Privacy policy

Chapter

1. Preamble

With the following privacy policy, we wish to inform you about what types of your personal data (hereinafter also referred to briefly as "data") we process for which purposes and to what extent in connection with the provision of our application.

The terms used are gender-neutral.

Date: February 24, 2026

2. Responsible Person

Pascal Gopon

Main Street 7

45549 Sprockhövel

Email Address: PG.DARKLUX@GMAIL.COM

Imprint: Dark-lux.com

3. Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes for which they are processed, while also identifying the affected individuals.

Types of Processed Data

Personal data
Payment data
Contact data
Content data
Contractual data
Usage data
Meta-, communication, and procedural data
Log data

Categories of Affected Individuals

Recipients and clients
Prospects
Communication partners
Users
Business and contractual partners

Purposes of Processing

Provision of contractual services and fulfillment of contractual obligations
Communication
Security measures
Office and organizational procedures
Organizational and administrative procedures
Feedback
Provision of our online offering and user-friendliness
Information technology infrastructure
Public relations
Business processes and business management procedures

4. Legal Basis

Legal basis under the GDPR: Below you will find an overview of the legal bases for processing personal data in accordance with the GDPR. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, if specific legal bases are applicable in individual cases, we will inform you thereof in the privacy policy.

Consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO) – The data subject has given consent for the processing of personal data concerning them for one or more specified purposes.

Contract performance and pre-contractual measures (Art. 6 Abs. 1 S. 1 lit. b) DSGVO) – Processing is necessary for the performance of a contract to which the data subject is party, or in order to take pre-contractual steps at the request of the data subject.

Legal obligation (Art. 6 Abs. 1 S. 1 lit. c) DSGVO) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless, having regard to the context, the data subject's rights and freedoms and legitimate expectations are overridden.

National Data Protection Regulations in Germany

In addition to the GDPR data protection regulations, national data protection regulations apply in Germany. These include, in particular, the Act on Security against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains special provisions regarding the right to information, the right to erasure, the right to object, processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases including profiling. Furthermore, state-level data protection laws of the respective federal states may also apply.

5. Security Measures

We implement appropriate technical and organizational measures to ensure a level of protection commensurate with the risk, in accordance with legal requirements and taking into account the state of the art, implementation costs, as well as the nature, scope, context, and purposes of processing, including the varying probabilities and potential impact on the rights and freedoms of natural persons.

Among these measures are, in particular, safeguards for the confidentiality, integrity, and availability of data through control of physical and electronic access to the data as well as controls over access, input, transmission, storage, and separation thereof. Furthermore, we have established procedures that ensure the protection of affected individuals' rights, the deletion of data, and responses to data breaches. Additionally, we consider the protection of personal data already during the development or selection of hardware, software, and processes in accordance with the principle of privacy by design and by default through technical design and privacy-friendly settings.

Securing Online Connections via TLS-/SSL Encryption Technology (HTTPS)

To protect user data transmitted over our online services from unauthorized access, we utilize TLS-/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information exchanged between a website or app and the user's browser (or between two servers), thereby safeguarding the data from unauthorized access. As the more advanced and secure version of SSL, TLS ensures that all data transmissions meet the highest security standards. When a website is secured with an SSL-/TLS certificate, this is indicated by the display of HTTPS in the URL, serving as an indicator for users that their data is transmitted securely and encrypted.

6. Allgemeine Informationen zur Datenspeicherung und Löschung

We delete personal data that we process in accordance with legal provisions as soon as the underlying consent is withdrawn or no further legal basis for processing remains. This applies to cases where the original processing purpose ceases to exist or the data are no longer needed. Exceptions to this rule exist when legal obligations or special interests require longer retention or archiving of the data.

Insbesondere müssen Daten, die aus handels- oder steuerrechtlichen Gründen aufbewahrt werden müssen oder deren Speicherung notwendig ist zur Rechtsverfolgung oder zum Schutz der Rechte anderer natürlicher oder juristischer Personen, entsprechend archiviert werden.

Unsere Datenschutzhinweise enthalten zusätzliche Informationen zur Aufbewahrung und Löschung von Daten, die speziell für bestimmte Verarbeitungsprozesse gelten.

Bei mehreren Angaben zur Aufbewahrungsdauer oder Löschungsfristen eines Datums, ist stets die längste Frist maßgeblich. Daten, die nicht mehr für den ursprünglich vorgesehenen Zweck, sondern aufgrund gesetzlicher Vorgaben oder anderer Gründe aufbewahrt werden, verarbeiten wir ausschließlich zu den Gründen, die ihre Aufbewahrung rechtfertigen.

Aufbewahrung und Löschung von Daten

10 Jahre - Retention period for books and records, annual statements, inventories, location reports, opening balance sheets as well as the work instructions necessary for their understanding and other organizational documents (§ 147 Abs. 1 Nr. 1 i.V.m. Abs. 3 AO, § 14b Abs. 1 UStG, § 257 Abs. 1 Nr. 1 i.V.m. Abs. 4 HGB).

8 Jahre - Invoice records, such as invoices and cost receipts (§ 147 Abs. 1 Nr. 4 and 4a i.V.m. Satz 1 AO and § 257 Abs. 1 Nr. 4 i.V.m. Abs. 4 HGB).

6 Jahre - Other business documents: received commercial or trade letters, copies of sent commercial or trade letters, other documents that are significant for taxation purposes, e.g. hourly pay slips, accounting summaries, calculation sheets, price awards, but also payroll records, provided they are not already invoice records and cash registers (§ 147 Abs. 1 Nr. 2, 3, 5 i.V.m. Satz 3 AO, § 257 Abs. 1 Nr. 2 u. 3 i.V.m. Abs. 4 HGB).

3 Jahre - Data required to consider potential warranty and damages claims or similar contractual rights and obligations, as well as related inquiries, based on prior business experience and common industry practices, are stored for the duration of the regular legal limitation period of three years (§§ 195, 199 BGB).

Fristbeginn mit Ablauf des Jahres

If a deadline is not explicitly set to a specific date and lasts at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships where data are stored, the triggering event is the effective date of termination or other conclusion of the legal relationship.

7. Rights of the Data Subjects

Rights of the Data Subjects under the GDPR

As a data subject, you are entitled to various rights under the GDPR, which in particular arise from Articles 15 to 21 of the GDPR:

Right to object: You have the right, for reasons arising from your particular situation, at any time to object to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If personal data concerning you are processed for direct marketing purposes, you have the right, at any time, to object to the processing of your personal data for such advertising purposes; this also applies to profiling insofar as it is linked to such direct marketing.

Right to withdraw consent: You have the right to withdraw consent at any time.

Right to information: You have the right to request confirmation as to whether personal data concerning you are being processed and to obtain information about these data, further information, and a copy of the data in accordance with statutory requirements.

Right to rectification: In accordance with statutory requirements, you have the right to request the completion of your personal data or the correction of inaccurate personal data concerning you.

Right to erasure and restriction of processing: In accordance with statutory requirements, you have the right to request that your personal data be erased without delay, or alternatively, in accordance with statutory requirements, to request a restriction on the processing of your data.

Right to data portability: You have the right, in accordance with statutory requirements, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format, or to demand that such data be transmitted to another controller.

Right to lodge a complaint with supervisory authority: Notwithstanding any other administrative or judicial remedy available to you, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, workplace, or where the alleged infringement occurred, if you consider that the processing of personal data concerning you violates the provisions of the GDPR.

8. Business Services

We process personal data of our contractual and business partners, such as customers, clients, interested parties, suppliers, and other cooperation partners (collectively "contractual partners"), for the establishment, execution, and administration of contractual relationships and comparable legal relationships. This also includes pre-contractual measures initiated upon request, as well as communication in connection with the respective contractual relationship. The processing serves primarily to fulfill our contractual main and ancillary obligations. These include providing agreed-upon services, any applicable update and information obligations, handling warranty claims and other performance defects, administering withdrawals and terminations of ongoing debt relationships, settlements, refunds, and handling other contract-related declarations and inquiries. Both one-off contracts and ongoing contractual relationships are covered.

Processed data primarily includes master data such as name, address, and optionally company name; contact details such as e-mail address and telephone number; contract and performance data such as subject matter of the contract, duration of the contract, order or transaction number; usage and performance data; payment and billing data; as well as communication content and history. Where necessary, we also process data that is disclosed to us or transmitted to us in the course of carrying out an order.

In addition, we process data to safeguard our rights and to fulfill statutory obligations. This includes, in particular, commercial and tax-related retention obligations, documentation obligations, and, where applicable, proof and accountability obligations. Furthermore, processing takes place on the basis of our legitimate interests in proper business management, internal administration, risk control, and IT security, as well as in protecting our business operations and our contractual partners from misuse, data endangerment, and infringement of other legal interests. This may also include the engagement of external service providers such as IT and telecommunications providers, transport and logistics companies, payment service providers, banks, tax and legal advisors, or other performance assistants, to the extent that this is necessary for contract execution or for fulfilling statutory obligations.

The transfer of personal data to third parties occurs exclusively to the extent that it is necessary for contract fulfillment, for carrying out pre-contractual measures, for safeguarding legitimate interests, or for fulfilling statutory obligations. We inform separately about processing beyond this scope, particularly for marketing purposes, within this privacy policy.

Which specific data are required in individual cases is communicated to contractual partners during the collection of data, for example via appropriate labeling in online forms or through personal contact.

Data deletion takes place as soon as the data are no longer necessary for the aforementioned purposes and no statutory retention obligations apply. Statutory retention periods, particularly under commercial and tax law, may require a longer storage period. Data transmitted in the course of a specific order are deleted after completion of the order and expiration of any applicable retention periods, unless further legal or contractual obligations to store them exist.

The legal basis for processing is Art. 6 Abs. 1 lit. b DSGVO for carrying out pre-contractual measures and fulfilling the respective contractual relationship, as well as Art. 6 Abs. 1 lit. c DSGVO for fulfilling statutory obligations. To the extent that processing is based on legitimate interests, it takes place pursuant to Art. 6 Abs. 1 lit. f DSGVO. Where processing is grounded in Art. 6 Abs. 1 lit. f DSGVO, it serves to safeguard our legitimate interests in proper and efficient business organization, internal administration and documentation of business transactions, enforcement and defense of legal claims, assurance of IT and data security, prevention of misuse and fraud, as well as economic steering and further development of our business operations. These interests particularly consist in ensuring a secure and legally sound business operation and in safeguarding our entrepreneurial capacity to act.

Summary

Types of processed data: Master data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank connections, invoices, payment history); Contact data (e.g., postal and e-mail addresses or telephone numbers); Contract data (e.g., subject matter, duration, customer category); Usage data (e.g., page views and session duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
Affected persons: Recipients of services and clients; Interested parties. Business and contractual partners.
Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations; Security measures; Communication; Office and organizational procedures; Organizational and administrative procedures. Business processes and business management procedures.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Storage and Deletion".
Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO); Legal obligation (Art. 6 Abs. 1 S. 1 lit. c) DSGVO). Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).

Further Information on Processing Processes, Procedures, and Services

Online Shop, Order Forms, E-Commerce, and Service Fulfillment: We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and associated services, as well as their payment and provision, or delivery, or execution. Where necessary for the execution of an order, we engage service providers, in particular postal, freight forwarding, and courier companies, to carry out delivery, or execution on behalf of our customers. For the administration of payment processes, we utilize the services of banks and payment service providers. The required information is marked as such within the scope of the ordering or comparable acquisition process and includes the information needed for delivery, or provision and billing, as well as contact information to facilitate any necessary communication; Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO).

9. Payment Procedures

In the context of contractual and other legal relationships, based on statutory obligations or otherwise on the basis of our legitimate interests, we offer affected persons efficient and secure payment options and use, in addition to banks and credit institutions, further service providers (collectively "payment service providers") for this purpose. The payment traffic is carried out exclusively via encrypted connections in accordance with current technical standards, so that the entered data are protected against unauthorized access during transmission.

The data processed by the payment service providers include personal data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract-related, amount- and recipient-specific information. This information is required to carry out the transactions. However, the entered data are only processed and stored by the payment service providers. That means we receive no account- or credit-card related information, but only information with confirmation of payment or negative notification thereof. Under certain circumstances, the data may be transmitted by the payment service providers to business reference agencies. This transmission is intended for identity and creditworthiness checks. In this regard, we refer to the terms and conditions and privacy notices of the payment service providers.

For the payment transactions, the terms and conditions and privacy notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and for asserting withdrawal, information and other data subject rights.

Summary

Types of processed data: Personal data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank connections, invoices, payment history); Contractual data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta-, communication- and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons). Contact data (e.g., postal and email addresses or telephone numbers).
Affected persons: Recipients of services and orderers; Business and contractual partners. Interested parties.
Purposes of processing and legitimate interests: Provision of contractual performance and fulfillment of contractual obligations. Business processes and business procedures.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Storage and Deletion".
Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO). Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).

Further Information on Processing Processes, Procedures and Services

Google Pay: Payment services (technical connection of online payment methods); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO); Website: https://pay.google.com/intl/de_de/about/. Privacy notice: https://policies.google.com/privacy.
Mastercard: Payment services (technical connection of online payment methods); Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO); Website: https://www.mastercard.de/de-de.html. Privacy notice: https://www.mastercard.de/de-de/datenschutz.html.
PayPal: Payment services (technical connection of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO); Website: https://www.paypal.com/de. Privacy notice: https://www.paypal.com/de/legalhub/paypal/privacyfull.
Visa: Payment services (technical connection of online payment methods); Service provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO); Website: https://www.visa.de. Privacy notice: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

10. Provision of Online Offerings and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary for transmitting the content and functions of our online services to the browser or end device of the user.

Summary

Types of processed data: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, used device types and operating systems, interactions with content and functions); Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Log data (e.g., log files concerning logins or the retrieval of data or access times.).
Affected persons: Users (e.g., website visitors, users of online services).
Purposes of processing and legitimate interests: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers etc.)). Security measures.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Storage and Deletion".
Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f DSGVO).

Further Notes on Processing Processes, Procedures, and Services

Provision of online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as "web hoster"); Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f DSGVO).
Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". Server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, transferred data volumes, notification of successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid server overload (especially in the event of malicious attacks, so-called DDoS attacks), and also to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f DSGVO). Deletion of data: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes are exempt from deletion until the respective incident is finally clarified.
netcup: Services in the field of provision of information technology infrastructure and associated services (e.g., storage space and/or computing capacity); Service provider: netcup GmbH, Daimlerstraße 25, D-76185 Karlsruhe, Germany; Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f DSGVO); Website: https://www.netcup.de/; Privacy policy: https://www.netcup.de/kontakt/datenschutzerklaerung.php. Data processing agreement: https://helpcenter.netcup.com/de/wiki/general/avv/.

11. Use of Cookies

Under the term "Cookies" we understand functions that store and read information on users' devices. Cookies can also be used for different purposes, such as ensuring functionality, security, and convenience of online offerings as well as creating visitor flow analyses. We use cookies in accordance with legal provisions. If necessary, we obtain users' prior consent. If a consent is not required, we rely on our legitimate interests. This applies when storing and reading information is essential to provide explicitly requested content and functions. This includes, for example, storing settings as well as ensuring functionality and security of our online offering. Consent can be withdrawn at any time. We clearly inform about its scope and which cookies are used.

Notes on legal grounds for data protection

Whether we process personal data using cookies depends on consent. If consent is given, it serves as a legal basis. Without consent, we rely on our legitimate interests, which are explained in this section and the context of respective services and procedures.

Storage duration

Regarding storage duration, the following types of cookies are distinguished:

Temporary Cookies (also: Session or session cookies): Temporary cookies are deleted at most when a user leaves an online offering and closes their device (e.g., browser or mobile application).

Permanent Cookies: Permanent cookies remain stored even after closing the device. For example, login status can be saved and preferred content displayed directly when the user revisits the website. Similarly, data collected via cookies may be used for traffic measurement. If we do not provide explicit indications about cookie type and duration to users (e.g., during consent request), they should assume they are permanent and may last up to two years.

General notes on withdrawal and objection (opt-out)

Users can withdraw the consent they have given at any time and also raise an objection to processing in accordance with legal provisions, even via their browser's privacy settings.

Summary

Processed data types: Meta-, communication- and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
Affected persons: Users (e.g., website visitors, users of online services).
Legal bases: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO). Consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO).

Further notes on processing processes, procedures and services

Processing of cookie data based on consent: We implement an opt‑in management solution where users' consent to use cookies or the procedures and providers mentioned in the opt‑in management solution are obtained. This procedure serves to collect, record, manage and withdraw consents, especially regarding cookie usage and comparable technologies that store, read and process information on users' devices. Within this procedure, user consents for cookie usage and associated processing of information, including specific processing and providers mentioned in the opt‑in management procedure, are obtained. Users also have the possibility to manage and withdraw their consents. Consent declarations are stored to avoid repeated queries and to provide proof of consent according to legal requirements. Storage occurs server‑side and/or via a cookie (so‑called Opt‑In‑Cookie) or comparable technologies to associate consent with a specific user or device. If no specific information about providers of opt‑in management services is provided, the following general notes apply: The storage duration of consents lasts up to two years. A pseudonymous user identifier is created together with the time of consent, details on the scope of consent (e.g., cookie categories and/or service providers) and information about browser, system and device used; Legal bases: Consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO).

12. Registration, Login and User Account

Users can create a user account. During registration, users are informed of the required mandatory fields and process them for the purpose of providing the user account based on contractual performance obligations. The processed data include, in particular, login information (username, password, and e-mail address).

In connection with the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of each user action. This storage is based on our legitimate interests as well as those of the users in protecting against abuse and other unauthorized use. These data are generally not disclosed to third parties unless it is necessary for the enforcement of our claims or a statutory obligation exists.

Users can be informed by e-mail about events that are relevant to their user account, such as technical changes.

Summary

Types of processed data: Identity data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and e-mail addresses or telephone numbers); Content data (e.g., textual or image-based messages and posts as well as information concerning them, such as authorship details or creation time); Usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Log data (e.g., log files regarding logins or access to data or access times.).
Affected persons: Users (e.g., website visitors, users of online services).
Purposes of processing and legitimate interests: Provision of contractual performance and fulfillment of contractual obligations; Security measures; Organizational and administrative procedures. Provision of our online offering and user-friendliness.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Storage and Deletion". Deletion upon termination.
Legal bases: Contractual performance and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO). Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).

Further Information on Processing Processes, Procedures and Services

Deletion of data upon termination: If a user has terminated their user account, their data will be deleted with regard to the user account, subject to any statutory permission, obligation or consent of the user; Legal bases: Contractual performance and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO).
No retention obligation for data: It is up to the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all data stored by the user during the duration of the contract; Legal bases: Contractual performance and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO).

13. Community Functions

The Community Functions provided by us allow users to converse with each other or otherwise exchange information. In this regard, we request that the use of Community Functions be permitted only under compliance with applicable law, our Terms and Conditions and Guidelines, as well as the rights of other users and third parties.

Summary

Types of data processed: Personal data (e.g., full name, residential address, contact information, customer number, etc.). Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
Affected persons: Users (e.g., website visitors, users of online services).
Purposes of processing and legitimate interests: Provision of contractual performance and fulfillment of contractual obligations; security measures. Provision of our online offering and user-friendliness.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Storage and Deletion".
Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO). Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).

Further Information on Processing Processes, Procedures and Services

Protection of own data: Users decide themselves which data they disclose about themselves within our online offering. For example, when users provide information about their person or participate in conversations. We request that users protect their data and publish personal data only with care and only to the extent necessary. In particular, we request that users pay special attention to protecting their access credentials and must use secure passwords (i.e., primarily as long and random character combinations); Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO).

14. Contact and Request Management

When contacting us (e.g., via post, contact form, email, telephone, or social media) as well as within the context of existing user and business relationships, the data provided by inquiring persons is processed to the extent necessary for responding to contact requests and any requested measures.

Summary

Types of Data Processed: Contact details (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or image-based messages and posts as well as information concerning them, such as authorship or creation date). Meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
Affected Persons: Communication partners.
Purposes of Processing and Legitimate Interests: Communication; Organizational and administrative procedures; Feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.
Retention and Deletion: Deletion in accordance with the information provided in the section "General Information on Data Storage and Deletion".
Legal Basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO). Contract performance and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO).

Further Information on Processing Processes, Procedures, and Services

Contact Form: When contacting us via our contact form, by email, or other communication channels, we process the personal data transmitted to us for responding to and handling the respective matter. This typically includes details such as name, contact information, and any further information communicated to us that is necessary for appropriate handling. We use these data solely for the stated purpose of contacting and communicating; Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO), Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).

15. Presences in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.

We point out that, in doing so, user data may be processed outside the territory of the European Union. As a result, risks may arise for users, as this could, for example, make it more difficult to enforce their rights.

Furthermore, within social networks, user data is generally processed for market research and advertising purposes. For instance, usage profiles can be created based on user behavior and the interests that thereby emerge. These may in turn be used to serve advertising banners both inside and outside the networks that are presumed to correspond to the users' interests. Therefore, cookies are generally stored on users' computers in which their user behavior and interests are recorded. In addition, usage profiles can also contain data independent of the devices used by the users (in particular, if they are members of the respective platforms and logged in there).

For a detailed representation of the respective processing forms and objection possibilities (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

16. Management, Organisation and Auxiliary Tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organization, administration, planning, and delivery of our services. When selecting third-party providers and their services, we comply with legal requirements.

Within this framework, personal data may be processed and stored on the servers of third-party providers. Various types of data may be affected that are processed in accordance with this privacy policy. Such data may include, in particular, master data and contact details of users, data regarding transactions, contracts, other processes, and their contents.

Where users refer to third-party providers or their software or platforms within the context of communication, business relationships, or other interactions with us, third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore request that you observe the privacy notices of the respective third-party providers.

Summary

Types of processed data: Content data (e.g., textual or image-based messages and posts, as well as information concerning them, such as authorship details or creation time); Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
Affected persons: Communication partners. Users (e.g., website visitors, users of online services).
Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations. Office and organizational procedures.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Storage and Deletion".
Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f DSGVO).

17. Amendment and Update

We request that you regularly inform yourself of the content of our privacy policy. We will update the privacy policy as soon as changes to the data processing we carry out require it. We will notify you as soon as a participation action on your part (e.g., consent) or another form of individual notification becomes necessary due to such changes.

If this privacy policy contains addresses and contact information for companies and organizations, please note that these addresses may change over time and request that you verify the details before contacting them.

Competent supervisory authority: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)

Address: Kavalleriestr. 2-4, 40213 Düsseldorf

Web: www.ldi.nrw.de