Note: This document is a direct translation of the original German privacy policy into English. It has been translated to ensure clarity and understanding for English-speaking users. Every effort has been made to maintain accuracy, meaning, and completeness. However, in case of discrepancies, the original German version shall prevail.

Introduction

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent...

The terms used are not gender-specific.

Last updated: October 10, 2022

Table of Contents

• Introduction
• Controller
• Overview of Processing
• Applicable Legal Bases
• Security Measures
• Transfer of Personal Data
• Data Processing in Third Countries
• Data Deletion
• Use of Cookies
• Rights of Data Subjects
• Definitions

Controller

Roman Siebenhandl
Markt 17
3622 Mühldorf/Wachau
Austria

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +43 2713/8257
Imprint: https://www.7handl.at/impressum/

Overview of Processing

Types of Processed Data

• Inventory data.
• Payment data.
• Contact data.
• Content data.
• Contract data.
• Usage data.
• Meta/Communication data.

Special Categories of Data

• Health data
• Religious or ideological beliefs

Categories of Data Subjects

• Customers
• Interested parties
• Communication partners
• Users
• Business and contractual partners

Purposes of Processing

• Provision of contractual services and customer support
• Contact inquiries and communication
• Security measures
• Direct marketing
• Office and organizational procedures
• Management and response to inquiries
• Feedback
• Marketing
• Provision of our online offer and user-friendliness
• IT infrastructure

Legal Bases for Processing

Below, you will find an overview of the legal bases of the GDPR under which we process personal data. Please note that, in addition to the GDPR regulations, national data protection regulations in your or our country of residence may apply. If more specific legal bases apply in individual cases, we will inform you of them in the privacy policy.

• Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
• Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or to carry out pre-contractual measures requested by the data subject.
• Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) – Processing is necessary to fulfill a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data outweigh these interests.

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Austria. This includes, in particular, the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains specific regulations on:

• Right of access
• Right to rectification or deletion
• Processing of special categories of personal data
• Processing for other purposes
• Transfer and automated individual decision-making

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as varying probabilities and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data through control of physical and electronic access to data, as well as their access, input, disclosure, availability, and separation. We have also established procedures to ensure data subject rights, data deletion, and response to data threats. Furthermore, we take data protection into account in the development or selection of hardware, software, and procedures, following the principle of data protection through technology design and privacy-friendly default settings.

TLS encryption (https): To protect your data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transfer of Personal Data

In the course of processing personal data, it may be disclosed or transferred to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include service providers responsible for IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and conclude corresponding contracts or agreements to protect your data with the recipients.

Data transfer within the organization: We may transfer personal data to other entities within our organization or grant them access to it. If this transfer is for administrative purposes, it is based on our legitimate business and economic interests or is necessary to fulfill our contractual obligations, provided there is consent from the data subjects or legal permission.

• Temporary Cookies (Session Cookies): Temporary cookies are deleted at the latest when a user leaves an online offer and closes their device (e.g., browser or mobile application).
• Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Similarly, the data collected using cookies can be used for audience measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and can have a storage duration of up to two years.

Revocation and Objection (Opt-Out)

Users can revoke their given consents at any time and also object to processing in accordance with legal regulations under Article 21 GDPR. Users can also declare their objection via their browser settings, e.g., by disabling the use of cookies (although this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Processing of Cookie Data Based on Consent

We use a cookie consent management procedure in which users' consents to the use of cookies, as well as the processing and providers named in the cookie management procedure, are obtained, managed, and revoked. The consent declaration is stored to avoid repeatedly requesting consent and to prove the consent in accordance with legal obligations. Storage may take place on a server and/or in a cookie (so-called opt-in cookie or using comparable technologies) to be able to assign the consent to a user or their device. Unless otherwise specified for individual providers of cookie management services, the following applies: The storage duration of the consent can be up to two years. A pseudonymous user identifier is created and stored along with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and end device used.

Business Services

We process data from our contractual and business partners, such as customers and interested parties (collectively referred to as "contractual partners") within the framework of contractual and similar legal relationships, associated measures, and communication with the contractual partners (or pre-contractually), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any update obligations, and remedies for warranty and other service disruptions. Furthermore, we process the data to safeguard our rights and for administrative tasks associated with these obligations, as well as for business organization. In addition, we process the data based on our legitimate interests in proper and economic business operations and security measures to protect our contractual partners and our business from misuse, threats to their data, trade secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). To the extent permitted by law, we only disclose the data of contractual partners to third parties if this is necessary for the aforementioned purposes or to fulfill legal obligations. Further types of processing, such as for marketing purposes, are outlined in this privacy policy.

Which data is necessary for the aforementioned purposes is communicated to contractual partners before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiration of legal warranty and similar obligations, i.e., generally after four years, unless the data is stored in a customer account (e.g., as long as they must be retained for legal archiving reasons). The statutory retention period for tax-relevant documents, as well as commercial books, inventories, opening balances, annual financial statements, work instructions required to understand these documents, and other organizational documents and booking receipts, is ten years. For received commercial and business letters and copies of sent commercial and business letters, the retention period is six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, opening balance, annual financial statement, or management report was created, the commercial or business letter was received or sent, the booking receipt was created, or the record was made.

To the extent that we use third-party providers or platforms to provide our services, the business terms and privacy notices of the respective third-party providers or platforms apply in the relationship between users and providers.

Types of Processed Data

• Inventory data (e.g., names, addresses)
• Payment data (e.g., bank details, invoices, payment history)
• Contact data (e.g., email, phone numbers)
• Contract data (e.g., contract subject, duration, customer category)

Special Categories of Personal Data

• Health data (Art. 9 para. 1 GDPR)
• Religious or ideological beliefs (Art. 9 para. 1 GDPR)

Affected Persons

• Interested parties
• Business and contractual partners
• Customers

Purposes of Processing

• Provision of contractual services and customer service
• Contact inquiries and communication
• Office and organizational procedures
• Management and response to inquiries

Legal Bases

• Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR)
• Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR)
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)

Further Information on Processing, Procedures, and Services

Hotel and Accommodation Services

We process the information of our guests, visitors, and interested parties (collectively referred to as "guests") to provide our accommodation services as well as related services of a tourist or gastronomic nature and to bill for the services provided.

As part of our engagement, it may be necessary for us to process special categories of data within the meaning of Art. 9 para. 1 GDPR, in particular, information regarding a person's health or details related to their religious affiliation. Processing occurs to protect the health interests of visitors (e.g., in the case of allergy information) or otherwise to meet their physical or mental needs at their request and with their consent.

If required for contract performance, legally mandated, consented to by guests, or based on our legitimate interests, we disclose or transfer guest data to the service providers involved in fulfilling our services, authorities, billing centers, and entities in IT, office, or similar services.

Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Provision of Online Services and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Types of Processed Data:

• Usage data (e.g., visited websites, interest in content, access times)
• Meta/Communication data (e.g., device information, IP addresses)

Affected Persons:

• Users (e.g., website visitors, users of online services)

Purposes of Processing:

• Provision of our online services and user-friendliness
• Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.))
• Security measures

Legal Bases:

• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)

Further Information on Processing, Procedures, and Services:

Provision of Online Services on Rented Storage Space:

For the provision of our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also known as a "web host"); Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Collection of Access Data and Log Files:

Access to our online services is logged in the form of so-called "server log files." The server log files may include the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, a message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider.

Server log files may be used for security purposes, for example, to prevent server overloads (especially in cases of abusive attacks, known as DDoS attacks), as well as to ensure the stability and load capacity of the servers; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

World4You:

Services in the field of providing IT infrastructure and related services (e.g., storage space and/or computing capacity); Service Provider: World4You, Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.world4you.com/de; Privacy Policy: https://www.world4you.com/de/unternehmen/datenschutzerklaerung.html.

Contact and Inquiry Management

When contacting us (e.g., via contact form, email, phone, or social media) as well as within existing user and business relationships, we process the information provided by the inquiring persons to the extent necessary to respond to the contact inquiries and any requested measures.

Types of Processed Data:

• Contact data (e.g., email, phone numbers)
• Content data (e.g., entries in online forms)
• Usage data (e.g., visited web pages, interest in content, access times)
• Meta/Communication data (e.g., device information, IP addresses)

Affected Persons:

• Communication partners

Purposes of Processing:

• Contact inquiries and communication
• Management and response to inquiries
• Feedback (e.g., collecting feedback via online forms)
• Provision of our online services and user-friendliness

Legal Bases:

• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
• Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR)

Further Information on Processing, Procedures, and Services:

Contact Form:

When users contact us via our contact form, email, or other communication channels, we process the data provided in this context to handle the submitted request; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Marketing Communication via Email, Mail, Fax, or Phone

We process personal data for marketing communication purposes, which may occur through various channels, such as email, phone, mail, or fax, in accordance with legal requirements.

Recipients have the right to revoke their given consents at any time or to object to marketing communication at any time.

After revocation or objection, we store the data required to prove the previous authorization for contact or mailing for up to three years after the end of the year in which the revocation or objection was made, based on our legitimate interests. The processing of this data is restricted to the purpose of potential defense against claims. Based on the legitimate interest in permanently respecting the revocation or objection of users, we also store the data necessary to prevent renewed contact (e.g., depending on the communication channel, the email address, phone number, or name).

Types of Processed Data:

• Inventory data (e.g., names, addresses)
• Contact data (e.g., email, phone numbers)

Affected Persons:

• Communication partners

Purposes of Processing:

• Direct marketing (e.g., via email or postal mail)

Legal Bases:

• Consent (Art. 6 para. 1 sentence 1 lit. a GDPR)
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)

Social Media Introduction

Social Media Privacy Policy Summary 

👥 Affected: Website visitors 🤝 Purpose:

Presentation and optimization of our services, communication with visitors and interested parties, advertising 📓 Processed data: Data such as phone numbers, email addresses, contact details, user behavior, information about your device, and IP address. For more details, please refer to the specific social media tool used. 🗓 Storage duration: Depends on the respective social media platform used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Social Media?

In addition to our website, we are also active on various social media platforms. User data may be processed to target users who are interested in our services through social networks. Furthermore, elements of a social media platform may be directly embedded on our website, for example, when you click on a social button and are redirected to our social media profile. Social media refers to websites and apps where registered users can produce, exchange content publicly or within groups, and connect with other members.

Why do we use Social Media?

Social media platforms have become key places for communication and interaction. With our social media presence, we can present our products and services to interested users. The embedded social media elements on our site allow you to easily access our social media content.

Data stored and processed through your use of social media channels is primarily used for web analytics. These analyses help develop personalized marketing and advertising strategies. Depending on your behavior on a social media platform, user profiles can be created to determine your interests and show you tailored advertisements. Cookies are often used to track user behavior.

Generally, we remain legally responsible for the processing of personal data, even when using social media platforms. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us under Article 26 of the GDPR. If this applies, we will inform you accordingly and work based on an appropriate agreement.

Please note that your data may be processed outside the European Union when using social media platforms or embedded elements, especially since companies like Facebook or Twitter are based in the USA. This may impact your ability to assert your data protection rights.

What data is processed?

The specific data collected depends on the respective social media provider. Usually, this includes phone numbers, email addresses, contact form data, user activity (e.g., which buttons you click, who you like or follow), page visit history, device information, and IP address. Much of this is stored in cookies. If you have a profile and are logged in, your data may be linked to your account.

All data collected via social media platforms is stored on the respective providers' servers. Therefore, only those providers have access and can provide you with information or make changes.

To find out exactly what data is stored and processed by social media providers and how to object to processing, read the provider's privacy policy. For questions about data processing or to assert your rights, contact the provider directly.

Duration of data processing We provide specific information about data retention where possible. For example, Facebook stores data as long as it is needed for their purposes. Customer data matched with Facebook's user data is typically deleted within two days. In general, personal data is processed only as long as necessary for service delivery. Legal obligations such as accounting may extend this period.

Right to object You may withdraw your consent to the use of cookies or third-party services (e.g., embedded social media) at any time. This can be done via our cookie management tool or through browser settings. Disabling cookies can help you manage data collection.

Since social media tools use cookies, we recommend reviewing our general cookie policy. For exact details about data storage and processing, consult the respective service's privacy policies.

Legal basis If you have given consent for data processing via embedded social media elements, this serves as the legal basis (Art. 6 para. 1 lit. a GDPR). In principle, your data may also be processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in effective communication. We only use tools if you have consented. Most platforms use cookies, so we recommend reviewing our cookie policy and the platform's privacy or cookie policies.

Details about specific platforms are provided in the sections below.

Facebook Privacy Policy Facebook Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Optimization of our services 📓 Processed data: Customer data, user behavior data, device information, and IP address 🗓 Storage duration: Until the data is no longer needed for Facebook's purposes ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are Facebook Tools? We use selected tools from Facebook on our website. Facebook is a social media network operated by Meta Platforms Inc., or in Europe, by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools help us offer the best possible experience to users interested in our products and services.

When data is collected via our embedded Facebook elements or our Facebook page (fan page), both we and Facebook Ireland Ltd. are jointly responsible. Facebook alone is responsible for any further data processing. Our joint obligations are outlined in an agreement found at https://www.2343ec78a04c6ea9d80806345d31fd78-gdprlock/legal/controller_addendum. This agreement ensures that we inform you about Facebook tools used and implement them in a data protection-compliant way. Facebook is responsible for the security of its products. If you contact us with data inquiries, we are obligated to forward these to Facebook.

Below is an overview of the Facebook tools we use, what data is transferred to Facebook, and how you can manage or delete this data.

Tools include:

• Facebook Pixel

• Social plugins (e.g., "Like" or "Share" button)

• Facebook Login

• Account Kit

• APIs and SDKs

• Platform integrations, plugins, specs, documentation, technologies, and services

These tools allow Facebook to extend its services and gather information about user activities beyond its own platform.

Why do we use Facebook Tools on our website?

We want to show our products and services only to those truly interested. Facebook Ads help us reach the right people. To do this effectively, Facebook needs information about user behavior, which it collects through our website. This information allows Facebook to show customized ads, generate campaign performance reports, and help us better understand how users engage with our services.

What data is stored by Facebook Tools?

Depending on the tool used, Facebook may receive customer data such as names, addresses, phone numbers, and IP addresses. Before sending this data, it is hashed (converted into a short character string) to provide encryption.

Event data (user behavior on our site) is also collected, such as page visits or purchases. Facebook does not share this data with third parties unless required or explicitly permitted. Event data may be combined with other Facebook data for personalized advertising. Facebook deletes the contact data after the matching process.

To serve ads effectively, Facebook uses event data only in aggregated form. This data is also used for security, protection, development, and research. Much of this information is transmitted via cookies.

How long and where is the data stored?

 Facebook stores data as long as necessary for their services. Customer data matched with user data is usually deleted within 48 hours. Facebook has global servers, mainly in the USA.

How can I delete my data or prevent storage? You can delete your data by fully deleting your Facebook account. Instructions:

1. Go to Facebook Settings.

2. Click "Your Facebook Information" in the left column.

3. Select "Deactivation and Deletion."

4. Choose "Delete Account" and follow the prompts.

You can manage or disable cookies in your browser settings. Cookie usage may vary by browser.

Legal basis If you have consented to Facebook tools, that consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Data may also be processed under legitimate interest (Art. 6 para. 1 lit. f GDPR). Facebook uses cookies, so review our cookie policy and Facebook's privacy policies.

Facebook also processes data in the USA. Meta is part of the EU-US Data Privacy Framework. More info: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Standard Contractual Clauses are also used by Facebook: https://www.2343ec78a04c6ea9d80806345d31fd78-gdprlock/legal/terms/dataprocessing

Instagram Privacy Policy Instagram Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Optimization of our services 📓 Processed data: User behavior data, device information, and IP address 🗓 Storage duration: Until Instagram no longer needs the data ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Instagram?

 We use Instagram features on our website, operated by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, a subsidiary of Meta Platforms Inc. since 2012. Embedding Instagram content (e.g., buttons, photos, videos) allows us to show this content directly on our site. Data is transferred to Instagram regardless of whether or not you are logged in.

Why do we use Instagram? Instagram has become a key social media platform. By embedding content, we enrich our site with engaging visuals and connect with users. Data collected helps personalize advertising across Meta platforms and allows Instagram to perform analytics. Reports are anonymized and help us improve our services.

What data does Instagram store?

When you visit a page with Instagram functions, your browser connects to Instagram’s servers. Data such as your visit, device information, and interactions (clicks, purchases) is stored. If you're logged into Instagram, more data is collected.

Data is categorized into customer data (name, address, IP) and event data (behavior on the site). Customer data is hashed before transfer. Instagram may combine event and customer data to personalize ads.

Cookies are used for data collection. Instagram uses Facebook’s infrastructure, so data is processed similarly.

How long and where is the data stored?

 Data is stored on Facebook servers globally, mainly in the USA. Data is shared with Meta subsidiaries and third parties per Instagram's privacy policy.

How can I delete my data or prevent storage? You can delete your Instagram data by deleting your account. To do this:

1. Open the Instagram app and go to your profile.

2. Scroll down to "Help Center."

3. Click "Managing Your Account" then "Delete Your Account."

Your posts and account data will be removed. Cookies can be managed in your browser settings.

Legal basis If you consented to embedded Instagram elements, this serves as the legal basis (Art. 6 para. 1 lit. a GDPR). Data may also be processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Instagram, like Facebook, uses cookies. Please review our cookie policy and Instagram’s privacy policy: https://privacycenter.8dc6460bbbb088757ed67ed8fb316b1b-gdprlock/policy

Meta Platforms is part of the EU-US Data Privacy Framework. Instagram also uses Standard Contractual Clauses to ensure data protection: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

Glossary of Terms Used We always strive to make our privacy policy as clear and understandable as possible. However, particularly with technical and legal topics, this is not always easy. It often makes sense to use legal terms (such as "personal data") or specific technical expressions (such as "cookies," "IP address"). We do not want to use these without explanation. Below is an alphabetical list of important terms that may not have been sufficiently explained in the previous sections. If these terms are defined by the GDPR, we will include the GDPR definitions and supplement them with our own explanations where necessary.

Consent Definition according to Article 4 of the GDPR:

For the purposes of this Regulation, the term:

"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Explanation: On websites, this consent is usually obtained via a cookie consent tool. You are probably familiar with this: when you visit a website for the first time, you are typically presented with a banner asking for your consent to data processing. Often, you can also make individual settings to determine which types of processing you allow or reject. Without your consent, no personal data may be processed. Of course, consent can also be given in written form, not just via tools.

 

Plugins and Embedded Features and Content

LightWidget (LightEmbed) Privacy Notice

We use the service LightWidget, operated by uSocial LLC (USA), to embed Instagram content on our website. By doing so, a direct connection to the servers of LightWidget and Instagram is established when you access a page with an embedded Instagram widget.

This may result in the transfer of personal data such as your IP address, browser information, and possibly cookie data to the servers of LightWidget and Instagram. The data may be processed in the United States or other third countries.

The purpose of using LightWidget is to visually integrate Instagram content into our website and to enhance your user experience. This is done only with your prior consent according to Art. 6 para. 1 lit. a GDPR.

For more information about LightWidget's data protection practices, please refer to their privacy policy:
🔗 https://lightwidget.com/privacy

We integrate function and content elements into our online offer, which are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or city maps (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the users' IP addresses, as they cannot send the content to their browsers without the IP address. The IP address is thus necessary for displaying these contents or functions. We strive to use only content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. "Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users' devices and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other details about the use of our online offer, as well as being linked to such information from other sources.

Types of Processed Data

• Usage data (e.g., visited websites, interest in content, access times)
• Meta/Communication data (e.g., device information, IP addresses)
• Inventory data (e.g., names, addresses)
• Contact data (e.g., email, phone numbers)
• Content data (e.g., entries in online forms)

Affected Persons

• Users (e.g., website visitors, users of online services)

Purposes of Processing

• Provision of our online services and user-friendliness

Legal Bases

• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)

Further Information on Processing, Procedures, and Services

YouTube Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.14dd5266c70789bdc806364df4586335-gdprlock; Privacy policy: https://policies.1d5920f4b44b27a802bd77c4f0536f5a-gdprlock/privacy; Opt-out option: Opt-out Plugin, Ad display settings: https://adssettings.1d5920f4b44b27a802bd77c4f0536f5a-gdprlock/authenticated.

powr.io: The plugin aggregates various social media sources into a combined feed so that all content can be displayed in one place. It allows visitors to share social feed posts by adding social sharing buttons; Service provider: POWR Inc,
44 Tehama Street
San Francisco 94105
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +1 415-619-2830;
Website: https://www.powr.io/; Privacy policy: https://www.powr.io/privacy.

Changes and Updates to the Privacy Policy

We ask you to regularly review the content of our privacy policy. We will adjust the privacy policy as soon as changes in our data processing activities make this necessary. We will inform you if these changes require your cooperation (e.g., consent) or other individual notifications.

If we provide addresses and contact details of companies and organizations in this privacy policy, please note that addresses may change over time. Please verify the provided information before contacting them.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, particularly derived from Articles 15 to 21 GDPR:

• Right to Object: You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising purposes, including profiling to the extent it is related to such direct marketing.
• Right to Withdraw Consent: You have the right to revoke your given consent at any time.
• Right of Access: You have the right to request confirmation of whether your data is being processed and to obtain information about this data, along with further details and a copy of the data in accordance with legal requirements.
• Right to Rectification: You have the right, in accordance with legal provisions, to request the completion or correction of inaccurate personal data concerning you.
• Right to Erasure and Restriction of Processing: In accordance with legal provisions, you have the right to request that data concerning you be deleted immediately or, alternatively, to request a restriction of the processing of the data.
• Right to Data Portability: You have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller, in accordance with legal requirements.
• Complaint to a Supervisory Authority: In accordance with legal provisions and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, particularly in the member state of your habitual residence, your workplace, or the place of the alleged infringement if you consider that the processing of personal data concerning you violates the GDPR.

Definitions

This section provides an overview of the terminology used in this privacy policy. Many terms are legally defined, particularly in Article 4 GDPR. These legal definitions are binding. The following explanations are intended primarily for understanding. The terms are listed alphabetically.

• Personal Data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Controller: The term "controller" refers to the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.
• Processing: "Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data, including collection, evaluation, storage, transmission, or deletion.