Seite wählen

Data protection

 

 

 

 

Table of contents

Introduction and Overview

We have prepared this privacy policy (version 11.05.2021-311281392) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as "data") we, as data controllers – and the data processors we have engaged (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral. In short: We provide you with comprehensive information about the data we process about you. Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a reader-friendly way , links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides the briefest, unclear, and overly technical legal explanations that are often standard practice on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps you will find some information that you were not yet aware of. If you still have questions, please contact the responsible party named below or in the legal notice, follow the provided links, and consult further information on third-party websites. Our contact details can, of course, also be found in the legal notice.

scope

This privacy policy applies to all personal data processed by us within our company and to all personal data processed by companies we have commissioned (data processors). Personal data refers to information such as a person's name, email address, and postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

all online presences (websites, online shops) that we operate

Social media presence and email communication

mobile apps, browser extensions for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in a structured manner within the company.

Legal basis

In the following privacy statement, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation (GDPR), that allow us to process personal data. With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679 .

We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
  2. Contract (Article 6 paragraph 1 lit. b GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information beforehand.
  3. Legal obligation (Article 6 paragraph 1 lit. c GDPR): We process your data when we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes. These typically contain personal data.
  4. Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not infringe your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically. This processing therefore constitutes a legitimate interest.

Other conditions, such as the recording of images in the public interest, the exercise of public authority, or the protection of vital interests, do not generally apply in our case. If such a legal basis should apply, it will be indicated at the relevant point.

In addition to the EU regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data ( Data Protection Act ), abbreviated DSG .
  • In Germany , the Federal Data Protection Act ( BDSG) applies .

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible party

Should you have any questions regarding data protection, you will find the contact details of the responsible person or body below.

Ecosia GmbH
– Rechtsabteilung –
Gerichtstr. 23
13347 Berlin
Deutschland

Vertreten durch:

Chairman Christian Kroll

Kontakt:
E-Mail: [email protected]

Imprint:

Storage duration

We generally only store personal data for as long as is absolutely necessary for providing our services and products. This storage period may be exceeded if legally required, for example, in the case of accounting. This means that we delete personal data as soon as the reason for processing it no longer exists. If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as quickly as possible, provided there is no legal obligation to retain it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent data processing:

  • According to Article 15 of the GDPR, you have the right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and the following information:
    • for what purpose we carry out the processing;
    • the categories, i.e. the types of data that are processed;
    • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
    • how long the data will be stored;
    • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
    • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
    • the origin of the data if we did not collect it from you;
    • whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
  • According to Article 16 of the GDPR, you have a right to rectification of your data, which means that we must correct any data you find.
  • According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request the deletion of your data.
  • According to Article 18 GDPR, you have the right to restrict processing, which means that we may only store the data but not use it further.
  • According to Article 19 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
  • According to Article 21 GDPR, you have the right to object, which, if exercised, will result in a change to the processing.
    • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
    • If your data is used for direct marketing purposes, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for direct marketing.
    • If data is used for profiling, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for profiling.
  • According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/ , and in Germany, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) .

In short: You have rights – do not hesitate to contact the responsible body listed above!

Data transfer to third countries

We only transfer or process data in countries outside the EU (third countries) if you consent to this processing, if it is required by law or contractually necessary, and in any case, only to the extent generally permitted. Your consent is, in most cases, the primary reason we process data in third countries. Processing personal data in third countries such as the USA, where many software companies offer services and have their servers, can mean that personal data may be processed and stored in unexpected ways. Where possible, we try to use server locations within the EU, provided this option is available.

We will inform you in more detail about data transfers to third countries at the relevant points in this privacy policy, if applicable.

Data processing security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our means, for third parties to infer personal information from our data.

Article 25 of the GDPR refers to "data protection by design and by default," meaning that security must always be considered and appropriate measures implemented for both software (e.g., forms) and hardware (e.g., access to the server room). We will discuss specific measures below, if necessary.

TLS encryption with https

TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet. This means that the entire transmission of all data from your browser to our web server is secure – no one can eavesdrop.

This introduces an additional layer of security, allowing us to comply with data protection by design (Article 25, Paragraph 1 GDPR ). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data. You can recognize this secure data transmission by the small padlock icon in the top left corner of your browser, to the left of the web address (e.g., examplepage.com), and the use of the https scheme (instead of http) as part of our web address.

If you would like to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find helpful links to further information.

communication

Communication Summary
👥 Data Subjects: Everyone who communicates with us by phone, email, or online form
📓 Data Processed: e.g., phone number, name, email address, form data entered. More details can be found under the respective contact method used.
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage Period: Duration of the business transaction and legal requirements
⚖️ Legal Basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests) When you contact us and communicate by phone, email, or online form, personal data may be processed.

As a rule, the data is stored for the duration of the business transaction or as long as required by law. The data is processed for the purpose of handling our business activities.

phone

When you call us, call data is stored in pseudonymized form on the respective device and with the telecommunications provider used. In addition, data such as name and telephone number can subsequently be sent via email and stored for answering inquiries. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

E-Mail

When you communicate with us via email, data is stored on your device (computer, laptop, smartphone, etc.) and also on the email server. This data is deleted as soon as the business transaction is completed and legal requirements permit.

Online forms

When you communicate with us via online form, data is stored on our web server. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of the data is based on the following legal grounds:

  • Article 6 paragraph 1 letter a GDPR (consent): You give us your consent to store your data and to use it further for purposes relating to the business transaction;
  • Article 6 paragraph 1 letter b GDPR (contract): The processing is necessary for the performance of a contract with you or a data processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
  • Article 6 paragraph 1 letter f GDPR (Legitimate Interests): We want to handle customer inquiries and business communication in a professional manner. This requires certain technical equipment such as email programs, Exchange servers, and mobile network operators to ensure efficient communication.

Webhosting

Web Hosting Summary
👥 Affected parties: Website visitors
📓 Data processed: IP address, time of website visit, browser used, and other data. More details can be found below or with your web hosting provider.
🤝 Purpose: Professional website hosting and operational security
📅 Storage period: Depends on the provider, but usually 2 weeks
⚖️ Legal basis: Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is web hosting?

When you visit websites these days, certain information – including personal data – is automatically generated and stored, and this website is no exception. This data should be processed as sparingly as possible and only with justification. By "website," we mean all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By "domain," we mean, for example, example.de or sample.com.

If you want to view a website on a screen, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.

This web browser needs to connect to another computer where the website's code is stored: the web server. Operating a web server is a complex and time-consuming task, which is why it's usually handled by professional providers, or hosting providers. These providers offer web hosting and thus ensure the reliable and error-free storage of website data.

When your browser connects to the web server (desktop, laptop, smartphone) and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server also needs to store data for a certain period of time to ensure proper operation.

To illustrate:

Browser und Webserver

What data is processed?

Even while you are currently visiting our website, our web server, that is the computer on which this website is stored, usually automatically saves data such as

  • the complete internet address (URL) of the accessed website (e.g. https://www.examplewebsite.de/examplesubpage.html/)
  • Browser and browser version (e.g. Chrome 87)
  • the operating system used (e.g. Windows 10)
  • the address (URL) of the previously visited page (referrer URL) (e.g. https://www.examplesourcesite.de/fromwhereIcame.html/)
  • the hostname and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
  • Date and time
  • in files, the so-called web server log files

Why do we process personal data?

The purposes of data processing are:

  1. Professional website hosting and operational security
  2. For reasons of operational security and to generate access statistics

How long is data stored?

The data mentioned above is generally stored for two weeks and then automatically deleted. We do not share this data, but we cannot rule out the possibility that authorities may access it in the event of unlawful activity.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we will not share your data without your consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting is based on Art. 6 para. 1 lit. f GDPR (safeguarding legitimate interests), because the use of professional hosting from a provider is necessary to be able to present the company securely and in a user-friendly manner on the internet.

Cookies

Cookie Summary
👥 Affected parties: Website visitors
📓 Data processed: Depends on the specific cookie used. More details can be found below or on the website of the software provider that sets the cookie.
🤝 Purpose: Depends on the specific cookie. More details can be found below or on the website of the software provider that sets the cookie.
📅 Storage duration: Depends on the specific cookie; can vary from hours to years
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)Cookie settings can be viewed and changed here:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Here you can view all your previously selected cookie options and visits in chronological order:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Here you can view all cookies used.

 

 

 

 

 

 

 

 

 

 

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are truly useful tools. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as your language preferences or personal website settings. When you revisit our site, your browser sends this user-related information back to us. Thanks to cookies, our website recognizes you and provides your preferred settings. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic illustrates a possible interaction between a web browser, such as Chrome, and a web server. The web browser requests a website and receives a cookie from the server, which the browser then reuses whenever another page is requested.

HTTP Cookie Interaktion zwischen Browser und Webserver

There are both first-party and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other malware. Cookies cannot access information on your computer.

This is what cookie data might look like, for example:

Name: _ga
Value: GA1.2.1326744211.152311281392-9
Purpose: Differentiating website visitors
Expiry date: after 2 years

These are the minimum sizes a browser should be able to support:

  • At least 4096 bytes per cookie
  • At least 50 cookies per domain
  • At least 3000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services used and are explained in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are four types of cookies:

Essential Cookies:
These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed when a user adds a product to their shopping cart, then continues browsing other pages, and only later proceeds to checkout. These cookies prevent the shopping cart from being emptied, even if the user closes their browser window.

Functional cookies:
These cookies collect information about user behavior and whether the user receives any error messages. They also measure loading times and the website's performance across different browsers.

Targeted cookies:
These cookies improve user-friendliness. For example, they save entered locations, font sizes, or form data.

Advertising cookies:
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very convenient, but also very annoying.

Typically, when you first visit a website, you will be asked which types of cookies you wish to allow. And of course, this decision is also stored in a cookie.

Wenn Sie mehr über Cookies wissen möchten und technische Dokumentationen nicht scheuen, empfehlen wir https://tools.ietf.org/html/rfc6265, dem Request for Comments der Internet Engineering Task Force (IETF) namens “HTTP State Management Mechanism”.

What data is processed?

Cookies are small tools that help with many different tasks. Unfortunately, it's impossible to generalize about what data is stored in cookies, but we will inform you about the data processed and stored in the following privacy policy.

Purpose of processing via cookies

The purpose ultimately depends on the specific cookie. More details can be found below or on the website of the software provider that sets the cookie.

Storage duration of cookies

The storage duration depends on the specific cookie and is further specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

Right to object – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of the service or website the cookies originate from, you always have the option to delete, disable, or partially allow cookies. For example, you can block third-party cookies but allow all others.

If you want to see which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this information in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally don't want to allow cookies, you can configure your browser to always notify you when a cookie is about to be set. This allows you to decide whether to allow each individual cookie. The procedure varies depending on the browser. The best way to find instructions is to search on Google using the keywords "delete cookies Chrome" or "disable cookies Chrome" if you are using the Chrome browser.

On what legal basis do we use cookies?

Since 2009, the so-called "Cookie Directive" has been in effect. This directive stipulates that storing cookies requires your consent (Article 6(1)(a) GDPR). However, reactions to this directive vary considerably across EU countries. In Austria, the directive was implemented in Section 96(3) of the Telecommunications Act (TKG). In Germany, the Cookie Directive was not transposed into national law. Instead, it was largely implemented in Section 15(3) of the Telemedia Act (TMG).

For strictly necessary cookies, where no consent has been obtained, legitimate interests exist (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide website visitors with a pleasant user experience, and cookies are often essential for this.

The following sections will provide you with more detailed information about the use of cookies, if the software used employs cookies.

Google Analytics Privacy Policy

We use the Google Analytics (GA) tracking tool from the American company Google Inc. on our website. For the European Economic Area, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us to better tailor our website and services to your needs. Below, we explain the tracking tool in more detail, focusing on what data is stored and how you can prevent this.

What is Google Analytics?

Google Analytics is a tracking tool used to analyze website traffic. For Google Analytics to function, a tracking code is embedded in our website's code. When you visit our website, this code records various actions you perform. Once you leave our website, this data is sent to and stored on Google Analytics servers.

Google processes the data and we receive reports about your user behavior. These may include, among other things, the following reports:

  • Zielgruppenberichte: Über Zielgruppenberichte lernen wir unsere User besser kennen und wissen genauer, wer sich für unser Service interessiert.
  • Anzeigeberichte: Durch Anzeigeberichte können wir unsere Onlinewerbung leichter analysieren und verbessern.
  • Akquisitionsberichte: Akquisitionsberichte geben uns hilfreiche Informationen darüber, wie wir mehr Menschen für unser Service begeistern können.
  • Behavior reports: Here we learn how you interact with our website. We can track your path on our site and which links you click.
  • Conversion reports: A conversion is a process where you perform a desired action as a result of a marketing message. For example, when you go from being a website visitor to a customer or newsletter subscriber. These reports help us understand how our marketing efforts are performing for you, which is how we aim to increase our conversion rate.
  • Echtzeitberichte: Hier erfahren wir immer sofort, was gerade auf unserer Website passiert. Zum Beispiel sehen wir wie viele User gerade diesen Text lesen.

Warum verwenden wir Google Analytics auf unserer Webseite?

Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically analyzed data gives us a clear picture of our website's strengths and weaknesses. On the one hand, we can optimize our site so that it's easier for interested people to find it on Google. On the other hand, the data helps us understand you, our visitors, better. We therefore know exactly what we need to improve on our website to offer you the best possible service. The data also helps us to make our advertising and marketing efforts more targeted and cost-effective. After all, it only makes sense to show our products and services to people who are interested in them.

What data does Google Analytics store?

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This allows Google Analytics to recognize you as a new user. The next time you visit our site, you will be recognized as a returning user. All collected data is stored along with this user ID. This is what makes it possible to analyze pseudonymous user profiles.

To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For every newly created property, the Google Analytics 4 property is used by default. Alternatively, you can also create the Universal Analytics property. Data is stored for varying lengths of time depending on the property used.

Your interactions on our website are measured using identifiers such as cookies and app instance IDs. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if required by law.

The following cookies are used by Google Analytics:

Name: _ga
Value: 2.1326744211.152311281392-5
Purpose: Standardmäßig verwendet analytics.js das Cookie _ga, um die User-ID zu speichern. Grundsätzlich dient es zur Unterscheidung der Webseitenbesucher.
Expiration date: after 2 years

Name: _gid
Value: 2.1687193234.152311281392-1
Purpose: This cookie is also used to distinguish website visitors
Expiration date: after 24 hours

Name: _gat_gtag_UA_
Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is deployed via Google Tag Manager, this cookie is named _dc_gtm_.
Expiration date: after 1 minute

Name: AMP_TOKEN
Value: Not specified
Purpose: This cookie contains a token used to retrieve a user ID from the AMP Client ID service. Other possible values ​​indicate a logout, a request, or an error.
Expiration date: After 30 seconds up to one year

Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie allows us to track your behavior on the website and measure performance. The cookie is updated every time information is sent to Google Analytics.
Expiration date: after 2 years

Name: __utmt
Value: 1
Purpose: This cookie is used like _gat_gtag_UA_ to throttle the request rate.
Expiration date: after 10 minutes

Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated each time new data or information is sent to Google Analytics.
Expiration date: after 30 minutes

Name: __utmc
Value: 167421564
Purpose: This cookie is used to establish new sessions for returning visitors. It is a session cookie and is only stored until you close your browser.
Expiration date: After closing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: This cookie is used to identify the source of visitor traffic to our website. In other words, the cookie stores where you came from. This could have been another website or an advertisement.
Expiration date: after 6 months

Name: __utmv
Value: Not specified
Purpose: This cookie is used to store user-defined data. It is updated whenever information is sent to Google Analytics.
Expiration date: after 2 years

Note: This list is not exhaustive, as Google frequently changes its choice of cookies.

Here we show you an overview of the most important data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. These heatmaps show exactly which areas you click on. This gives us information about where you are on our website.

Session duration: Google defines session duration as the time you spend on our site without leaving the page. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce occurs when you view only one page on our website and then leave our website.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

IP address: The IP address is only displayed in abbreviated form so that no unique identification is possible.

Location: Your country and approximate location can be determined via your IP address. This process is also known as IP geolocation.

Technical information: This includes, among other things, your browser type, your internet service provider, and your screen resolution.

Source of origin: Google Analytics; we are of course also interested in which website or advertisement you came to our site via.

Other data collected includes contact information, any ratings, media playback (e.g., when you play a video on our site), sharing content via social media, or adding items to your favorites. This list is not exhaustive and serves only as a general guide to data storage by Google Analytics.

How long and where will the data be stored?

Google has distributed its servers all over the world. Most of these servers are located in America, and consequently, your data is mostly stored on American servers. You can find detailed information about the locations of Google's data centers here: https://www.google.com/about/datacenters/inside/locations/?hl=de

Your data is distributed across various physical storage devices. This has the advantage of faster data retrieval and better protection against manipulation. Each Google data center has corresponding emergency backup programs for your data. Even if, for example, Google's hardware fails or natural disasters disable servers, the risk of a service interruption at Google remains low.

The data retention period depends on the properties used. When using the newer Google Analytics 4 properties, the retention period for your user data is fixed at 14 months. For other event data, we have the option to choose a retention period of either 2 or 14 months.

For Universal Analytics properties, Google Analytics has a default user data retention period of 26 months. After this period, your user data is deleted. However, we have the option to choose the user data retention period ourselves. We have five options available for this:

  • Deletion after 14 months
  • Deletion after 26 months
  • Deletion after 38 months
  • Deletion after 50 months
  • No automatic deletion

Additionally, there is the option to have data deleted only if you do not visit our website within the period we have selected. In this case, the retention period will be reset each time you visit our website again within the specified period.

Once the specified period has expired, the data is deleted once a month. This retention period applies to your data that is linked to cookies, user recognition, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored separately from user data. Aggregated data is a combination of individual data points into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to access, update, delete, or restrict the processing of your data. You can prevent Google Analytics from using your data by using the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can download and install the browser add-on from https://tools.google.com/dlpage/gaoptout?hl=de . Please note that this add-on only deactivates data collection by Google Analytics.

If you generally want to disable, delete or manage cookies (regardless of Google Analytics), there are separate instructions for each browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

Please note that when using this tool, your data may be stored and processed outside the EU. Most third countries (including the USA) are currently considered unsafe under European data protection law. Therefore, data may not simply be transferred to, stored, and processed in unsafe third countries unless there are appropriate safeguards (such as EU Standard Contractual Clauses) between us and the non-European service provider.

We hope we have provided you with the most important information regarding data processing by Google Analytics. If you would like to learn more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html und https://support.google.com/analytics/answer/6004245?hl=de.

Google Analytics IP anonymization

We have implemented IP address anonymization for Google Analytics on this website. This feature was developed by Google to ensure that this website complies with applicable data protection regulations and the recommendations of local data protection authorities, particularly where the storage of complete IP addresses is prohibited. The anonymization or masking of the IP address takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any data is stored or processed.

More information about IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=de.

Google Analytics Data Processing Amendment

We have entered into a direct customer agreement with Google for the use of Google Analytics by accepting the "Data Processing Amendment" in Google Analytics.

You can find more information about the data processing amendment for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad

Facebook-Pixel Privacy Policy

We use the Facebook pixel on our website. We have implemented a code snippet on our website for this purpose. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions allowing Facebook to track your user actions if you arrived at our website via Facebook ads. For example, if you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies allow Facebook to match your user data (customer data such as IP address, user ID) with the data in your Facebook account. Facebook then deletes this data. The collected data is anonymous and inaccessible to us and is only used for advertising purposes. If you are a Facebook user and logged in, your visit to our website will be automatically associated with your Facebook user account.

We want to show our services and products only to people who are genuinely interested. Using the Facebook pixel, our advertising can be better tailored to your needs and interests. This allows Facebook users (provided they have allowed personalized advertising) to see relevant ads. Facebook also uses the collected data for analysis and its own advertising purposes.

Below, we show you the cookies that were set by integrating the Facebook pixel on a test page. Please note that these are only example cookies. Different cookies will be set depending on your interactions on our website.

Name: _fbp
Value: fb.1.1568287647279.257405483-6311281392-7
Purpose: This cookie is used by Facebook to display advertising products.
Expiration date: after 3 months

Name: fr
Value: 0aPf312HOS5Pboo2r..Bdeiuf…1.0.Bdeiuf.
Purpose: This cookie is used to ensure the Facebook pixel functions correctly.
Expiry date: after 3 months

Name: comment_author_50ae8267e2bdf1253ec1a5769f48e062311281392-3
Value: Author's name
Purpose: This cookie stores the text and name of a user who leaves a comment, for example.
Expiry date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062
Value: https%3A%2F%2Fwww.testseite…%2F (Author's URL)
Purpose: This cookie stores the URL of the website that the user enters in a text field on our website.
Expiry date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062
Value: Author's email address
Purpose: This cookie stores the user's email address if they have provided it on the website.
Expiry date: after 12 months

Note: The cookies mentioned above relate to individual user behavior. Changes to Facebook's use of cookies are always possible.

If you are logged into Facebook, you can change your ad preferences yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . If you are not a Facebook user, you can generally manage your online behavioral advertising at http://www.youronlinechoices.com/de/praferenzmanagement/ . There you have the option to deactivate or activate providers.

If you would like to learn more about Facebook's data protection practices, we recommend that you consult the company's own data policy at https://www.facebook.com/policy.php.

Google Tag Manager Privacy Policy

We use Google Tag Manager from Google Inc. on our website. For the European Economic Area Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. This Tag Manager is one of many helpful marketing products from Google. Through Google Tag Manager, we can centrally integrate and manage code snippets from various tracking tools that we use on our website.

In this privacy policy, we want to explain in more detail what the Google Tag Manager does, why we use it, and in what form data is processed.

What is the Google Tag Manager?

The Google Tag Manager is an organizational tool that allows us to centrally integrate and manage website tags via a single user interface. Tags are small snippets of code that, for example, record (track) your activity on our website. This is achieved by inserting JavaScript code snippets into our website's source code. These tags often originate from Google products like Google Ads or Google Analytics, but tags from other companies can also be integrated and managed through the manager. Such tags perform various functions. They can collect browser data, feed data into marketing tools, integrate buttons, set cookies, and even track users across multiple websites.

Why do we use Google Tag Manager for our website?

As they say, organization is half the battle! And that certainly applies to maintaining our website. To make our website as user-friendly as possible for you and everyone interested in our products and services, we need various tracking tools, such as Google Analytics. The data collected by these tools shows us what interests you most, where we can improve our services, and which people we should show our offers to. For this tracking to work, we need to integrate the corresponding JavaScript code into our website. We could, in principle, insert each code snippet for the individual tracking tools separately into our source code. However, this is quite time-consuming, and it's easy to lose track. That's why we use Google Tag Manager. We can easily integrate the necessary scripts and manage them from one central location. Furthermore, Google Tag Manager offers an easy-to-use interface, and no programming knowledge is required. This allows us to keep our tag jungle organized.

What data is stored by Google Tag Manager?

Der Tag Manager selbst ist eine Domain, die keine Cookies setzt und keine Daten speichert. Er fungiert als bloßer „Verwalter“ der implementierten Tags. Die Daten erfassen die einzelnen Tags der unterschiedlichen Web-Analysetools. Die Daten werden im Google Tag Manager quasi zu den einzelnen Tracking-Tools durchgeschleust und nicht gespeichert.

However, the situation is quite different with the embedded tags of various web analytics tools, such as Google Analytics. Depending on the analytics tool, various data about your web behavior are usually collected, stored, and processed using cookies. Please read our privacy policies for the individual analytics and tracking tools we use on our website.

In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. This only pertains to the use of our Tag Manager and not to your data stored via the code snippets. We are enabling Google and others to receive selected data in anonymized form. We therefore consent to the anonymous sharing of our website data. Despite extensive research, we have not been able to determine exactly which aggregated and anonymized data is shared. In any case, Google deletes all information that could identify our website. Google aggregates this data with hundreds of other anonymous website data points and creates user trends as part of benchmarking. Benchmarking involves comparing your own results with those of your competitors. Processes can be optimized based on the collected information.

How long and where will the data be stored?

When Google stores data, this data is stored on Google's own servers. These servers are distributed around the world, with most located in the United States. You can find detailed information about the locations of Google's servers at https://www.google.com/about/datacenters/inside/locations/?hl=de

For information on how long the individual tracking tools store your data, please refer to our individual privacy policies for each tool.

How can I delete my data or prevent data storage?

The Google Tag Manager itself does not set cookies, but manages tags from various tracking websites. In our privacy policies for the individual tracking tools, you will find detailed information on how to delete or manage your data.

Please note that when using this tool, your data may be stored and processed outside the EU. Most third countries (including the USA) are currently considered unsafe under European data protection law. Therefore, data may not simply be transferred to, stored, and processed in unsafe third countries unless there are appropriate safeguards (such as EU Standard Contractual Clauses) between us and the non-European service provider.

If you would like to learn more about Google Tag Manager, we recommend the FAQs at https://www.google.com/intl/de/tagmanager/faq.html.

We use a Consent Management Platform (CMP) software on our website to facilitate the correct and secure handling of scripts and cookies for both you and us. The software automatically generates a cookie popup, scans and controls all scripts and cookies, provides you with the legally required cookie consent, and helps us and you maintain an overview of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide which scripts and cookies you allow or block. The following graphic illustrates the relationship between browser, web server, and CMP.

Consent Management Platform Überblick

Why do we use a cookie management tool?

Our goal is to offer you the greatest possible transparency regarding data protection. We are also legally obligated to do so. We want to inform you as thoroughly as possible about all tools and cookies that can store and process your data. It is also your right to decide which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we are aware of all cookies and can provide you with GDPR-compliant information about them. You can then accept or reject cookies via the consent system.

On what legal basis do we use cookies?

If you consent to cookies, your personal data will be processed and stored via these cookies. If we are permitted to use cookies with your consent, this consent also constitutes the legal basis for the use of cookies and the processing of your data.

You also have the right and the option to withdraw your consent to the use of cookies at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

What data is stored?

Our cookie management tool allows you to manage each individual cookie yourself and gives you complete control over the storage and processing of your data. Your consent is stored so that we don't have to ask you every time you visit our website and so that we can prove your consent if legally required. This is stored either in an opt-in cookie or on a server. The storage duration for your cookie consent varies depending on the provider of the cookie management tool. This data (such as pseudonymous user ID, time of consent, details about the cookie categories or tools, browser, and device information) is usually stored for up to two years.

Information on specific cookie management tools can be found – if available – in the following sections.

BorlabsCookie Privacy Policy

We use BorlabsCookie on our website, among other things a tool for storing your cookie consent. The service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany. You can find out more about the data processed through the use of BorlabsCookie in the Privacy Policy at https://de.borlabs.io/datenschutz/.

Using the WordPress plugin Wordfence

We use Wordfence, a service provided by Defiant Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA (www.wordfence.com), to enhance the security of our website. We have a legitimate interest in doing so. Using this service requires that your IP address be transmitted to Wordfence. We have determined that your interests do not override our legitimate interest in processing your data, and therefore this processing is not prohibited (Art. 6 para. 1 sentence 1 lit. f GDPR). It cannot be ruled out that Wordfence processes the data in the USA; however, Wordfence has applied for certification under the EU-US Privacy Shield. You can view Wordfence's privacy policy here:
https://www.wordfence.com/privacy-policy/
If you have any questions, you can also contact Defiant directly: [email protected]

freetree App and Extension

Neither our app nor our browser extension collects any personal data!

Only the shop's domain (e.g., booking.com or amazon.com) is sent to our server when you activate freetree. This allows us to check whether a shop is supported by freetree or not.

All texts are protected by copyright.

Source: Created with the Privacy Policy Generator AdSimple