1. Data Protection at a Glance

General Information The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data means all data by which you can be personally identified. Detailed information about data protection can be found in this Privacy Policy below.

Data Collection on This Website Who is responsible for data collection on this website? Data processing on this website is carried out by the website owner. Their contact details can be found in the section titled “Information on the Responsible Party” below.

How do we collect your data? Some data is collected when you provide it to us — for example, by entering information in a contact form. Other data is collected automatically or after you provide consent when visiting the website. This includes mainly technical data (e.g. browser type, operating system, or time of page access). Such data is collected automatically as soon as you enter this website.

What do we use your data for? Part of the data is used to ensure the website functions properly. Other data may be used to analyze user behavior or to process contractual or pre-contractual obligations.

Your Rights Regarding Data You have the right to receive free information at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may withdraw that consent at any time with effect for the future. You also have the right, under certain circumstances, to request the restriction of processing of your personal data. Furthermore, you have the right to file a complaint with the competent supervisory authority.

2. Hosting We host our website with the following provider: IONOS SE Elgendorfer Str. 57 56410 Montabaur, Germany When you visit our website, IONOS collects various log files, including your IP address. For details, please refer to the IONOS privacy policy: https://www.ionos.de/terms-gtc/terms-privacy. The use of IONOS is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring our website is displayed as reliably as possible. Where consent has been obtained, processing takes place solely on the basis of Article 6(1)(a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to device information (e.g. via device fingerprinting). Consent can be withdrawn at any time.

Data Processing Agreement We have entered into a data processing agreement (DPA) with the above-mentioned provider. This contract is required by data protection law and ensures that IONOS processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Legal Information We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy. Please note that data transmission on the internet (e.g. via email) may have security vulnerabilities. A complete protection of data from access by third parties is not possible.

Responsible Party The party responsible for data processing on this website is: Anastasiia Erofeeva Vogelsanger Str. 193 50825 Cologne, Germany Phone: [Phone number of the responsible party] Email: [Email address of the responsible party] The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

Storage Period Unless a more specific storage period has been stated in this Privacy Policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a legitimate deletion request or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing it (such as retention periods required by tax or commercial law). In such cases, deletion occurs after these reasons no longer apply.

Legal Basis for Data Processing on This Website If you have consented to data processing, we process your personal data based on Article 6(1)(a) GDPR or, for special categories of data, Article 9(2)(a) GDPR. In cases where data is transferred to third countries, processing is additionally based on Article 49(1)(a) GDPR. If consent includes storing cookies or accessing information on your device, it also relies on § 25(1) TDDDG. Consent can be revoked at any time. If data processing is required to perform a contract or pre-contractual measures, we rely on Article 6(1)(b) GDPR. If data must be processed to comply with a legal obligation, it is done under Article 6(1)(c) GDPR. In all other cases, data is processed based on our legitimate interest in accordance with Article 6(1)(f) GDPR.

Recipients of Personal Data In the course of our business, we work with various external parties. In certain cases, the transfer of personal data to these external parties may be necessary. We transfer personal data only when required to fulfill a contract, when legally obliged to do so, when we have a legitimate interest in the transfer, or when another legal basis applies. When using data processors, data is shared only on the basis of a valid data processing agreement. Where joint processing occurs, a corresponding joint controller agreement is established.

Withdrawal of Consent Many processing operations are only possible with your express consent. You may withdraw consent at any time. The legality of data processing carried out before the withdrawal remains unaffected. Right to Object (Article 21 GDPR) You have the right to object, at any time and for reasons arising from your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary for the establishment, exercise, or defense of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing.

4. Data Collection on This Website Cookies Our website uses “cookies.” Cookies are small data files that do not harm your device. They may be stored temporarily for the duration of a browsing session (“session cookies”) or permanently (“persistent cookies”). Session cookies are automatically deleted once you leave the site. Persistent cookies remain stored on your device until you delete them or your browser automatically removes them. Cookies can be set by us (first-party cookies) or by third-party providers (“third-party cookies”). Third-party cookies allow the integration of certain third-party services within websites (e.g. payment processing, video playback, or analytics). Cookies serve various purposes. Some cookies are technically essential because certain website functions would not work without them (e.g. shopping cart functionality or secure login areas). Other cookies are used to analyze user behavior or display advertising. Cookies that are required to perform electronic communication, to provide specific functions you request, or to optimize the website (for example, cookies for measuring audience reach) are stored on the basis of Article 6 (1)(f) GDPR unless another legal basis is specified. We have a legitimate interest in the storage of essential cookies for the technically error-free and optimized delivery of our services. Where consent for storing cookies or similar recognition technologies is requested, processing takes place solely on the basis of that consent (Article 6 (1)(a) GDPR and § 25 (1) TDDDG); consent can be withdrawn at any time. You can configure your browser to inform you when cookies are placed, to allow cookies only in specific cases, to exclude the acceptance of cookies entirely, or to automatically delete cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Contact Form When you send inquiries to us via the contact form, the information you provide, including your contact details, is stored by us to process your request and in case of follow-up questions. We will not share this data without your consent. The processing of this data is based on Article 6 (1)(b) GDPR, provided that your request is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling your inquiries (Article 6 (1)(f) GDPR) or on your consent (Article 6 (1)(a) GDPR), if obtained. Consent may be withdrawn at any time. The data you enter in the contact form remains with us until you request deletion, withdraw your consent, or the purpose for data storage no longer applies (e.g., once your inquiry has been fully processed). Mandatory legal obligations – particularly retention periods – remain unaffected.

Email, Telephone, or Fax Inquiries When you contact us by email, telephone, or fax, your inquiry, including all resulting personal data (such as name and content of the request), will be stored and processed by us for the purpose of handling your request. We will not share this information without your consent. Processing of this data occurs based on Article 6 (1)(b) GDPR if your request relates to the execution of a contract or necessary pre-contractual measures. In all other cases, processing is based on our legitimate interest in efficiently managing inquiries (Article 6 (1)(f) GDPR) or your consent (Article 6 (1)(a) GDPR), if applicable. Consent can be withdrawn at any time. Data transmitted through contact inquiries will be retained until you request deletion, withdraw your consent, or the purpose of storage ceases to apply (e.g., once your request is resolved). Mandatory legal provisions – particularly retention requirements – remain unaffected. SSL and TLS Encryption For security reasons and to protect the transmission of confidential content, such as inquiries or orders you send to us, this site uses SSL or TLS encryption. An encrypted connection is indicated when the browser address line changes from “http://” to “https://” and by a lock symbol in your browser bar. When SSL or TLS encryption is enabled, data you transmit to us cannot be read by third parties.

5. Your Rights as a Data Subject Right to Restrict Processing You have the right to request the restriction of processing of your personal data. You can exercise this right at any time by contacting us. The right to restriction applies in the following circumstances: If you contest the accuracy of your personal data stored with us, we generally need time to verify this. During the verification period, you have the right to request that the processing of your personal data be restricted. If the processing of your data was or is unlawful, you may request restriction instead of deletion. If we no longer need your personal data, but you require it to exercise, defend, or establish legal claims, you have the right to request restriction instead of deletion. If you have objected under Article 21(1) GDPR, a balance between your and our interests must be made. As long as it is not yet determined whose interests prevail, you have the right to restrict the processing of your personal data. If the processing of your data has been restricted, such data – apart from storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

Right to Data Portability You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract in a structured, commonly used, and machine-readable format. You also have the right to request the transfer of this data to another controller, where technically feasible. Right to Lodge a Complaint with a Supervisory Authority In the event of violations of the GDPR, data subjects have the right to file a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or the location of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

6. Social Media Integrations Instagram This website includes features of the social media service Instagram, provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. When the Instagram feature is activated, a direct connection is established between your device and the Instagram servers. Instagram receives information that you have visited our website. If you are logged into your Instagram account, you can link content from this site to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Instagram. The use of this service is based on your consent under Article 6(1)(a) GDPR and §25(1) TDDDG. Consent may be withdrawn at any time. Where personal data is collected on our website and transmitted to Meta Platforms Ireland Limited (Instagram / Facebook), both parties are jointly responsible for the data processing as defined in Article 26 GDPR. The joint responsibility is limited solely to the collection and transmission of data to Meta / Instagram. Further processing by Meta after transmission is not part of the joint responsibility. The obligations shared between us and Meta are set out in the “Joint Controller Agreement,” available at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy information and for implementing the tool securely on our website. Meta is responsible for the security of its own products. If you wish to exercise your data subject rights regarding data processed by Meta, you may do so directly through Meta. If you contact us, we are obliged to forward your request to Meta. Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses and the EU-U.S. Data Privacy Framework (DPF).

Further details: https://www.facebook.com/legal/EU_data_transfer_addendum https://privacycenter.instagram.com/policy/ https://www.dataprivacyframework.gov/participant/4452 More information can also be found in Instagram’s Privacy Policy: https://privacycenter.instagram.com/policy/

7. Source This Privacy Policy was created using the eRecht24 GDPR Privacy Generator and adapted for professional English use. Source: https://www.e-recht24.de