data pro­tec­tion

Fore­word

We, Expe­di­cial Reise GmbH, Zum Stadt­park 5, 93142 Max­hütte-Haid­hof, tog­e­ther with our sub­si­dia­ries (her­ein­af­ter jointly refer­red to as“the com­pany”,“we” or“us”) take the pro­tec­tion of your per­so­nal data seriously and would like to take this oppor­tu­nity to inform you about data pro­tec­tion in our com­pany. Within the scope of our respon­si­bi­lity under data pro­tec­tion law, addi­tio­nal obli­ga­ti­ons have been impo­sed on us by the entry into force of the EU Gene­ral Data Pro­tec­tion Regu­la­tion (Regu­la­tion (EU) 2016/679; her­ein­af­ter: “GDPR ) in order to ensure the pro­tec­tion of per­so­nal data of the per­son affec­ted by a pro­ces­sing ope­ra­tion (we also address you as data sub­ject her­ein­af­ter with “cus­to­mer”, “user”, ” you”, ” you ” ordata sub­ject”). Inso­far as we decide eit­her alone or jointly with others on the pur­po­ses and means of data pro­ces­sing, this includes above all the obli­ga­tion to inform you trans­par­ently about the nature, scope, pur­pose, dura­tion and legal basis of the pro­ces­sing (cf. Art. 13 and 14 DS-GVO). With this decla­ra­tion (her­ein­af­ter:“data pro­tec­tion infor­ma­tion”) we inform you about the way in which your per­so­nal data is pro­ces­sed by us. Our data pro­tec­tion infor­ma­tion is modu­lar in struc­ture. They con­sist of a gene­ral part for any pro­ces­sing of per­so­nal data and pro­ces­sing situa­tions that come into play each time a web­site is acces­sed (A. Gene­ral) and a spe­cial part, the con­tent of which rela­tes in each case only to the pro­ces­sing situa­tion indi­ca­ted there with desi­gna­tion of the respec­tive offer or pro­duct, in par­ti­cu­lar the visit to web­sites as detailed here (B. Visit to web­sites). In order to find the parts rele­vant to you, please refer to the fol­lo­wing over­view of the sub­di­vi­sion of the data pro­tec­tion infor­ma­tion:

Part Desi­gna­tion This part is for you
Part A Gene­ral infor­ma­tion always rele­vant.
Part B Web­site and social media pre­sen­ces rele­vant if you use our Ger­man web­site, inclu­ding our social media pre­sence.

A) Gene­ral

(1) Defi­ni­ti­ons

Fol­lo­wing the model of Art. 4 GDPR, this data pro­tec­tion notice is based on the fol­lo­wing defi­ni­ti­ons: — “Per­so­nal data” (Art. 4 No. 1 GDPR) means any infor­ma­tion rela­ting to an iden­ti­fied or iden­ti­fia­ble natu­ral per­son (“data sub­ject”). A per­son is iden­ti­fia­ble if he or she can be iden­ti­fied directly or indi­rectly, in par­ti­cu­lar by asso­cia­tion with an iden­ti­fier such as a name, an iden­ti­fi­ca­tion num­ber, an online iden­ti­fier, loca­tion data or with the aid of infor­ma­tion about his or her phy­si­cal, phy­sio­lo­gi­cal, gene­tic, men­tal, eco­no­mic, cul­tu­ral or social iden­tity cha­rac­te­ristics. The iden­ti­fia­bi­lity can also be given by means of a lin­kage of such infor­ma­tion or other addi­tio­nal know­ledge. The ori­gin, form or embo­di­ment of the infor­ma­tion does not mat­ter (even pho­to­graphs, video or audio recor­dings may con­tain per­so­nal data). — “Pro­ces­sing” (Art. 4 No. 2 GDPR) means any ope­ra­tion which invol­ves the hand­ling of per­so­nal data, whe­ther or not by means of auto­ma­ted (i.e. tech­no­logy-based) pro­ces­ses. This includes, in par­ti­cu­lar, the coll­ec­tion (i.e., acqui­si­tion), recor­ding, orga­niza­tion, arran­ge­ment, sto­rage, adapt­a­tion or altera­tion, retrie­val, con­sul­ta­tion, use, dis­clo­sure by trans­mis­sion, dis­se­mi­na­tion or other­wise making available, ali­gnment, com­bi­na­tion, rest­ric­tion, era­sure or des­truc­tion of per­so­nal data, as well as the change of a pur­pose or inten­ded pur­pose on which a data pro­ces­sing was ori­gi­nally based. — “Con­trol­ler” (Art. 4 No. 7 DS-GVO) means the natu­ral or legal per­son, public aut­ho­rity, agency or other body which alone or jointly with others deter­mi­nes the pur­po­ses and means of the pro­ces­sing of per­so­nal data. — “Third party” (Art. 4 No. 10 GDPR) means any natu­ral or legal per­son, public aut­ho­rity, agency or other body other than the data sub­ject, the con­trol­ler, the pro­ces­sor and the per­sons who are aut­ho­ri­zed to pro­cess the per­so­nal data under the direct respon­si­bi­lity of the con­trol­ler or pro­ces­sor; this also includes other group-affi­lia­ted legal enti­ties. — “Pro­ces­sor” (Art. 4 No. 8 DS-GVO) means a natu­ral or legal per­son, public aut­ho­rity, agency or other body that pro­ces­ses per­so­nal data on behalf of the con­trol­ler, in par­ti­cu­lar in accordance with the controller’s ins­truc­tions (e.g. IT ser­vice pro­vi­der). In par­ti­cu­lar, a pro­ces­sor is not a third party in the sense of data pro­tec­tion law. — “Con­sent” (Art. 4 No. 11 GDPR) of the data sub­ject means any freely given, spe­ci­fic, infor­med and unam­bi­guous indi­ca­tion of the data subject’s wis­hes by which he or she, by a state­ment or by a clear affir­ma­tive action, signi­fies agree­ment to the pro­ces­sing of per­so­nal data rela­ting to him or her.

(2) Name and address of the con­trol­ler

We are the con­trol­ler respon­si­ble for the pro­ces­sing of your per­so­nal data within the mea­ning of Art. 4 No. 7 GDPR: Expe­di­cial Reise GmbH Zum Stadt­park 5 93142 Max­hütte-Haid­hof Mana­ging Direc­tor Nils Lühr­mann Phone: +49 176 21729138 Email: info@npl-overland.eu Fur­ther infor­ma­tion about our com­pany can be found in the legal notice on our web­site: https://npl-overland.eu/impressum

(3) Cont­act of the con­trol­ler

If you have any ques­ti­ons or would like to cont­act us about data pro­tec­tion, please cont­act our data con­trol­ler at any time.

(4) Legal basis for data pro­ces­sing

In prin­ci­ple, any pro­ces­sing of per­so­nal data is pro­hi­bi­ted by law and is only per­mit­ted if the data pro­ces­sing falls under one of the fol­lo­wing jus­ti­fi­ca­ti­ons: — Art. 6 para. 1 p. 1 lit. a GDPR (“con­sent”): Where the data sub­ject has vol­un­t­a­rily, in an infor­med and unam­bi­guous man­ner, indi­ca­ted by a state­ment or other unam­bi­guous affir­ma­tive act that he or she cons­ents to the pro­ces­sing of per­so­nal data rela­ting to him or her for one or more spe­ci­fic pur­po­ses; — Art. 6 para. 1 p. 1 lit. b GDPR: If the pro­ces­sing is neces­sary for the per­for­mance of a con­tract to which the data sub­ject is party or in order to take steps at the request of the data sub­ject prior to ente­ring into a con­tract; — Art. 6 para. 1 p. 1 lit. c GDPR: If the pro­ces­sing is neces­sary for com­pli­ance with a legal obli­ga­tion to which the con­trol­ler is sub­ject (e.g. a legal obli­ga­tion to retain data); — Art. 6 para. 1 p. 1 lit. d GDPR: Where pro­ces­sing is neces­sary in order to pro­tect the vital inte­rests of the data sub­ject or of ano­ther natu­ral per­son; — Art. 6 para. 1 p. 1 lit. e GDPR: If the pro­ces­sing is neces­sary for the per­for­mance of a task car­ried out in the public inte­rest or in the exer­cise of offi­cial aut­ho­rity ves­ted in the con­trol­ler or — Art. 6 para. 1 p. 1 lit. f DS-GVO (“legi­ti­mate inte­rests”): Where pro­ces­sing is neces­sary for the pur­po­ses of legi­ti­mate (in par­ti­cu­lar legal or eco­no­mic) inte­rests of the con­trol­ler or a third party, unless such inte­rests are over­ridden by the con­flic­ting inte­rests or rights of the data sub­ject (in par­ti­cu­lar where the data sub­ject is a minor). For the pro­ces­sing ope­ra­ti­ons car­ried out by us, we indi­cate below the appli­ca­ble legal basis in each case. Pro­ces­sing can also be based on seve­ral legal bases.

(5) Data dele­tion and sto­rage period

For the pro­ces­sing ope­ra­ti­ons car­ried out by us, we indi­cate below how long the data is stored by us and when it is dele­ted or blo­cked. Unless an expli­cit sto­rage period is spe­ci­fied below, your per­so­nal data will be dele­ted or blo­cked as soon as the pur­pose or legal basis for sto­rage no lon­ger applies. Your data will gene­rally only be stored on our ser­vers in Ger­many, sub­ject to any dis­clo­sure in accordance with the pro­vi­si­ons in A.(7) and A.(8). Howe­ver, data may be stored bey­ond the spe­ci­fied period in the event of an (impen­ding) legal dis­pute with you or other legal pro­cee­dings or if sto­rage is pro­vi­ded for by sta­tu­tory pro­vi­si­ons to which we are sub­ject as the con­trol­ler (e.g. Sec­tion 257 HGB, Sec­tion 147 AO). If the sto­rage period pre­scri­bed by the sta­tu­tory pro­vi­si­ons expi­res, the per­so­nal data will be blo­cked or dele­ted unless fur­ther sto­rage by us is neces­sary and there is a legal basis for this.

(6) Data secu­rity

We use appro­priate tech­ni­cal and orga­niza­tio­nal secu­rity mea­su­res to pro­tect your data against acci­den­tal or inten­tio­nal mani­pu­la­tion, par­tial or com­plete loss, des­truc­tion or against unaut­ho­ri­zed access by third par­ties (e.g. TSL encryp­tion for our web­site), taking into account the state of the art, the imple­men­ta­tion costs and the nature, scope, con­text and pur­pose of the pro­ces­sing as well as the exis­ting risks of a data breach (inclu­ding its pro­ba­bi­lity and impact) for the data sub­ject. Our secu­rity mea­su­res are con­ti­nuously impro­ved in line with tech­no­lo­gi­cal deve­lo­p­ments. We will be happy to pro­vide you with more detailed infor­ma­tion on request. Please cont­act our data pro­tec­tion offi­cer (see under A.(3)).

(7) Coope­ra­tion with pro­ces­sors

As with any large com­pany, we also use exter­nal dome­stic and for­eign ser­vice pro­vi­ders to handle our busi­ness tran­sac­tions (e.g. for IT, logi­stics, tele­com­mu­ni­ca­ti­ons, sales and mar­ke­ting). They will only act accor­ding to our ins­truc­tions and have been con­trac­tually obli­ga­ted to com­ply with the data pro­tec­tion pro­vi­si­ons pur­su­ant to Art. 28 DS-GVO. If your per­so­nal data is pas­sed on by us to our sub­si­dia­ries or is pas­sed on to us by our sub­si­dia­ries (e.g. for adver­ti­sing pur­po­ses), this is done on the basis of exis­ting order pro­ces­sing rela­ti­onships.

(8) Con­di­ti­ons for the trans­fer of per­so­nal data to third count­ries

As part of our busi­ness rela­ti­onships, your per­so­nal data may be pas­sed on or dis­c­lo­sed to third-party com­pa­nies. These can also be loca­ted out­side the Euro­pean Eco­no­mic Area (EEA), i.e. in third count­ries. Such pro­ces­sing is car­ried out exclu­si­vely for the ful­fill­ment of con­trac­tual and busi­ness obli­ga­ti­ons and to main­tain your busi­ness rela­ti­onship with us. We will inform you about the respec­tive details of the trans­fer in the fol­lo­wing at the rele­vant points. The Euro­pean Com­mis­sion cer­ti­fies that some third count­ries have data pro­tec­tion stan­dards com­pa­ra­ble to the EEA stan­dard by means of so-cal­led ade­quacy decis­i­ons (a list of these count­ries and a copy of the ade­quacy decis­i­ons can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). Howe­ver, in other third count­ries to which per­so­nal data may be trans­fer­red, there may not be a con­sis­t­ently high level of data pro­tec­tion due to a lack of legal pro­vi­si­ons. If this is the case, we ensure that data pro­tec­tion is ade­qua­tely gua­ran­teed. This is pos­si­ble through bin­ding cor­po­rate rules, stan­dard con­trac­tual clau­ses of the Euro­pean Com­mis­sion for the pro­tec­tion of per­so­nal data, cer­ti­fi­ca­tes or reco­gni­zed codes of con­duct. Please cont­act our data pro­tec­tion offi­cer (see A.(3)) if you would like more infor­ma­tion on this.

(9) Auto­ma­ted decis­ion making (inclu­ding pro­fil­ing).

If we carry out auto­ma­ted decis­ion-making (inclu­ding pro­fil­ing), we will inform you of this at the rele­vant point in this pri­vacy policy, as well as of the logic invol­ved, the scope and the inten­ded effects of such pro­ces­sing. We do not use the per­so­nal data coll­ec­ted from you for auto­ma­ted decis­ion-making (inclu­ding pro­fil­ing).

(10) No obli­ga­tion to pro­vide per­so­nal data

We do not make the con­clu­sion of con­tracts with us depen­dent on you pro­vi­ding us with per­so­nal data before­hand. As a cus­to­mer, you are under no legal or con­trac­tual obli­ga­tion to pro­vide us with your per­so­nal data; howe­ver, we may only be able to pro­vide cer­tain ser­vices to a limi­ted ext­ent or not at all if you do not pro­vide the neces­sary data. If this should excep­tio­nally be the case within the scope of the pro­ducts pre­sen­ted below and offe­red by us, you will be infor­med of this sepa­ra­tely.

(11) Legal obli­ga­tion to trans­mit cer­tain data

We may be sub­ject to a spe­cial legal or sta­tu­tory obli­ga­tion to pro­vide the lawfully pro­ces­sed per­so­nal data to third par­ties, in par­ti­cu­lar public aut­ho­ri­ties (Art. 6 para. 1 sen­tence 1 lit. c GDPR).

(12) Your rights

You can assert your rights as a data sub­ject with regard to your pro­ces­sed per­so­nal data at any time by cont­ac­ting us using the cont­act details pro­vi­ded at the begin­ning under A.(2). As a data sub­ject, you have the right: — to request infor­ma­tion about your data pro­ces­sed by us in accordance with Art. 15 GDPR. In par­ti­cu­lar, you can request infor­ma­tion about the pur­po­ses of pro­ces­sing, the cate­gory of data, the cate­go­ries of reci­pi­ents to whom your data has been or will be dis­c­lo­sed, the plan­ned sto­rage period, the exis­tence of a right to rec­ti­fi­ca­tion, era­sure, rest­ric­tion of pro­ces­sing or objec­tion, the exis­tence of a right to lodge a com­plaint, the ori­gin of your data if it was not coll­ec­ted by us, as well as the exis­tence of auto­ma­ted decis­ion-making inclu­ding pro­fil­ing and, if appli­ca­ble, meaningful infor­ma­tion about its details. in accordance with Art. 16 GDPR, to imme­dia­tely request the rec­ti­fi­ca­tion of inac­cu­rate data or the com­ple­tion of your data stored by us; — in accordance with Art. 17 GDPR, to request the era­sure of your data stored by us, unless the pro­ces­sing is neces­sary for exer­cis­ing the right of free­dom of expres­sion and infor­ma­tion, for com­pli­ance with a legal obli­ga­tion, for reasons of public inte­rest or for the estab­lish­ment, exer­cise or defense of legal claims; — in accordance with Art. 18 GDPR, to demand the rest­ric­tion of the pro­ces­sing of your per­so­nal data if the accu­racy of the data is con­tes­ted by you, the pro­ces­sing is unlawful but you oppose the era­sure, we no lon­ger need the data but you require it for the estab­lish­ment, exer­cise or defense of legal claims or you have objec­ted to pro­ces­sing pur­su­ant to Art. 21 GDPR pen­ding the veri­fi­ca­tion whe­ther our legi­ti­mate grounds over­ride yours as the data sub­ject; — pur­su­ant to Art. 20 GDPR, to receive your data that you have pro­vi­ded to us in a struc­tu­red, com­monly used and machine-rea­da­ble for­mat or to request the trans­mis­sion to ano­ther con­trol­ler (“data por­ta­bi­lity”); — to object to the pro­ces­sing pur­su­ant to Art. 21 GDPR, pro­vi­ded that the pro­ces­sing is based on Art. 6 para. 1 sen­tence 1 lit. e or lit. f GDPR. This is par­ti­cu­larly the case if the pro­ces­sing is not neces­sary for the per­for­mance of a con­tract with you. If it is not an objec­tion to direct adver­ti­sing, we ask you to explain the reasons why we should not pro­cess your data as we have done when exer­cis­ing such an objec­tion. In the event of your jus­ti­fied objec­tion, we will examine the situa­tion and will eit­her dis­con­ti­nue or adapt the data pro­ces­sing or show you our com­pel­ling reasons worthy of pro­tec­tion on the basis of which we will con­ti­nue the pro­ces­sing; — in accordance with Art. 7 para. 3 GDPR, your con­sent given once (even before the GDPR came into force, i.e. before 25.5.2018), i.e. your vol­un­t­ary, infor­med and unequi­vo­cal con­sent to the pro­ces­sing of the per­so­nal data con­cer­ned for one or more spe­ci­fic pur­po­ses, which you have given to us at any time by means of a decla­ra­tion or other unam­bi­guous con­fir­ma­tory act, if you have given such con­sent. The con­se­quence of this is that we may no lon­ger con­ti­nue the data pro­ces­sing based on this con­sent in the future and — in accordance with Art. 77 GDPR to com­plain to a data pro­tec­tion super­vi­sory aut­ho­rity about the pro­ces­sing of your per­so­nal data in our com­pany, for exam­ple to the data pro­tec­tion super­vi­sory aut­ho­rity respon­si­ble for us, the Bava­rian State Office for Data Pro­tec­tion Super­vi­sion (BayLDA), Pro­me­nade 18. 91522 Ans­bach, e‑mail:
poststelle@datenschutz-bayern.de.

(13) Chan­ges to the data pro­tec­tion notice

As part of the ongo­ing deve­lo­p­ment of data pro­tec­tion law and tech­no­lo­gi­cal or orga­niza­tio­nal chan­ges, our data pro­tec­tion infor­ma­tion is regu­larly reviewed to deter­mine whe­ther it needs to be adapted or sup­ple­men­ted. You will be infor­med about chan­ges in par­ti­cu­lar on our Ger­man web­site at https://npl-overland.eu/. This data pro­tec­tion notice is valid as of May 2023.

B) Visi­ting web­sites

(1) Expl­ana­tion of the func­tion

Infor­ma­tion about our com­pany and the ser­vices we offer can be found in par­ti­cu­lar at https://npl-overland.eu/ tog­e­ther with the asso­cia­ted sub­pages (her­ein­af­ter jointly refer­red to as “web­sites”). When you visit our web­site, your per­so­nal data may be pro­ces­sed.

(2) Per­so­nal data pro­ces­sed

a) Infor­ma­tio­nal use

We coll­ect, store and pro­cess the fol­lo­wing cate­go­ries of per­so­nal data when you use the web­sites for infor­ma­tion pur­po­ses: “Log data”: When you visit our web­sites, a so-cal­led log data record (so-cal­led ser­ver log files) is tem­po­r­a­rily and anony­mously stored on our web ser­ver.
This con­sists of: — the page from which the page was reques­ted (so-cal­led refer­rer URL) — the name and URL of the reques­ted page — the date and time of the call — the descrip­tion of the type, lan­guage and ver­sion of the web brow­ser used — the IP address of the reques­t­ing com­pu­ter, which is shor­tened so that a per­so­nal refe­rence can no lon­ger be estab­lished — the amount of data trans­fer­red — the ope­ra­ting sys­tem — the mes­sage as to whe­ther the call was suc­cessful (access status/Http sta­tus code) — the GMT time zone dif­fe­rence

b) Cont­act

Cont­act form data:

When using cont­act forms (e.g. for com­mu­ni­ca­tion via our ser­vices), the data trans­mit­ted in this way is pro­ces­sed (e.g. gen­der, sur­name and first name, date of birth, address, com­pany, e‑mail address, tele­phone num­ber, and the time of trans­mis­sion).

Whats­App:

On our web­site, we offer the option of cont­ac­ting us directly via an inte­gra­ted Whats­App but­ton. When you use this ser­vice, per­so­nal data (such as your tele­phone num­ber and the mes­sa­ges you send) are trans­mit­ted to Whats­App Inc, 1601 Wil­low Road, Menlo Park, Cali­for­nia 94025, USA.
Pur­pose of data pro­ces­sing: The data is pro­ces­sed for the pur­pose of com­mu­ni­ca­ting directly with you and pro­ces­sing your inqui­ries.
The legal basis for data pro­ces­sing is our legi­ti­mate inte­rest pur­su­ant to Art. 6 para. 1 lit. f GDPR, as it enables fast and uncom­pli­ca­ted com­mu­ni­ca­tion. Dis­clo­sure to third par­ties: Whats­App Inc.
pro­ces­ses the per­so­nal data on our behalf.
This may also involve the trans­fer of data to third count­ries out­side the Euro­pean Union.
Whats­App has under­ta­ken to com­ply with EU data pro­tec­tion stan­dards and offers gua­ran­tees in accordance with Art. 44 et seq. GDPR. Sto­rage period: The data you trans­mit via Whats­App will only be stored for as long as is neces­sary to ful­fill the respec­tive com­mu­ni­ca­tion pur­po­ses and then dele­ted, unless there are legal obli­ga­ti­ons to retain it. Rights of data sub­jects: You have the right to request infor­ma­tion about the per­so­nal data stored by us as well as the right to rec­ti­fi­ca­tion, era­sure, rest­ric­tion of pro­ces­sing and objec­tion to pro­ces­sing in accordance with the pro­vi­si­ons of the GDPR.
Fur­ther infor­ma­tion on your rights can be found in the gene­ral infor­ma­tion on data pro­tec­tion in this pri­vacy policy. Opt-out: If you do not want Whats­App to coll­ect or pro­cess data about you, you should not use this ser­vice.
You can also unin­stall Whats­App from your device to pre­vent Whats­App from pro­ces­sing your data.

c) News­let­ter

In addi­tion to the purely infor­ma­tio­nal use of our web­site, we offer a sub­scrip­tion to our news­let­ter, with which we inform you about cur­rent offers. If you regis­ter for our news­let­ter, the fol­lo­wing “news­let­ter data” will be coll­ec­ted, stored and pro­ces­sed by us: — the page from which the page was reques­ted (so-cal­led refer­rer URL) — the date and time of the request — the descrip­tion of the type of web brow­ser used — the IP address of the reques­t­ing com­pu­ter, which is shor­tened so that a per­so­nal refe­rence can no lon­ger be estab­lished — the e‑mail address — the date and time of regis­tra­tion and con­fir­ma­tion We would like to point out that we eva­luate your user beha­vior when sen­ding the news­let­ter. For this eva­lua­tion, the emails sent con­tain so-cal­led web bea­cons or track­ing pixels, which are sin­gle-pixel image files stored on our web­site. For the eva­lua­tions, we link the afo­re­men­tio­ned data and the web bea­cons with your e‑mail address and an indi­vi­dual ID. Links con­tai­ned in the news­let­ter also con­tain this ID. The data is coll­ec­ted exclu­si­vely pseud­ony­mi­zed, i.e.. The IDs are the­r­e­fore not lin­ked to your other per­so­nal data, so that they can­not be directly lin­ked to a per­son.

(3) Pur­pose and legal basis of data pro­ces­sing

We also pro­cess the per­so­nal data descri­bed in more detail above in accordance with the pro­vi­si­ons of the GDPR and other rele­vant data pro­tec­tion regu­la­ti­ons and only to the ext­ent neces­sary. Inso­far as the pro­ces­sing of per­so­nal data is based on Art. 6 para. 1 p. 1 lit. f DS-GVO, the afo­re­men­tio­ned pur­po­ses also repre­sent our legi­ti­mate inte­rests. The pro­ces­sing of the log data ser­ves sta­tis­ti­cal pur­po­ses and the impro­ve­ment of the qua­lity of our web­site, in par­ti­cu­lar the sta­bi­lity and secu­rity of the con­nec­tion (legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO). Cont­act form data is pro­ces­sed to handle cus­to­mer inqui­ries and to com­mu­ni­cate about our offers or our ser­vices (legal basis is Art. 6 para. 1 p. 1 lit. b or lit. f DS-GVO). The news­let­ter data is pro­ces­sed for the pur­pose of sen­ding the news­let­ter. When regis­tering for our news­let­ter, you con­sent to the pro­ces­sing of your per­so­nal data (legal basis is Art. 6 para. 1 lit. a DS-GVO). For the regis­tra­tion to our news­let­ter we use the so-cal­led dou­ble opt-in pro­ce­dure. This means that after your regis­tra­tion, we will send you an e‑mail to the e‑mail address you pro­vi­ded, in which we ask you to con­firm that you wish to receive the news­let­ter. The pur­pose of this pro­ce­dure is to be able to prove your regis­tra­tion and, if neces­sary, to cla­rify a pos­si­ble misuse of your per­so­nal data. You can revoke your con­sent to receive the news­let­ter and unsub­scribe at any time. You can declare your revo­ca­tion by cli­cking on the link pro­vi­ded in every news­let­ter e‑mail, by e‑mail to info@npl-overland.eu or by sen­ding a mes­sage to the cont­act details given in the imprint.

(4) Dura­tion of data pro­ces­sing

Your data will only be pro­ces­sed for as long as is neces­sary to achieve the above-men­tio­ned pro­ces­sing pur­po­ses; the legal bases spe­ci­fied in the con­text of the pro­ces­sing pur­po­ses apply accor­din­gly. If you have con­sen­ted to data pro­ces­sing, your data will only be pro­ces­sed until you with­draw your con­sent. The legal basis is Art. 7 para. 3 GDPR. With regard to the use and sto­rage dura­tion of coo­kies, please refer to point A.(5) and the fol­lo­wing coo­kie policy. Third par­ties used by us will store your data on their sys­tem for as long as is neces­sary in con­nec­tion with the pro­vi­sion of the ser­vices for us in accordance with the respec­tive order. You can find more details on the sto­rage period under A.(5) and the fol­lo­wing coo­kie policy.

(5) Trans­fer of per­so­nal data to third par­ties; basis for jus­ti­fi­ca­tion

Trans­mis­sion to other third par­ties

The fol­lo­wing cate­go­ries of reci­pi­ents, which are usually pro­ces­sors (see A.(7)), may receive access to your per­so­nal data: — Ser­vice pro­vi­ders for the ope­ra­tion of our web­site and the pro­ces­sing of data stored or trans­mit­ted by the sys­tems (e.g. for data cen­ter ser­vices, pay­ment pro­ces­sing, IT secu­rity). The legal basis for the trans­fer is then Art. 6 para. 1 sen­tence 1 lit. b or lit. f GDPR, unless they are pro­ces­sors; — Govern­ment agencies/authorities, inso­far as this is neces­sary to ful­fill a legal obli­ga­tion. The legal basis for the dis­clo­sure is then Art. 6 para. 1 sen­tence 1 lit. c GDPR; — Per­sons employed to carry out our busi­ness ope­ra­ti­ons (e.g. audi­tors, banks, insu­rance com­pa­nies, legal advi­sors, super­vi­sory aut­ho­ri­ties, par­ties invol­ved in com­pany acqui­si­ti­ons or the estab­lish­ment of joint ven­tures). The legal basis for the trans­fer is then Art. 6 para. 1 sen­tence 1 lit. b or lit. f GDPR. For the gua­ran­tees of an appro­priate level of data pro­tec­tion when trans­fer­ring data to third count­ries, see A.(8). In addi­tion, we will only pass on your per­so­nal data to third par­ties if you have given your express con­sent in accordance with Art. 6 para. 1 sen­tence 1 lit. a GDPR.

(6) Use of coo­kies, plug­ins and other ser­vices on our web­site

a) Coo­kies

We use coo­kies on our web­sites. Coo­kies are small text files that are assi­gned to the brow­ser you are using and stored on your hard drive by means of a cha­rac­te­ristic string of cha­rac­ters, and through which cer­tain infor­ma­tion flows to the entity that sets the coo­kie. Coo­kies can­not exe­cute pro­grams or trans­fer viru­ses to your com­pu­ter and the­r­e­fore can­not cause any damage. They serve to make the Inter­net offer as a whole more user-fri­endly and effec­tive, i.e. more plea­sant for you. Coo­kies may con­tain data that make it pos­si­ble to reco­gnize the device used. In some cases, howe­ver, coo­kies only con­tain infor­ma­tion about cer­tain set­tings that can­not be rela­ted to a spe­ci­fic per­son. Howe­ver, coo­kies can­not directly iden­tify a user. A distinc­tion is made bet­ween ses­sion coo­kies, which are dele­ted as soon as you close your brow­ser, and per­ma­nent coo­kies, which are stored bey­ond the indi­vi­dual ses­sion. In terms of their func­tion, coo­kies are again divi­ded into: — Tech­ni­cal coo­kies: These are abso­lut­ely neces­sary to move around the web­site, use basic func­tions and ensure the secu­rity of the web­site; they do not coll­ect infor­ma­tion about you for mar­ke­ting pur­po­ses, nor do they store which web pages you have visi­ted; — Per­for­mance coo­kies: These coll­ect infor­ma­tion about how you use our web­site, which pages you visit and, for exam­ple per­for­mance coo­kies: These coll­ect infor­ma­tion about how you use our web­site, which pages you visit and, for exam­ple, whe­ther errors occur when using the web­site; they do not coll­ect any infor­ma­tion that could iden­tify you — all infor­ma­tion coll­ec­ted is anony­mous and is only used to improve our web­site and to find out what inte­rests our users; — adver­ti­sing coo­kies, tar­ge­ting coo­kies: These are used to offer the web­site user needs-based adver­ti­sing on the web­site or offers from third par­ties and to mea­sure the effec­ti­ve­ness of these offers; adver­ti­sing and tar­ge­ting coo­kies are stored for a maxi­mum of 13 months; — sha­ring coo­kies: These are used to improve the inter­ac­ti­vity of our web­site with other ser­vices (e.g. social net­works). social net­works); sha­ring coo­kies are stored for a maxi­mum of 13 months. Any use of coo­kies that is not strictly neces­sary from a tech­ni­cal point of view con­sti­tu­tes data pro­ces­sing that can only be car­ried out with your expli­cit and active con­sent in accordance with the Data Pro­tec­tion Act. Art. 6 par. 1 p. 1 lit. a GDPR is allo­wed. This applies in par­ti­cu­lar to the use of adver­ti­sing, tar­ge­ting or sha­ring coo­kies. In addi­tion, we will only dis­c­lose your per­so­nal data pro­ces­sed by coo­kies to third par­ties if you have given your con­sent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR have given their express con­sent to this.

b) Coo­kie Policy

Here you can manage your coo­kie set­tings and disable cer­tain types of track­ing. You can find more infor­ma­tion about which coo­kies we use below: Coo­kies: real_cookie_banner*, real_cookie_banner*-tcf, real_­coo­kie_­ban­ner-test Domain: npl-overland.eu Descrip­tion: Real Coo­kie Ban­ner asks web­site visi­tors to con­sent to the set­ting of coo­kies and the pro­ces­sing of per­so­nal data. For this pur­pose, each web­site visi­tor is assi­gned a UUID (pseud­ony­mous iden­ti­fi­ca­tion of the user), which is valid until the expi­ra­tion of the coo­kie for sto­ring con­sent. Coo­kies are used to test whe­ther coo­kies can be set, to store refe­rence to docu­men­ted con­sent, to store which ser­vices from which ser­vice groups the visi­tor has con­sen­ted to, and, if con­sent is obtai­ned under the Trans­pa­rency & Con­sent Frame­work (TCF), to store cons­ents in TCF Part­ners, Pur­po­ses, Spe­cial Pur­po­ses, Func­tions, and Spe­cial Func­tions. Within the scope of the duty of dis­clo­sure accor­ding to the GDPR, the coll­ec­ted con­sent is fully docu­men­ted. This includes, in addi­tion to the ser­vices and ser­vice groups to which the visi­tor has con­sen­ted, and if con­sent is obtai­ned accor­ding to the TCF stan­dard, to which TCF part­ners, pur­po­ses and func­tions the visi­tor has con­sen­ted, all coo­kie ban­ner set­tings at the time of con­sent as well as the tech­ni­cal cir­cum­s­tances (e.g. size of the vie­w­ing area at the time of con­sent) and user inter­ac­tions (e.g. cli­cking on but­tons) that led to con­sent. Con­sent is coll­ec­ted once per lan­guage. Dura­tion: 1 year Type: Essen­tial Coo­kie: wp-wpml_­cur­ren­t_lan­guage Domain: npl-overland.eu Descrip­tion: WPML is a multi-lan­guage sys­tem for Word­Press web­sites. The coo­kies store the user’s lan­guage and can redi­rect the user to the ver­sion of the web­site that cor­re­sponds to the lan­guage of the user’s brow­ser. Dura­tion: 1 day Type: Func­tional Coo­kie: _icl_visitor_lang_js Domain: npl-overland.eu Descrip­tion: WPML is a multi-lan­guage sys­tem for Word­Press web­sites. The coo­kies store the user’s lan­guage and can redi­rect the user to the ver­sion of the web­site that cor­re­sponds to the lan­guage of the user’s brow­ser. Dura­tion: Ses­sion Type: Func­tional Coo­kie: wpml_browser_redirect_test Domain: npl-overland.eu Descrip­tion: WPML is a multi-lan­guage sys­tem for Word­Press web­sites. The coo­kies store the user’s lan­guage and can redi­rect the user to the ver­sion of the web­site that cor­re­sponds to the lan­guage of the user’s brow­ser. Dura­tion: Ses­sion Type: Func­tional Coo­kies: SSID, HSID, SID, __Se­cure-3PA­PISID, SAPI­SID, APISID, __Se­cure-3PSID Domain: google.com Descrip­tion: You­Tube enables the direct embed­ding of con­tent published on youtube.com in web­sites. The coo­kies are used to coll­ect visi­ted web­sites and detailed sta­tis­tics about user beha­vior. This data may be lin­ked to the data of users log­ged on to youtube.com and google.com. Dura­tion: 2 years Type: Func­tional Coo­kie: SIDCC Domain: google.com Descrip­tion: You­Tube enables con­tent published on youtube.com to be embedded directly into web­sites. The coo­kies are used to coll­ect visi­ted web­sites and detailed sta­tis­tics about user beha­vior. This data may be lin­ked to the data of users log­ged on to youtube.com and google.com. Dura­tion: 1 year Type: Func­tional Coo­kie: NID Domain: google.com Descrip­tion: You­Tube allows con­tent published on youtube.com to be embedded directly into web­sites. The coo­kies are used to coll­ect visi­ted web­sites and detailed sta­tis­tics about user beha­vior. This data may be lin­ked to the data of users log­ged on to youtube.com and google.com. Dura­tion: 6 months Type: Func­tional Coo­kie: 1P_JAR Domain: google.com Descrip­tion: You­Tube allows con­tent published on youtube.com to be embedded directly into web­sites. The coo­kies are used to coll­ect visi­ted web­sites and detailed sta­tis­tics about user beha­vior. This data may be lin­ked to the data of users log­ged on to youtube.com and google.com. Dura­tion: 1 month Type: Func­tional Coo­kie: SIDCC Domain: youtube.com Descrip­tion: You­Tube enables con­tent published on youtube.com to be embedded directly into web­sites. The coo­kies are used to coll­ect visi­ted web­sites and detailed sta­tis­tics about user beha­vior. This data may be lin­ked to the data of users log­ged on to youtube.com and google.com. Dura­tion: 1 year Type: Func­tional Coo­kies: __Se­cure-3PA­PISID, SAPI­SID, SSID, LOGIN_INFO, HSID Domain: youtube.com Descrip­tion: You­Tube enables the direct embed­ding of con­tent published on youtube.com into web­sites. The coo­kies are used to coll­ect visi­ted web­sites and detailed sta­tis­tics about user beha­vior. This data may be lin­ked to the data of users log­ged on to youtube.com and google.com. Dura­tion: 2 years Type: Func­tional Coo­kies: __Se­cure-APISID, 1P_JAR Domain: youtube.com Descrip­tion: You­Tube allows con­tent published on youtube.com to be embedded directly into web­sites. The coo­kies are used to coll­ect visi­ted web­sites and detailed sta­tis­tics about user beha­vior. This data may be lin­ked to the data of users log­ged on to youtube.com and google.com. Dura­tion: 1 month Type: Func­tional Coo­kies: SEARCH_SAMESITE, VISITOR_INFO1_LIVE Domain: youtube.com Descrip­tion: You­Tube enables the direct embed­ding of con­tent published on youtube.com into web­sites. The coo­kies are used to coll­ect visi­ted web­sites and detailed sta­tis­tics about user beha­vior. This data may be lin­ked to the data of users log­ged on to youtube.com and google.com. Dura­tion: 6 months Type: Func­tional Coo­kies: _ga, _ga_* Domain: npl-overland.eu Descrip­tion: Google Ana­ly­tics is a ser­vice for gene­ra­ting detailed sta­tis­tics on user beha­vior on the web­site. The coo­kies are used to distin­gu­ish users, store cam­paign-rela­ted infor­ma­tion for and from the user, and to link data from mul­ti­ple page views. Dura­tion: 2 years Type: Sta­tis­tics Coo­kie: 1P_JAR Domain: google.com Descrip­tion: Google Ads Con­ver­sion Track­ing tracks the con­ver­sion rate and the suc­cess of Google Ads cam­paigns. Coo­kies are used to distin­gu­ish users and track their beha­vior on the web­site in detail and link this data with adver­ti­sing data from the Google Ads adver­ti­sing net­work. In addi­tion, the data is used for so-cal­led “remar­ke­ting” in order to dis­play tar­ge­ted adver­ti­sing again to users who have alre­ady cli­cked on one of our ads in the Google Ads net­work. This data may be lin­ked to data from users who have log­ged into their Google accounts on google.com or a loca­li­zed ver­sion of Google. Dura­tion: 1 month Type: Mar­ke­ting Coo­kie: CON­SENT Domain: google.com Descrip­tion: Google Ads Con­ver­sion Track­ing tracks the con­ver­sion rate and the suc­cess of Google Ads cam­paigns. Coo­kies are used to distin­gu­ish users and track their beha­vior on the web­site in detail and link this data with adver­ti­sing data from the Google Ads adver­ti­sing net­work. In addi­tion, the data is used for so-cal­led “remar­ke­ting” in order to dis­play tar­ge­ted adver­ti­sing again to users who have alre­ady cli­cked on one of our ads in the Google Ads net­work. This data may be lin­ked to data from users who have log­ged into their Google accounts on google.com or a loca­li­zed ver­sion of Google. Dura­tion: 18 years Type: Mar­ke­ting Coo­kie: test_cookie Domain: doubleclick.net Descrip­tion: Google Ads Con­ver­sion Track­ing tracks the con­ver­sion rate and the suc­cess of Google Ads cam­paigns. Coo­kies are used to distin­gu­ish users and track their beha­vior on the web­site in detail and link this data with adver­ti­sing data from the Google Ads adver­ti­sing net­work. In addi­tion, the data is used for so-cal­led “remar­ke­ting” in order to dis­play tar­ge­ted adver­ti­sing again to users who have alre­ady cli­cked on one of our ads in the Google Ads net­work. This data may be lin­ked to data from users who have log­ged into their Google accounts on google.com or a loca­li­zed ver­sion of Google. Dura­tion: 1 day Type: Mar­ke­ting Coo­kie: IDE Domain: doubleclick.net Descrip­tion: Google Ads Con­ver­sion Track­ing tracks the con­ver­sion rate and the suc­cess of Google Ads cam­paigns. Coo­kies are used to distin­gu­ish users and track their beha­vior on the web­site in detail and link this data with adver­ti­sing data from the Google Ads adver­ti­sing net­work. In addi­tion, the data is used for so-cal­led “remar­ke­ting” in order to dis­play tar­ge­ted adver­ti­sing again to users who have alre­ady cli­cked on one of our ads in the Google Ads net­work. This data may be lin­ked to data from users who have log­ged into their Google accounts on google.com or a loca­li­zed ver­sion of Google. Dura­tion: 1 year Type: Mar­ke­ting Coo­kie: _gcl_au Domain: npl-overland.eu Descrip­tion: Google Ads Con­ver­sion Track­ing tracks the con­ver­sion rate and the suc­cess of Google Ads cam­paigns. Coo­kies are used to distin­gu­ish users and track their beha­vior on the web­site in detail and link this data with adver­ti­sing data from the Google Ads adver­ti­sing net­work. In addi­tion, the data is used for so-cal­led “remar­ke­ting” in order to dis­play tar­ge­ted adver­ti­sing again to users who have alre­ady cli­cked on one of our ads in the Google Ads net­work. This data may be lin­ked to data from users who have log­ged into their Google accounts on google.com or a loca­li­zed ver­sion of Google. Dura­tion: 3 months Type: Mar­ke­ting

c) Google Ana­ly­tics

This web­site uses the func­tions of Google Ana­ly­tics, a web ana­ly­sis ser­vice of Google Ire­land Limi­ted, Gor­don House, Bar­row Street, Dub­lin 4, Ire­land, on the basis of your express con­sent (Art. 6 para. 1 sen­tence 1 lit. a) GDPR). You can give us your con­sent vol­un­t­a­rily when you call up our web­site by pres­sing the cor­re­spon­ding but­ton in the “coo­kie ban­ner”. Data is also regu­larly trans­mit­ted to Google LLC (1600 Amphi­theatre Park­way, Moun­tain View, CA 94043, USA) as part of the pro­ces­sing descri­bed below. Google Ire­land Limi­ted and Google LLC are her­ein­af­ter jointly refer­red to as “Google”. Google Ana­ly­tics uses coo­kies (first-party coo­kies), which enable an ana­ly­sis of your use of the web­site. This does not mean, howe­ver, that we ther­eby obtain direct know­ledge of your iden­tity. Google uses the infor­ma­tion gene­ra­ted by the coo­kies on our behalf for the pur­pose of eva­lua­ting your use of the web­site, com­pi­ling reports on web­site acti­vity and pro­vi­ding other ser­vices rela­ting to web­site acti­vity and inter­net usage. This allows us to improve the qua­lity of our web­site and its con­tent. We learn on the basis of sta­tis­ti­cal ana­ly­ses how the web­site is used and can thus con­stantly opti­mize our offer. During data pro­ces­sing via Google Ana­ly­tics, data may be trans­mit­ted to the USA. We would like to point out that, accor­ding to the Euro­pean Court of Jus­tice (ECJ), there is curr­ently no ade­quate level of pro­tec­tion for a data trans­fer to the USA. If data is trans­fer­red to the U.S., there is a risk that your data may be pro­ces­sed by U.S. aut­ho­ri­ties for moni­to­ring and sur­veil­lance pur­po­ses wit­hout any legal recourse available to you. The secu­rity of data trans­fers is regu­larly gua­ran­teed by EU Stan­dard Con­trac­tual Clau­ses (SCC) and Bin­ding Cor­po­rate Rules (BCR). Google Ana­ly­tics has SCC, which ensure that the pro­ces­sing of per­so­nal data is sub­ject to a level of secu­rity that com­plies with the GDPR. Fur­ther details can be found at: https://business.safety.google/adscontrollerterms/sccs/. If these EU stan­dard con­trac­tual clau­ses and bin­ding cor­po­rate rules are not suf­fi­ci­ent to estab­lish an ade­quate level of secu­rity, Art. 49 para. 1 lit. a DSGVO, which jus­ti­fies a data trans­fer to unsafe third count­ries, serve as a legal basis. The use of Google Ana­ly­tics is based on your con­sent given to us (Art. 6 para. 1 sen­tence 1 lit. a) GDPR). i) IP anony­miza­tion We have acti­va­ted the IP anony­miza­tion func­tion on this web­site. As a result, your IP address is shor­tened by Google within mem­ber sta­tes of the Euro­pean Union or in other sta­tes party to the Agree­ment on the Euro­pean Eco­no­mic Area before being trans­mit­ted to the USA and ther­eby anony­mi­zed. Only in excep­tio­nal cases is the full IP address trans­mit­ted to a Google ser­ver in the USA and shor­tened there. Accor­ding to Google’s own infor­ma­tion, the IP address trans­mit­ted by your brow­ser as part of Google Ana­ly­tics will not be mer­ged with other Google data rela­ting to your per­son. ii) Brow­ser plugin You can pre­vent the sto­rage of Google Ana­ly­tics coo­kies by set­ting your brow­ser soft­ware accor­din­gly (see above).
You can also pre­vent Google from coll­ec­ting the data gene­ra­ted by the coo­kie and rela­ting to your use of the web­site (inclu­ding your IP address) and from pro­ces­sing this data by Google by down­loa­ding and instal­ling the brow­ser plug-in available at the fol­lo­wing link: https://tools.google.com/dlpage/gaoptout?hl=de. iii) Objec­tion to data coll­ec­tion Alter­na­tively, you can activate/deactivate the coll­ec­tion of your data by Google Ana­ly­tics in the pri­vacy set­tings, espe­ci­ally on mobile devices. When deac­ti­va­ted, a coo­kie is set that pre­vents the coll­ec­tion of your data during future visits to this web­site. Spe­ci­fi­cally, the fol­lo­wing track­ing coo­kies are used by Google Analytics:__utmz, __utma, __utmb, __utmc, __utmt. You can find more infor­ma­tion on the hand­ling of user data at Google Ana­ly­tics and the secu­rity and data pro­tec­tion prin­ci­ples as well as set­ting and objec­tion opti­ons in Google’s data pro­tec­tion decla­ra­tion, available via the fol­lo­wing link: https://support.google.com/analytics/answer/6004245?hl=de. d) Google Ads and Google Con­ver­sion Track­ing This web­site uses Google Ads (form­erly “Google AdWords”). Ads is an online adver­ti­sing pro­gram pro­vi­ded by Google Inc, 1600 Amphi­theatre Park­way, Moun­tain View, CA 94043, United Sta­tes, (“Google”). We use Google Ads to adver­tise this web­site in Google search results and on third-party web­sites. In con­nec­tion with Google Ads, we use what is known as con­ver­sion track­ing. This means that when you click on an ad pla­ced by Google, a coo­kie is set for con­ver­sion track­ing. These coo­kies are valid for up to 30 days and are not used to per­so­nally iden­tify the user. If the user visits cer­tain pages of this web­site and the coo­kie has not yet expi­red, Google and we can reco­gnize that the user cli­cked on the ad and was redi­rec­ted to this page. Each user recei­ves a dif­fe­rent coo­kie through Google Ads. These coo­kies can­not be tra­cked via the web­sites of Ads users. The pur­pose of the infor­ma­tion coll­ec­ted by the con­ver­sion coo­kie is to create con­ver­sion sta­tis­tics for us. This tells us the total num­ber of users who cli­cked on our ad and were redi­rec­ted to a page with con­ver­sion track­ing. Howe­ver, we do not receive any infor­ma­tion with which the user can be per­so­nally iden­ti­fied. If you do not wish to par­ti­ci­pate in con­ver­sion track­ing, you can object to this use. To do this, deac­ti­vate the Google Con­ver­sion Track­ing coo­kie via your Inter­net brow­ser in the user set­tings. You will no lon­ger be included in the con­ver­sion track­ing sta­tis­tics. The use of Google Ads and the sto­rage of con­ver­sion coo­kies by means of con­ver­sion track­ing is in the inte­rest of opti­mi­zing our online offers and adver­ti­sing. This con­sti­tu­tes a legi­ti­mate inte­rest within the mea­ning of Art. 6 para. 1 lit. f GDPR. Nevert­hel­ess, we only use Google Ads and con­ver­sion track­ing on the basis of your express con­sent pur­su­ant to Art. 6 para. 1 sen­tence 1 lit. a) GDPR. When pro­ces­sing data via Google Ads and Google Con­ver­sion Track­ing, data may be trans­fer­red to the USA. We would like to point out that, in the opi­nion of the Euro­pean Court of Jus­tice (ECJ), there is curr­ently no ade­quate level of pro­tec­tion for data trans­fer to the USA. If data is trans­fer­red to the USA, there is a risk that your data may be pro­ces­sed by US aut­ho­ri­ties for moni­to­ring and con­trol pur­po­ses wit­hout you having any legal recourse. The secu­rity of data trans­mis­sion is regu­larly gua­ran­teed by EU Stan­dard Con­trac­tual Clau­ses (SCC) and Bin­ding Cor­po­rate Rules (BCR). Google Ads has SCCs that ensure that the pro­ces­sing of per­so­nal data is sub­ject to a level of secu­rity that cor­re­sponds to that of the GDPR. Fur­ther details can be found at: https://business.safety.google/adscontrollerterms/sccs/. If these EU stan­dard con­trac­tual clau­ses and bin­ding cor­po­rate rules are not suf­fi­ci­ent to estab­lish an ade­quate level of secu­rity, Art. 49 para. 1 lit. a GDPR, which jus­ti­fies a data trans­fer to inse­cure third count­ries, can serve as a legal basis. You can find more infor­ma­tion about Google Ads and Google Con­ver­sion Track­ing in Google’s pri­vacy policy:
https://www.google.de/policies/privacy/.

e) You­Tube

Our web­site uses plug­ins from the Google-ope­ra­ted You­Tube site. The ope­ra­tor of the pages is You­Tube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. Google Ire­land Limi­ted, Gor­don House, Bar­row Street, Dub­lin 4, Ire­land, is respon­si­ble for data pro­ces­sing in Europe. You­Tube allows us to embed videos directly on our web­site and make them available to you in order to offer you the best pos­si­ble user expe­ri­ence. When you visit a page on our web­site that has a You­Tube video embedded or click on a You­Tube embed to play a video, your brow­ser auto­ma­ti­cally con­nects to the You­Tube or Google ser­vers, wher­eby data is trans­mit­ted depen­ding on your set­tings. This tells the You­Tube ser­ver which of our pages you have visi­ted. If you are log­ged into your You­Tube or Google account, you enable You­Tube to assign your sur­fing beha­vior directly to your per­so­nal pro­file. You can pre­vent this by log­ging out of your You­Tube account. If you are not log­ged in with a You­Tube or Google account, Google stores data using a uni­que iden­ti­fier that is lin­ked to your brow­ser, device or app. You can pre­vent coo­kies from being set by dele­ting exis­ting coo­kies in your brow­ser and deac­ti­vat­ing the sto­rage of coo­kies in your brow­ser set­tings. In this case, you may not be able to use all the func­tions of our online offe­ring. We use You­Tube on the basis of your con­sent, Art. 6 para. 1, sen­tence 1 lit. a GDPR. You­Tube may also be used in the inte­rest of an appe­al­ing pre­sen­ta­tion of our online offers, which con­sti­tu­tes a legi­ti­mate inte­rest within the mea­ning of Art. 6 para. 1 lit. f GDPR. Nevert­hel­ess, we only use You­Tube on the basis of your con­sent. When data is pro­ces­sed via You­Tube, data may be trans­fer­red to the USA. We would like to point out that, in the opi­nion of the Euro­pean Court of Jus­tice (ECJ), there is curr­ently no ade­quate level of pro­tec­tion for data trans­fer to the USA. If data is trans­fer­red to the USA, there is a risk that your data may be pro­ces­sed by US aut­ho­ri­ties for moni­to­ring and con­trol pur­po­ses wit­hout you having any legal recourse. The secu­rity of data trans­mis­sion is regu­larly gua­ran­teed by EU Stan­dard Con­trac­tual Clau­ses (SCC) and Bin­ding Cor­po­rate Rules (BCR). You­Tube has SCCs that ensure that the pro­ces­sing of per­so­nal data is sub­ject to a level of secu­rity that cor­re­sponds to that of the GDPR. If these EU stan­dard con­trac­tual clau­ses and Bin­ding Cor­po­rate Rules are not suf­fi­ci­ent to estab­lish an ade­quate level of secu­rity, Art. 49 para. 1 lit. a GDPR, which jus­ti­fies a data trans­fer to inse­cure third count­ries, can serve as a legal basis. Fur­ther infor­ma­tion on the hand­ling of user data can be found in Google’s pri­vacy policy as a sub­si­diary of You­Tube at
https://policies.google.com/privacy?hl=de.

f) Font Awe­some Web Fonts

This site uses so-cal­led web fonts (“Font Awe­some”), which are pro­vi­ded by Fon­ti­cons, 307 S. Main St., Suite 202, Ben­ton­ville, AR 72712, USA, for the pur­pose of uni­form repre­sen­ta­tion of fonts. Font Awe­some Web Fonts are instal­led locally; there is no con­nec­tion to Fon­ti­cons ser­vers.

g) jQuery, jQueryUI and jQuery Migrate

This web­site uses jQuery or jQueryUI and jQuery Migrate tech­no­lo­gies from the pro­vi­der jQuery Foun­da­tion. This opti­mi­zes the loa­ding speeds of our web­site. These libra­ries are instal­led locally and do not con­nect to StackPath’s CDN ser­vers. The use of jQuery is in the inte­rest of an appe­al­ing and fast pre­sen­ta­tion of our online offers. This con­sti­tu­tes a legi­ti­mate inte­rest, legal basis is Art. 6 para. 1 lit. f GDPR repre­sent.

h) Google Hos­ted Libra­ries

This web­site uses the free Java­Script library “jQuery” to dis­play ani­ma­ti­ons, inter­ac­tive ele­ments, etc. Google Hos­ted Libra­ries from the pro­vi­der Google Ire­land Limi­ted, Gor­don House, Bar­row Street, Dub­lin 4, Ire­land is a glo­bally available con­tent dis­tri­bu­tion net­work (CDN) for such open source Java­Script libra­ries. When you visit a web­site, your brow­ser loads the neces­sary files into your browser’s cache to dis­play that web­site cor­rectly and pro­perly. For this pur­pose, the brow­ser you are using con­nects to Google’s ser­vers, which enables Google to reco­gnize that you have acces­sed our web­site via your IP address. Google Hos­ted Libra­ries are used in the inte­rest of an appe­al­ing pre­sen­ta­tion of our online offers and our web­site. This con­sti­tu­tes a legi­ti­mate inte­rest within the mea­ning of Art. 6 para. 1 lit. f GDPR. Fur­ther infor­ma­tion on Google Hos­ted Libra­ries can be found at https://developers.google.com/speed/libraries/ and in Google’s pri­vacy policy: https://www.google.com/policies/privacy/.

i) Ninja Forms

This web­site uses the Ninja Forms form plug-in from the pro­vi­der Satur­day Drive Inc, 1809 Keith St., Cleve­land, Ten­nes­see 37311, USA. We use Ninja Forms on the basis of your con­sent, Art. 6 para. 1, sen­tence 1 lit. a GDPR. Ninja Forms may also be used in the inte­rest of an appe­al­ing pre­sen­ta­tion of our online offers, which con­sti­tu­tes a legi­ti­mate inte­rest within the mea­ning of Art. 6 para. 1 lit. f GDPR. Nevert­hel­ess, we only use Ninja Forms on the basis of your con­sent. When data is pro­ces­sed via Ninja Forms, data may be trans­fer­red to the USA. We would like to point out that, in the opi­nion of the Euro­pean Court of Jus­tice (ECJ), there is curr­ently no ade­quate level of pro­tec­tion for data trans­fer to the USA. If data is trans­fer­red to the USA, there is a risk that your data may be pro­ces­sed by US aut­ho­ri­ties for moni­to­ring and con­trol pur­po­ses wit­hout you having any legal recourse. If these EU stan­dard con­trac­tual clau­ses and bin­ding cor­po­rate rules are not suf­fi­ci­ent to estab­lish an ade­quate level of secu­rity, Art. 49 para. 1 lit. a GDPR, which jus­ti­fies a data trans­fer to inse­cure third count­ries, can serve as a legal basis. Fur­ther infor­ma­tion can be found in Ninja Forms’ pri­vacy policy at
https://ninjaforms.com/privacy-policy/.

j) Yoast SEO

This web­site uses plug­ins from Yoast SEO, a ser­vice pro­vi­ded by Yoast BV, Don Ema­nu­el­straat 3, 6602 GX Wijchen, The Net­her­lands. By means of Yoast SEO we can opti­mize our web­sites for search engi­nes. You can pre­vent Yoast SEO from sto­ring coo­kies by sel­ec­ting the appro­priate set­ting in your brow­ser. Howe­ver, we would like to point out that in this case you may not be able to use all func­tions of our web­site to their full ext­ent. Fur­ther infor­ma­tion can be found in Yoast BV’s pri­vacy policy at https://yoast.com/privacy-policy/.

k) Cle­ver­Reach

This web­site uses Cle­ver­Reach to send news­let­ters. The pro­vi­der is Cle­ver­Reach GmbH & Co KG, Schaf­jü­cken­weg 2, 26180 Ras­tede. Cle­ver­Reach is a ser­vice that can be used to orga­nize and ana­lyze news­let­ter dis­tri­bu­tion. The data you enter for the pur­pose of recei­ving the news­let­ter (e.g. e‑mail address) is stored on CleverReach’s ser­vers in Ger­many or Ire­land. Our news­let­ters sent with Cle­ver­Reach allow us to ana­lyze the beha­vior of news­let­ter reci­pi­ents. Here, among other things, it can be ana­ly­zed how many reci­pi­ents have ope­ned the news­let­ter mes­sage and how often which link in the news­let­ter was cli­cked. With the help of so-cal­led con­ver­sion track­ing, it can also be ana­ly­zed whe­ther a pre­de­fi­ned action (e.g. purchase of a pro­duct on our web­site) has taken place after cli­cking on the link in the news­let­ter. Fur­ther infor­ma­tion on data ana­ly­sis by Cle­ver­Reach news­let­ters can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. Data pro­ces­sing takes place on the basis of your con­sent (Art. 6 para. 1 lit. a GDPR). You can revoke this con­sent at any time by unsub­scrib­ing from the news­let­ter. The lega­lity of the data pro­ces­sing ope­ra­ti­ons alre­ady car­ried out remains unaf­fec­ted by the revo­ca­tion. If you do not want any ana­ly­sis by Cle­ver­Reach, you must unsub­scribe from the news­let­ter. For this pur­pose, we pro­vide a cor­re­spon­ding link in every news­let­ter mes­sage. Fur­ther­more, you can also unsub­scribe from the news­let­ter directly on the web­site. The data you pro­vide for the pur­pose of recei­ving the news­let­ter will be stored by us until you unsub­scribe from the news­let­ter and will be dele­ted from our ser­vers as well as from the ser­vers of Cle­ver­Reach after you unsub­scribe from the news­let­ter. Data stored by us for other pur­po­ses (e.g. e‑mail addres­ses for the mem­ber area) remain unaf­fec­ted by this. You can find more details in CleverReach’s pri­vacy policy at: https://www.cleverreach.com/de/datenschutz/. Con­clu­sion of a con­tract for com­mis­sio­ned data pro­ces­sing We have con­cluded a con­tract with Cle­ver­Reach for com­mis­sio­ned data pro­ces­sing and fully imple­ment the strict requi­re­ments of the Ger­man data pro­tec­tion aut­ho­ri­ties when using Cle­ver­Reach.

l) Real Coo­kie Ban­ner

We use the “Real Coo­kie Ban­ner” con­sent tool to manage the coo­kies and simi­lar tech­no­lo­gies used (track­ing pixels, web bea­cons, etc.) and rela­ted cons­ents. Details on how “Real Coo­kie Ban­ner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/. Legal bases for the pro­ces­sing of per­so­nal data in this con­text are Art. 6 para. 1 lit. c DS-GVO and Art. 6 para. 1 lit. f GDPR. Our legi­ti­mate inte­rest is to manage the coo­kies and simi­lar tech­no­lo­gies used and the rela­ted cons­ents. The pro­vi­sion of per­so­nal data is neither con­trac­tually requi­red nor neces­sary for the con­clu­sion of a con­tract. You are not obli­ged to pro­vide the per­so­nal data. If you do not pro­vide the per­so­nal infor­ma­tion, we will not be able to manage your cons­ents.