Privacy Policy

Preamble

 

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer"). The terms used are not gender-specific.

 

Status: 12th of March 2025​

 

Responsible

Responsible for data processing in accordance with Article 4 No. 7 of the GDPR, unless otherwise stated in this Privacy Policy:

 

Monolith Real Estate Greece S.A.

Platia Vallianou | Megaro Ampatielou

28100 Argostoli

GREECE

E-mail address:

info@ooto.gr

 +30 698 0668397

 

When you use our services, we automatically collect and process various data to optimize the functionality of our platform and ensure security and stability. This includes, among other things:

• Information about your device and the software version used,

• Date and time of your access and any disruptions for troubleshooting,

• Cookies and similar technologies that are essential for operation,

• Information about the websites from which you access our platform or that you visit via our platform,

• Your IP address and various identification numbers like the Mobile Device ID, the "Ad-ID" from Apple iOS, and the "Advertising ID" from Android to uniquely identify your device. Temporary storage of your IP address is technically necessary to enable access to our services. The legal basis for this data processing arises from Art. 6(1)(b) DSGVO. Additionally, we store your IP address for up to 14 days for security reasons in accordance with Art. 6(1)(f) DSGVO. During the use of our services, we process your full IP address or a pseudonymous ID to analyze the performance of our platform, without creating usage profiles. Your IP address or pseudonymous ID is automatically anonymized once your session ends. The legal basis for this processing is Art. 6(1)(f) DSGVO.

 

Overview of Processing 

The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected persons.

 

Types of Processed Data

• Inventory data

• Location data

• Contact data

• Content data

• Usage data

• Meta-, communication-, and procedural data

 

Categories of Affected Persons

• Communication partners

• Users

 

Purposes of Processing

• Contact requests and communication

• Security measures

• Direct marketing

• Management and response to inquiries

• Feedback

• Marketing

• Provision of our online offer and user-friendliness

• Information technology infrastructure

 

Relevant Legal Bases according to the DSGVO 

 

The following provides an overview of the legal bases of the DSGVO on which we process personal data. Please note that in addition to the DSGVO regulations, national data protection provisions in your or our country of residence may apply. Should more specific legal bases be applicable in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6(1)(a) DSGVO) - The data subject has given consent to the processing of their personal data for one or more specific purposes.

• Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) DSGVO) - Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.

• Legitimate interests (Art. 6(1)(f) DSGVO) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

 

National Data Protection Regulations in Germany 

 

In addition to the DSGVO regulations, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (BDSG), which contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission as well as automated decision-making in individual cases, including profiling. Additionally, state data protection laws of individual federal states may apply.

 

Note on the Applicability of DSGVO and Swiss DSG 

 

These data protection notices serve both to provide information under the Swiss DSG and under the DSGVO. Therefore, please note that due to broader spatial application and comprehensibility, the terms of the DSGVO are used. Specifically, instead of the terms "processing" of "personal data", "overriding interest", and "particularly sensitive personal data" used in the Swiss DSG, the terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" used in the DSGVO are used. The legal meaning of the terms, however, is still determined according to the Swiss DSG within the framework of its applicability.

​

Transmission of Personal Data 

 

In the course of our processing of personal data, it may happen that the data is transmitted to other entities, companies, legally independent organizational units, or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and conclude appropriate contracts or agreements with the recipients of your data to protect your data. Data Transmission within the Organization: We may transmit personal data to other entities within our organization or grant them access to this data. If this transfer is for administrative purposes, it is based on our legitimate business and operational interests or is necessary to fulfill our contractual obligations, or if there is consent from the data subjects or a legal permission.

International Data Transfers Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if processing occurs within the scope of using third-party services or disclosing or transmitting data to other persons, entities, or companies, this only takes place in accordance with legal requirements. Provided that the data protection level in the third country has been recognized by an adequacy decision (Art. 45 DSGVO), this serves as the basis for the data transfer. Otherwise, data transfers only take place if the data protection level is otherwise guaranteed, particularly through standard contractual clauses (Art. 46(2)(c) DSGVO), explicit consent, or in the case of contractual or legally required transmission (Art. 49(1) DSGVO). Furthermore, we inform you of the bases for third-country transmission with the respective providers from the third country, with adequacy decisions taking precedence as the basis. Information on third-country transfers and existing adequacy decisions can be found on the EU Commission's information offer: EU Commission Information.

 

General Information on Data Storage and Deletion 

​

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal grounds for processing exist. This applies to cases where the original processing purpose no longer exists or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data. In particular, data that must be retained for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly. Our data protection notices contain additional information on the retention and deletion of data specific to certain processing operations. If there are multiple indications of retention periods or deletion deadlines for a date, the longest period is always decisive. If a period does not expressly begin on a specific date and is at least one year, it starts automatically at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships within which data is stored, the triggering event is the effective date of termination or other termination of the legal relationship. Data that is no longer needed for the originally intended purpose but must be retained due to legal requirements or other reasons, we process exclusively for the reasons justifying their retention.

Integration of Third-Party Providers (Social Networks) To improve the user experience in our offering, we also integrate services from the third-party providers listed below, who are each responsible for data processing according to Art. 4 No. 7 DSGVO. If you have consented in the privacy settings, your browser establishes a direct connection to the server of the respective third-party provider. In this process, your IP address is always processed by the third-party provider, as it is necessary for establishing the connection and providing the content.

 

The legal basis for the integration of these services arises from Art. 6(1)(a) DSGVO. You can revoke your consent at any time. Further information on data processing by the respective third-party providers can be found in their privacy policies:

• Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), Privacy Policy: Instagram Privacy Policy

• Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), Privacy Policy: Facebook Privacy Policy

If you have consented, we use services to measure the performance of content on our platform. This involves capturing and reporting how content is delivered to users and how they interact with it. The legal basis for this data processing arises from Art. 6(1)(a) DSGVO. You can revoke your consent at any time. Additionally, we use services from third-party providers who are responsible for data processing under Art. 4 No. 7 DSGVO. Further information on data processing by these third-party providers and your rights as a data subject can be found in the privacy policies of the following links:

​​

• Facebook Content Feed (Facebook Business Tools) (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), Privacy Policy: https://www.facebook.com/about/privacy/

• Facebook Audience Network (Facebook Business Tools) (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), Privacy Policy: https://www.facebook.com/about/privacy/

• Facebook Conversion Pixel (Facebook Business Tools) (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), Privacy Policy: https://www.facebook.com/about/privacy/

• Facebook Website Custom Audiences (Facebook Business Tools) (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), Privacy Policy: https://www.facebook.com/about/privacy/

• Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), Privacy Policy: https://www.google.de/intl/de/policies/privacy/

• Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), Privacy Policy: https://www.google.de/intl/de/policies/privacy/

• Google Ads (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), Privacy Policy: https://www.google.de/intl/de/policies/privacy/

• Google Maps (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), Privacy Policy: https://www.google.de/intl/de/policies/privacy/

• Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), Privacy Policy: https://www.instagram.com/legal/privacy/

​

​​

Rights of the persons concerned

 

Please contact us at any time with questions and suggestions regarding data protection, as well as to exercise your rights as a data subject:

Monolith Real Estate Greece S.A.
Platia Vallianou
Megaro Ampatielou
28100 Argostoli
Greece
Email address: info@ooto.gr
Phone: +30 698 0668397​

 

Information, Correction, Deletion, Restriction of Processing

​

You can obtain information at any time, free of charge, about whether we process personal data about you, what data this is, and receive a copy of these data. You can also request the correction of inaccurate data and the completion of incomplete data. You have the right to request the deletion and restriction of your personal data. To obtain information or request the deletion of your personal data, please contact us at the email address mentioned above. Additionally, you can request the correction or restriction of the processing of your data.

 

Data Portability

​

If applicable, you have the right to receive your personal data, which is processed based on your consent or a contract and by automated means, in a structured, commonly used, and machine-readable format or to have it transmitted to another controller. This does not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. You also have the right to have your personal data transmitted directly from one controller to another, where technically feasible and not adversely affecting the rights and freedoms of others.

 

Revocation / Objection

You can revoke your consents at any time with effect for the future. In particular, you can object to the use of your email address for newsletter distribution in writing or text form. Moreover, you can object at any time, on grounds relating to your particular situation, to the processing of your personal data based on legitimate interest or public interest, including profiling. In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. If we process your personal data for direct marketing purposes, you have the right to object to this at any time. You can reach us at the contact address mentioned above. This also applies to profiling related to such direct marketing. Additionally, you have the right to object, on grounds relating to your particular situation, to the processing of your personal data for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

Right to Complain

​

You also have the right to lodge a complaint with the competent supervisory authority and seek judicial remedies. The supervisory authority with which the complaint has been lodged will inform you about the status and outcome of the complaint, including the possibility of a judicial remedy.

​

Use of Online Platforms for Offer and Sales Purposes

​

We offer our services on online platforms operated by other service providers. In this context, in addition to our privacy notices, the privacy notices of the respective platforms apply. This is particularly relevant for the payment process and the procedures used on the platforms for reach measurement and interest-based marketing. Processed Data Types: Inventory data (e.g., full name, address, contact details, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses or phone numbers); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication-, and procedural data (e.g., IP addresses, timestamps). Affected Persons: Service recipients and clients. Business and contract partners. Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Marketing. Business processes and economic procedures. Retention and Deletion: Deletion in accordance with the section "General Information on Data Storage and Deletion." Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1) S. 1 lit. b) DSGVO). Legitimate interests (Art. 6(1) S. 1 lit. f) DSGVO).

 

Provision of the Online Offer and Web Hosting

​

We process the data of users to provide them with our online services. To this end, we process the user's IP address, which is necessary to deliver the content and functions of our online services to the user's browser or device. Processed Data Types: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta-, communication-, and procedural data (e.g., IP addresses, timestamps); Log data (e.g., log files regarding logins or data retrieval or access times). Content data (e.g., textual or visual messages and contributions as well as related information). Affected Persons: Users (e.g., website visitors, users of online services). Purposes of Processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures. Retention and Deletion: Deletion in accordance with the section "General Information on Data Storage and Deletion."

Legal Bases: Legitimate interests (Art. 6(1) S. 1 lit. f) DSGVO).

 

Further Information on Processing Operations, Procedures, and Services

​

Collection of Access Data and Log Files: Access to our online offer is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed websites and files, date and time of access, transmitted data volumes, message about successful access, browser type along with version, the user's operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. Server log files can be used for security purposes, for example, to avoid server overload (especially in case of abusive attacks, so-called DDoS attacks), and also to ensure the utilization and stability of the servers; Legal bases: Legitimate interests (Art. 6(1) S. 1 lit. f) DSGVO). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidence purposes is exempt from deletion until the respective incident is finally clarified. Wix: Hosting and software for creating, providing, and operating websites, blogs, and other online offers; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal bases: Legitimate interests (Art. 6(1) S. 1 lit. f) DSGVO); Website: Wix; Privacy Policy: Wix Privacy Policy; Data Processing Agreement: Wix DPA. Basis for third-country transfers: Adequacy Decision (Israel).

​

Use of cookies

 

In order to offer our services, ensure security, prevent fraud, resolve errors, and technically provide content, we use certain cookies on our website. Your privacy settings, consents, and objections are also stored in these cookies and technologies on your device. These cookies and technologies are necessary to provide the services you requested. Further information about these specific cookies can be found in our privacy policy. Unless otherwise specified, we only use additional cookies and similar technologies on this website with your consent. These are used to store and process data on your device. Without your consent, some features of our website may not be fully functional.

Cookies are small files stored by your browser in a designated directory on your device. They help, among other things, to determine whether you have visited a website before. Many cookies contain a unique cookie ID that allows websites to recognize your browser and distinguish it from others. However, cookies cannot personally identify you unless you provide additional information.

For more information about the cookies and similar technologies we use, as well as our partners, please refer to our privacy policy. You have the option to withdraw your consent at any time. You can also delete placed cookies at any time using your internet browser or other software programs. This is possible in all common internet browsers. Please note that this will also delete your privacy settings, which would need to be set again upon revisiting our website. By default, the maximum lifespan of our cookies is one year, unless otherwise specified.

​

Storage duration: With regard to the storage duration, the following types of  cookies are distinguished:

 

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has visited an online offer and closed his or her end device (e.g. browser or mobile application).

 

• Permanent cookies: Permanent cookies remain stored even after the terminal device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used to measure reach. Unless we provide users with explicit information on the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and can be stored for up to two years.

​​

General Information on Withdrawal and Objection (Opt-out): Users can withdraw their given consents at any time and can also object to the processing in accordance with legal requirements, including through the privacy settings of their browser.

Processed Data Types: Meta, communication, and procedural data (e.g., IP addresses, time data). Affected Persons: Users (e.g., website visitors, online service users). Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Processing of Cookie Data Based on Consent: We use a cookie consent management procedure, within which the consents of users to the use of cookies, or the processing and providers mentioned within the cookie consent management procedure, are obtained and managed and can be withdrawn by users. The consent declaration is stored to avoid having to repeat the request and to be able to prove the consent in accordance with legal obligations. The storage can be server-side and/or in a cookie to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of storage of the consent can be up to two years. A pseudonymous user identifier is created and stored along with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and end device used; Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

​

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, telephone, or via social media) and within existing user and business relationships, the information of the requesting individuals is processed to the extent necessary to respond to the contact inquiries and any requested measures.

 

Processed Data Types: Inventory data (e.g., full name, residential address, contact information, etc.); Contact details (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or pictorial messages and contributions); Usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions). Meta, communication, and process data (e.g., IP addresses, timestamps).

Affected Persons: Communication partners.

Purposes of Processing: Communication; Organizational and administrative procedures; Feedback (e.g., collecting feedback via online forms). Provision of our online offering and user friendliness.

Retention and Erasure: Deletion according to the information in the section "General Information on Data Storage and Deletion".

Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further Information on Processing Procedures, Procedures, and Services: Contact Form: When contacting us via our contact form, email, or other communication channels, we process the personal data transmitted to us to respond to and process the respective inquiry. This typically includes details such as name, contact information, and any other information provided to us that is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication.

Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

​

​

Newsletter and Electronic Notifications

We only send newsletters, emails, and other electronic notifications (hereinafter "newsletter") with the consent of the recipients or legal permission. If the contents of the newsletter are specifically described within the scope of a newsletter registration, they are decisive for the users' consent. Otherwise, our newsletters contain information about our services and us. To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal addressing in the newsletter, or additional information if necessary for the purposes of the newsletter.

Double Opt-In Procedure: Newsletter registration is generally carried out in a double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with third-party email addresses. Newsletter registrations are logged to be able to prove the registration process in accordance with legal requirements.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to prove a previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist. The logging of the registration process is based on our legitimate interests for the purpose of proving its proper execution. If we engage a service provider for email dispatch, this is done based on our legitimate interests in an efficient and secure dispatch system.

Contents: Information about us, our services, promotions, and offers.

Processed Data Types: Inventory data (e.g., names, addresses); Contact details (e.g., email, telephone numbers). Affected Persons: Communication partners. Purposes of Processing: Direct marketing (e.g., via email or postal).

Retention and Deletion:

• 3 years - Contractual claims (AT) (Data necessary to consider potential warranty and damages claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and usual industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB)).

• 10 years - Contractual claims (CH) (Data necessary to consider potential damages claims or similar contractual claims and rights, and to process related inquiries, based on previous business experience and usual industry practices, are stored for the duration of the statutory limitation period of ten years, unless a shorter period of five years applies in specific cases (Art. 127, 130 OR)).

Legal Basis: Consent (Art. 6(1)(a) GDPR). Option to Object (Opt-Out): You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find an unsubscribe link at the end of each newsletter, or you can use one of the contact options provided above, preferably by email, for this purpose.

​

Further Information on Processing Procedures, Methods, and Services:

 

Measurement of Open and Click Rates:

​

The newsletters contain a so-called "web beacon," which is a pixel-sized file that is retrieved from our server or, if we use a delivery service provider, from their server when the newsletter is opened. As part of this retrieval, technical information such as browser and system information, as well as your IP address and the time of access, are initially collected. These pieces of information are used for the technical improvement of our newsletter based on technical data or the behavior of target groups, including their reading habits based on their access locations (determinable using IP addresses) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. These details are assigned to individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us understand user reading habits and tailor our content to them or send different content according to our users' interests. The measurement of open and click rates, as well as the storage of measurement results in user profiles and their further processing, are based on user consent. Separate revocation of measurement success is unfortunately not possible; in this case, the entire newsletter subscription must be canceled or objected to. In such cases, the stored profile information will be deleted; Legal Basis: Consent (Art. 6(1)(a) GDPR).

 

Commercial Communication via Email, Post, Fax, or Telephone:

​

We process personal data for the purpose of commercial communication that can be conducted through various channels such as email, telephone, post, or fax, in accordance with legal requirements. Recipients have the right to revoke consent granted at any time or to object to commercial communication at any time. Upon revocation or objection, we store the data necessary to prove the previous consent for contact or sending for up to three years after the end of the year of revocation or objection, based on our legitimate interests. The processing of this data is limited to the purpose of possible defense against claims. Based on our legitimate interest in permanently observing the revocation or objection of users, we also store the data necessary to prevent further contact (e.g., email address, telephone number, name, depending on the communication channel). Processed Data Types: Inventory data (e.g., full name, address, contact information); Contact details (e.g., postal and email addresses, telephone numbers); Content data (e.g., textual or pictorial messages and contributions). Affected Persons: Communication partners. Purposes of Processing: Direct marketing (e.g., via email or postal); Marketing; Promotion of sales. Retention and Deletion: Deletion according to information in the section "General Information on Data Storage and Deletion." Legal Basis: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

 

Web Analysis, Monitoring, and Optimization:

Web analysis (also known as "reach measurement") serves to evaluate visitor flows to our online offering and may involve behavior, interests, or demographic information of visitors, such as age or gender, as pseudonymous values. Reach analysis allows us, for example, to determine the times when our online offering or its functions/content are most frequently used, or to invite for reuse. It also enables us to track areas requiring optimization. In addition to web analysis, we may use test procedures to test and optimize different versions of our online offering or its components. Unless otherwise stated below, profiles, i.e., data summarized for a usage process, can be created for these purposes, and information can be stored and read in a browser or on an end device. The information collected includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the operating system, and details about usage times. If users have consented to the collection of their location data to us or to the providers of services we use, the processing of location data is also possible. Furthermore, user IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, clear user data (such as email addresses or names) is not stored in the context of web analysis, A/B testing, and optimization, but pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of users, but only the information stored in their profiles for the purpose of the respective procedures.

 

Notes on Legal Bases: If we ask users for their consent to the use of third-party providers, consent is the legal basis for data processing. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy. Processed Data Types: Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, communication, and process data (e.g., IP addresses, timestamps). Affected Persons: Users (e.g., website visitors, users of online services). Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Profiles with user-related information (creation of user profiles); Provision of our online offering and user-friendliness. Retention and Deletion: Deletion according to information in the section "General Information on Data Storage and Deletion." Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on users' devices for a period of two years). Security Measures: IP masking (pseudonymization of the IP address). Legal Basis: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

 

Further Information on Processing Procedures, Methods, and Services:

 

Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. Its purpose is to assign analysis information to an end device to identify which contents users accessed within one or several usage processes, which search terms they used, revisited, or interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users referring to our online offering and technical aspects of their end devices and browsers. Pseudonymous user profiles are created with information from the use of various devices, where cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). IP address data is used solely for this derivation of geolocation data when traffic from the EU is routed through EU-based servers before being forwarded to Analytics servers for processing. The IP address data is not logged, accessible, or used for further purposes. When Google Analytics collects measurement data, all IP queries are executed on EU-based servers before traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Security Measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Terms: https://business.safety.google/adsprocessorterms/; Basis for Third-Country Transfers: Data Privacy Framework (DPF); Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for Displaying Advertising: https://myadcenter.google.com/personalizationoff. Further Information: https://business.safety.google/adsservices/ (Types of processing and processed data).

 

Google Tag Manager: We use Google Tag Manager, a software from Google that allows us to centrally manage so-called website tags via a user interface. Tags are small code elements on our website used to capture and analyze visitor activities. This technology helps us improve our website and the content offered on it. Google Tag Manager itself does not create user profiles, store cookies with user profiles, or conduct independent analyses. Its function is limited to facilitating the integration and management of tools and services used on our website to make them more efficient. However, when using Google Tag Manager, the IP address of users is transmitted to Google, which is necessary for technical reasons to implement the services we use. Cookies may also be set during this process. However, this data processing only occurs when services are integrated via the Tag Manager. For more detailed information on these services and their data processing, please refer to the additional sections of this privacy policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Terms: https://business.safety.google/adsprocessorterms. Basis for Third-Country Transfers: Data Privacy Framework (DPF).

​

 

​