Privacy Policy

These is the Privacy Policy of

Ippen Digital GmbH & Co. KG
Paul-Heyse-Straße 2-4 80336 Munich
Tel: +49 89 5306-0
Fax: +49 89 5306-685
E-Mail: info@ippen-digital.de

In the following, we inform you in detail about which personal data we collect on our websites and in connection with the services and offerings mentioned in this Privacy Policy, for what purpose, and for how long such data is stored. We subsequently inform you of the rights you have with regard to data processing and how you may exercise those rights.

Should you have any questions or comments regarding data protection on our website, please do not hesitate to contact us at any time. You may do so, for example, by sending an e-mail to datenschutz@ippen-digital.de.

This Privacy Policy applies to the collection, processing, and use (“use”) of your personal data when using our online offerings, as well as to all other deliveries and services you wish to obtain through us.

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States, as well as other data protection regulations, is:

Ippen Digital GmbH & Co. KG
Data Protection Officer
Paul-Heyse-Str. 2-4
80336 Munich
Tel: +49 89 5306-0
Fax: +49 89 5306-685
E-Mail: info@ippen-digital.de

To the extent that your data is processed by the controller on the basis of an agreement pursuant to Art. 26(1) GDPR in joint controllership with third parties (so-called “Joint Controllership”), you will be informed thereof in the following descriptions of the individual data processing operations.

II. Data Protection Officer

You may reach our Data Protection Officer at:

Ippen Digital GmbH & Co. KG
Data Protection Officer
Paul-Heyse-Str. 2-4
80336 Munich
datenschutz@ippen-digital.de

III. General Information on Data Processing

  1. Legal Basis for the Processing of Personal Data

    To the extent that we obtain the consent of the data subject for processing operations involving personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. For the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. To the extent that the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights, and fundamental freedoms of the data subject do not override the former interest, Art. 6(1)(f) GDPR serves as the legal basis for processing.

  2. Data Erasure and Storage Duration

    The personal data of the data subject shall be erased or blocked as soon as the purpose of storage no longer applies. Storage may additionally take place if provided for by European or national legislators in Union law regulations, laws, or other provisions to which the controller is subject. Data shall also be blocked or erased when a storage period prescribed by the aforementioned provisions expires, unless there is a necessity for further storage of the data for the conclusion or performance of a contract.

IV. Provision of the Website and Creation of Log Files

  1. Description and Scope of Data Processing

    Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

    The following data is collected:

    • Information about the browser type and version used
    • The operating system of the user
    • The user’s Internet Service Provider
    • The IP address of the user
    • Date and time of access
    • Websites from which the user’s system reached our website
    • Websites accessed by the user’s system via our website

    The data is also stored in the log files of our system. This does not include the IP addresses of the user or other data that would allow the data to be attributed to a specific user. This data is not stored together with other personal data of the user.

  2. Legal Basis for Data Processing

    The legal basis for the temporary storage of data is Art. 6(1)(f) GDPR.

  3. Purpose of Data Processing

    The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s device. For this purpose, the user’s IP address must be retained for the duration of the session.

    These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

  4. Duration of Storage

    The data is erased as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.

  5. Joint Controllership

    The data processing described in this section is carried out in joint controllership (so-called “Joint Controllership”) with Ippen Digital GmbH & Co. KG, whose Privacy Policy is available at: https://www.ippen-digital.de/ueber-uns/datenschutz/

V. Use of Cookies

  1. Description and Scope of Data Processing

    Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified the next time the website is visited. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

    Using these cookies, our digital offering can be used more easily and efficiently, and the usage habits of users can be analyzed for the purpose of continuously improving our products. Furthermore, cookies can be used to tailor advertisements to the individual interests and usage habits of users.

  2. Joint Controllership

    The data processing described in this section is carried out in joint controllership (so-called “Joint Controllership”) with Ippen Digital GmbH & Co. KG, whose Privacy Policy is available at: https://www.ippen-digital.de/ueber-uns/datenschutz/

VI. Contact Form and E-Mail Contact

  1. Description and Scope of Data Processing

    A contact form is available on our website that can be used for electronic contact. If a user makes use of this option, the data entered in the input form is transmitted to us and stored. This data includes:

    • Company
    • First name
    • Last name
    • Address
    • Phone
    • E-Mail
    • Your message

    At the time the message is sent, the following data is also stored:

    • The IP address of the user
    • Date and time of the entry

    Alternatively, contact may be made via the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be stored.

    In this context, the data is not passed on to third parties. The data is used exclusively for the processing of the conversation.

  2. Legal Basis for Data Processing

    The legal basis for the processing of data transmitted in the course of contacting us is Art. 6(1)(f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

  3. Purpose of Data Processing

    The processing of personal data from the input form serves us solely for the handling of the contact inquiry.

    The other personal data processed during the submission process via the contact form serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

  4. Duration of Storage

    The data is erased as soon as it is no longer necessary for the purpose for which it was collected. For the personal data from the contact form’s input fields and those transmitted by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when the circumstances indicate that the matter in question has been conclusively resolved.

    Where statutory provisions require data to be retained (e.g., six years for received commercial correspondence pursuant to Section 257(4) of the German Commercial Code (HGB)), erasure takes place upon expiry of the applicable period.

VII. Data Provided by You When Concluding Legal Transactions and Using Services

  1. Description and Scope of Data Processing

    In certain sections of the website, you may be asked to provide personal data in order to use the described paid offerings or free features, or to participate in special promotions (e.g., subscription orders, placing advertisements, ordering other goods and services, creating a personal user profile, subscribing to editorial and/or promotional newsletters, participating in competitions or other promotional activities). You will be informed which information is mandatory for these offerings and which data you may provide voluntarily.

    In particular, the following data may be collected: name, address, bank details, password, date of birth, e-mail address, declarations of consent, information about the concluded legal transaction.

    As part of the data agreement, we will also share your personal data with third parties — but only to the extent necessary for the respective contract processing (see also Section 5 below).

  2. Legal Basis for Data Processing

    If data collection is aimed at concluding a contract, the legal basis for processing is Art. 6(1)(b) GDPR. In addition, data is processed on the basis of consent granted by you (Art. 6(1)(a) GDPR).

  3. Purpose of Data Processing

    Data processing is carried out for the purpose of enabling the use of the respective offerings and functions. To the extent that you voluntarily provide additional data, we use it to design our services in accordance with your needs.

  4. Duration of Storage

    The data is erased as soon as it is no longer necessary for the purpose for which it was collected. This is generally the case when the service you have subscribed to (e.g., newsletter subscription, creation of a personal user profile) is cancelled.

    Where statutory provisions require data to be retained (e.g., six years for received commercial correspondence pursuant to Section 257(4) HGB), erasure takes place upon expiry of the applicable period.

  5. Data Transfer to infoscore Consumer Data GmbH

    For the purpose of assessing your creditworthiness, calculating probability scores (scoring), and verifying the deliverability of your address, we transmit your personal data (name, address, and if applicable date of birth) to infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden. Data processing is carried out on the basis of Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest), in particular for risk assessment and to avoid payment defaults. Further information on data processing by infoscore Consumer Data GmbH, your rights (e.g., access, rectification, objection), and the storage duration can be found at: https://www.experian.de/icd-infoblatt

VIII. Data Processing for Advertising Purposes Without Consent

  1. Description and Scope of Data Processing

    To the extent that you have concluded a contract with us for the purchase of goods or services, we register you as an existing customer using the data collected for that primary purpose. In this case, we also process your postal contact data (name and address) — without a specific consent — to provide you with information about new products and services by post. If we have received your e-mail address in connection with the sale of a product or service, we process the e-mail address to send you information about our own similar goods or services, also without a specific consent. Any additionally provided voluntary information is used to select and tailor potential advertising to the appropriate target group.

  2. Legal Basis for Data Processing

    The legal basis for the processing of data is Art. 6(1)(f) GDPR.

  3. Purpose of Data Processing

    Data processing is carried out for the purpose of advertising our own similar goods or services.

  4. Duration of Storage

    The duration of storage is governed by the primary purpose of collection (Section VII.4).

IX. Disqus Comment Function

The comment function is an offering of the site disqus.com, independent of the portal, operated by Big Head Labs, Inc., San Francisco/USA (hereinafter referred to as “disqus.com”). Disqus is an interactive comment system that allows comments to be posted — with a single registration — on all online offerings that use Disqus as their comment system. Login is possible via disqus.com as well as via existing accounts on Facebook (via Facebook Connect), Google, and Twitter. For more information about Disqus and its functions, please visit www.disqus.com.

The responsible entity is Big Head Labs, Inc., which collects and processes any personal data you may provide in the course of commenting, including when you use the comment function as a “guest” without a Disqus account.

With regard to the collection, processing, and use of the relevant data, the terms of use and privacy notices of disqus.com apply, which can be found at http://docs.disqus.com/help/30/ and http://docs.disqus.com/help/29/. If you log in via your Google, Facebook, or Twitter account, data may also be collected, stored, and used by those providers. Details can be found in the respective provider’s privacy policy.

In order to enable comments to be published on the portal, disqus.com transmits to our portal, in addition to the comment text, the username you have chosen, which is published together with the comment on the portal.

X. Use of Social Media Plugins

  1. General

    We have integrated buttons (“plugins”) from various social networks on our websites so that you can use the interactive features of the social networks you use on our websites as well. These plugins provide various functions, the subject matter and scope of which are determined by the operators of the social networks. Please note that we are not the provider of the social networks and have no influence over the data processing by the respective service providers.

    More details on the individual plugins can be found in the following information:

  2. Facebook

    In individual editorial articles, the plugin “Embedded Posts” (https://developers.facebook.com/docs/plugins/embedded-posts/) of the social network “Facebook,” 1601 South California Avenue, Palo Alto, CA 94304, USA, may be integrated. When you visit pages on which this plugin is embedded and you are logged into your Facebook account, the plugin establishes a direct connection between your browser and the Facebook server.

    We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook, and that we are not responsible for data processing by Facebook. Further information can be found in Facebook’s Privacy Policy at http://de-de.facebook.com/policy.php.

    We use the “Software Developer Kit” (SDK) of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, in our apps. So-called tracking pixels are integrated in the apps. When you use our apps, the SDK establishes a direct connection between your mobile device and the Facebook server. Facebook thereby receives the information that our app was used from your device. If you are a Facebook user, Facebook can use this to associate your use of our apps with your user account. We point out that, as the provider of the apps, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook’s Privacy Policy at https://www.facebook.com/about/privacy/.

  3. X

    Functions of the social network “X” are integrated on our pages. These functions are offered by X Internet Unlimited Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND. By using X and the “Re-Tweet” function, the websites you visit are linked to your X account and made known to other users. In the process, data is also transmitted to X. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by X. Further information can be found in X’s Privacy Policy at https://x.com/de/privacy.

  4. Reddit

    Plugins of the social network Reddit (Reddit Inc., 520 Third Street, Suite 305, San Francisco, CA 94107, USA) are integrated on our pages. You can recognize the Reddit plugins by the orange Reddit smiley logo on our page.

    When you click the Reddit share button while logged into your Reddit account, you can link content from our pages to your Reddit profile. This allows Reddit to associate your visit to our pages with your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Reddit. Further information can be found in Reddit’s Privacy Policy at: https://www.reddit.com/help/privacypolicy. If you do not want Reddit to associate your visit to our pages with your Reddit user account, please log out of your Reddit user account beforehand.

  5. Twitch

    Our website uses plugins of the online service Twitch. The provider is Twitch Interactive, Inc., 225 Bush Street, 6th Floor, San Francisco, CA 94104, USA.

    When you visit one of our pages equipped with a Twitch plugin, a connection to Twitch’s servers is established. The Twitch server is thereby informed which of our pages you have visited. In addition, Twitch obtains your IP address. This also applies if you are not logged in to Twitch or do not have an account with Twitch. The information collected by Twitch is transmitted to the Twitch server in the USA.

    If you are logged into your Twitch account, you enable Twitch to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Twitch account.

    Further information on the handling of user data can be found in Twitch’s Privacy Policy at: https://www.twitch.tv/p/legal/privacy-policy/.

XI. Sending Push Notifications in the App and via the Website

For sending push notifications in the app (Android and iOS) and via the website, we use the CleverPush service provided by CleverPush GmbH, Brauhausstraße 15A, 22041 Hamburg. CleverPush processes anonymized data but does not store any personal data.

Right to object:

  • App: If you no longer wish to receive push notifications in the Android or iOS app, you can block notifications in your smartphone’s settings or disable notifications in the app’s settings.
  • Website: You can withdraw your consent to receive notifications at any time via your browser settings. If you do not wish to receive push notifications in the future, follow the browser-specific instructions to unsubscribe. Detailed instructions can be found here: Chrome, Mozilla Firefox, Safari.

XII. Our Use of Utiq Technology

The Utiq technology is provided by Utiq SA/NV. Utiq is a European company. The Utiq technology is designed to protect privacy by offering you choices and control. At the same time, it enables responsible digital marketing by websites such as ours.

Utiq works with various participating telecommunications providers (see the list here) to operate the technology.

The Utiq technology can only be activated and used if you use an internet connection that is supported by Utiq* and provided by one of the participating telecommunications providers listed below in the countries where the Utiq technology is available.

*Regarding supported internet connections: In some countries where we operate, the Utiq technology is only available when using a mobile connection, while in other countries it is also applicable to broadband connections (i.e., Wi-Fi).

A list of supported internet connections, sorted by country and telecommunications provider, can be found here.

The Utiq technology is disabled by default. It can only be activated if you give your consent while using a supported internet connection provided by one of the participating telecommunications providers.

We use the Utiq technology on our website(s). If you consent to the activation of this technology, Utiq provides us, Ippen Digital (data controller), with so-called marketing identifiers. These help us understand your browsing behavior and link visits to our website(s) (but only if you consent to the activation of Utiq technology on each individual website). We use the identifiers for activities such as the personalization of advertising and content, as well as for analyses on this and other websites using Utiq technology, depending on the consents you have granted. The identifiers are also shared with partner advertising platforms where necessary for the implementation of specific marketing or analysis activities.

If you activate the Utiq technology on one of our other websites (see the list on the “Manage Utiq” page, which can be found at the bottom of each individual website), we may use the Utiq technology to gather insights about your browsing activities on those websites (provided you give your consent to the activation of the Utiq technology on each of those websites).

The Utiq technology is tied to the internet connection. This means that all persons using the same connection on their devices and consenting to the Utiq technology receive the same identifier. Typically:

  • For a broadband connection (e.g., Wi-Fi), marketing or analysis is based on the browsing activities of all consenting household members;
  • For a mobile connection, marketing is more personalized, as it is based solely on the browsing behavior of the individual mobile user.

We, Ippen Digital GmbH & Co. KG, act together with Utiq as joint controllers (so-called “joint controllership”) for certain phases of processing. Within the framework of this arrangement:

  • We obtain consent regarding the Utiq technology, also for processing by Utiq and your telecommunications provider;
  • We provide you with a dedicated link at the bottom of our website (“Manage Utiq”) through which you can obtain information about the technology and its management;
  • Utiq provides you with a privacy portal (“consenthub”) to facilitate the exercise of your data protection rights and to enable you to easily manage your Utiq consents at any time, in one place;
  • You may exercise your rights against either controller; however, Utiq acts as a single point of contact for all questions or requests you have regarding the Utiq technology.

You can revoke your consent for Utiq* in the following ways:

  • On consenthub: By accessing the Utiq privacy portal (“consenthub”), you can revoke all Utiq consents you have given on the websites using Utiq technology.
  • On participating websites: You can also revoke your consent to the activation and use of the Utiq technology for individual websites by accessing the “Manage Utiq” page, which is accessible at the bottom of each website using Utiq technology.

The Utiq technology operates via your internet connection. If you use other connections, you must therefore manage the consents for each connection separately.

Alternatively, you can delete your history and website data at any time via your browser settings. This will delete all Utiq consents from your browser. All data on the Utiq platform will also be deleted within the periods specified in Utiq’s Privacy Policy.

Further information about Utiq technology can be found in Utiq’s Privacy Policy.

*This applies to Utiq consents given either by you or, if you use a shared internet connection, by a member of your household.

XIII. ID5

We use services of the digital advertising platform ID5, headquartered at 199 Bishopsgate, London EC2M 3TY, United Kingdom. ID5 assigns a unique ID to each visitor, enabling third-party advertisers to target the visitor with relevant advertising and place real-time bids. ID5 collects information such as e-mail addresses (in pseudonymized form), IP addresses, and/or information about the browser or operating system, and uses this to create an ID that can be used to recognize users on their devices. This ID does not contain any identifiable personal data. We may place this ID in our first-party cookie or use an ID5 cookie and allow it to be used for online advertising. This ID may be shared by us or on our behalf with our advertising partners and other third parties worldwide to enable interest-based content and/or targeted advertising (e.g., web, e-mail, connected devices, in-app advertising, etc.).

Data processing is carried out on the basis of your consent (Art. 6(1)(1)(a) GDPR), which can be withdrawn at any time. In addition, there is the possibility of objection if data is processed on the basis of legitimate interest (Art. 6(1)(1)(f) GDPR). A valid objection and a withdrawal do not affect processing operations that have already taken place. If you do not want tracking via the ID5 ID, please make use of the opt-out option on the provider’s website: https://id5-sync.com/privacy.

The data is processed by ID5 in, among other places, the United Kingdom. However, for such a data transfer, there is a so-called adequacy decision by the European Commission pursuant to Art. 45 GDPR, ensuring that a comparable level of data protection is guaranteed. An adequate level of data protection for the transfer to ID5’s partners is additionally secured by the conclusion of EU standard contractual clauses.

Further information about ID5 and the technologies and partners used can be found in the provider’s Privacy Policy: https://www.id5.io/privacy-policy.

XIV. Rights of the Data Subject

If personal data relating to you is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against the controller:

  1. Right of Access

    You may request confirmation from the controller as to whether personal data relating to you is being processed by us.

    If such processing exists, you may request information from the controller regarding the following:

    • The purposes for which the personal data is processed;
    • The categories of personal data being processed;
    • The recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed;
    • The planned duration of storage of the personal data relating to you or, if specific information on this is not possible, the criteria for determining the storage duration;
    • The existence of a right to rectification or erasure of the personal data relating to you, a right to restriction of processing by the controller, or a right to object to such processing;
    • The existence of a right to lodge a complaint with a supervisory authority;
    • All available information about the origin of the data, if the personal data is not collected from the data subject;
    • The existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved and the significance and the envisaged consequences of such processing for the data subject.

    You have the right to request information as to whether the personal data relating to you is transmitted to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

  2. Right to Rectification

    You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed relating to you is inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

  3. Right to Restriction of Processing

    Under the following conditions, you may request the restriction of processing of personal data relating to you:

    • If you contest the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data;
    • If the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
    • If the controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims; or
    • If you have objected to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

    If the processing of personal data relating to you has been restricted, such data may — apart from being stored — only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

    If restriction of processing has been imposed under the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

  4. Right to Erasure

    a) Obligation to Erase
    You may request the controller to erase the personal data relating to you without undue delay, and the controller is obliged to erase such data without undue delay, provided one of the following grounds applies:

    • The personal data relating to you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
    • You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
    • You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
    • The personal data relating to you has been unlawfully processed.
    • The erasure of personal data relating to you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
    • The personal data relating to you was collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

    b) Notification to Third Parties
    Where the controller has made the personal data relating to you public and is obliged pursuant to Art. 17(1) GDPR to erase it, the controller shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure of all links to, or copies or replications of, that personal data.

    c) Exceptions
    The right to erasure does not apply to the extent that processing is necessary:

    • For exercising the right to freedom of expression and information;
    • For compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    • For reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
    • For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    • For the establishment, exercise, or defense of legal claims.

  5. Right to Notification

    If you have asserted the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate such rectification or erasure of data or restriction of processing to all recipients to whom the personal data relating to you has been disclosed, unless this proves impossible or involves a disproportionate effort.You have the right to be informed by the controller about such recipients.

  6. Right to Data Portability

    You have the right to receive the personal data relating to you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:

    • The processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract pursuant to Art. 6(1)(b) GDPR; and
    • The processing is carried out by automated means.

    In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be adversely affected thereby.

    The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  7. Right to Object

    You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.

    The controller shall no longer process the personal data relating to you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

    If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you for the purposes of such marketing, including profiling to the extent that it is related to such direct marketing.

    If you object to processing for direct marketing purposes, the personal data relating to you shall no longer be processed for such purposes.

    In the context of the use of information society services — and notwithstanding Directive 2002/58/EC — you may exercise your right to object by automated means using technical specifications.

  8. Right to Withdraw the Declaration of Consent Under Data Protection Law

    You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

  9. Automated Individual Decision-Making, Including Profiling

    You have the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

    • Is necessary for entering into, or performance of, a contract between you and the controller;
    • Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
    • Is based on your explicit consent.

    However, these decisions may not be based on special categories of personal data as referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

    With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

  10. Right to Lodge a Complaint with a Supervisory Authority

    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

    The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

XV. Registration Service USER.ID

The Privacy Policy for our registration service can be found here: https://user.id/public/datenschutz

XVI. Finanztip Verbraucherinformation GmbH

On this website, we have integrated iFrames from Finanztip Verbraucherinformation GmbH, Hasenheide 54, 10967 Berlin (operator of the online financial guide Finanztip, hereinafter referred to as “Finanztip”). Within these iFrames, Finanztip uses affiliate links. When an affiliate link is clicked, cookies may be set. The cookies do not store any personal data, but only the Finanztip ID and the sequential number of the link that was clicked. It is also possible to store information such as the originating website, the time of the click, the referral website, and an online identifier of the user (FT UUID). Details on the data processing carried out in this connection can be found in Finanztip’s Privacy Policy. The legal basis for the integration of the iFrames is Art. 6(1)(f) GDPR. Our legitimate interest lies in optimizing the user-friendliness of the website and enabling a user-friendly integration of our website with the Finanztip calculators.

As of: October 2025