlevel.com/privacy-policy .

3.10.2. Cookiebot

We use Cookiebot for consent management. The provider is Cybot, Havnegade 39, 1058 Copenhagen, Denmark. The provider processes meta/communication data (e.g., device information, IP addresses) in the EU

The legal basis for the processing is Article 6(1)(c) GDPR. The processing is necessary for compliance with a legal obligation to which we are subject.

3.10.3. Criteo

We use Criteo for advertising. The provider is Criteo SA, 32 rue Blanche, 75009 Paris, France. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) within the EU

The data will be stored for a maximum of 13 months from the date of collection. Further information can be found in the provider’s privacy policy at https://www.criteo.com/de/privacy/ .

3.10.4. Lifetimely

We use Lifetimely for analytics. The provider is Lifetimely Oy, Revontulentie 11, 02100 Espoo, Finland. The provider processes contract data (e.g., subject matter of the contract, term), usage data (e.g., websites visited, interest in content, access times), and master data (e.g., names, addresses) within the EU

3.10.5. Trusted Shops

We use Trusted Shops as a seal of approval. The provider is Trusted Shops GmbH, Colonius Carré, Subbelrather Straße 15c, 50823 Cologne, Germany. The provider processes usage data (e.g., websites visited, interest in content, access times) within the EU

3.10.6. Facebook Custom Audiences

We use Facebook Custom Audiences for advertising. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) in the USA.

The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses adopted in accordance with the review procedure pursuant to Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed upon with the provider.

We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider’s privacy policy at https://www.facebook.com/policy.php .

3.10.7. Plista Conversion Pixel

We use Plista Conversion Pixel for conversion tracking. The provider is plista GmbH, Torstraße 33-35, 10119 Berlin. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.

The data will be stored for 12 months. Further information can be found in the provider’s privacy policy at https://www.plista.com/de/ueber/privacy .

3.10.8. Google Tag Manager

We use Google Tag Manager for analytics and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) in the USA.

We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider’s privacy policy at https://policies.google.com/privacy?hl=de .

3.10.9. Zapier

We use Zapier for automation between applications. The provider is Zapier, Inc., 548 Market St. #62411, San Francisco, CA 94104-5401, USA. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA

The legal basis for the processing is Article 6(1)(f) GDPR. We have a legitimate interest in easily connecting the applications in our company and thus optimizing our workflow.

We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider’s privacy policy at https://zapier.com/privacy .

3.10.10. Facebook Pixel

We use Facebook Pixel for analytics. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) in the USA.

3.10.11. GoHighLevel

We use GoHighLevel for email marketing and customer relationship management. The provider is GoHighLevel, Corporate HQ: 400 North Saint Paul St., Suite 920, Dallas, Texas 75201, USA. The provider processes meta/communication data (e.g., device information, IP addresses) in the USA

10/3/12. Google Conversion Tag

We use Google Conversion Tag for conversion tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) in the USA.

10/3/13. Facebook Conversion API

We use the Facebook Conversion API for analysis. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.

3.10.14. Taboola

We use Taboola for conversion tracking. The provider is Taboola, Inc., 16 Madison Square West, 7th floor, New York, NY 10010, USA. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.

Data collected directly for advertising purposes will be deleted no later than thirteen months after the website visitor’s last interaction with the services. Further information can be found in the provider’s privacy policy at https://www.taboola.com/de/policies/datenschutzerklaerung .

10/3/15. Pinterest Conversion Tag

We use the Pinterest Conversion Tag for conversion tracking. The provider is Pinterest Inc., 505 Brannan Street, San Francisco, CA 94107, USA. The provider processes usage data (e.g., websites visited, interest in content, access times), contact data (e.g., email addresses, telephone numbers), and meta/communication data (e.g., device information, IP addresses) in the USA.

10/3/16. Bing Ads Conversion Tracking

We use Bing Ads Conversion Tracking for conversion tracking and analysis. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.

10/3/17. Google Analytics

We use Google Analytics for analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.

The data will be deleted when the purpose for which it was collected no longer applies and there is no legal obligation to retain it. Further information can be found in the provider’s privacy policy at https://policies.google.com/privacy?hl=de .

3.10.18. Typeform

We use Typeform for questionnaires and forms. The provider is Typeform SL, 163 Carrer de Bac de Roda, Barcelona, Spain. The provider processes content data (e.g., entries in online forms) and meta/communication data (e.g., device information, IP addresses) in the USA

10/3/19. Google Merchant Center

We use Google Merchant Center to operate an online shop. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communication data (e.g., device information, IP addresses) in the USA.

3.10.20. later

We use later for product analysis and sharing interests on social media. The provider is Victory Square Media Inc., Vancouver, British Columbia, Canada. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in Canada

The legal basis for the processing is Article 6(1)(f) GDPR. We have a legitimate interest in getting to know our customers and their needs better.

The legal basis for transferring data to a country outside the EEA is an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, in an adequacy decision pursuant to Article 45(3) GDPR, has decided that the third country offers an adequate level of protection.

3.10.21. Google reCAPTCHA

We use Google reCAPTCHA to manage authentication. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA

The legal basis for transferring data to a country outside the EEA is consent.

Further information can be found in the provider’s privacy policy at https://policies.google.com/privacy?hl=de .

3.10.22. stamped.io

We use stamped.io for recommendations, customer reviews, and to obtain product ratings. The provider is Stamped Technologies Pte. Ltd., Victoria, British Columbia, Canada. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA

The legal basis for the processing is Article 6(1)(f) GDPR. We have a legitimate interest in improving our product based on reviews.

3.10.23 Uppromote Partner Program (formerly Secomap)
Uppromote is a Shopify app that we used to offer our own affiliate network. Affiliate marketing is an internet-based sales method. It allows commercial website operators (merchants or advertisers) to place advertisements on third-party websites (affiliates or publishers). This advertising is usually compensated via click or sales commissions. The merchant provides advertising material (e.g., a banner ad or other suitable online advertising tools) through the affiliate network. This advertising material is then integrated by an affiliate on their own websites or promoted through other channels (e.g., keyword advertising or email marketing).

Uppromote places a cookie on your computer. Cookies were explained above. The Uppromote tracking cookie does not store any personal data. It only stores the identification number of the affiliate (the partner referring the potential customer), the visitor’s session ID, and the number of the clicked advertisement. The purpose of storing this data is to process commission payments between a merchant and the affiliate, which are handled via the Uppromote affiliate network.

As described above, you can prevent our website from setting cookies at any time by adjusting the settings of your internet browser accordingly, and thus permanently object to the setting of cookies.

Such a setting in your internet browser would also prevent Uppromote from placing a cookie on your computer. Furthermore, cookies already placed by Uppromote can be deleted at any time via your internet browser or other software programs.

Uppromote’s applicable privacy policy can be accessed at https://www.secomapp.com/privacy-policy-german-version/ l.

3.10.24 Adcell / Adcell Partner Program

Adcell is a German affiliate network offering affiliate marketing. Affiliate marketing is an internet-based sales method. It allows commercial website operators (merchants or advertisers) to place advertisements on third-party websites (affiliates or publishers). This advertising is usually compensated via click or sales commissions. The merchant provides advertising material (e.g., a banner ad or other suitable online advertising tools) through the affiliate network. This advertising material is then integrated by an affiliate on their own website or promoted through other channels (e.g., keyword advertising or email marketing).

The operating company of Adcell is Firstlead GmbH, Rosenfelder Str. 15-16, 10315 Berlin, Germany.

Adcell places a cookie on your computer. Cookies were explained above. The Adcell tracking cookie does not store any personal data. It only stores the identification number of the affiliate (the partner referring the potential customer), the visitor’s session ID, and the number of the clicked advertisement. The purpose of storing this data is to process commission payments between a merchant and the affiliate, which are handled via the affiliate network, i.e., Adcell.

As described above, you can prevent our website from setting cookies at any time by adjusting the settings of your internet browser accordingly, and thus permanently object to the setting of cookies.

Such a setting in your internet browser would also prevent Adcell from placing a cookie on your computer. Furthermore, cookies already placed by Adcell can be deleted at any time via your internet browser or other software programs.

Adcell’s applicable data protection regulations can be accessed at https://www.adcell.de/news/meldungen/dsgvo/datenschutz-grundverordnung-bei-adcell .

3.10.25 Google Ads Remarketing

We advertise this website via Google Ads in Google search results and on third-party websites. When you visit our website, Google sets a so-called remarketing cookie, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. This serves our legitimate interest in the optimal marketing of our website, which outweighs your interests in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR. The data collected in this context will be deleted once the purpose for its collection has ceased and we have discontinued using Google Ads Remarketing.

Further data processing only takes place if you have consented to Google linking your web and app browsing history to your Google account and using information from your Google account to personalize ads you see on the web. If you are logged into Google during your visit to our website, Google will use your data together with Google Analytics data to create and define target audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to create target audiences.

Google Ads Remarketing is a service provided by Google LLC ( www.google.de ).

Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.

You can deactivate the remarketing cookie via this link. You can also learn more about cookies and adjust your settings at the Digital Advertising Alliance.

3.10.26 Kameleoon

This website uses the web analytics service of the following provider: Kameleoon SAS, 12 rue de la Chaussée d’Antin, 75009 Paris, France

Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading device and browser information), this service collects and stores pseudonymized visitor data, including information about the device used, such as the IP address and browser information, in order to evaluate it for statistical analysis of user behavior on our website and to create pseudonymized user profiles. Among other things, this enables the analysis of movement patterns (so-called heatmaps), which show the duration of page visits and interactions with page content (e.g., text input, scrolling, clicks, and mouse-overs). Pseudonymization fundamentally precludes any direct identification of individuals. This data is not combined with clear personal data collected through other means.

All processing described above, in particular the reading or storage of information on the device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

3.10.27 Google Fonts

This website uses the script code “Google Fonts” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: Google). This serves our legitimate interest in a uniform presentation of the content on our website, which outweighs any conflicting interests, pursuant to Art. 6 para. 1 lit. f) GDPR

In this context, a connection is established between your browser and Google’s servers. This allows Google to know that our website was accessed via your IP address.

Google is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the US and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.

Further information about data processing by Google can be found in Google’s privacy policy.

3.10.28 Microsoft Clarity

This website uses the web analytics service of the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

3.10.29 Zendesk

We use the Zendesk ticketing system, a customer service platform provided by Zendesk Inc. (989 Market Street #300, San Francisco, CA 94102), to process customer inquiries. For this purpose, necessary data such as name, postal address, telephone number, and email address are collected via our website to answer your information needs. Zendesk is a certified participant in the Privacy Shield Framework and therefore meets the minimum requirements for legally compliant data processing. Further information on data processing by Zendesk can be found in Zendesk’s privacy policy at http://www.zendesk.com/company/privacy . If you have any questions, you can also contact Zendesk’s data protection officer directly at privacy@zendesk.com . If you contact us by email or via the form on the website, we will only use the personal data you provide to process your specific inquiry. The data you provide will be treated confidentially. The data you provide and the message history with our service desk will be stored for follow-up questions and future contact. The processing of data entered into the contact form is based on your consent (Art. 6 para. 1 lit. a GDPR). We have concluded a data processing agreement with Zendesk and fully comply with the strict requirements of the German data protection authorities when using Zendesk.

3.10.30 Use of Google (Universal) Analytics for web analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google LLC ( www.google.de ), for website analysis. This serves our legitimate interest in optimizing the presentation of our website, which outweighs any potential impact on your privacy, pursuant to Art. 6 Para. 1 Sentence 1 lit. f GDPR. Google (Universal) Analytics uses methods that enable analysis of your website usage, such as cookies. The information automatically collected about your use of this website is generally transmitted to and stored on a Google server in the USA. By activating IP anonymization on this website, your IP address is shortened before transmission within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The data collected in this context will be deleted once the purpose for which it was collected has been fulfilled and we have ceased using Google Analytics.

You can prevent Google from collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plugin, you can click this link to prevent Google Analytics from collecting data on this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you will need to click the link again.

3.10.31 Voluum

We use the conversion tracking technology from Voluum (CentralNic Poland sp. z o.o., ul. Lubicz 17G, 31-503 Kraków, Poland). This allows us to measure, using the so-called tracking pixel, when and how many browsers have downloaded this tracking pixel during a conversion. Furthermore, additional information about browsing and purchasing behavior can be collected. For such integration, processing your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to CentralNic Poland sp. z o.o. This data processing is based on your consent on the legal basis of Art. 6 para. 1 lit. a) GDPR. If you wish to object to the use of the “Volum Pixel” for the future (“opt out”), you can do so at https://voluum.com/privacy-policy/ . Further information on Voluum’s data protection policy can be found at https: //voluum.com/terms-and-c … You can object to this data processing at any time via the settings of your browser or certain browser extensions. One such extension is the matrix-based firewall uMatrix for Firefox and Google Chrome. Please note that this may result in limited functionality on the website.

3.10.32 PushOwl

On this website, you have the option to subscribe to regular push notifications with information about our offer

For this purpose, we use the services of the following provider: Creatorbox Softwares Private Limited 80 Feet Road, Koramangala, 4th Block, Bangalore- 560034, Karnataka, India.

During the registration process, by which you give your explicit consent to receive push notifications and related processing in accordance with Art. 6 para. 1 lit. a GDPR, your browser ID and device ID will be collected, stored and used by the provider for the correct assignment and display of the notifications.

Subject to your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the provider also carries out a statistical evaluation of push integrations and interactions, whereby further information (e.g. time of access, IP address) is collected and evaluated, but not combined with other data sets.

You can revoke your consent to data processing for receiving push notifications and for statistical performance measurement at any time with effect for the future by deactivating the service in your browser settings or – depending on the operating system – unsubscribing from the receipt by interacting with the respective push notification.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

3.10.33 WhatsApp / Charles

For sending newsletters, we use the instant messaging service WhatsApp Business from WhatsApp LLC, 1601 Willow Road Menlo Park, California 94025, USA via the service provider Charles GmbH, Gartenstr. 86-87, 10115 Berlin.

Registration for the WhatsApp newsletter uses a double opt-in process. After registering via a CTA or QR code, you will receive a message asking you to confirm that you wish to receive messages from us via WhatsApp. If you no longer wish to receive messages, you can withdraw your consent at any time and unsubscribe from the newsletter using a keyword we have provided.

The only mandatory information required to receive the newsletter is your telephone number. After your confirmation, your telephone number will be forwarded to our service provider, Charles GmbH, for the purpose of sending the newsletter, where it will be processed and stored. The legal basis for this is Article 6(1)(a) GDPR.

If you communicate with us via WhatsApp, certain data that you share with the app will be stored and processed by WhatsApp. This includes, in particular, information provided by the user, such as messages, photos, videos, billing information, and profile pictures. WhatsApp states that it stores this data only using end-to-end encryption. Some metadata is collected by WhatsApp unencrypted. This includes your phone number, location, IP address, information about your device, the type and frequency of your app usage, and information about the time and recipient of the messages you send. According to WhatsApp’s privacy policy, this information is sometimes shared with other metadata companies, including Facebook and Instagram, which are based in the USA. Such data is also sometimes shared with external companies, service providers, or partners.

Data processing may also take place in the USA. According to the European Court of Justice, the USA currently does not provide an adequate level of data protection.

WhatsApp uses so-called standard contractual clauses pursuant to Article 46, paragraphs 2 and 3 of the GDPR ( https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de ) as the basis for processing or transferring data to countries outside the EU. These clauses obligate WhatsApp to comply with EU data protection standards when processing your data, even if the data is transferred to, processed, and stored in third countries such as the USA. You can find more information in WhatsApp’s privacy policy at https://www.whatsapp.com/legal/privacy-policy-eea/?locale=de_DE.

3.10.34 Vidalytics
We use Vidalytics to analyze and optimize our video content, as well as to measure success and improve the user experience on our website. The provider is Vidalytics, LLC, 124 Broadkill Rd #728, Milton, Delaware 19968

What data is processed?

Vidalytics processes, in particular, the following categories of personal data:

Usage data (e.g. videos played, playback duration, pauses and interruptions, interactions with videos, viewed video sections, device used, IP address, location data in anonymized form)

Metadata/communication data (e.g., device information, browser type, timestamp)

If applicable, contact details (e.g. email address, if you provide it as part of an interaction with a video or for personalized functions)

Purposes of processing:

The processing serves to analyze user behavior in connection with embedded videos, to improve and personalize our offerings, and to carry out remarketing measures. Vidalytics may use cookies and similar tracking technologies for this purpose

Further information:

Details regarding data processing by Vidalytics can be found in the provider’s privacy policy at: https://www.vidalytics.com/privacy .

4. Data processing on social media platforms
We are present on social media networks to showcase our organization and services. The operators of these networks regularly process their users’ data for advertising purposes. Among other things, they create user profiles based on online behavior, which are used, for example, to display advertising on the networks’ pages and elsewhere on the internet that matches the users’ interests. To do this, the network operators store information about usage behavior in cookies on users’ computers. It is also possible that the operators combine this information with other data. Further information and instructions on how users can object to data processing by the network operators can be found in the respective operators’ privacy policies listed below. It is also possible that the operators or their servers are located in non-EU countries, meaning they process data there. This may pose risks for users, for example, because enforcing their rights may be more difficult or government agencies may gain access to the data.

When users of these networks contact us via our profiles, we process the data they provide in order to answer their inquiries. This constitutes our legitimate interest, and the legal basis for this processing is Article 6(1)(f) GDPR.

4.1. Facebook

We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be found here: https://www.facebook.com/policy.php . You can object to data processing via your ad settings: https://www.facebook.com/settings?tab=ads

Based on an agreement with Facebook, we are jointly responsible for processing the data of visitors to our profile in accordance with Article 26 of the GDPR. Facebook explains exactly which data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data . Data subjects can exercise their rights against both us and Facebook. However, according to our agreement with Facebook, we are obligated to forward inquiries to Facebook. Therefore, data subjects will receive a faster response if they contact Facebook directly.

4.2. Instagram

We maintain a profile on Instagram. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be found here : https://help.instagram.com/519522125107875

4.3. Pinterest

We maintain a profile on Pinterest. The operator is Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. The privacy policy can be found here: https://about.pinterest.com/de/privacy-policy . You can object to data processing via the ad settings: https://about.pinterest.com/de/privacy-policy .

4.4. YouTube

We maintain a profile on YouTube. The operator is Google Ireland Limited , Gordon House, Barrow Street, Dublin 4, Ireland. The privacy policy can be found here: https://policies.google.com/privacy?hl=de

5. Changes to this Privacy Policy

We reserve the right to amend this privacy policy with effect for the future. The current version is always available here.

6. Questions and comments

For questions or comments regarding this privacy policy, please feel free to contact us using the contact details provided above.