Privacy Policy

This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and its associated websites, features, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering"). With regard to the terminology used, such as "processing" or "controller," we refer to the definitions provided in Article 4 of the General Data Protection Regulation (GDPR).

Alexander Bunge
Grevenweg 80
20537 Hamburg

alex@eins23.tv

"Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and essentially covers any handling of data.

The term "Controller" refers to the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.

In accordance with Article 13 of the GDPR, we inform you of the legal basis for our data processing activities. If the legal basis is not explicitly stated in the privacy policy, the following applies:

In cases where the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.

We kindly ask you to regularly review the content of our Privacy Policy. We update the Privacy Policy whenever changes in our data processing activities make this necessary. We will inform you if the changes require any action on your part (e.g., consent) or any other individual notification.

If we disclose data to other individuals and companies (processors or third parties), transmit data to them, or otherwise grant them access to the data as part of our processing, this will only occur based on a legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract according to Article 6(1)(b) GDPR), if you have given consent, if a legal obligation requires it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

Whenever we engage third parties to process data based on a so-called 'Data Processing Agreement,' this is done in accordance with Art. 28 of the GDPR.

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of utilizing third-party services or disclosing or transferring data to third parties, it will only take place if necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will process or have data processed in a third country only if the specific conditions of Articles 44 et seq. of the GDPR are met. This means that processing will occur, for example, based on special safeguards, such as the officially recognized determination of an EU-equivalent level of data protection (e.g., for the USA through the “Privacy Shield”) or adherence to officially recognized specific contractual obligations (so-called “Standard Contractual Clauses”).

You have the right to request confirmation as to whether personal data is being processed, as well as access to this data, further information, and a copy of the data in accordance with Art. 15 GDPR.

According to Art. 16 GDPR, you have the right to request the completion of your personal data or the correction of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to request the immediate deletion of personal data concerning you or, alternatively, under Art. 18 GDPR, to request a restriction of the processing of the data.

You have the right to request that the personal data concerning you, which you have provided to us, be provided to you in accordance with Art. 20 GDPR and to request its transfer to other controllers.

Furthermore, in accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

You have the right to withdraw consents given pursuant to Article 7(3) GDPR with effect for the future.

You can object to the future processing of your personal data in accordance with Article 21 GDPR at any time. The objection may be made, in particular, against the processing for direct marketing purposes.

"Cookies" are small files that are stored on users' computers. Various information can be saved within cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Cookies that are temporary, or "session cookies" or "transient cookies," are those that are deleted after a user leaves an online service and closes their browser. For example, the contents of a shopping cart in an online store or a login status can be saved in such a cookie. Cookies that are "permanent" or "persistent" remain stored even after the browser is closed. For example, the login status can be retained when users revisit the site after several days. Such cookies can also store users' interests, which can be used for reach measurement or marketing purposes. "Third-party cookies" are cookies that are provided by other providers than the party responsible for the online service. (If the cookies belong only to the service provider, they are called "first-party cookies").

We may use temporary and permanent cookies and will inform you about this in our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Excluding cookies may lead to limitations in the functionality of this online offering.

A general objection to the use of cookies for online marketing purposes can be declared on a variety of services, especially in the case of tracking, via the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Additionally, the storage of cookies can be prevented by turning them off in the browser settings. Please note that this may mean that not all features of this online offering can be used.

The data we process will be deleted or restricted in processing in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and no legal retention obligations prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.

According to legal provisions in Germany, data must be stored for 6 years in accordance with Section 257 (1) of the HGB (Commercial Code) (business books, inventories, opening balance sheets, annual financial statements, business correspondence, booking vouchers, etc.) and for 10 years in accordance with Section 147 (1) of the AO (Tax Code) (books, records, management reports, booking vouchers, business and commercial correspondence, documents relevant for taxation, etc.).

According to legal provisions in Austria, data must be stored for 7 years in accordance with Section 132 (1) of the BAO (Federal Fiscal Code) (accounting documents, receipts/invoices, accounts, documents, business papers, statements of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents related to electronically provided services, telecommunications, broadcasting, and television services provided to non-business customers in EU member states, for which the Mini-One-Stop-Shop (MOSS) is used.

The hosting services we use are intended to provide the following services: infrastructure and platform services, computing power, storage space and database services, security services, as well as technical maintenance services, which we use for the operation of this online offer.

In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects, and visitors to this online offer based on our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

We, or our hosting provider, collect data based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR regarding each access to the server where this service is hosted (so-called server logfiles). Access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Logfile information is stored for security reasons (e.g., to investigate abuse or fraud) for a maximum of 7 days and then deleted. Data that is required to be retained for evidentiary purposes will not be deleted until the respective incident is fully resolved.

We process our clients' data within the scope of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services, and training services.

In this context, we process master data (e.g., customer data such as names or addresses), contact data (e.g., email, phone numbers), content data (e.g., text inputs, photographs, videos), contract data (e.g., subject of the contract, duration), payment data (e.g., bank details, payment history), usage and metadata (e.g., within the scope of evaluating and measuring the success of marketing activities). We generally do not process special categories of personal data, except when these are part of an instructed processing. The data subjects include our customers, prospects, as well as their customers, users, website visitors, employees, or third parties. The purpose of the processing is to provide contractual services, billing, and customer service. The legal bases for processing arise from Art. 6(1)(b) GDPR (contractual services), Art. 6(1)(f) GDPR (analysis, statistics, optimization, security measures). We process data that is necessary for the establishment and fulfillment of contractual services and point out the necessity of providing this data. Disclosure to external parties only takes place if it is required as part of an order. When processing data entrusted to us within the scope of an order, we act according to the instructions of the clients and the legal requirements of processing under Art. 28 GDPR, processing the data solely for the purposes specified in the order.

We delete the data after the expiration of legal warranty and comparable obligations. The necessity of retaining the data is reviewed every three years; in the case of legal archiving obligations, the data is deleted after the expiration of these obligations (6 years according to § 257 Para. 1 HGB, 10 years according to § 147 Para. 1 AO). In the case of data disclosed to us by the client within the scope of an order, we delete the data according to the requirements of the order, generally after the end of the order.

We process personal data such as basic data (e.g., names and addresses, as well as contact information of users) and contract data (e.g., services used, names of contacts, payment information) to fulfill our contractual obligations and service provisions according to Art. 6 para. 1 lit. b GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

In the context of using our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's interest in protection against misuse and other unauthorized use. These data will not be shared with third parties unless it is necessary for enforcing our claims or there is a legal obligation to do so according to Art. 6 para. 1 lit. c GDPR.

We process usage data (e.g., the websites visited on our online services, interest in our products) and content data (e.g., entries in contact forms or user profiles) for advertising purposes in a user profile, to display product recommendations based on the services the user has previously used.

Data will be deleted after the expiration of statutory warranty and similar obligations. The necessity of data retention will be reviewed every three years; in the case of legal archiving obligations, deletion will occur after their expiration. Information in any customer account will remain until it is deleted.

We process data as part of administrative tasks, the organization of our business, financial accounting, and compliance with legal obligations, such as archiving. In this context, we process the same data that we handle in the course of providing our contractual services. The legal bases for processing are Article 6 (1) lit. c of the GDPR and Article 6 (1) lit. f of the GDPR. Customers, prospects, business partners, and website visitors are affected by the processing. The purpose and our interest in processing lie in administration, financial accounting, office organization, data archiving—tasks that serve the maintenance of our business activities, the performance of our duties, and the provision of our services. The deletion of data concerning contractual services and communication follows the specifics mentioned in these processing activities.

In this context, we disclose or transmit data to tax authorities, advisors, such as tax consultants or auditors, as well as other fee-collecting authorities and payment service providers.

Furthermore, based on our business interests, we store information about suppliers, event organizers, and other business partners, for example, for future contact. These mostly company-related data are generally stored permanently.

o run our business efficiently and identify market trends, customer and user preferences, we analyze the data available to us regarding business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, and metadata based on Article 6(1)(f) of the GDPR, with the affected individuals including customers, prospects, business partners, visitors, and users of the online service.

The analyses are carried out for the purpose of business evaluations, marketing, and market research. In doing so, we may take into account the profiles of registered users, including information such as their purchasing behavior. The analyses serve to improve user-friendliness, optimize our offerings, and enhance the business efficiency. The analyses are for our internal use only and are not disclosed externally unless they are anonymous analyses with aggregated values.

If these analyses or profiles are personally identifiable, they will be deleted or anonymized upon the termination of the user's account, or after two years from the conclusion of the contract. Otherwise, the overall business analyses and general trend determinations will be created anonymously whenever possible.

When contacting us (e.g., via contact form, email, phone, or social media), the user's information will be processed in accordance with Art. 6 Para. 1 lit. b) GDPR to handle and process the inquiry. The user's information may be stored in a Customer Relationship Management system ("CRM system") or a similar inquiry management system.

We delete inquiries once they are no longer required. We review their necessity every two years; additionally, the legal archiving obligations apply.

We use Google Analytics, a web analytics service provided by Google LLC ("Google"), based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offerings in accordance with Art. 6(1) lit. f. GDPR). Google uses cookies. The information generated by the cookie about the use of the online offering by users is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection laws (https://www.privacyshield.gov).

Google will use this information on our behalf to evaluate the use of our online offering by users, compile reports on activities within this online offering, and provide additional services related to the use of this online offering and internet usage. Pseudonymous user profiles may be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser settings; users can also prevent the collection of data generated by the cookie and related to their use of the online offering by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

For more information about Google's data usage, settings, and opt-out options, please refer to Google's privacy policy (https://policies.google.com/technologies/ads) and the settings for displaying ads by Google (https://adssettings.google.com/authenticated).

Personal data of users will be deleted or anonymized after 14 months.

We maintain an online presence within social networks and platforms to communicate with active customers, prospects, and users there, and to inform them about our services. When accessing the respective networks and platforms, the terms of service and data processing policies of the respective operators apply.

Unless otherwise stated in our privacy policy, we process users' data when they communicate with us within the social networks and platforms, for example, by posting on our online presence or sending us messages.

We use third-party content or service offerings within our online presence based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online presence as per Art. 6(1)(f) GDPR) in order to incorporate their content and services, such as videos or fonts (hereinafter collectively referred to as "Content").

This always requires that the third-party providers of this content collect the user's IP address, as they could not deliver the content to their browsers without it. The IP address is therefore necessary for the display of this content. We strive to use only those contents whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymized information can also be stored in cookies on the users' devices and may include technical information about the browser and operating system, referring websites, visit duration, and other details regarding the use of our online services, as well as being combined with information from other sources.

We can embed videos from the "Vimeo" platform provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street, New York, New York 10011, USA. Privacy policy: https://vimeo.com/privacy. We would like to point out that Vimeo may use Google Analytics and refer to the privacy policy (https://www.google.com/policies/privacy) as well as the opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=en) or Google settings for data usage for marketing purposes (https://adssettings.google.com/).