Table of Contents 

• Person in Charge  
• Overview of Processing Activities 
• Relevant Legal Bases 
• Security Measures 
• Transmission of Personal Data 
• Processing of Personal Data in Third Countries 
• Deletion of Data Use of Cookies 
• Provision of the Online Offering and Web Hosting 
• Blogs and Publishing Media 
• Contact and Inquiry Management 
• Web Analysis, Monitoring, and Optimization 
• Presence on Social Media 
• Changes and Updates to the Privacy Policy 
• Rights of Data Subjects
• Definitions

Person in Charge

Arthur Kirschner
Email: arthur.kirschner@everyonesfavourite.de

Imprint: https://www.everyonesfavourite.de/impressum/

Overview of Processing Activities

The following overview summarizes the types of processed data and the purposes of their processing, and refers to the affected individuals.

Types of processed data

• Inventory data.
• Contact details.
• Content data.
• Usage data.
• Meta, communication, and procedural data.

Categories of affected individuals 

• Communication partners.
• Users.

Purposes of processing 

• Provision of contractual services and customer service.
• Contact inquiries and communication.
• Security measures. Reach measurement.
• Management and response to inquiries.
• Feedback.
• Marketing.
• Profiles with user-related information.
• Provision of our online offer and user-friendliness.
• Information technology infrastructure.

Relevant Legal Bases

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence. Furthermore, if more specific legal bases are applicable in individual cases, we will inform you about these in the privacy policy.

Performance of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). The BDSG contains special regulations, in particular regarding the right to information, the right to erasure, the right to object, the processing of special categories of personal data, the processing for other purposes and the transmission as well as automated decision-making in individual cases including profiling. It also regulates the processing of data for employment purposes (§ 26 BDSG), particularly with regard to the establishment, implementation or termination of employment relationships and the consent of employees. In addition, state data protection laws of the individual federal states may apply.

Security Measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the different probabilities and extent of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection that is appropriate to the risk.

These measures include, in particular, the protection of the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, availability, and separation. Furthermore, special procedures ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. We also consider the protection of personal data in the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through technical design and data protection-friendly default settings.

TLS encryption (https): To protect data transmitted via our online offerings, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission of Personal Data

As part of our processing of personal data, it may happen that the data is transmitted to other entities, companies, legally independent organizational units or individuals or disclosed to them. Recipients of this data may include service providers responsible for IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and conclude contracts or agreements with the recipients of your data that serve to protect your data.

Transmission of data within the organization: We may transmit personal data to other departments within our organization or grant them access to this data. If this transfer is made for administrative purposes, the transfer of data is based on our legitimate business and economic interests, or is necessary for the performance of our contractual obligations, or if consent from the data subject or a legal permission is present.

Processing of Personal Data in Third Countries 

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if the processing takes place within the scope of using services of third parties or the disclosure or transmission of data to other persons, entities or companies, this is only done in compliance with legal requirements.

Subject to express consent or contractually or legally required transfer, we process or allow the data to be processed only in third countries with a recognized level of data protection, contractual obligation through so-called standard data protection clauses of the EU Commission, if certifications exist, or if there are binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Deletion of Data Use of Cookies 

Cookies are small text files or other storage markers that store information on end devices and read information from end devices. For example, to store the login status in a user account, the contents of a shopping cart in an online shop, the accessed content or used functions of an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and comfort of online offerings, as well as creating analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, unless it is not required by law. Consent is not necessary, in particular, if the storage and reading of information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offering) expressly requested by them. Cookies that are absolutely necessary usually include cookies with functions that serve the purposes of displaying and running the online offering, load balancing, security, storing the preferences and selection options of users, or similar purposes related to the provision of the main and auxiliary functions of the requested online offering. The revocable consent is clearly communicated to users and contains information about the respective cookie use.

Notes on data protection legal basis: The data protection legal basis on which we process users' personal data with the help of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies are processed on the basis of our legitimate interests (e.g., in the commercial operation of our online offering and improving its usability) or, if this is done in the context of fulfilling our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We clarify the purposes for which we process cookies in the course of this privacy policy or in the context of our consent and processing processes.

Storage period: With regard to the storage period, the following types of cookies are distinguished:

• Temporary cookies (also called session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their device (e.g. browser or mobile application). Persistent cookies: Persistent cookies remain stored even after the device has been closed. For example, login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the data collected from users using cookies can be used for measuring the reach. If we do not provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are persistent and can be stored for up to two years.
• Persistent cookies: Persistent cookies remain stored even after the device has been closed. For example, login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the data collected from users using cookies can be used for measuring the reach. If we do not provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are persistent and can be stored for up to two years.

General information on revocation and objection (opt-out): Users can revoke their given consent at any time and also object to the processing in accordance with the legal requirements of Art. 21 GDPR. Users can also declare their objection through the settings of their browser, for example by deactivating the use of cookies (although this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Provision of the Online Offering and Web Hosting 

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or device.

• Processed data types: 
  • Usage data (e.g. visited web pages, interest in content, access times); meta, communication, and procedure data (e.g. IP addresses, time stamps, identification numbers, consent status); content data (e.g. entries in online forms).
• Data subjects: 
  • Users (e.g. website visitors, users of online services).
• Purposes of processing: 
  • Providing our online offerings and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); Security measures; Provision of contractual services and customer service.
• Legal basis:
  •  Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional information on processing procedures, methods and services:

• Provision of online services on rented storage space: 
  • To provide our online services, we use storage space, computing capacity, and software that we rent or obtain from a corresponding server provider (also known as a "web hoster"); Legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Collection of access data and log files: 
  • Access to our online services is logged in the form of so-called "server log files". Server log files can include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, message about successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and in most cases IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, such as DDoS attacks) and to ensure server utilization and stability; Legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident is finally clarified.
• We also use web hosting services that include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders, as well as other information concerning email transmission (such as the providers involved) and the contents of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails are generally not sent encrypted on the Internet. While emails are typically encrypted in transit, they are not encrypted on the servers from which they are sent and received (unless an end-to-end encryption protocol is used). Therefore, we cannot assume any responsibility for the transmission of emails between the sender and the recipient on our server; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• 1&1 IONOS: 
  • provides services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR); Website: https://www.ionos.de; Privacy policy: https://www.ionos.de/terms-gtc/terms-privacy; Data processing agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Blogs and Publishing Media 

We use blogs or similar means of online communication and publication (hereinafter "publication medium"). The data of readers is only processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers, or for security reasons. For all other information on the processing of visitors to our publication medium, please refer to the information in these privacy policy statements.

• Processed data types: 
  • Inventory data (e.g. names, addresses); contact data (e.g. email, phone numbers); content data (e.g. entries in online forms); usage data (e.g. visited web pages, interest in content, access times); meta, communication, and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
• Data subjects: 
  • Users (e.g. website visitors, users of online services).
• Purposes of processing: 
  • Provision of contractual services and customer service; feedback (e.g. collecting feedback via online form); provision of our online offering and user-friendliness.
• Legal basis: 
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Contact and Inquiry Management 

When contacting us (e.g. by post, contact form, email, telephone or via social media) as well as within existing user and business relationships, the information of the inquiring persons will be processed to the extent necessary to answer the contact inquiries and any requested measures.

• Processed data types: 
  • Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. visited web pages, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).
• Persons affected: 
  • Communication partners.
• Purposes of processing:
  •  Contact inquiries and communication; administration and response to inquiries; feedback (e.g. collecting feedback via online form); provision of our online offer and user-friendliness.
• Legal basis: 
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing procedures, procedures, and services:

• Contact form: 
  • If users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle the reported issue; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR), Legitimate interests (Art. 6 (1) (f) GDPR).

Web Analysis, Monitoring, and Optimization 

We use the analysis tool IONOS WebAnalytics from the German company 1&1 IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany on our website. The tool helps us analyze our website, and data is collected and stored for this purpose. However, this tool refrains from collecting data that could identify you as a person. Nevertheless, in this privacy policy, we want to provide you with more detailed information about the data processing and storage and also explain why we use IONOS WebAnalytics.

IONOS WebAnalytics is, as the name suggests, a tool that serves the analysis of our website. The software program collects data such as how long you stay on our website, which buttons you click, or from which other websites you found us. This gives us a good overview of user behavior on our website. All this information is anonymous. This means that we cannot identify you as a person through this data, but only receive general usage information and statistics.

Our goal is to provide you with the best possible experience on our website. We are convinced of our offerings and want our website to be a helpful and useful place for you. In order to achieve this, we need to adapt our website as closely as possible to your wishes and needs. With a web analysis tool like IONOS WebAnalytics and the resulting data, we can improve our website accordingly. The data can also be useful to us in making advertising and marketing measures more individual. Despite all these web analyses, the protection of personal data is still important to us. Unlike other analysis tools, IONOS WebAnalytics does not store or process data that could identify you as a person.

The data is collected and stored by IONOS WebAnalytics through log files or through a so-called pixel. A pixel is a snippet of JavaScript code that loads a set of functions that can track user behavior. WebAnalytics deliberately avoids the use of cookies.

IONOS does not store any personally identifiable information about you. While transmitting a page view, your IP address is transmitted, but it is immediately anonymized and processed in such a way that you cannot be identified as an individual.

The following data is stored by IONOS WebAnalytics:

• Your browser type and version
• Which website you visited before (referrer)
• Which specific page you accessed on our site
• Which operating system you are using
• Which device you are using (PC, tablet, or smartphone)
• When you arrived on our site
• Your IP address in anonymized form

The data is not shared with any third parties and is only used for statistical analysis.

The data is stored until the contract between IONOS WebAnalytics and us expires. In the case of a regular web hosting plan, the data is stored in our log directory and graphical statistics are generated from it. These logs are deleted every 8 weeks. In the case of a MyWebsite plan, the data is collected through a pixel. Here, the data is only stored and processed within IONOS WebAnalytics.

In general, you have the right to information, correction or deletion and restriction of the processing of your personal data at any time. You can also revoke your consent to the processing of the data at any time. However, since IONOS WebAnalytics does not store or process any personal data, and therefore, no identification of you as an individual is possible, there is no possibility to delete such data.

We hope we have provided you with the most important information about the minimal data processing of IONOS WebAnalytics. If you want to learn more about the tracking service, we recommend that you read the company's privacy policy at https://www.ionos.de/terms-gtc/datenschutzerklaerung/.

Presence on Social Media 

We maintain online presences within social networks and process user data in this context to communicate with active users or to offer information about us.

We would like to point out that user data may be processed outside the European Union in this context. This can result in risks for users, as enforcement of user rights may be more difficult.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage behavior and resulting user interests can be used to create usage profiles. These usage profiles can in turn be used to display advertisements within and outside the networks that presumably correspond to the interests of the users. Cookies are usually stored on users' computers for these purposes, in which usage behavior and user interests are stored. Furthermore, data can also be stored in usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in).

For a detailed description of the respective processing methods and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

In the event of requests for information and the assertion of data subject rights, we would also like to point out that these can be most effectively asserted with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

• Processed data types: 
  • Contact data (e.g. email, phone numbers); Content data (e.g. entries in online forms); Usage data (e.g. visited web pages, interest in content, access times); Meta, communication, and process data (e.g. IP addresses, time stamps, identification numbers, consent status).
• Affected persons: 
  • Users (e.g. website visitors, users of online services).
• Purposes of processing:
  •  Contact inquiries and communication; Feedback (e.g. collecting feedback via online form); Marketing.
• Legal basis: 
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods, and services:

• Instagram: 
  • Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy.
• Facebook pages: 
  • Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or actions they take (see "Things You and Others Do and Provide" in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How Do We Use This Information?" Facebook also collects and uses information to provide analysis services, so-called "Page Insights," to page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook ("Page Insights Information," https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular the security measures that Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, direct requests for information or deletion directly to Facebook). The rights of users (in particular, the right to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Page Insights Information" (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Standard contractual clauses (Ensuring the level of data protection in processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Further information: Joint responsibility agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. The joint responsibility is limited to the collection by and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is solely the responsibility of Meta Platforms Ireland Limited, in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
• TikTok: 
  • Social network / video platform; service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website: https://www.tiktok.com; privacy policy: https://www.tiktok.com/de/privacy-policy.

Changes and Updates to the Privacy Policy 

We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing we carry out require this. We will inform you as soon as the changes require an action on your part (e.g. consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time, and we ask you to verify the information before contacting them.

Rights of Data Subjects

You have various rights under the GDPR as a data subject, in particular arising from Articles 15 to 21 of the GDPR:

• Right to object: 
  • You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: 
  • You have the right to withdraw your consent at any time.
• Right of access: 
  • You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and other information specified in the law.
• Right to rectification: 
  • You have the right to obtain from us the rectification of inaccurate personal data concerning you, without undue delay, taking into account the purposes of the processing.
• Right to erasure and restriction of processing: 
  • You have the right to obtain from us the erasure of personal data concerning you without undue delay where certain legal grounds apply, or alternatively, to obtain restriction of processing in accordance with the legal requirements.
• Right to data portability: 
  • You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the legal requirements are met.
• Right to lodge a complaint with a supervisory authority: 
  • You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. This is without prejudice to any other administrative or judicial remedy.

Definitions

This section provides an overview of the terminology used in this privacy policy. Many of the terms are taken from the law and are defined primarily in Art. 4 of the GDPR. The legal definitions are binding. The following explanations are intended to aid understanding. The terms are sorted alphabetically.

• Personal data: 
  • "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Profiles with user-related information: 
  • The processing of "profiles with user-related information", or simply "profiles", includes any type of automated processing of personal data that involves using this personal data to analyze, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may involve different information concerning demographics, behavior and interests, such as interaction with websites and their content, etc.). For profiling purposes, cookies and web beacons are often used.
• Reach measurement: 
  • Reach measurement (also known as web analytics) is used to evaluate the visitor traffic of an online service and may include the behavior or interests of visitors in specific information, such as website content. With the help of reach analysis, website owners can, for example, recognize when visitors are visiting their website and what content they are interested in. This allows them to better tailor the content of the website to the needs of their visitors. For the purpose of reach analysis, pseudonymous cookies and web beacons are often used to recognize recurring visitors and obtain more precise analyses of the use of an online service.
• Person in charge: 
  • The "controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: 
  • "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Created with the usage of free Datenschutz-Generator.de by Dr. Thomas Schwenke