Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also briefly referred to as "data") we process for what purposes and to what extent. The privacy policy applies to all data processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Status: October 2025

Controller

Stella Maria Sorg-Nünke
Begasstr. 28
12623 Berlin
Authorized representatives: Stella Maria Sorg-Nünke
Email address: contact@cmo-studios.com

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the affected persons.

Types of Data Processed

  • Master data
  • Payment data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta-, communication- and procedural data
  • Log data

Categories of Affected Persons

  • Service recipients and clients
  • Interested parties
  • Communication partners
  • Users
  • Business and contractual partners
  • Education and course participants
  • Customers

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Security measures
  • Direct marketing
  • Reach measurement
  • Tracking
  • Office and organizational procedures
  • Conversion measurement
  • Target group formation
  • Organizational and administrative procedures
  • Feedback
  • Marketing
  • Profiles with user-related information
  • Provision of our online offer and user-friendliness
  • Information technology infrastructure
  • Public relations
  • Sales promotion
  • Business processes and business management procedures

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will receive an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR regulations, national data protection requirements in your or our country of residence or establishment may apply. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of personal data concerning them for a specific purpose or several specific purposes.
  • Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany

In addition to the GDPR data protection regulations, national data protection regulations apply in Germany. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). The BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on Applicability of GDPR and Swiss DPA

These privacy notices serve both information provision under the Swiss DPA and under the General Data Protection Regulation (GDPR). For this reason, we ask you to note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the Swiss DPA terms "processing" of "personal data", "overriding interest" and "particularly sensitive personal data", the GDPR terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" are used. The legal meaning of the terms is nevertheless determined by the Swiss DPA within the scope of the Swiss DPA.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to it, the input, transmission, ensuring availability and their separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data breaches. Furthermore, we take into account the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection by design and by privacy-friendly default settings.

Transmission of Personal Data

In the context of our processing of personal data, it may happen that this data is transmitted to other entities, companies, legally independent organizational units or persons or disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

Data Processing in Third Countries

If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or this happens in the context of using third-party services or the disclosure or transmission of data to other persons, entities or companies (which becomes apparent from the postal address of the respective provider or if the privacy policy explicitly refers to data transfer to third countries), this is always done in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission of July 10, 2023. Additionally, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations for the protection of your data.

This double safeguard ensures comprehensive protection of your data: The DPF forms the primary protection level, while the standard contractual clauses serve as additional security. Should changes occur within the framework of the DPF, the standard contractual clauses serve as a reliable fallback option. This ensures that your data remains adequately protected even in the event of political or legal changes.

For individual service providers, we inform you whether they are certified under the DPF and whether standard contractual clauses exist. Further information on the DPF and a list of certified companies can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, corresponding security measures apply, in particular standard contractual clauses, explicit consents or legally required transmissions. Information on third country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal basis for processing exists. This affects cases where the original processing purpose no longer applies or the data is no longer needed. Exceptions to this rule exist when legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that applies specifically to certain processing processes. If there are multiple specifications for retention periods or deletion deadlines for a date, the longest period is always decisive. Data that is no longer retained for the originally intended purpose, but due to legal requirements or other reasons, we process exclusively for the reasons that justify its retention.

Retention and Deletion of Data

The following general periods apply for retention and archiving under German law:

  • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheet and the work instructions and other organizational documents required for their understanding (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).
  • 8 years - Booking documents, such as invoices and expense receipts (§ 147 para. 1 no. 4 and 4a in conjunction with para. 3 sentence 1 AO and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).
  • 6 years - Other business documents: received commercial or business letters, reproductions of sent commercial or business letters, other documents insofar as they are relevant for taxation, such as hourly wage slips, operating cost allocation sheets, calculation documents, price labels, but also payroll documents insofar as they are not already booking documents and cash register receipts (§ 147 para. 1 no. 2, 3, 5 in conjunction with para. 3 AO, § 257 para. 1 no. 2 and 3 in conjunction with para. 4 HGB).
  • 3 years - Data that is required to consider potential warranty and damage claims or similar contractual claims and rights and to process related inquiries, based on previous business experience and common industry practices, is stored for the duration of the regular legal statute of limitations of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of Data Subjects under the GDPR

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object at any time to the processing of personal data concerning you, which is based on Art. 6 para. 1 lit. e or f GDPR, for reasons arising from your particular situation; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such advertising purposes; this also applies to profiling, insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw given consents at any time.
  • Right to information: You have the right to obtain confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of incorrect data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request that data concerning you be erased immediately, or alternatively, in accordance with legal requirements, to request a restriction of the processing of the data.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us, in accordance with legal requirements, in a structured, commonly used and machine-readable format or to request its transmission to another controller.
  • Right to lodge a complaint with supervisory authority: You have, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you violates the requirements of the GDPR.

Business Services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners"), in the context of contractual and comparable legal relationships as well as related measures and with regard to communication with contractual partners (or pre-contractually), for example to answer inquiries.

We use this data to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services, any update obligations and remedies for warranty and other service disruptions. Furthermore, we use the data to protect our rights and for the administrative tasks associated with these obligations as well as corporate organization. We also process the data on the basis of our legitimate interests both in proper and business management and in security measures to protect our contractual partners and our business operations from abuse, endangerment of their data, secrets, information and rights (e.g. participation of telecommunications-, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or financial authorities). Within the framework of applicable law, we only pass on data from contractual partners to third parties insofar as this is necessary for the aforementioned purposes or to fulfill legal obligations. About other forms of processing, e.g. for marketing purposes, contractual partners are informed within the framework of this privacy policy.

Which data is required for the aforementioned purposes, we inform the contractual partners before or in the context of data collection, e.g. in online forms, by special marking (e.g. colors) or symbols (e.g. asterisks or similar), or personally.

We delete the data after the expiry of legal warranty and comparable obligations, i.e. basically after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons of archiving (e.g. for tax purposes usually ten years). Data that was disclosed to us by the contractual partner within the framework of an order, we delete according to the specifications and basically after the end of the order.

  • Types of data processed: Master data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or phone numbers). Contract data (e.g. contract subject, duration, customer category).
  • Affected persons: Service recipients and clients; interested parties; business and contractual partners. Education and course participants.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; communication; office and organizational procedures; organizational and administrative procedures. Business processes and business management procedures.
  • Retention and deletion: Deletion according to information in the section "General Information on Data Storage and Deletion".
  • Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Provision of Online Services and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the browser or the user's end device.

  • Types of data processed: Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, used device types and operating systems, interactions with content and functions); meta-, communication- and procedural data (e.g. IP addresses, time information, identification numbers, involved persons). Log data (e.g. log files concerning logins or data retrieval or access times).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers etc.)). Security measures.
  • Retention and deletion: Deletion according to information in the section "General Information on Data Storage and Deletion".
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Collection of Access Data and Log Files

Access to our online offer is logged in the form of so-called "server log files". The server log files may include the address and name of the retrieved websites and files, date and time of retrieval, transmitted data volumes, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and usually IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid server overload (especially in case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure server utilization and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Deletion of data: Log file information is stored for a period of maximum 30 days and then deleted or anonymized. Data whose further retention is required for evidence purposes is excluded from deletion until the final clarification of the respective incident.

Use of Cookies

Under the term "cookies" we understand functions that store information on end devices of users and read from them. Cookies can also be used for different purposes, such as for the purposes of functionality, security and comfort of online offers as well as the creation of analyses of visitor flows. We use cookies in accordance with legal requirements. For this purpose, we obtain the consent of users in advance if necessary. If consent is not necessary, we rely on our legitimate interests. This applies when storing and reading information is essential to provide expressly requested content and functions. This includes, for example, storing settings as well as ensuring the functionality and security of our online offer. The consent can be revoked at any time. We clearly inform about their scope and which cookies are used.

Notes on Data Protection Legal Bases

Whether we process personal data using cookies depends on consent. If consent is given, it serves as a legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage Duration

With regard to storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes their end device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be stored and preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g. in the context of obtaining consent), they should assume that these are permanent and the storage duration can be up to two years.

General Notes on Withdrawal and Objection (Opt-out)

Users can revoke the consents they have given at any time and also declare an objection to processing in accordance with legal requirements, also using the privacy settings of their browser.

  • Types of data processed: Meta-, communication- and procedural data (e.g. IP addresses, time information, identification numbers, involved persons).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Contact and Inquiry Management

When contacting us (e.g. by post, contact form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed, insofar as this is necessary to answer contact inquiries and any requested measures.

  • Types of data processed: Master data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or phone numbers); content data (e.g. textual or pictorial messages and contributions as well as the information relating to them, such as information about authorship or time of creation); usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, used device types and operating systems, interactions with content and functions). Meta-, communication- and procedural data (e.g. IP addresses, time information, identification numbers, involved persons).
  • Affected persons: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; Feedback (e.g. collecting feedback via online form). Provision of our online offer and user-friendliness.
  • Retention and deletion: Deletion according to information in the section "General Information on Data Storage and Deletion".
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Contact Form

When contacting us via our contact form, by email or other communication channels, we process the personal data transmitted to us to answer and process the respective request. This usually includes information such as name, contact information and, if applicable, further information that is communicated to us and is necessary for appropriate processing. We use this data exclusively for the specified purpose of contact and communication; Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails and other electronic notifications (hereinafter "newsletter") exclusively with the consent of the recipients or on the basis of a legal basis. If the contents of the newsletter are mentioned in the context of a newsletter registration, these contents are decisive for the consent of the users. For registration to our newsletter, usually the indication of your email address is sufficient. However, to offer you a personalized service, we may ask for your name for personal addressing in the newsletter or for further information, if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We can store unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them, to be able to prove a previously given consent. The processing of this data is limited to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In case of obligations to permanently observe objections, we reserve the right to store the email address alone for this purpose in a block list (so-called "blocklist").

The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider with the sending of emails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Contents: Information about us, our services, actions and offers.

  • Types of data processed: Master data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or phone numbers); meta-, communication- and procedural data (e.g. IP addresses, time information, identification numbers, involved persons). Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, used device types and operating systems, interactions with content and functions).
  • Affected persons: Communication partners. Users (e.g. website visitors, users of online services).
  • Purposes of processing: Direct marketing (e.g. by email or postal). Provision of contractual services and fulfillment of contractual obligations.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
  • Objection possibility (Opt-Out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consents, or object to further receipt. A link to cancel the newsletter can be found either at the end of each newsletter or you can use one of the contact options mentioned above, preferably email, for this purpose.

Measurement of Opening and Click Rates

The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved when the newsletter is opened from our or its server, if we use a sending service provider. In the context of this retrieval, both technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval are collected. This information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes the determination of whether and when the newsletters are opened and which links are clicked. The information is assigned to the individual newsletter recipients and stored in their profiles until deletion. The evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Web Analytics, Monitoring and Optimization

Web analytics (also referred to as "reach measurement") serves to evaluate the visitor flows of our online offer and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offer or its functions or contents are used most frequently, or invite reuse. Likewise, it is possible for us to understand which areas need optimization.

In addition to web analytics, we can also use testing procedures to test and optimize different versions of our online offer or its components.

Unless otherwise specified below, profiles can be created for these purposes, i.e. data summarized into a usage process, and information can be stored in a browser or in an end device and then read out. The collected information includes in particular visited websites and elements used there as well as technical information, such as the browser used, the computer system used as well as information on usage times. If users have agreed to the collection of their location data with us or with the providers of the services we use, the processing of location data is also possible. Furthermore, the IP addresses of users are stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored in the context of web analytics, A/B testing and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Notes on Legal Bases

If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, used device types and operating systems, interactions with content and functions). Meta-, communication- and procedural data (e.g. IP addresses, time information, identification numbers, involved persons).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (creation of user profiles). Provision of our online offer and user-friendliness.
  • Retention and deletion: Deletion according to information in the section "General Information on Data Storage and Deletion". Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods can be stored for a period of two years on users' devices.).
  • Security measures: IP masking (pseudonymization of IP address).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Umami Analytics

We use Umami, a privacy-friendly web analytics software. Umami collects anonymized usage data to help us understand the performance and usage of our website. No personally identifiable information is stored and no cookies are used.

Data collected:

  • Page views and visit duration
  • Device type and browser (anonymized)
  • Country of origin (IP address is not stored)
  • Referring websites

Legal basis: Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in analyzing website usage to improve our service.

More information about Umami can be found at: https://umami.is/docs/privacy

Hotjar

This website uses Hotjar, a web analytics service provided by Hotjar Ltd. Hotjar uses cookies and other technologies to collect data about user behavior and devices.

Hotjar collects the following data:

  • Mouse movements and clicks (heatmaps)
  • Scrolling behavior
  • Pages visited and time spent
  • Device and browser information
  • Geographic location (country only)

Hotjar stores this information in a pseudonymized user profile. The information is not used to personally identify individual visitors.

Legal basis: Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in analyzing user behavior to improve our website.

You can opt-out of Hotjar tracking by using the opt-out link: https://www.hotjar.com/policies/do-not-track/

More information can be found in Hotjar's privacy policy: https://www.hotjar.com/legal/policies/privacy/

Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").

The integration always presupposes that the third-party providers of this content process the IP address of users, since they could not send the content to their browser without an IP address. The IP address is therefore necessary for the display of this content or functions. We strive to use only such content whose respective providers use the IP address only for the delivery of content. Third-party providers can also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through the "pixel tags", information such as the visitor traffic on the pages of this website can be evaluated. The pseudonymous information can furthermore be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visit time as well as further information about the use of our online offer, but can also be linked with such information from other sources.

Notes on Legal Bases

If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, used device types and operating systems, interactions with content and functions). Meta-, communication- and procedural data (e.g. IP addresses, time information, identification numbers, involved persons).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friendliness; Reach measurement (e.g. access statistics, recognition of returning visitors); Tracking (e.g. interest- /behavior-based profiling, use of cookies); Target group formation. Marketing.
  • Retention and deletion: Deletion according to information in the section "General Information on Data Storage and Deletion". Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods can be stored for a period of two years on users' devices.).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Google Fonts (Retrieval from Google Server)

Retrieval of fonts (and symbols) for the purpose of technically secure, maintenance-free and efficient use of fonts and symbols with regard to currency and loading times, their uniform display and consideration of possible licensing restrictions. The IP address of the user is communicated to the font provider so that the fonts can be provided in the user's browser. Furthermore, technical data (language settings, screen resolution, operating system, used hardware) is transmitted, which is necessary for the provision of fonts depending on the devices used and the technical environment. This data can be processed on a server of the font provider in the USA - When visiting our online offer, users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) of Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of website visitors, as well as the referrer URL (i.e. the website on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and they are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. In the Google Fonts Web API, the user agent must adapt the font that is generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics with which the popularity of font families is measured. These summarized usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations based on the number of font requests can be generated. According to Google's own information, Google does not use any of the information collected by Google Fonts to create end-user profiles or display targeted advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.

YouTube Videos

Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Objection possibility (Opt-Out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff.

Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We inform you as soon as the changes require action on your part (e.g. consent) or other individual notification becomes necessary. If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that the addresses may change over time and ask you to check the information before making contact.

Created with free privacy policy generator.de by Dr. Thomas Schwenke

Join the Waitlist

Be the first to know when we launch publicly and get exclusive early access to our AI marketing courses.

* Required fields