Política de Privacidade

Imprimir Gerenciar consentimento

A. Responsible party

The responsible party for the purposes of the General Data Protection Regulation and other national data protection laws of the European Member States as well as other data protection regulations for the processing of personal data within the context of the “nextpit.de”, “nextpit.com”, “nextpit.it”, “nextpit.es”, “nextpit.fr” and “nextpit.com.br” portal (hereinafter referred to as “the portal”) is:

nextpit GmbH
Strelizter Strasse 58
10115 Berlin
Germany
Email: support@nextpit.com
Website: www.nextpit.com

B. Contact details of the data protection representative

The data protection representative of the responsible party can be reached as follows:

Data protection representative of nextpit GmbH
Strelizter Straße 58
10115 Berlin
Germany
Email: support@nextpit.com

C. Processing of personal data

The following terms are used in the following data protection policy:

  • Visitors: Persons who access the portal without registering (no use of the portal's functions and services is possible).
  • Users: Persons who have registered to use the portal and use the portal within the context of a user agreement on the basis of the responsible party's terms of use.

I. Visitor portal and contact

1. Visiting our portal

1.1. Description of data processing

When you access our portal, the browser used on your device automatically sends information to the server of our portal/website. The following information is collected:

  • The visitor’s IP address
  • Date and time of access
  • Information about the browser type and version used
  • The visitor’s operating system
  • Websites from which the visitor’s system reaches our website

This data is saved in log files in our system, whereby the IP address is made anonymous. This data is not saved together with the visitor's other personal data.

Likewise, this data is not passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.

1.2. Purpose of data processing

The system's temporary storage of the IP address is necessary to enable the website to be transmitted to the visitor's computer. The visitor's IP address must be stored for the duration of the session for this purpose.

The data is stored in log files to ensure the functionality of the website. In addition, the files serve to optimize the website and to ensure the security of our information technology systems.

1.3. Legal basis of the processing

The legal basis for temporarily saving data as well as saving log files is Art. 6 para 1. lit. f) GDPR.

The legitimate interest in data processing required for this purpose exists in the processing purposes mentioned under Section 1.2 above.

1.4. Duration of data processing/deletion

The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or processed. In cases in which the data is collected and saved for the purposes of providing the website, the data is deleted when the respective session has ended.

If the data is stored in log files, it is deleted thirty days after it is collected.

1.5. Right of objection

In accordance with Article 21 of the GDPR, you have the right at any time to object to the processing of the data in accordance with Section 1.1 for reasons resulting from your particular situation. In this case, we will no longer process the data, unless compelling reasons to process the data are demonstrated that outweigh your interests, rights and freedoms, or if the processing serves to make, process, or defend legal claims.

To exercise a right of objection, the visitor can contact us via email using the email address support@nextpit.com.

If the objection is justifiable, the data will be deleted.

2. Contact form and email address

2.1. Description and scope of data processing

There is a contact form on our website, which can be used for electronic communication. If a visitor takes advantage of this option, the data entered in the input form will be transferred to us and saved. This data includes:

  • Name
  • Email address
  • The message

At the time the message is sent, the following data is saved:

  • The IP address of the visitor
  • Date and time

When sending the message using the contact form, your consent is obtained for the processing of the data and you will be referred to this data protection policy.

You can alternatively contact us via the email address provided. In this case, the visitor's personal data transmitted by email will be saved.

The data are used exclusively for the processing of the respective inquiry. In this context, the data will not be passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.

2.2. Purpose of data processing

The processing of personal data from the input form and/or your email inquiry takes place solely for the purposes of establishing contact. If you contact us by email, this likewise constitutes the necessary legitimate interest to process the data.

The other personal data processed during the transmission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

2.3. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a) GDPR if the visitor has given his or her consent (for inquiries via the contact form).

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f) GDPR. If the email contact is aimed at the conclusion of a contract, then the additional legal basis for processing the data is Art. 6 para. 1 lit. b) GDPR.

2.4. Duration of processing

The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected. For personal data from the input form of the contact form and sent by email, this data is deleted when the visitor's respective conversation or inquiry has ended. The conversation is terminated when it can be inferred from the circumstances that the facts in questions have finally been clarified.

The additional personal data collected during the transmission process will be deleted at the latest after a period of 30 days from the time the data was collected.

2.5. Right of objection and revocation

The visitor has the possibility at any time to revoke his consent to the processing of personal data which he has given when using the contact form. The processing of the data that has taken place before the revocation is not affected by the revocation.

If the visitor contacts us via email, he or she can object to his personal data being stored at any time in accordance with Art. 21 GDPR. In this case, the conversation cannot be continued.

In order to make a corresponding objection or revocation, the visitor can contact us using the email address support@nextpit.com.

The data stored in the process of establishing contact will be deleted in the aforementioned cases.

II. Registration and user profile

1. Registering with nextpit

1.1. Description and scope of processing

In order to be able to use the services and functions offered within the context of the portal, registration is required for users. The following data is required for registration.

  • Email address
  • Password (saved as SHA hash)
  • Username (freely selectable)
  • Acceptance of terms of use and data protection policy
  • Newsletter user settings

At the time the registration request is sent, the following metadata is saved:

  • The user’s IP address
  • Date and time the registration is submitted
  • Language
  • Type of registration (via email, Facebook or Google, the user from Facebook or Google may be saved)
  • The user-agent of the user’s end device
  • Date of the validation of the user account (confirmation of registration)
  • Receipt of welcome message

Without the aforementioned data, the conclusion or implementation of the contract is not possible. The processing of this data is necessary in this context.

With the exception of the metadata, this data is entered via a corresponding input form. We store all this data. This data is processed to conclude and implement the user contract for the use of the portal’s services and functions.

With the exception of the username, this data is not publicly accessible via the portal.

If the user uses his or her account from the internet platforms Facebook or Google to register, we receive the user’s corresponding email address directly via Facebook or Google. With this configuration, it is not necessary for the responsible party to collect the password. Furthermore, reference is made in this context to the data protection information provided by Facebook or Google.

In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.

1.2. Purpose of processing

The processing of the data collected during registration serves to conclude and implement the user contract with the user with respect to the use of the portal or its services and functions.

The metadata also serves to prevent misuse of the registration and to ensure the security of our information technology systems.

1.3. Legal basis of the processing

The legal basis for the processing of login data collected in the context of registration is Art. 6 para. 1 lit. b) GDPR.

1.4. Duration of processing

After complete processing of the contract of use concerning the use of the services in the portal or deletion of the user’s profile, the data will be deleted and processing will be restricted to the extent necessary for tax and commercial obligations to save it. The data will be deleted at the latest after the expiry of the corresponding legal retention period, unless the user has expressly consented to further use of the data.

2. User’s profile details

2.1. Description and scope of processing

The user has the option to complete his user profile with voluntary information that is publicly visible in the portal. The following optional data may be collected and saved:

  • Profile image
  • About me text
  • List of the user’s end devices
  • Forum signature
  • Link to user’s Google, Twitter, Facebook, and YouTube profile

The aforementioned data can be viewed publicly via the portal and is processed for the purposes of the contract or to perform the functions offered within the scope of the portal. In particular, this data is also processed for the user to present it.

In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.

2.2. Purpose of processing

The processing of the data collected during registration serves the purpose of implementing the user contract with the user regarding the use of the portal or its services and functions.

2.3. Legal basis of the processing

The legal basis for the processing of data is Art. 6 para. 1 lit. b) GDPR.

2.4. Duration of processing

After complete processing of the user contract or deletion of the user profile, the data will be deleted and processing will be restricted to the extent necessary for tax and commercial obligations to save it. The data will be deleted at the latest after the expiry of the corresponding legal retention period, unless the user has expressly consented to further use of the data.

III. Comments, forum and gamification

1. Comments

1.1. Description and scope of processing

Users have the opportunity to comment on articles published on the portal.

The user submits his or her comment using the appropriate input form. They also have the option of subscribing to notifications from the portal via email when users reply to their comments. Other users can also be informed about the user's answers.

If the user sends the comment, it will be published and stored in a publicly accessible form on the portal. The publication and storage of the comment is linked to the username and profile picture of the user as well as the date and time of the comment.

Apart from that, the data from the comment will not be passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.

1.2. Purpose of processing

The processing of the data serves the use of the comment function and serves in particular for the interaction, the exchange and the formation of opinions in the framework of the portal.

This processing therefore takes place for the execution of the portal functions that are provided within the context of the user relationship and used by the user.

1.3. Legal basis of the processing

The legal basis for the processing of data is Art. 6 para. 1 lit. b) GDPR.

1.4. Duration of processing

The user has the option to delete comments he or she has made at any time. In this case, the comment data will be deleted.

2. Forum

2.1. Description and scope of processing

Users have the option to participate in the forum within the context of the portal by writing and publishing contributions. The user must first select the forum via the corresponding input form, and then leave a title and message. If the user publishes his or her contribution (and saves the contribution), it will be published on the portal with his or her username, the profile picture and the time of the contribution.

The user additionally has the option to answer, evaluate and observe contributions in the forum. The user can view and manage his or her saved messages as well as forums he or she has viewed in the forum overview within the scope of his or her profile.

Apart from this, the forum data will not be passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.

2.2. Purpose of processing

The processing of the data serves the purpose of providing users with the opportunity to participate in the forum, and therefore to inform, exchange and form opinions within the context of the portal.

This processing therefore takes place for the execution of the portal functions that are provided within the context of the user relationship and used by the user.

2.3. Legal basis of the processing

The legal basis for this processing of the project data is Art. 6 para. 1 lit. b) GDPR.

2.4. Duration of processing

With the discontinuation of the purpose of processing, i.e. after complete processing of the user contract or deletion of the user's profile, the user’s subscriptions to the contributions in the forum for the user concerned will be deleted. The contributions will then no longer allow any conclusions to be drawn about the user’s identity.

3. Gamification

3.1. Description and scope of processing

Within the framework of the portal, users can playfully measure their user activity on the portal and compare it with other users. Users can earn points for various campaigns on the portal and collect them on a corresponding account.

Gamification events are saved in the user’s profile; these are actions within the context of the portal, for which the user can acquire points. Depending on the score, the user can reach different levels. In addition, the score, the level reached and corresponding ranking will be saved. However, only the corresponding user ranking can be viewed by the public.

Apart from this, the forum data will not be passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.

3.2. Purpose of processing

The processing of the aforementioned data serves to document user activity on the portal for use by the user in the context of the playful competition through gamification.

This processing therefore takes place for the execution of the portal functions provided within the context of the user relationship and used by the user.

3.3. Legal basis of the processing

The legal basis for the processing of data is Art. 6 para. 1 lit. b) GDPR.

3.4. Duration of processing

During the period of use of the portal by the user (user relationship), the corresponding data is saved and processed within the scope of the corresponding functions. When the purpose of processing ceases to apply, i.e. after complete processing of the user contract or deletion of the user's profile, reference to the user in this data is terminated, while this data is still retained. This means that from then on no conclusions can be drawn about the user’s identity.

IV. Newsletter and messages

1. Newsletter

1.1. Description and scope of processing

Within the framework of the portal, visitors and users have the option of subscribing to the newsletters offered free of charge.

When registering, the user's consent to receive the newsletter is obtained and documented. Furthermore, it is pointed out in particular that the consent given by the user can be revoked at any time with immediate effect.

To receive the newsletter, we require your name and e-mail address.

The registration takes place in a so-called double opt-in procedure. This means that the user expressly consents to receiving the newsletter and receives a confirmation e-mail with an activation link after registration. In order to be able to prove the registration process in accordance with the legal requirements, the registrations for the newsletter are logged. This includes the storage of the registration and confirmation time.

The newsletter is sent on our behalf via the mailing service "ConvertKit", a newsletter delivery platform of the US provider ConvertKit LLC, 750 W Bannock St. #761, Boise ID 83701 (hereinafter "ConvertKit").

We have concluded a "Data Processing Agreement" with ConvertKit in accordance with § 28 GDPR, in which we oblige ConvertKit to protect our customers' data and not to pass it on to third parties.

The dispatch service provider may use the recipients' data in pseudonymous form, i.e. without attribution to a user, to optimize or improve its own services, e.g. for the technical optimization of dispatch, the presentation of the newsletter or for statistical purposes. The dispatch service provider will not write its own e-mails to the newsletter recipients.

The newsletters contain a so-called "web beacon". This is a pixel-sized file that is retrieved from the ConvertKit server when the newsletter is opened. As part of your retrieval, technical information is first collected, such as information about the browser and your system, as well as your IP address and the time of the retrieval. This technical data is used to analyse the target groups, reading behaviour, access times and retrieval points of the recipients.

The statistical surveys also include an analysis of whether the sent newsletters are opened by the respective recipients, when they are opened and which links are clicked on.

This technical information is used to continuously improve the newsletter. The analyses are used to recognise the reading behaviour of the individual newsletter recipients and to adapt the content we provide accordingly to our newsletter subscribers or to send different individualised content.

1.2. Purpose of processing

The data is processed for the purpose of sending the newsletter.

1.3. Legal basis of the processing

The processing of data in connection with the sending of the newsletter is based on your consent, legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR.

1.4. Right of revocation

The user's consent can be revoked at any time with effect for the future and the corresponding subscription to the newsletter can be cancelled. The revocation can be made by sending an e-mail to support@nextpit.com or by using the unsubscribe link in the newsletter. This possibility is also pointed out separately in each newsletter.

In this case, the lawfulness of the processing of the email address remains unaffected until the time of the revocation.

1.5 Recipient

The recipient of your data is the service provider.

1.6 Transfer to a third country

ConvertKit uses so-called standard contractual clauses (SCC) in the sense of Art. 46 (2) and (3) GDPR as the basis for data processing with recipients based in third countries or a transfer of data there. SCC are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, ConvertKit undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission.

More information about the standard contractual clauses at ConvertKit can be found at https://convertkit.com/security.

You can find out more about the data processed through the use of ConvertKit in the Privacy Policy at https://convertkit.com/privacy.

1.7 Duration of processing

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. Accordingly, the user's e-mail address is stored for as long as the subscription to the selected newsletter is active. Thereafter, the e-mail address will be deleted unless the user has given us permission to use it for other purposes or we are entitled by law to process the e-mail address for other purposes.

1.8 Obligation to provide data

The provision of your personal data is based solely on your voluntarily given consent. Unfortunately, we cannot send you our newsletter without existing consent.

2. Private messages

2.1. Description and scope of processing

As an essential function of the portal, users have the option to send private messages via a messaging system internal to the portal. Every user on the portal can receive messages from other users, but sending private messages is only possible when one has reached level 3 of the gamification status (cf. under C.III.3.). After sending the message via the portal, the messages are then sent to the corresponding users via email. The recipient receives an email from the portal in which he or she receives the sender’s message.

The message is sent via a corresponding messaging form within the portal. When sending a message, the user only has to enter his or her message and decide whether he or she would like to receive a copy of the message. The users’ usernames are used to identify the sender and recipient. Apart from the usernames and the content of the message, none of the user’s other data is involved in the transmission of the private message. The user has the option of rejecting the receipt of private messages in the settings of his or her user profile.

2.2. Purpose of processing

The purpose of the processing is to send private messages via the portal, which represents an essential function in the portal within the context of the user relationship.

2.3. Legal basis of the processing

The legal basis for processing the data is Art. 6 para. 1 lit. b) GDPR.

V. Cookies, web analysis and other third-party services

1. Cookies

1.1. Description and scope of processing

Cookies are used within the context of the portal. These are small text files that are stored on your end device in the browser that you use and through which certain information flows to the location where the cookie was set.

We use these cookies to make your visit to our portal attractive, to enable the use of certain functions and to be able to display suitable products to you.

Some of the cookies that are used within the context of the portal are deleted after the end of the respective session, i.e. after closing your browser (session cookies). Other cookies, on the other hand, remain on your terminal device even after the end of the session and enable us to recognize your browser the next time you visit our portal (persistent cookies).

The duration of the storage of the respective cookies can be seen in the overview in the cookie settings of your browser. You can also set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. With respect to how long cookies are saved, we refer to the respective cookie settings in browsers.

We would like to point out, however, that the functionality of our portal may be limited if the use of cookies is prevented.

The cookies used also collect data about usage behavior in the portal. However, the data collected in this way is pseudonymized through technical measures. It is therefore no longer possible to assign the data to a respective user.

Name Purpose Duration
JSESSIONID Session cookie is used to identify logged-in users. SESSION
np_theme Technically necessary cookie that determines the appearance (dark mode/light mode) of the website. 1 year
lf_k Technically necessary cookie. Enables automatic login. 180 days
ga-disable Technically necessary cookie. Enables Google Analytics tracking to be switched off. Permanent, if set.
markedChangesDisabled Technically necessary cookie. Enables the showing and hiding of changed text in the article that has been marked by the author. 1 year

1.2. Purpose of processing

The purpose of the processing is primarily to simplify the use of websites for users. Furthermore, some functions on our portal cannot be offered without the use of cookies. It is also necessary that the user’s browser is recognized even when a user leaves the website and returns.

Cookies are used for analysis purposes in order to improve the quality of our website and its contents. These analysis cookies tell us how the website is used and enable us to constantly optimize our services.

In the aforementioned purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 para. 1 lit. f) GDPR.

1.3. Legal basis of the processing

The legal basis for the processing of data using cookies is Art. 6 para. 1 lit. f) GDPR.

1.4. Duration of processing

The cookies are stored on your end device and transmitted to our portal, which means the respective user has full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the cookie settings in your internet browser. Cookies already stored on your end device can be deleted at any time. This can also be done automatically. However, if cookies are deactivated for our portal, it may no longer be possible to use all functions on the portal to their full extent.

2. Google Analytics

2.1. Description and scope of processing

The portal also uses Google Analytics for web analysis. This is an analysis service of Google LLC (www.google.com). Google Analytics enables an analysis of users’ use of our portal. In this way, we are able to optimize our services and adapt them to the needs of the users.

The automatically collected information about the users’ use of the portal is usually transmitted to a Google server in the USA and stored there. By activating IP anonymization as part of our portal, the IP address is shortened prior to transmission within the Member States of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser within the context of Google Analytics is not aggregated with other Google data.

Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. As a result of this agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.

2.2. Purpose of processing

The purpose of the processing is to analyze user behavior in order to optimize the offer and to adapt our portal to the needs of users.

This also constitutes legitimate interest within the scope of Art. 6 para. 1 lit. f) GDPR.

2.3. Legal basis of the processing

The legal basis for processing the data within the context of web analysis is Art. 6 para. 1 lit. f) GDPR.

2.4. Duration of processing

After we have finished using the data for the purposes of Google Analytics, the data collected in this context will be deleted.

You can prevent Google from collecting and processing the data that the cookie generates and that relates to your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Alternatively, by clicking on this link, you prevent Google Analytics from collecting data about you within this website. By clicking on the link above you can download an "opt out cookie". Your browser must therefore allow cookies to be stored. If you delete your cookies regularly, you will need to click on the link again each time you visit this website.

3. Google reCAPTCHA

3.1. Description and scope of processing

Within the framework of the portal we use reCAPTCHA to avoid abusive and in particular automated access to our portal. This is a service of Google LLC (www.google.com).

With the help of this service, the user’s behavior that is targeted is automatically analyzed on the basis of various features as soon as our portal is accessed. reCAPTCHA evaluates various information, such as the IP address and the duration of stay on the portal, which is necessary for the functioning of the portal. The data collected in this context is forwarded to Google.

Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. As a result of this agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.

For further information on this service and the associated data processing, please refer to Google's data protection information, available at https://policies.google.com/privacy?hl=en.

3.2. Purpose of processing

The purpose of processing is the protection and integrity of our portal and our IT systems by preventing abusive and in particular automated access. This also constitutes our legitimate interest in the processing of the data.

3.3. Legal basis of the processing

The legal basis for processing the data is Art. 6 para. 1 lit. f) GDPR.

4. Sentry

4.1 Description and scope of processing

As part of our portal, we use Sentry, an error analysis service. This service is provided by Functional Software Inc, 132 Hawthorne Street, San Francisco, California 94107, USA ("Sentry").

When an error occurs on our portal, an error analysis is sent to Sentry. In the process, the IP address and browser data of the visitor or user are transmitted.

4.2 Purpose of the processing

In order to ensure the technical stability of our portal, system errors are logged with the help of Sentry.

4.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. f) GDPR, whereby our legitimate interest results from the stated purpose.

4.4 Recipient

The recipient of your data is the provider of the services.

4.5 Transfer to a third country

The information generated by Sentry is usually transmitted to a server of the service provider located in the USA and stored there. We have concluded a "Data Processing Agreement" in accordance with Art. 28 GDPR with Sentry for the data protection-compliant processing of your data when carrying out the error analysis.

Sentry uses standard contractual clauses (SCC) within the meaning of Art. 46 (2) and (3) GDPR as the basis for data processing for recipients based in third countries or a transfer of data there. Through these clauses, Sentry undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA.

The Data Processing Addendum, which corresponds to the standard contractual clauses, can be found at https://sentry.io/legal/dpa/5.0.0/.

To learn more about the data processed through the use of Sentry, please see the Privacy Policy at https://sentry.io/privacy/.

4.6 Duration of processing

The data is stored for a maximum of 90 days after analysis and then deleted without residue.

5. Google AdSense and Ad Exchange

5.1 Description and scope of processing

Google AdSense / Ad Exchange is an advertising display and optimisation service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Cookies are used for this service, which help, for example, to display only user-relevant advertising or to avoid duplicate ads.

Google AdSense / Ad Exchange generates cookies with a cookie ID that are necessary for the technical functioning. With the help of the ID, it is possible to record which ads were delivered in which browser in order to avoid displaying ads that have already been seen. In addition, the ID also provides conclusions regarding purchasing behaviour: If a certain advertisement was displayed on our portal, the website of the ad server was called up later and a purchase was made, Google AdSense/ Ad Exchange can link this to the cookie ID used.

The cookies do not contain any personal data, but campaign IDs can be provided for identification purposes.

In addition, commission statements are created, e.g. through clicks on advertisements.

The setting of cookies can be prevented at any time by settings in the Consent Management Tool or in the corresponding settings of the browser.

You can deactivate personalised advertising under the following link: https://adssettings.google.com

You can view the privacy policy of this service provider here: https://www.google.com/intl/de/policies/

5.1.1 We cooperate with the following partners to provide the advertisements:
  • Index Exchange Online Advertising Exchange ("Index Platform"), a service of Index Exchange, 74 Wingold Avenue, Toronto, Ontario M6B1P5, Canada. Information about the surfing behaviour of website visitors is collected for marketing purposes in purely anonymous form and cookies are set for this purpose. No personal data is collected or stored in this process. You can object to the collection, processing and recording of the data generated by Index Exchange at any time by opting out of cookies at https://optout.networkadvertising.org/?c=1.
    You can view the privacy policy of this service provider here: https://de.indexexchange.com/datenschutzerklarung/
  • OpenX Technologies (OpenX Poland sp. z o.o., Aleja 29 Listopada 20, 31-401 Krakow, Poland).
    You can view the privacy policy of this service provider here:
    https://www.openx.com/privacy-center/ad-exchange-privacy-policy/
    You can object to the collection, processing and recording of the data generated by OpenX Technologies at any time by calling up www.aboutads.info/choices in your browser and making a cookie opt-out.
  • Sovrn (Sovrn, 5541 Central Avenue, Suite 100, Boulder, CO 80301, USA). In order to display relevant and interesting advertising to you, Sovrn's technology counts the number of web visits to our partners' websites. Cookies, web beacons or similar technologies are used for this purpose. No personal data is collected or stored in this process. You can object to the collection, processing and recording of the data generated by Sovrn at any time by calling up https://info.evidon.com/pub_info/15620?v=1&nt=0&nw=false in your browser and making a cookie opt-out. You can view the privacy policy of this service provider here: https://www.sovrn.com/legal/privacy-policy/
  • Magnite Inc. (1250 Broadway, 15th Floor, New York, New York 10001). In order to display relevant and interesting advertising to you, Magnite's technology counts the number of web visits to our partners' websites. Cookies, web beacons or similar technologies are used for this purpose. No personal data is collected or stored in this process. You can object to the collection, processing and recording of the data generated by Magnite at any time by calling up https://www.magnite.com/legal/consumer-online-profile-opt-out/ in your browser and carrying out a cookie opt-out. You can view the privacy policy of this service provider here:https://www.magnite.com/legal/website-privacy-policy/

5.2 Legal basis of processing

If you have consented to Google AdSense being used, the legal basis for data processing is this consent, Art. 6 para. 1 p. 1 lit. a) GDPR.

You can revoke your consent at any time with effect for the future. By clicking on this link https://adssettings.google.com you can declare your revocation or adjust your consent. The lawfulness of the processing carried out on the basis of your consent until revocation remains unaffected by your revocation.

You can deactivate personalised advertising under the following link: https://adssettings.google.com

We also have a legitimate interest in using Google AdSense to optimise our online service and our marketing measures.

The legal basis for the processing of the data here is Art. 6 para. 1 s. 1 lit. f) GDPR.

5.3 Recipients

The recipient of the data collected by means of cookies is Google Ireland Limited, with its registered office in Gordon House, Barrow Street, Dublin 4, Ireland.

5.4 Transfer to a third country

If personal data is transferred to Google servers in the USA and stored there, the recipient is also the American company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In the case of data transfers to the USA, Google ensures compliance with data protection standards and your rights by providing appropriate guarantees (e.g. standard data protection clauses).

Link SCC Google: https://business.safety.google/adscontrollerterms/

You can view the privacy policy of this service provider here: https://www.google.com/intl/de/policies/

5.5 Duration of processing

Specific information on the storage period can be found in the privacy statements of the respective providers linked above.

6. VG WORT pixel tags

6.1. Description and scope of processing

As part of our portal, we use the pixel tags service of Verwertungsgesellschaft WORT (VG WORT). The service uses the Scalable Central Measurement System.

The pixel tags application calculates the likelihood of text being copied based on the number of visits to our portal and the content of the portal. First, a statistical key figure is determined using a graphic implemented as part of our portal. A session cookie, which is stored on the user's end device, or a signature created from various information from the user's browser, such as information about the user's screen resolution or user agent, is used to determine access numbers and recurring visits to our portal. The data is collected anonymously, so that no conclusions can be drawn about the user’s identity.

You do, however, have the option of preventing the processing of the data described above. More specifically, you can prevent the setting of cookies by changing the appropriate settings in your browser. In conjunction with this point, we refer to our statements on the subject of "cookies" under Section V.1.

In addition, you can prevent the implementation of the Scalable Central Measurement System at any time by clicking on the following link, which sets a cookie on your device to prevent further measurement or analysis: https://optout.ioam.de/

6.2. Purpose of processing

The purpose of the data processing described above is to optimize and economically design the operation of our portal and to take into account the legitimate interests of the authors of the texts protected by VG Wort. This also constitutes our legitimate interest to process the data.

6.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR.

6.4 Recipient

The recipient of the data is Verwertungsgesellschaft WORT (VG WORT), Untere Weidenstraße 5, 81543 Munich.

6.5 Duration of processing

You can find specific information on the duration of storage in the data protection declarations of VG WORT linked above.

7. Snigel Consent Management Platform (Consent Management Service)

7.1 Description and scope of processing

As part of our portal, we use a consent management service, a service provided by Snigel Web Services Ltd, The Black Church, Saint Mary's Place, Dublin 7, Ireland, D07 P4AX.

Using this service, consent and settings for data collection and cookies can be adjusted or revoked at any time with immediate effect. For this purpose, Snigel AdConsent uses a Consent Management Platform (CMP) based on the IAB Transparency & Consent Framework (https://iabtechlab.com/standards/gdpr-transparency-and-consent-framework/).

Snigel AdConsent sets the following cookies, which are essential for our portal:

Name Purpose Duration
euconsent-v2 Consent string of the IAB CMP Framework (TCF) v2. 1 year
snconsent Providers not included in IAB CMP Framework (TCF) v2. 1 year

7.2 Purpose of the processing

The purpose of the processing is the data protection compliant management of all cookies, website and tracking technologies requiring consent or opt-out. This is also our legitimate interest in this processing.

7.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 (1) f) GDPR. In order to ensure data protection-compliant processing, we have concluded an order processing contract with Snigel.

7.4 Recipients

The recipient of your data is the service provider. You can view the privacy policy of this service provider here: https://snigel.com/privacy-policy.

7.5 Duration of processing

Snigel Web Services Ltd does not store personal data of website visitors.

8. Snigel Ad Engine

8.1 Description and scope of processing

Within the framework of our portal, we use Snigel Ad Engine, a service of Snigel Web Services Ltd, The Black Church, Saint Mary's Place, Dublin 7, Ireland, D07 P4AX, for the delivery of advertisements.

For a GDPR-compliant delivery of the advertisements, we use services requiring consent only after your prior consent. You can also use our portal without this consent.

8.2 Purpose of the processing

The purpose of the aforementioned processing of data is the optimization as well as the economic design of the operation of our portal. This is also our legitimate interest in this processing.

8.3 Legal basis of the processing

The legal basis for the processing of the data is your consent within the meaning of Art. 6 para. 1 lit. a) GDPR.

You can revoke your consent at any time with effect for the future. By clicking on this link, you can declare your revocation or adjust your consent. The lawfulness of the processing carried out on the basis of your consent until revocation remains unaffected by your revocation.

8.4 Recipient

The recipient is the service provider Snigel. To ensure data protection-compliant processing, we have concluded an order processing contract with Snigel.

You can view the privacy policy of this service provider here: https://snigel.com/privacy-policy.

8.5 Duration of processing

Snigel Ad Engine does not store any personal data of website visitors.

9. Jobbio Job Market

9.1 Description and scope of processing

For the provision of the job market, we use Jobbio, a service provided by Avar Communications Limited, Ireland, 32 Baggot Street Upper, Dublin, D04 AX88.

Each time you call up a page that offers one or more job advertisements, a direct connection is established between your browser and a Jobbio server in Ireland and information about your visit (e.g. browser type and version, terminal device type, operating system) and your IP address is transmitted to Jobbio and stored there.

9.2 Purpose of the processing

The purpose of the aforementioned processing of data is the optimization as well as the economic design of the operation of our portal. This is also our legitimate interest in this processing.

9.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR.

9.4 Recipients

The recipient of your data is the provider of the services. To ensure data protection-compliant processing, we have concluded an order processing contract with Jobbio.

You can view the privacy policy of this service provider here: https://jobbio.com/privacy-policy.

9.5 Duration of processing

No user data is stored.

10. Primis

10.1 Description and scope of processing

As part of our portal, we use Primis, a service provided by McCann Disciplines Ltd (McCann House TLV 2A Raoul Wallenberg St. Tel Aviv, Israel 6971902), to play video clips. Each time you access a page that offers one or more Primis video clips, a direct connection is established between your browser and a Primis server in Israel and information about your visit and your IP address is transmitted to Primis and stored there.

For more information on the purpose and scope of data collection and processing by Primis, as well as your rights and settings options for protecting your privacy, please refer to the service provider's privacy policy: https://www.primis.tech/privacy-policy/.

10.2 Purpose of processing

This data is used to deliver the video to you, to serve advertising, to suggest videos to you, to provide reports on video activity on our portal, to increase the quality of the recommended videos, and to conduct further analysis to identify user trends and technical problems and to maintain and improve the service. This is also our legitimate interest in this processing.

10.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR.

10.4 Recipients

The recipient of your data is the provider of these services.

10.5 Transfer to a third country

Your data will be transferred and processed outside the EEA. An adequacy decision of the EU Commission for Israel as a third country is available.

Insofar as personal data is also transferred to the USA and stored there, the recipient is the provider of the service.

To ensure data protection-compliant processing, we have concluded an order processing contract with Primis.

In the case of data transfers to the USA, compliance with data protection standards and your rights is guaranteed. Standards and your rights are ensured by appropriate guarantees (e.g. SCC) according to Primis.

Further information on the purpose and scope of data collection and processing by Primis, as well as your rights and setting options for protecting your privacy, can be found in the service provider's privacy policy: https://www.primis.tech/privacy-policy/.

10.6 Duration of processing

Where personal data is involved, the data will be retained for the duration of the provision of the services and additionally for a reasonable period for the defence and assertion of legal claims.

Non-personal data may be retained indefinitely.

11. Heise.de price comparison

11.1 Description and scope of processing

On our website, we use widgets, e.g. with price information, tables or images (widgets) of Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hanover, Germany (Heise Medien). The widgets serve, among other things, to provide an overview of the prices of various providers. At the same time, it is possible to access the offer directly via an affiliate link.

The widgets themselves are created via a programming interface of Preisvergleich Internet Services AG, Rothschildplatz 3 Top 3.01, A-1020 Vienna (Geizhals).

If you, as a visitor to our website, call up an Internet page with a widget, your IP address, user agent string and standard headers are transmitted to Heise Medien. This is technically necessary in order to be able to answer enquiries.

In addition, product images and graphics from Geizhals are loaded for the display of the widgets and your IP address, user agent string and standard header are transmitted to Geizhals for purely technical reasons.

The processing of the data required by you is carried out on the basis of Art. 6 para. 1 f) GDPR exclusively for the exercise of our legitimate interest, in particular for IT security purposes. Cookies are not used for this data processing.

You can view the data protection declaration of Heise here: https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html

You can view the data protection declaration of Geizhals.de here: https://unternehmen.geizhals.at/datenschutzerklaerung/.

11.2 Purpose of the processing

The purpose of the aforementioned processing of data is the optimization as well as the economic design of the operation of our portal. This is also our legitimate interest in this processing.

11.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR.

11.4 Recipients

The recipient of your data is the respective provider of the services.

11.5 Duration of processing

The data transmitted to Heise Medien is stored for a maximum of 7 days and then deleted or made anonymous so that it is no longer possible to assign the calling client.

The storage period at Geizhals is 14 days before this data is deleted.

12 ConvertKit Newsletter Widgets

12.1 Description and scope of processing

Within the framework of our portal, we use so-called newsletter widgets, a service of ConvertKit LLC (750 W Bannock St #761, Boise ID 83701), to subscribe to newsletters.

Each time you visit a page that offers one or more ConvertKit Newsletter Widgets, a direct connection between your browser and ConvertKit's servers is established and information about your visit and your IP address is transmitted to ConvertKit and stored there.

Name Purpose Duration
ckid To check whether the user is already registered for the newsletter. If yes, the newsletter widget will be hidden. unspecified
cksubscribed-* To check if the user is already subscribed to the newsletter. If yes, the newsletter widget will be hidden. Assigns the user an ID that is used for tracking purposes. unspecified

12.2 Purpose of the processing

The purpose of the processing of the data set out above is to display the newsletter widget only to visitors or users who have not yet subscribed to a newsletter.

12.3 Legal basis of the processing

The legal basis of the processing of the data is Art. 6 para. 1 lit. f) GDPR.

12.4 Recipient

The recipient is ConvertKit LLC (750 W Bannock St. #761, Boise ID 83701).

We have concluded a "Data Processing Agreement" with ConvertKit, in which we oblige ConvertKit to protect our customers' data and not to pass it on to third parties.

12.5 Transfer to a third country

ConvertKit uses standard contractual clauses (SCC) within the meaning of Art. 46 (2) and (3) GDPR as the basis for data processing with recipients located in third countries or a transfer of data there. Through these clauses, ConvertKit undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA.

More information about the standard contractual clauses at ConvertKit can be found at https://convertkit.com/security.

You can find out more about the data processed through the use of ConvertKit in the Privacy Policy at https://convertkit.com/privacy.

12.6 Duration of processing

The data transmitted when viewing the newsletter widget is not stored by ConvertKit. The duration of the values stored in the local storage are stored indefinitely and can be deleted at any time by the user in the corresponding browser settings.

13. Social media

13.1 Description and scope of processing

We use content and service offers from third-party providers to integrate their content (e.g. photos and videos).

A transfer of data to the respective provider only takes place if you click on the "Activate content" button or in the consent management service settings under "Show social content" you have given your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR. If you have not consented, a placeholder will be displayed and the content will not be integrated, thus no content will be transmitted to third-party providers. You have the option to revoke your consent in the privacy settings at any time.

The integration of third-party content requires that the third-party providers receive the user's IP address in order to send the content to the user's browser. In addition, the third-party providers may use "pixel tags" (also called "web beacons") for statistical or marketing purposes. The pixel tags enable an evaluation of visitor traffic and may also provide further information (e.g. browser type and version, end device type, operating system).

Pseudonymous data can be stored as cookies on the user's device. The cookies may contain technical information (browser, operating system, type of end device, web pages visited, time of visit, further information on user behaviour) and may be linked to information from other sources.

The following presentation provides an overview of third-party providers and their content, together with links to their data protection declarations, which contain further information on the processing of data and, in part already mentioned here, options for objection (so-called opt-out). Detailed information on data processing in connection with the use of our social media services, opt-out options and the assertion of information rights can be found in the privacy policy of the relevant platform operator.

Name Purpose Duration
_fbp For example, the "_fbp" cookie identifies browsers to provide analytics services for advertising and websites. 90 days
Name Purpose Duration
sp_t The cookie is used to integrate audio content from Spotify on the website. In addition, information about the player's usage behaviour is stored. 1 year
sp_landing The cookie is used to integrate audio content from Spotify on the website. In addition, information about the player's usage behaviour is stored. 1 day

13.2 Purpose of the processing

When calling up our social media offers, personal data is processed which must be transmitted by third-party providers in order to display the content.

This is done on the basis of our legitimate interests (analysis, optimization and economic operation of our portal as well as the use of effective and diverse information options).

13.3 Legal basis of the processing

A transfer of data to the respective provider only takes place when you click on the

"activate content" button or in the consent management service settings under "show social content" have given your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR. For the legal basis on which the respective providers process your data, please refer to the privacy policy of the respective provider.

13.4 Duration

Specific information on the storage period can be found in the above-linked data protection declarations of the respective providers linked above.

The following applies to Vimeo:
The data will remain stored by Vimeo until the provider no longer has an economic reason for storing it. In this case, the data will be deleted or anonymized.

14 On Run Ads (Clever Advertising)

14.1 Description and scope of processing

We use On Run Ads, a service provided by Clever Advertising, Porto, PT, through which ads are played on our portal.

When you, as a visitor to our website, access a web page with a widget, your IP address, user agent string and standard headers are transmitted to Clever Advertising. transmitted. This is technically necessary in order to be able to answer inquiries.

In addition, product images and graphics are loaded by Clever Advertising for the display of the widgets and your IP address, user agent string and standard headers are transferred to Clever Advertising for purely technical reasons.

You can view the privacy policy of this service provider here: https://cleveradvertising.com/privacy.

The following cookies may be used:

Name Purpose Duration
.hstpconfig Displaying the ads, fraud prevention 180 days
.lasttrack Frequency Capping Frequency Capping duration
.hstpcount Frequency Capping Frequency Capping duration
.clever-last-tracker Frequency Capping 30 days
.clever-counter Frequency Capping Frequency Capping

duration

.hstpv4user Displaying the ads, fraud prevention 180 days

The retention period of the information collected by these cookies is a maximum of thirty (30) days.

14.2 Purpose of the processing

The purpose of the processing of the data set out above is the optimization as well as the economic design of the operation of our portal. This is also our legitimate interest in this processing.

14.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR.

14.4 Recipients

The recipient of your data is the respective provider of the services.

14.5 Duration of processing

The personal data will not be kept longer than is reasonably necessary for the purpose or purposes for which it was collected or for the fulfilment of legal obligations to which the service provider is subject.

When the personal data is no longer needed, it is either anonymized or securely deleted.

The retention period of the information collected by the cookies is a maximum of 30 days.

15. CommunicationAds

15.1 Description and scope of processing

We use communicationAds, a service of communicationAds GmbH & Co. KG Kaiserstrasse 23, 90403 Nuremberg, via which tariff comparisons are played on our portal.

If you, as a visitor to our website, call up a web page with a widget, your IP address, user agent string and standard headers are transmitted to communicationAds. This is technically necessary in order to be able to answer inquiries.

In addition, product images and graphics are loaded by communicationAds for the display of the widgets and your IP address, user agent string and standard header are transmitted to communicationAds for purely technical reasons.

You can view the privacy policy of this service provider here: https://www.communicationads.net/de-de/ueberuns/datenschutz/.

The central service of communicationAds is the provision of so-called white label information offers (e.g. comparison calculators) and the measurement of advertising success ("tracking"). Within the scope of tracking, cookies are used to document transactions (e.g. leads or sales, i.e. a tariff application, for example). These serve the sole purpose of correctly allocating the success of advertising media or advertising integrations in the context of billing with our advertisers and websites. In this context, communicationAds does not collect any personal data. The corresponding cookies are stored under the URL www.communicationads.net and are structured as follows:

Name Purpose Duration
pp*
(* is replaced by pseudonymized ID of the advertisert)
Assignment of transactions 9 weeks

No storage of personal data takes place.

15.2 Purpose of the processing

The purpose of the aforementioned processing of the data is the optimization as well as the economic design of the operation of our portal. This is also our legitimate interest in this processing.

15.3 Legal basis of the processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR.

15.4 Recipients

The recipient of your data is the provider of the services.

15.5 Duration of processing

Where personal data is involved, the data is retained for the duration of the provision of the services and additionally for a reasonable period for the defence and assertion of legal claims.

Non-personal data may be retained indefinitely.

16. contentpass

On our website we offer you a service for ad-free and tracking-free access. This service is called contentpass and is offered by Content Pass GmbH, Wolfswerder 58, 14532 Kleinmachnow, Germany. When you subscribe to the service, contentpass becomes your contractual partner. You can find more information about this service at contentpass.net.

In order to display and offer you this service on our website, contentpass processes your IP address on our behalf at the beginning of your website visit. For the registration and contract processing of contentpass and the associated data processing, contentpass is the controller within the meaning of the GDPR. We are solely responsible for processing your IP address. For more information on data processing at contentpass, please read their privacy policy.

The basis for the data processing of the IP address, as part of our order processing with contentpass, is our legitimate interest in offering you the opportunity to access our website without advertising and tracking and your interest in using our website practically without advertising and tracking [Art. 6 para. 1 sentence 1 lit. f.) GDPR]. In addition, we hereby fulfil the legal obligation to obtain legally compliant consent to data processing requiring consent [Art. 6 para. 1 lit. c) GDPR].

You can log in to your contentpass account here and register for contentpass here.

17. Cleverpush

17.1 Push notifications

You can register to receive push notifications. For this purpose, we use the "CleverPush" service, which is operated by CleverPush GmbH, Brauhausstraße 15A, 22041 Hamburg ("CleverPush").

You will receive regular information about news, best lists, test reports, deals and apps relating to smartphones, tablets, wearables, smart homes and energy via our push notifications.

To sign up for the push notifications, you must confirm the request from your browser or end device to receive the notifications. This process is documented and saved by CleverPush. The time of registration and a push token or device ID are stored for this purpose. This data is used on the one hand to send you the push notifications and on the other hand as proof of your registration. The legal basis for this processing is your consent and thus Art. 6 para. 1 lit. a GDPR.

CleverPush also analyses our push notifications statistically. CleverPush can thus recognise whether and when our push notifications have been displayed and clicked on. This enables us to determine which push notifications are of interest to recipients in order to tailor future messages to the presumed interests of all recipients and thus increase interest in our offer. In addition to the push token or device ID, we also store the thematic focus of the app on which the push notifications were activated (e.g. business, sport, etc.). We also use this information to send push notifications to the relevant subscribers that are in their presumed interests. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. A push token or device ID is only assigned to a specific person if we are legally obliged to do so, for the defence of claims against us, if this is required as evidence, and for the possible prosecution of violations of the law.

You can revoke your consent to the storage and use of your personal data to receive our push notifications at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Furthermore, you can object to the use of personal data described above on the basis of Art. 6 para. 1 lit. f at any time. Please withdraw your consent for this purpose. You can revoke your consent in the setting provided for receiving push notifications in the settings of your device or browser.

Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Your data will therefore be stored for as long as the subscription to our push notifications is active.

The cancellation process is explained in detail under the following link: https://cleverpush.com/en/faq.

To speed up the retrieval of content (e.g. images) and to defend against attacks, CleverPush uses the services of cloudflare.com, a service provided by Cloudflare, Inc. as part of order processing based on the standard contractual clauses.

CleverPush does not store any data on Cloudflare's servers that contains personal data, but only general content such as texts or images. When you access this content, the end device you are using establishes a connection to Cloudflare and the IP address of the end device you are using is processed as a result.

You can unsubscribe from the notifications at the following link: https://www.nextpit.com?cleverPushUnsubscribe=true.

18. Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

VI. Online presences in social media

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there.

We would like to point out that user data may be processed outside the European Union. This may result in risks for the users because, for example, it could make it more difficult to enforce the rights of the users.

Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behaviour and the resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and the interests of the users are stored. Furthermore, data may also be stored in the usage profiles irrespective of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of the users' personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 para. 1 lit. f. GDPR. If the users are asked by the respective providers for consent to the data processing (i.e. declare their consent e.g. by ticking a checkbox or confirming a button), the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.

For a detailed description of the respective processing and the opt-out options, please refer to the information of the providers linked below. In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

VII. Affiliate programs

1. Amazon affiliate programme

nextpit GmbH is a participant in the Amazon EU affiliate program, which is designed to provide a means for websites to earn advertising fees by placing advertisements and links to Amazon.com.

For example, if you click on an advertising link for a product and then buy it from Amazon, we receive a payment for this. In doing so, affiliate technologies such as cookies are used to be able to track that you have come from our site and to be able to make the corresponding payment to us. The processing is therefore only used to record the transactions and to create the reports. The cookies are only set when you actually click on the link and are redirected to the affiliate's offer.

The legal basis for the processing is in each case your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You can find more information at https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010

In certain cases, a direct connection to Amazon servers is established to display product images. In this case, your IP address and header data are transmitted to the target server by the request of your web browser. This integration is based on our legitimate interests in order to be able to display the product offers.

2. eBay Partner Program

nextpit GmbH is a participant in the affiliate program of eBay Partner Network, Inc., 2145 Hamilton Ave, San Jose, CA 95125, USA, which is designed to provide a means for websites to earn advertising fees by placing advertisements and links to Amazon.de.

For example, if you click on an advertising link for a product and then buy it on eBay, we receive a payment for this. These affiliates use technologies such as cookies to track that you have come from our site and to make the appropriate payment to us. The processing is therefore only used to record the transactions and to create the reports. The cookies are only set when you actually click on the link and are redirected to the affiliate's offer.

The legal basis for the processing is in each case your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You can find more information at https://partnernetwork.ebay.com/page/network-agreement#privacy-notice

In certain cases, a direct connection to eBay servers is established to display product images. In this case, your IP address and header data are transmitted to the target server by the request of your web browser. This integration is based on our legitimate interests in order to be able to display the product offers.

VIII. Hosting and Content Delivery Networks (CDN)

1. External hosting

1.1 Description and scope of processing

Our portal is hosted by an external service provider (hoster). The host of this portal is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

Hetzner's data centres are located in data centre parks in Nuremberg and Falkenstein. Hetzner Online GmbH is certified according to DIN ISO/IEC 27001. The certificate proves adequate security management, data security, confidentiality of information and availability of IT systems.

As part of our cooperation, we do not pass on any personal data about your visit to our website directly to Hetzner. However, it may happen that Hetzner gains access to personal data, at least potentially, e.g. in the course of maintenance work. Since such cases also constitute so-called commissioned data processing pursuant to Art. 28 GDPR, we have concluded a data protection agreement with Hetzner in accordance with this provision. This also ensures the protection of your personal data.

You can view the data protection declaration of this service provider here: https://www.hetzner.de/rechtliches/datenschutz.

2. CDN Cloudflare

2.1 Description and scope of processing

As part of our portal, we use Cloudflare, a service provided by Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare offers a globally distributed content delivery network (CDN) with DNS, load balancing and image optimization. This technically routes the transfer of information between your browser and our portal through Cloudflare's network. This enables Cloudflare to analyse the traffic between your browser and our portal and to act as a filter between our servers and potentially malicious traffic from the internet. In doing so, Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purpose described here. The use of Cloudflare is based on our legitimate interest in providing our portal as error-free and secure as possible.

For security reasons, browser requests from dubious sources (hackers, malware, spammers, etc.) are rejected.

You can view the privacy policy of this service provider here: https://www.cloudflare.com/privacypolicy/.

To ensure data protection-compliant processing, we have concluded an order processing contract with Cloudflare.

Cloudflare uses the following cookies, which are essential for our portal:

Name Purpose Duration
__cflb Security of the portal and IT systems from a few seconds up to 24 hours

The duration of the storage is up to 24h.

2.2 Purpose of the processing

The purpose of the processing is to protect against hacker attacks, spammers, fail-safety through load balancing and optimization of images. Cloudflare thus contributes to the security of the visitor as well as the portal and our IT systems. This is also our legitimate interest in processing the data.

2.3 Legal basis of the processing

Our legitimate interest also results from the purpose of the processing. The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR.

2.4 Recipients and transfer to third countries.

The recipient of your data is the provider of the service. Insofar as personal data is also transferred to the USA and stored there, the data protection-compliant processing of this data is guaranteed by an order processing contract with Cloudflare. The data processing terms and conditions (Data Processing Addendum), which correspond to the standard contractual clauses, can be found at https://www.cloudflare.com/cloudflare-customer-dpa/

You can view the privacy policy of this service provider here: https://www.cloudflare.com/privacypolicy/.

2.5 Duration of processing

Personal data (such as the IP address) are stored for 30 days.

3. nextpit CDN

Within the framework of our portal, we use a so-called Content Delivery Network (CDN) for the transmission of static web content such as images, videos and scripts.

The following CDNs are hosted by Hetzner Online GmbH and can be reached under these domains:

  • fs.npstatic.com
  • static.npstatic.com
  • fscl01.fonpit.com
  • fscl02.fonpit.de

The following CDNs are hosted by Cloudflare and can be reached under these domains:

  • *.nextpit.workers.dev

3.1 Google Fonts

Within the framework of our portal, "Google Fonts" of the provider Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) are used for the uniform display of fonts, which are installed locally on our web server. A connection to Google servers is not established. Your data will not be transmitted or stored.

You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq.

You can view the privacy policy of this provider here: https://policies.google.com/privacy.

IX. General information on the storage period

Unless an explicit storage period is specified in this declaration, personal data will be stored for as long as is necessary for the respective specified purposes and fulfilment of our legal obligations. Insofar as legal storage obligations exist (e.g. from § 147 AO, § 257 HGB), the data will be stored at least for the duration of the legally prescribed storage period.

D. Rights of the Peoples Concerned

If your personal data is processed, you are affected within the scope of the GDPR and you have the following rights against us, the responsible party (unless already explained above under D in conjunction with the respective processing of your data).

1. Right to information

In accordance with Art. 15 GDPR, you can request a confirmation from the responsible party whether personal data that concerns you will be processed by us.

If such processing has taken place, you can request the following information from the responsible party:

  1. The purposes for which the personal data is processed.
  2. The categories of personal data processed.
  3. The recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed.
  4. The planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period.
  5. The existence of a right to have your personal data concerning you corrected or deleted, a right to have processing restricted by the data processor or a right to object to such processing.
  6. The existence of a right of appeal to a supervisory authority.
  7. Any available information on the origin of the data if the personal data is not collected from the person involved.
  8. The existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR, and at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the person involved.

You have the right to request information whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

2. Right to rectification

In accordance with Article 16 of the GDPR, you have the right to correct and/or complete your data in relation to the data processor if the personal data processed concerning you is incorrect or incomplete. The responsible party shall make the correction without delay.

3. Right to limitation of processing

In accordance with Art. 18 GDPR, you may request that the processing of personal data concerning you be restricted under the following conditions:

  1. If you dispute the accuracy of the personal data concerning you for a period of time that allows the person responsible to verify the accuracy of the personal data.
  2. The processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted.
  3. The responsible party no longer needs the personal data for the purposes of the processing, but you require the data to make, process or defend legal claims.
  4. If you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the responsible party’s legitimate reasons outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed, with the exception of being saved, with your consent or for the purpose of making, processing or defending claims or to protect the rights of another natural or legal person or on grounds of the important public interest of the Union or an EU Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the responsible party before the restriction is revoked.

4. Right to Deletion

4.1. Obligation to Delete

You may request the data processor to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following circumstances applies:

  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, and there is no other legal basis for the processing.
  3. You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
  4. The personal data concerning you has been processed unlawfully.
  5. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is bound.
  6. The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

4.2. Information on Third Parties

If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controller who process the personal data and links to this personal data and copies or replications of this personal data that you, as the subject of the data, have requested be deleted.

4.3. Exceptions

The right to deletion does not exist, if the processing of the data is:

  1. For the right to freedom of expression and information.
  2. For the fulfilment of a legal obligation required for processing under the law of the European Union or of the Member States to which the data controller is subject or for the performance of a task in the public interest or for the exercising of official authority that has been delegated to the data controller.
  3. For reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h) and lit. i) GDPR and Art. 9 para. 3 GDPR.
  4. To make, process or defend legal claims.

5. Right to information

If you have exercised your right to have the data controller correct, delete or restrict the processing, the data controller is obliged under Article 19 of the GDPR to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves unreasonable measures.

You have a right to be informed by the responsible party about these recipients.

6. Right to Data Transferability

In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to the responsible party in a structured, current and machine-readable format. In addition, you have the right to pass this data on to another party without obstruction by the data controller to whom the personal data was provided, provided that:

  1. The processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR.
  2. The processing is carried out using automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

7. Right of Appeal to a Supervisory Authority

Without prejudice to any other administrative or judicial appeal, Article 77 of the GDPR gives the user the right of appeal to a regulatory authority, in particular in the Member State where he or she resides, works or is suspected of having infringed the GDPR, if he or she considers that the processing of his or her personal data in question is contrary to the GDPR.

The regulatory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial appeal under Article 78 GDPR.

E. Data Privacy

1. Login Status

1.1. Description and scope of processing

For the security of user data and the portal’s IT systems, the following user data is collected and stored in the context of a so-called login status in connection with login attempts:

  • IP addresses of the last ten logins
  • Date of last ten logins
  • Date of last failed login
  • Total number of failed logins

The data is stored by nextpit and is not publicly available. Furthermore, login data will not be passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.

1.2. Purpose of processing

Processing ensures the security of user data and the security of the portal's IT systems.

1.3. Legal Basis of Processing

The legal basis of processing is Art. 6 Abs. 1 lit. b) GDPR.

1.4. Duration of processing

When the purpose of processing ceases to apply, i.e. usually following termination of the user’s contract or deletion of the user’s profile, the user’s login data will be deleted.

2. Encryption

To keep your data secure, we use the most common SSL (Secure Socket Layer) procedure with the highest level of encryption supported by your browser. If a single page of our website is transmitted in encrypted form, this is indicated by a key or a lock symbol on the side of the status bar in your browser.