Privacy Policy

Introduction

Privacy policies are often difficult to read. We understand that. And we want to do it differently. With this Privacy Policy, we want to provide you with an easy-to-understand explanation of how we process your personal data. For this purpose, we structure our Privacy Policy clearly for you and show you for each topic area whether and how we process your personal data.

Table of Contents

Our Privacy Policy is structured as follows

1.General - Brief introduction to the subject matter of the Privacy Policy, the Controller and the Data Protection Officer

2.General information on data processing - Information on what personal data is, on what legal basis we process it and whether we share it with third parties

3.Data subject rights - Information on your rights, including the right of access, erasure or objection to our data processing

4.Information on cookies and other technologies used - Information on the use of cookies and other technologies by means of which we process your personal data

5.Data processing in connection with the use of our Services - Information on our data processing in the Services themselves, on registration and on individual functionalities

6.Communication Services - Information on services for communication and the corresponding processing of your personal data

7.Payment processing - Information on the processing of payments involving payment service providers and the related processing of your personal data

8.Provision of our Services - Information on our hosting providers and the services used by them

9.Tracking & Tools - Information on services by means of which we provide our Services to you and by means of which we analyze the use of our Services

1. General

The protection of your personal data and your privacy is extremely important to us. Therefore, we would like to provide you with comprehensive transparency regarding the processing of your personal data (GDPR) as well as regarding the storage of information on your end device (TDDDG). Because only if the processing of personal data and information is understandable for you as a data subject are you sufficiently informed about the scope, the purposes and the benefits of the processing.

This Privacy Policy applies to all processing of personal data carried out by us as well as to the storage of information on your end devices. It therefore applies both in the context of providing our Services in our Services and within external online presences, such as our social media fan pages.

The controller within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) as well as other data protection requirements is

bitvizo UG (haftungsbeschränkt)

Steiermärker Str. 3-5

70469 Stuttgart
info@bitvizo.com

Hereinafter referred to as the “Controller” or “we”.

2. General Information on Data Processing

First, we would like to provide you with introductory information on what the protection of your personal data means, what personal data is, how we process it and which security measures we implement in this context.

2.1 Processing of personal data

Personal data (hereinafter also “data”) is individual information about personal or factual circumstances of an identified or identifiable natural person.

Individual information about personal or factual circumstances includes, for example:

•Personnel data - name, age, marital status, date of birth

•Communication data - address, telephone number, email address

•Account data - account number, credit card number

•Geo data - IP address & location data

The “processing” of personal data includes, for example, the following measures:

•Collection - Collecting your data via contact forms, by email or through processes and services used by us

•Transfer - Transferring your data to our service providers, integrated services or other third parties

•Storage - Storing your data in our databases or on our servers

•Erasure - Deleting your data when we are no longer authorized to process it

2.2 Legal bases for processing your personal data

We process personal data only within the legally permissible limits. The law already obliges us to do so - in particular the GDPR. Under the GDPR, we are required to always be able to rely on a legal basis for processing operations. These legal bases are set out in Art. 6(1) GDPR. Below we list the most common legal bases on which we process your personal data.

•Consent - Art. 6(1)(a) GDPR: We process your data only if you have consented to this processing after having been sufficiently informed by us in advance about its scope and purposes.

•Performance of a contract - Art. 6(1)(b) GDPR: We process your data only if this is necessary for the performance of a contract between us or for the implementation of pre-contractual measures.

•Legitimate interest - Art. 6(1)(f) GDPR: We process your data only if this is necessary to safeguard our legitimate interests and your interests or fundamental rights and freedoms relating to the protection of your data do not override such interests.

We process personal data only for specific purposes (Art. 5(1)(b) GDPR). As soon as the purpose of the processing no longer applies, your personal data will be deleted or protected by technical and organizational measures (e.g., by pseudonymization).

The same applies upon expiry of a prescribed retention period, subject to cases in which further storage is necessary for the conclusion or performance of a contract. In addition, there may be a legal obligation to retain data for a longer period or to disclose it to third parties (in particular law enforcement authorities). In other cases, the retention period and type of data collected as well as the type of data processing depend on which functions you use in each individual case. We will also be happy to provide information on this in individual cases, in accordance with Art. 15 GDPR.

2.3 Categories of data we process

Categories of data include, in particular, the following data:

•Master data (e.g., names, addresses, dates of birth),

•Contact data (e.g., email addresses, telephone numbers, messenger services),

•Content data (e.g., text entries, photographs, videos, content of documents/files),

•Contract data (e.g., subject matter of the contract, terms, customer category),

•Payment data (e.g., bank details, payment history, use of other payment service providers),

•Usage data (e.g., history in our Services, use of certain content, access times),

•Connection data (e.g., device information, IP addresses, URL referrer).

2.4 Security measures we implement

In accordance with statutory requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances and purposes of the processing as well as the varying likelihood and severity of the risk to your rights and freedoms, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

The measures include, in particular, ensuring that your data is stored and processed confidentially, with integrity and available at all times. Furthermore, the security measures we implement include controls of access to your data as well as access, input, disclosure, safeguarding of availability and separation of data from other natural persons. In addition, we have established procedures that ensure the exercise of data subject rights (see Section 5), the deletion of data and responses in the event of a risk to your data. We also take data protection into account as early as the development of our software and through procedures that comply with the principle of data protection by design and data protection-friendly default settings.

2.5 How we transmit or disclose personal data to third parties

As part of our processing of your personal data, it may happen that this data is transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. These third parties may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that we have integrated into our Services. If we transmit or disclose your personal data to third parties, we comply with statutory requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

2.6 Transfers to third countries

If this Privacy Policy states that we transfer your personal data to a third country, i.e., a country outside the EU or outside the EEA, the following applies: A transfer to a third country takes place only in accordance with statutory requirements. We assure you that we have a contractual or statutory authorization to transfer and process your data in the respective third country. In addition, we only have your data processed by service providers in third countries that, in our view, have a recognized level of data protection. This means that, for example, an adequacy decision exists between the EU and the country to which we transfer your personal data. An “adequacy decision” is a decision adopted by the European Commission pursuant to Art. 45 GDPR which determines that a third country (i.e., a country not bound by the GDPR) or an international organization ensures an adequate level of protection for personal data. Alternatively (e.g., if there is no adequacy decision), a transfer to a third country takes place only if, for example, contractual obligations between us and the service provider in the third country exist through so-called standard contractual clauses of the EU Commission and additional technical safeguards have been implemented that ensure an adequate level of protection equivalent to that in the EU, and/or the service provider in the third country can provide data protection certifications and your data is processed only in accordance with internal data protection rules (Art. 44 to 49 GDPR. Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Within the framework of the so-called “Data Privacy Framework” (“DPF”), the EU Commission recognized the level of data protection for certain companies in the USA as safe under the adequacy decision of 10 July 2023. A list of certified companies as well as further information on the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English). Within this Privacy Policy, we inform you which of the Services we use are certified under the Data Privacy Framework.

2.7 Deletion of data

The data processed by us will be deleted in accordance with statutory requirements as soon as any consents permitting processing are revoked or other permissions no longer apply (e.g., if the purpose of processing this data no longer applies or it is no longer required for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or the storage of which is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

Within this Privacy Policy, we may provide information on the deletion and retention of data that applies specifically to the respective processing operations.

2.8 Storage of and access to data on your end device

If we do not obtain your consent, the storage of or access to information on your end device is carried out in accordance with Section 25(2) No. 2 of the German Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services (TDDDG), as such storage and access is strictly necessary in order to provide the desired functions of our Services. If we obtain consent, the legal basis is Section 25(1) TDDDG. Our Services use cookies, tokens, beacons or other technologies that may be stored on your end devices and without which the provision of our Services would not be possible.

Cookies, tokens, beacons or other technologies are usually text files that are stored on your end device and can be read by us and third parties when you access our Services. Many of the aforementioned technologies contain their own ID. Such an ID is a unique identifier of the respective technology used. It consists of a string of characters by which websites and servers can be assigned to the specific internet browser or the specific service or end device in which cookies, tokens, beacons or other technologies were stored. This enables the operators of websites and analytics services to identify you as a user and distinguish you from others.

2.9 Processing on our behalf

If we use external service providers to process your data, we carefully select and commission them. If the services provided by these service providers constitute processing on our behalf within the meaning of Art. 28 GDPR, the service providers are bound by our instructions and are monitored regularly. Our data processing agreements with processors comply with the strict requirements of Art. 28 GDPR as well as the requirements of the German data protection authorities.

3. Data subject rights

If your personal data is processed, you are a “data subject” within the meaning of the GDPR and you have the following rights as a data subject vis-à-vis us as the “Controller”:

3.1 Right of access

You may request confirmation from the Controller as to whether personal data concerning you is being processed by us.

If such processing is taking place, you may request information from the Controller about the following:

•the purposes for which the personal data is processed;

•the categories of personal data that are processed;

•the recipients or categories of recipients to whom personal data concerning you has been disclosed or will be disclosed;

•the planned duration for which the personal data concerning you will be stored or, if specific information on this is not possible, criteria for determining the storage period;

•the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the Controller or a right to object to such processing;

•the existence of a right to lodge a complaint with a supervisory authority;

•all available information as to the source of the data where the personal data is not collected from the data subject;

•the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and - at least in those cases - meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

•You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

3.2 Right to rectification

You have a right to rectification and/or completion vis-à-vis the Controller if the personal data processed concerning you is incorrect or incomplete. The Controller shall carry out the rectification without undue delay.

3.3 Right to restriction of processing

Under the following conditions, you may request restriction of the processing of your personal data:

•if you contest the accuracy of the personal data concerning you for a period enabling the Controller to verify the accuracy of the personal data;

•if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

•if the Controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise or defense of legal claims; or

•if you have objected to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the Controller’s legitimate grounds override your grounds.

•If the processing of personal data concerning you has been restricted, such data - apart from its storage - may be processed only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted under the above conditions, you will be informed by the Controller before the restriction is lifted.

3.4 Right to erasure

3.4.1. You may request that the Controller erase personal data concerning you without undue delay, and the Controller is obliged to erase such data without undue delay if one of the following reasons applies:

•The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

•You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.

•You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.

•The personal data concerning you has been processed unlawfully.

•Erasure of the personal data concerning you is required to comply with a legal obligation under Union law or the law of the Member States to which the Controller is subject.

•The personal data concerning you was collected in relation to offered information society services pursuant to Art. 8(1) GDPR.

3.4.2. If the Controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase it, the Controller shall, taking into account available technology and implementation costs, take reasonable measures, including technical measures, to inform controllers processing the personal data that you as a data subject have requested the erasure by such controllers of any links to, or copies or replications of, such personal data.

3.4.3. Exceptions to the right to erasure

The right to erasure does not apply insofar as the processing of your data is necessary for:

•the exercise of the right of freedom of expression and information;

•compliance with a legal obligation that requires processing under Union law or the law of the Member States to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

•reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;

•archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in para. 1 is likely to render the achievement of the objectives of such processing impossible or seriously impair it; or

•the establishment, exercise or defense of legal claims.

3.5 Right to be informed

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the Controller, the Controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of such rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the Controller to be informed about these recipients.

3.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to the Controller in a structured, commonly used and machine-readable format. You also have the right to transmit such data to another controller without hindrance from the controller to which the personal data was provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means.

In exercising this right, you also have the right to obtain that the personal data concerning you be transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons shall not be adversely affected thereby.

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

3.7 Right to object

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The Controller shall no longer process the personal data concerning you unless the Controller demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

You have the option, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by automated means using technical specifications.

3.8 Right to withdraw consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent up to the time of withdrawal.

Processing is lawful until you withdraw your consent - the withdrawal therefore takes effect only for processing after receipt of your withdrawal. You may declare the withdrawal informally by post or email. Your personal data will then no longer be processed, subject to authorization under another legal basis. If there is no such legal basis, your data must be erased without undue delay after withdrawal pursuant to Art. 17(2) GDPR. Your right to withdraw your consent subject to the above conditions is ensured.

Your withdrawal is to be addressed to:

bitvizo UG (haftungsbeschränkt)

Steiermärker Str. 3-5

70469 Stuttgart
info@bitvizo.com

3.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant of the status and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

3.10 Automated decisions in individual cases including profiling

Automated decisions in individual cases, including profiling, do not take place unless specifically addressed otherwise in this Privacy Policy.

3.11 Notification obligations of the Controller

If your personal data has been disclosed to other recipients (third parties) on a legal basis, we will notify them of any rectification, erasure or restriction of the processing of your personal data (Art. 16, Art. 17(1) and Art. 18 GDPR). The notification obligation does not apply if it is associated with a disproportionate effort or is impossible. We will also inform you of the recipients upon request.

4. Information on cookies and other technologies used

We use only cookies and/or beacons or other technologies that are technically necessary to provide our Services. Cookies are, for example, small text files that contain data from visited websites or domains and are stored on your device (computer, tablet or smartphone). When you access a website, the cookie stored on your device sends information to the party that placed the cookie.

4.2 Storage duration of cookies and other technologies

If we do not provide you with explicit information on the storage duration of cookies and other technologies (e.g., as part of the consent banner), you can assume that the storage duration may be up to two years. If cookies and other technologies were set on the basis of your consent, you have the option at any time to withdraw consent granted or to object to the processing of your data by cookies/technologies (collectively referred to as “opt-out”).

5. Data processing in connection with the use of our Services

Using our Services with all of their functions involves the processing of personal data. We explain how this works below.

5.1 Informational use of our Services

Merely accessing our Services for informational purposes requires the processing of the following personal data and information: browser type and browser version, operating system used, address of previously visited websites, IP address of the end device with which you access our Services, and the time of access to our Services. All of this information is transmitted automatically by your browser, unless you have configured it so that the transmission of the information is suppressed.

Such personal data is processed for the purposes of the functionality and optimization of our Services and to ensure the security of our information technology systems. These purposes also constitute legitimate interests pursuant to Art. 6(1)(f) GDPR; processing is therefore carried out on a legal basis.

5.2 Use through or after registration

5.2.1 Registration

In addition to using our Services for purely informational purposes, you have the option of registering for our Services. In doing so, we process, in particular, master data and contact data such as your name, your email address and your password. In addition, we automatically process connection data such as date, device information and IP address. After registration, you have the option of using our Services in the free version and booking paid premium versions. Our Services enable you to select various Services and retrieve the respective content included. This use of our Services may require the processing of personal data and information in the manner described in this Section 5.

Some processing steps may also take place with third-party providers. The data processing by the third-party providers takes place under the terms of the respective applicable privacy policies. In the event of data processing with third-party providers, this may constitute processing on our behalf within the meaning of Art. 28 GDPR. This is subject to strict statutory requirements, which we comply with when entering into contractual agreements with our processors.

Use at or after registration and login and the associated data processing operations may differ from purely informational use. The collection of this data associated with your profile is carried out for the purpose of verifying your status and the associated fulfillment of our contractual obligations toward you. These are legitimate purposes pursuant to Art. 6(1)(b) GDPR. If your consent is required for a processing operation, we will obtain it at the relevant point (e.g., via the opt-in option within a consent banner when you use our Services for the first time). If you have further questions, we will be happy to assist you within the scope of your right of access pursuant to Art. 15(1) GDPR.

5.2.2 Setting up and using a user account

You can create a user account (hereinafter also “profile”) in our Services in order to use our Services and their functions. If you do so, the personal data you enter there will be transmitted to us by your end device and stored in our information technology systems. Your IP address and the time of registration will also be stored. When you log in to your profile, our Service stores tokens on your end device so that you can remain logged in - even if you need to reload our Services in the meantime. By creating a profile, you can use the functions of our Services.

The processing operations related to creating a profile serve the purpose of being able to assign future usage operations and to access the entire range of our Services. When ordering any additions and products, the processing of your data also serves the performance of the contract, is therefore purpose-bound and necessary pursuant to Art. 6(1)(b) GDPR.

The storage of the IP address and the time of registration is necessary to ensure the security of our information technology systems. This is also our legitimate interest, which is why the processing is lawful pursuant to Art. 6(1)(f) GDPR.

Your personal data entered by you will be stored until you delete this data within your profile or, at the latest, until your profile is fully deleted by us. Contrary to this, we will process certain personal data of yours only if we have a statutory or contractual authorization to do so. This is the case, for example, if we are permitted to retain contract or payment data even after deletion of your profile for billing purposes or other reasons necessary for the proper processing of our contractual relationship.

6. Communication Services

Contact & Support

We process your personal data that you provide to us when contacting us for the purpose of responding to your inquiry or your email. The processed data categories are master data, contact data, content data, where applicable usage data, connection data and, where applicable, contract data. The legal basis for processing depends on the purpose of the contact. By submitting an inquiry via the contact form or by contacting us by email, you indicate that you wish to receive answers or information on certain topics. For this purpose, you also provide your data. We respond to your inquiry as requested and process your data for this purpose. Therefore, the authorization to process your data is based on Art. 6(1)(b) GDPR, as we process it to answer your inquiry and thus to perform the contract regarding the handling of your inquiry.

7. Payment processing

In order to process payment claims, we offer various payment methods. For this purpose, we integrate the payment service providers described below. We do this for the purpose of properly and appropriately providing our Services. Data processed in this context includes usage data, connection data, master data, payment data, contact data and also contract data, such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract-, amount- and recipient-related information. The information is required in order to carry out the transactions. The data entered is processed only by the payment service providers and stored by them. We do not receive any account- or credit-card-related information, but only information about confirmation or negative information regarding the payment. In some cases, your data may be transmitted by the payment service providers to credit agencies. This transmission serves identity and creditworthiness checks. In this respect, we refer you to the terms and conditions and data protection information of the payment service providers. The legal basis for using the payment service providers results from Art. 6(1)(b) GDPR. We can provide the Services promised to you with our Services and thus fulfill our contractual obligations only if we use third parties, such as payment service providers, to process payment transactions. We have concluded a data processing agreement with the payment service provider to ensure that the security of the processing of your data is guaranteed at all times.

Payment Service Providers

Stripe

If you choose a payment method of the payment service provider Stripe, payment processing is carried out via Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we transmit the information you provide during the ordering process together with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) pursuant to Art. 6(1)(b) GDPR. Further information on Stripe’s data protection can be found at https://stripe.com/de/privacy#translation.

Stripe reserves the right to carry out a credit check on the basis of mathematical-statistical procedures in order to safeguard the legitimate interest in determining the user’s ability to pay. Stripe may transmit the personal data necessary for a credit check and received in the course of payment processing to selected credit agencies, which Stripe will disclose to users upon request. The credit report may contain probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things, but not exclusively, address data. Stripe uses the result of the credit check with regard to the statistical probability of payment default for the purpose of deciding on authorization to use the selected payment method.

You may object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies.

However, Stripe may still be entitled to process your personal data insofar as this is necessary for contractual payment processing.

8. Hosting

8.1 Provision of our Services

In order to provide our Services to you, we use the services of a hosting provider. Our Services are retrieved from the servers of this hosting provider. For these purposes, we use the infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services of the web hosting provider.

The processed data includes all data that you enter in the course of your use and communication in connection with your visit to our Services and/or that is collected from you in this context (e.g., your IP address). Our legal basis for using a hosting provider to provide our Services results from Art. 6(1)(f) GDPR (legitimate interest).

8.2 Collection of access data and log files

We ourselves (or our hosting provider) collect data on each access to the server (server log files). Server log files may include the address and name of the retrieved Services and files, date and time of retrieval, amounts of data transferred, message regarding successful retrieval, browser type and version, your operating system, referrer URL (the previously visited page) and, as a rule, IP addresses as well as the requesting provider.

Server log files may be used, on the one hand, for security purposes (e.g., to avoid overloading the servers, especially in the event of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure server utilization and stability. Our legal basis for using a hosting provider to collect access data and log files results from Art. 6(1)(f) GDPR (legitimate interest).

9. Tracking & Tools

To ensure smooth technical operation and optimal user-friendly use of our Services, we use the following services:

Matomo

We use Matomo for the purpose of statistical evaluation, optimization and user-oriented design of our Services. Matomo is a service provided by InnoCraft, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. Matomo’s representative in Germany is ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg. The processed data is usage data and connection data.

The data processed via Matomo remains on the servers operated by us or for us by third parties. It is not transmitted to any other third parties. The legal basis for using Matomo results from Art. 6(1)(f) GDPR (legitimate interest). We have an interest in analyzing your usage behavior and drawing conclusions from it that are important for our Services. Since we neither pass on the data processed in this way to third parties nor combine it with other data sources, but process it solely on our systems, your interest in the most integral possible handling of your personal data is not unduly impaired.