Data protection declaration
Introduction and overview
We have written this data protection declaration (version 15.03.2024-312747218) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller - and the processors commissioned by us (e.g. providers) - process, will process in the future and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Data protection declarations usually sound very technical and use legal terms. This data protection declaration, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. As far as it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. We are informing you in clear and simple language that we only process personal data in the context of our business activities if there is a corresponding legal basis. This is certainly not possible if you provide the briefest, most unclear and legal-technical explanations possible, as is often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is some information there that you did not know before.
If you still have any questions, we would like to ask you to contact the responsible body named below or in the imprint, follow the existing links and look at further information on third-party websites. You can of course also find our contact details in the imprint.

Scope
This data protection declaration applies to all personal data processed by us in the company and to all personal data that companies commissioned by us (contract processors) process. By personal data we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, e-mail address and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this data protection declaration includes:

all online presences (websites, online shops) that we operate

Social media presences and email communication

mobile apps for smartphones and other devices

In short: The data protection declaration applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal basis
In the following data protection declaration, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

Consent (Article 6 paragraph 1 letter a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data in a contact form.

Contract (Article 6 paragraph 1 lit. b GDPR): We process your data in order to fulfil a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information in advance.

Legal obligation (Article 6 paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.

Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we have to process certain data in order to be able to operate our website safely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions such as the taking of recordings in the public interest and the exercise of public authority as well as the protection of vital interests do not generally occur with us. If such a legal basis should be applicable, it will be indicated in the appropriate place.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Law on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.

In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the person responsible
If you have any questions about data protection or the processing of personal data, you will find the contact details of the person or body responsible below:
The Lilittle Gym Sàrl-S
18, avenue Dr Klein
L-5630 Mondorf-les-bains

E-mail: info@thelilittlegym.com
Telephone: +352691250704
Imprint: https://www.thelilittlegym.net/impressum/

Data transfer to third countries
We only transfer or process data to countries outside the scope of the GDPR (third countries) if you consent to this processing or if there is another legal permission. This applies in particular if the processing is required by law or necessary to fulfill a contractual relationship and in any case only to the extent that this is generally permitted. In most cases, your consent is the most important reason why we have data processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, an adequate level of protection for data transfer to the USA currently only exists if a US company that processes personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. You can find more information at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. In addition, collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.

We will provide you with more detailed information about data transfer to third countries at the appropriate points in this privacy policy, if this applies.

Communication
Communication summary
👥 Affected parties: All those who communicate with us by telephone, email or online form
📓 Data processed: e.g. telephone number, name, email address, form data entered. You can find more details about this in the respective contact type used
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage period: Duration of the business case and the legal regulations
⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. b GDPR (contract), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

If you contact us and communicate by telephone, email or online form, personal data may be processed.

The data is processed for the purpose of handling and processing your question and the related business transaction. The data is stored for as long as or as long as the law requires.

Affected persons
The processes mentioned affect everyone who tries to contact us via the communication channels we provide.

Telephone
If you call us, the call data is stored pseudonymously on the respective device and by the telecommunications provider used. In addition, data such as name and telephone number can be sent by email afterwards and saved to answer the query. The data will be deleted as soon as the business case has been completed and legal requirements allow it.

Email
If you communicate with us by email, data may be saved on the respective device (computer, laptop, smartphone, ...) and data will be saved on the email server. The data will be deleted as soon as the business case has been completed and legal requirements allow it.

Online forms
If you communicate with us using an online form, data will be saved on our web server and forwarded to an email address of ours if necessary. The data will be deleted as soon as the business case has been completed and legal requirements allow it.

Legal basis
The processing of the data is based on the following legal basis:

Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to save your data and to continue to use it for the purposes related to the business case;

Art. 6 Para. 1 lit. b GDPR (contract): There is a need to fulfill a contract with you or a processor such as the telephone provider or we need to process the data for pre-contractual activities such as preparing an offer;

Art. 6 Para. 1 lit. f GDPR (legitimate interests): We want to handle customer inquiries and business communication in a professional setting. For this, certain technical facilities such as email programs, exchange servers and mobile phone operators are necessary in order to be able to operate the communication efficiently.

Cookies
Cookies summary
👥 Affected parties: Visitors to the website
🤝 Purpose: depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.
📓 Data processed: depends on the cookie used in each case. You can find more details below or from the manufacturer of the software that sets the cookie.
📅 Storage period: depends on the respective cookie, can vary from hours to years
⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit.f GDPR (legitimate interests)

What are cookies?
Our website uses HTTP cookies to store user-specific data.
In the following we explain what cookies are and why they are used so that you can better understand the following data protection declaration.

Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. To be more precise, they are HTTP cookies, as there are other cookies for other applications. HTTP cookies are small files that are saved by our website on your computer. These cookie files are automatically stored in the cookie folder, which is basically the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you visit our site again, your browser sends the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are saved in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "malware". Cookies cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152312747218-9
Purpose: Differentiation between website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

At least 4096 bytes per cookie

At least 50 cookies per domain

At least 3000 cookies in total

What types of cookies are there?
The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues browsing on other pages and only goes to the checkout later. These cookies do not delete the shopping cart, even if the user closes their browser window.

Purposeful cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and behavior of the website in different browsers.

Targeted cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are saved.

Advertising cookies
These cookies are also called targeting cookies. They are used to provide the user with individually tailored advertising. This can be very practical, but also very annoying.

When you visit a website for the first time, you are usually asked which of these types of cookies you would like to accept. And of course this decision is also saved in a cookie.

If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies
The purpose ultimately depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the data processed or stored in the following data protection declaration.

Storage period of cookies
The storage period depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You also have influence over the storage period. You can manually delete all cookies at any time via your browser (see also “Right of objection” below). Furthermore, cookies based on consent will be deleted at the latest after you revoke your consent, whereby the legality of storage remains unaffected until then.

Right of objection - how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option of deleting, deactivating or only partially allowing cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you do not want cookies at all, you can set up your browser so that it always informs you when a cookie is to be set. This way you can decide for each individual cookie whether to allow the cookie or not. The procedure varies depending on the browser. The best thing to do is to search for the instructions in Google using the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.

Legal basis
The so-called “cookie guidelines” have been in place since 2009. They state that storing cookies requires your consent (Article 6 (1) (a) GDPR). However, there are still very different reactions to these guidelines within the EU countries. In Austria, however, this guideline was implemented in Section 165 (3) of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, this guideline was largely implemented in Section 15 (3) of the Telemedia Act (TMG).

For absolutely necessary cookies, even if no consent has been given, there are legitimate interests (Article 6 (1) (f) GDPR), which in most cases are of an economic nature. We want to give visitors to the website a pleasant user experience and certain cookies are often absolutely necessary for this.

If cookies that are not absolutely necessary are used, this only happens with your consent. The legal basis in this respect is Art. 6 Paragraph 1 Letter a of GDPR.

In the following sections, you will be informed in more detail about the use of cookies, provided that the software used uses cookies.

Customer data
Customer data summary
👥 Affected parties: Customers or business and contractual partners
🤝 Purpose: Provision of the contractually or pre-contractually agreed services including associated communication
📓 Data processed: Name, address, contact details, email address, telephone number, payment information (such as invoices and bank details), contract data (such as term and subject of the contract), IP address, order data
📅 Storage period: the data is deleted as soon as it is no longer required to fulfill our business purposes and there is no legal obligation to retain it.
⚖️ Legal basis: Legitimate interest (Art. 6 Para. 1 lit. f GDPR), contract (Art. 6 Para. 1 lit. b GDPR)

What is customer data?
So that we can offer our service or our contractual services, we also process data from our customers and business partners. This data always includes personal data. Customer data is all information that is processed on the basis of a contractual or pre-contractual collaboration in order to be able to provide the services offered. Customer data is therefore all information collected about our customers that we collect and process.

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important is that we simply need various data to provide our services. Sometimes your email address is enough, but if you purchase a product or service, for example, we also need data such as name, address, bank details or contract details. We also subsequently use the data for marketing and sales optimization so that we can improve our service for our customers overall. Another important point is our customer service, which is always very important to us. We want you to be able to come to us at any time with questions about our offers and for this we need at least your email address.

What data is processed?
At this point, the exact data that is stored can only be shown using categories. This always depends on which services you purchase from us. In some cases, you only give us your email address so that we can, for example, contact you or answer your questions. In other cases, you purchase a product or service from us and for this we need significantly more information, such as your contact details, payment details and contract details.

Here is a list of possible data that we receive and process from you:

Name

Contact address

Email address

Telephone number

Date of birth

Payment details (invoices, bank details, payment history, etc.)

Contract data (term, content)

Usage data (websites visited, access data, etc.)

Metadata (IP address, device information)

How long is the data stored?

As soon as we no longer need the customer data to fulfill our contractual obligations and purposes and the data is also not necessary for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the limitation period is usually 3 years, although longer periods are possible in individual cases. Of course, we also adhere to the statutory retention periods. Your customer data will definitely not be passed on to third parties unless you have explicitly given your consent.

Legal basis
The legal basis for the processing of your data is Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. b GDPR (contract or pre-contractual measures), Art. 6 Para. 1 lit. f GDPR (legitimate interests) and in special cases (e.g. for medical services) Art. 9 Para. 2 lit. a. GDPR (processing of special categories).

In the case of the protection of vital interests, data processing takes place in accordance with Art. 9 Para. 2 lit. c. GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector, personal data is processed in accordance with Art. 9 Para. 2 lit. h. GDPR. If you voluntarily provide data from the special categories, processing takes place on the basis of Art. 9 Para. 2 lit. a. GDPR.

Social Media Introduction
Social Media Data Protection Statement Summary
👥 Affected parties: Visitors to the website
🤝 Purpose: Presentation and optimization of our services, contact with visitors, interested parties, etc., advertising
📓 Data processed: Data such as telephone numbers, email addresses, contact details, data on user behavior, information about your device and your IP address.
You can find more details on this in the social media tool used.
📅 Storage period: depends on the social media platforms used
⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is social media?
In addition to our website, we are also active on various social media platforms. User data can be processed so that we can specifically address users who are interested in us via social networks. In addition, elements of a social media platform can also be embedded directly in our website. This is the case, for example, if you click on a so-called social button on our website and are redirected directly to our social media presence. So-called social media or social media refers to websites and apps through which registered members can produce content, exchange content openly or in specific groups and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and get in touch online. With our social media presence, we can bring our products and services closer to interested parties. The social media elements integrated into our website help you to switch to our social media content quickly and without complications.

The data that is stored and processed through your use of a social media channel is primarily intended to be able to carry out web analyses. The aim of these analyses is to be able to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can be used to draw appropriate conclusions about your interests and create so-called user profiles. This also enables the platforms to present you with tailored advertisements. Cookies are usually placed in your browser for this purpose, which store data on your usage behavior.

We generally assume that we remain responsible for data protection, even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform can be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is then reproduced below for the platform in question.

Please note that when using the social media platforms or our built-in elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may mean that you can no longer easily demand or enforce your rights with regard to your personal data.

Which data is processed?
The exact data that is stored can only be shown here using categories. This always depends on which services you receive from us. In some cases, you only give us your email address so that we can, for example, contact you or answer your questions. In other cases, you purchase a product or service from us and for this we need significantly more information, such as your contact details, payment details and contract details.

Here is a list of possible data that we receive from you and process:

Name

Contact address

Email address

Telephone number

Date of birth

Payment details (invoices, bank details, payment history, etc.)

Contract data (term, content)

Usage data (websites visited, access data, etc.)

Metadata (IP address, device information)

How long is the data stored? As soon as we no longer need the customer data to fulfill our contractual obligations and our purposes and the data is also not required for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the limitation period is usually 3 years, although longer periods are possible in individual cases. Of course, we also adhere to the statutory retention periods. Your customer data will definitely not be passed on to third parties if you have not explicitly given your consent.

Legal basis
The legal basis for the processing of your data is Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. b GDPR (contract or pre-contractual measures), Art. 6 Para. 1 lit. f GDPR (legitimate interests) and in special cases (e.g. for medical services) Art. 9 Para. 2 lit. a. GDPR (processing of special categories).

In the case of the protection of vital interests, data processing takes place in accordance with Art. 9 (2) lit. c. GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector, personal data is processed in accordance with Art. 9 (2) lit. h. GDPR. If you voluntarily provide data from special categories, processing takes place on the basis of Art. 9 (2) lit. a. GDPR.

Social Media Introduction
Social Media Data Protection Declaration Summary
👥 Affected parties: Visitors to the website
🤝 Purpose: Presentation and optimization of our service, contact with visitors, interested parties, etc., advertising
📓 Data processed: Data such as telephone numbers, email addresses, contact details, data on user behavior, information about your device and your IP address.
You can find more details on this in the social media tool used.
📅 Storage period: depends on the social media platforms used
⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is social media?
In addition to our website, we are also active on various social media platforms. User data can be processed so that we can specifically address users who are interested in us via social networks. In addition, elements of a social media platform can also be embedded directly in our website. This is the case, for example, if you click on a so-called social button on our website and are redirected directly to our social media presence. So-called social media or social media refers to websites and apps through which registered members can produce content, exchange content openly or in certain groups and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and get in touch online. With our social media presence, we can bring our products and services closer to interested parties. The social media elements integrated into our website help you to switch to our social media content quickly and without complications.

The data that is stored and processed through your use of a social media channel is primarily intended to enable web analyses. The aim of these analyses is to be able to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can be used to draw appropriate conclusions about your interests and create so-called user profiles. This also enables the platforms to present you with customized advertisements. Cookies are usually placed in your browser for this purpose, which store data about your usage behavior.

We generally assume that we remain responsible under data protection law, even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is then reproduced below for the platform in question.

Please note that when using the social media platforms or our built-in elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may mean that you can no longer easily demand or enforce your rights with regard to your personal data.

What data is processed?
Exactly which data is stored and processed depends on the respective provider of the social media platform. But it is usually data such as telephone numbers, email addresses, data that you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the social media channel you visit and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers' servers. This means that only the providers have access to the data and can give you the appropriate information or make changes.

If you want to know exactly which data is stored and processed by the social media providers and how you can object to data processing, you should read the company's respective privacy policy carefully. If you have any questions about data storage and processing or want to assert corresponding rights, we recommend that you contact the provider directly.

Duration of data processing
We will inform you about the duration of data processing below if we have further information about it. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. Customer data that is compared with your own user data is deleted within two days. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products. If required by law, such as in the case of accounting, this storage period may be exceeded.

Right of objection
You also have the right and the option to revoke your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Since cookies can be used with social media tools, we also recommend our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis
If you have consented that your data can be processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR). In principle, if consent is given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy policy text about cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Information about specific social media platforms can be found - if available - in the following sections.

AddThis privacy policy
AddThis privacy policy summary
👥 Affected parties: Visitors to the website
🤝 Purpose: Optimization of our service
📓 Data processed: Data such as data on user behavior, information about your device and your IP address.
You can find more details about this further down in the privacy policy.
📅 Storage period: the collected data is stored for 13 months from the time the data is collected
⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is AddThis?
We use plug-ins from AddThis from Oracle America, Inc. (500 Oracle Parkway, Redwood Shores, CA 94065, USA) on our website. These plug-ins allow you to share content from our website quickly and easily with other people. When you visit a website with an AddThis function, your data can be transferred to the company AddThis, stored and processed. This privacy policy tells you why we use AddThis, which data is processed and how you can prevent this data transfer.

Among other things, AddThis develops software tools that are integrated into websites to enable users to distribute content on various social media channels or by email. In addition, AddThis also offers functions that are used for website analysis. The data collected is also used to offer Internet users interest-based advertising. The service is used by more than 15 million website operators worldwide.

Why do we use AddThis on our website?
By using the AddThis buttons, you can share interesting content from our website on various social media channels such as Facebook, Twitter, Instagram or Pinterest. If you like our content, we would of course be happy if you also share it with your social community. And the easiest way to do this is via the AddThis buttons.

What data is stored by AddThis?
If you share content with AddThis and you are logged in with the respective social media account, data such as visiting our website and sharing content can be assigned to the user account of the corresponding social media channel. AddThis uses cookies, pixels, HTTP headers and browser identifiers to collect data on your visitor behavior. In addition, some of this data is shared with third parties after pseudonymization.
Here is an example list of the data that may be processed:

Unique ID of a cookie placed in the web browser

Address of the website visited

Time of the website visit

Search queries that brought a visitor to the page with AddThis

Time spent on a website

The IP address of the computer or mobile device

Mobile advertising IDs (Apple IDFA or Google AAID)

Information contained in HTTP headers or other transmission protocols used

Which program was used on the computer (browser) or which operating system was used (iOS)

AddThis uses cookies, which we list below as examples and excerpts. You can find out more about AddThis cookies at https://www.oracle.com/legal/privacy/addthis-privacy-policy.html.

Name: bt2
Value: 8961a7f179d87qq69V69312747218-3
Purpose: This cookie is used to record parts of the website visited in order to recommend other parts of the website.
Expiry date: after 255 days

Name: bku
Value: ra/99nTmYN+fZWX7312747218-4
Purpose: This cookie registers anonymized user data such as your IP address, geographical location, websites visited and which ads you clicked on.
Expiry date: after 179 days

Note: Please keep in mind that this is an example list and we cannot claim to be complete.

AddThis also shares collected information with other companies. You can find more details at https://www.oracle.com/legal/privacy/addthis-privacy-policy.html. AddThis also uses the data received to create target groups and interest profiles and to offer interest-based advertising to users in the same advertising network.

How long and where is the data stored?
AddThis stores the collected data for 13 months from the time of data collection. 1% of the data is kept as a "sample data set" for a maximum of 24 months so that the business relationship is maintained. In this "sample data set", however, the direct and indirect identification (such as your IP address and cookie ID) is hashed. This means that the personal data can no longer be associated with you without additional information. Since the AddThis company is headquartered in the USA, the collected data is also stored on American servers.

How can I delete my data or prevent data storage?
You have the right to access and delete your personal data at any time. If you no longer want to see advertising based on data collected by AddThis, you can use the opt-out button at https://datacloudoptout.oracle.com/?tid=312747218. This sets an opt-out cookie that you must not delete in order to retain this setting.

You can also set your preferences for usage-based online advertising in preference management via https://www.youronlinechoices.com/at/.

Your browser offers one way to prevent data processing or to manage it according to your wishes. Data processing works slightly differently depending on the browser. Under the "Cookies" section you will find the relevant links to the respective instructions for the most popular browsers.

Legal basis
If you have consented that your data can be processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

AddThis also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

AddThis uses standard contractual clauses approved by the EU Commission (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. These clauses oblige AddThis to comply with the EU data protection level when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

If you would like to know more about how AddThis processes your data, you can find more information at https://www.oracle.com/legal/privacy/addthis-privacy-policy.html.

Instagram privacy policy
Instagram privacy policy summary
👥 Affected parties: Visitors to the website
🤝 Purpose: Optimization of our service
📓 Data processed: Data such as data on user behavior, information about your device and your IP address.
You can find more details about this further down in the privacy policy.
📅 Storage period: until Instagram no longer needs the data for its purposes
⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is Instagram?
We have integrated Instagram functions on our website. Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is one of the Facebook products. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you visit websites on our website that have an integrated Instagram function, data is transmitted to, stored and processed by Instagram. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.

In the following, we want to give you a more detailed insight into why Instagram collects data, what data it is and how you can largely control data processing. Since Instagram belongs to Meta Platforms Inc., we get our information from the Instagram guidelines on the one hand, but also from the Meta data protection guidelines themselves on the other.

Instagram is one of the most well-known social media networks in the world. Instagram combines the advantages of a blog with the advantages of audiovisual platforms such as YouTube or Vimeo. You can upload photos and short videos to "Insta" (as many users casually call the platform), edit them with various filters and also share them on other social networks. And if you don't want to be active yourself, you can just follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really taken off in recent years. And of course we have also responded to this boom. We want you to feel as comfortable as possible on our website. That's why we make it a matter of course to prepare our content in a varied way. The embedded Instagram functions allow us to enrich our content with helpful, funny or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be useful for personalized advertising on Facebook. This means that our advertisements are only shown to people who are really interested in our products or services.

Instagram also uses the data collected for measurement and analysis purposes. We get summarized statistics and thus more insight into your wishes and interests. It is important to mention that these reports do not identify you personally.

What data is stored by Instagram?
If you come across one of our pages that has Instagram functions (such as Instagram images or plug-ins) built in, your browser automatically connects to Instagram's servers. Data is sent to Instagram, stored and processed, regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, advertisements you see and how you use our services. The date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that this is also the case with Instagram. Customer data includes name, address, telephone number and IP address. This customer data will only be transmitted to Instagram if it has been "hashed" beforehand. Hashing means that a data set is converted into a character string. This allows the contact details to be encrypted. The "event data" mentioned above is also transmitted. Facebook – and consequently Instagram – understands “event data” to mean data about your user behavior. It can also happen that contact data is combined with event data. The contact data collected is compared with the data that Instagram already has about you.

The collected data is transmitted to Facebook via small text files (cookies), which are usually set in your browser. Depending on the Instagram functions used and whether you have an Instagram account yourself, different amounts of data are stored.

We assume that data processing on Instagram works in the same way as on Facebook. This means: if you have an Instagram account or have visited www.instagram.com, Instagram has at least set one cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram function. This data is deleted or anonymized after 90 days at the latest (after comparison). Although we have looked intensively at Instagram's data processing, we cannot say exactly which data Instagram collects and stores.

Below we show you cookies that are set in your browser at least when you click on an Instagram function (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies will of course be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent requests from being forged. However, we were unable to find out more precisely.
Expiry date: after one year

Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimize its own services and offers on and off Instagram. The cookie sets a unique user ID.
Expiry date: after the end of the session

Name: fbsr_312747218124024
Value: no information
Purpose: This cookie stores the log-in request for users of the Instagram app.
Expiry date: after the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date: after the end of the session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe312747218”
Purpose: This cookie is used for Instagram’s marketing purposes.
Expiry date: after the end of the session

Note: We cannot claim to be complete here. Which cookies are set in individual cases depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information it receives between Facebook companies, external partners, and people you connect with around the world. Data processing is carried out in compliance with its own data policy. Your data is distributed across Facebook servers around the world, for security reasons, among other things. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to information, portability, correction, and deletion of your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how you delete your Instagram account:

First open the Instagram app. On your profile page, go down and click on "Help area." Now you will come to the company's website. On the website, click on "Manage account" and then on "Delete your account."

If you delete your account completely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and is therefore not deleted.

As already mentioned above, Instagram stores your data primarily via cookies. You can manage, deactivate or delete these cookies in your browser. Depending on your browser, the management always works a little differently. Under the "Cookies" section you will find the corresponding links to the respective instructions for the most popular browsers.

You can also generally set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to accept the cookie or not.

Legal basis
If you have consented that your data can be processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Instagram processes your data in the USA, among other places. Instagram or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Instagram uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Instagram undertakes to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We have tried to give you the most important information about data processing by Instagram. You can find out more about Instagram’s data policies at https://privacycenter.instagram.com/policy/.

​​