Privacy Policy

In our Privacy Policy, we use special terms from various data protection laws. We want our statement to be easy to understand and therefore explain these terms in advance.

The following definitions shall be interpreted or expanded, as appropriate, based on the case law of the General Court of the European Union (EGC), the European Court of Justice (ECJ), the Swiss Federal Supreme Court (SFSC), the Supreme Court of the United Kingdom (UKSC) or on national data protection laws or national case law of a state or federal state, including but not limited to California, including case law, also under common law, if this is necessary for the application of the law in individual cases.

We use the following terms, among others, in this Privacy Policy:

1. Personal Data — Personal Data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data Subject — Data Subject is any identified or identifiable natural person whose Personal Data is processed by the Controller, a Processor, an international organization or another data recipient.
3. Processing — Processing is any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of Processing — Restriction of Processing is the marking of stored Personal Data with the aim of limiting their Processing in the future.
5. Profiling — Profiling is any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
6. Pseudonymization — Pseudonymization is the Processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
7. Controller — The Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
8. Processor — A Processor is a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
9. Recipient — A Recipient is a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a Third Party or not.
10. Third Party — A Third Party is a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data.
11. Consent — Consent is any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.

The Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and the European Economic Area, British data protection laws, Swiss data protection laws (DSG, DSV), Californian data protection law (CCPA/CPRA), Chinese data protection law (PIPL), as well as international laws and provisions with a data protection nature is:

Our websites collect a range of general data and information each time the websites are accessed by a Data Subject or an automated system. This general data and information are stored in the log files of the respective server. Among other things, the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our websites (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our websites, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems can be recorded.

When using this general data and information, we generally do not draw any conclusions about the Data Subject. Rather, this information is required to (1) correctly deliver the content of our websites, (2) optimize the content of our websites and the advertising for them, (3) ensure the long-term functionality of our information technology systems and the technology of our websites and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack.

The purpose of processing is to avert danger and ensure IT security. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest is the protection of our information technology systems. The log files are deleted after the stated purposes have been achieved.

Our website contains information that enables quick electronic contact with our organisation as well as direct communication with us, which also includes a general address of the so-called electronic mail (email address) and possibly a telephone number. If a Data Subject contacts us by email, via a contact form, via an input form or in any other way, the Personal Data transmitted by the Data Subject will be stored automatically.

We obtain your Consent for the transmission, storage and Processing of your contact data and inquiries and for contacting you in accordance with Art. 6 (1) (a) GDPR and Art. 49 (1) (1) (a) GDPR as follows:

By transmitting your Personal Data, you voluntarily consent to the Processing of the Personal Data you have entered or transmitted for the purposes of processing the inquiry and contacting you. By transmitting your data to us, you also voluntarily give your explicit Consent in accordance with Art. 49 (1) (1) (a) GDPR to data transfers to third countries to and by the companies named in this Privacy Policy. You can withdraw your Consent under data protection law at any time with effect for the future.

We process and store Personal Data for the period required to achieve the purpose of processing or if this has been provided for by the European legislator or another legislator in laws or regulations to which we are subject, or if a legal basis for the Processing exists. If the purpose of processing no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, or if the legal basis for the Processing no longer applies, the Personal Data will be routinely restricted or deleted in accordance with the statutory provisions.

a) Right to confirmation

Each Data Subject has the right to obtain from the Controller confirmation as to whether or not Personal Data concerning him or her is being processed.

b) Right to information

Each Data Subject has the right to obtain from the Controller free information about the Personal Data stored about him/her and a copy of this data at any time. Furthermore, the European legislator has granted the Data Subject access to the following information:

• the purposes of processing,
• the categories of Personal Data that are processed,
• the recipients or categories of recipients to whom the Personal Data have been or will be disclosed,
• where possible, the envisaged period for which the Personal Data will be stored,
• the existence of the right to request rectification or erasure of Personal Data or Restriction of Processing,
• the existence of a right to lodge a complaint with a supervisory authority,
• if the Personal Data is not collected from the Data Subject: all available information about the origin of the data,
• the existence of automated decision-making, including Profiling.

c) Right to rectification

Each Data Subject has the right to demand the immediate correction of incorrect Personal Data concerning them.

d) Right to erasure (right to be forgotten)

Each Data Subject has the right to obtain from the Controller the erasure of Personal Data concerning him or her without undue delay, where one of the following grounds applies:

• Personal Data was collected or otherwise processed for purposes for which it is no longer necessary.
• The Data Subject withdraws Consent on which the Processing is based.
• The Data Subject objects to the Processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds.
• Personal Data was processed unlawfully.

e) Right to Restriction of Processing

Each Data Subject has the right to obtain from the Controller Restriction of Processing where one of the following applies:

• The accuracy of the Personal Data is contested by the Data Subject.
• The Processing is unlawful, and the Data Subject opposes the erasure.
• The Controller no longer needs the Personal Data, but they are required by the Data Subject for legal claims.
• The Data Subject has objected to Processing pursuant to Art. 21 (1) GDPR.

f) Right to data portability

Each Data Subject has the right to receive the Personal Data concerning him or her in a structured, commonly used and machine-readable format, and to transmit those data to another Controller.

g) Right to object

Each Data Subject has the right to object, on grounds relating to his or her particular situation, at any time, to Processing of Personal Data concerning him or her. This also applies to Profiling. If we process Personal Data for direct marketing purposes, the Data Subject shall have the right to object at any time.

h) Automated decisions in individual cases including Profiling

Each Data Subject has the right not to be subject to a decision based solely on automated Processing, including Profiling, which produces legal effects concerning him or her.

i) Right to withdraw Consent

Each Data Subject has the right to withdraw Consent to the Processing of Personal Data at any time. If a Data Subject wishes to exercise this right, he or she may contact us at any time.

The general purpose of processing Personal Data is the handling of all activities relating to the Controller, customers, interested parties, business partners or other contractual or pre-contractual relationships between the aforementioned groups (in the broadest sense) or legal obligations of the Controller.

The categories of Personal Data that we process are customer data, prospective customer data, employee data (including applicant data) and supplier data. The categories of recipients of Personal Data are public bodies, external bodies, internal processing, intragroup processing and other bodies.

A list of our Processors and data recipients in third countries and, if applicable, international organizations is either published on our website or can be requested from us free of charge.

Art. 6 (1) (a) GDPR serves as the legal basis for Processing operations for which we obtain Consent for a specific Processing purpose. If the Processing of Personal Data is necessary for the performance of a contract to which the Data Subject is party, Processing is based on Art. 6 (1) (b) GDPR. If we are subject to a legal obligation which requires the Processing of Personal Data, Processing is based on Art. 6 (1) (c) GDPR.

In rare cases, it may be necessary to process Personal Data to protect the vital interests of the Data Subject or another natural person (Art. 6 (1) (d) GDPR). If the Processing is necessary for the performance of a task carried out in the public interest, the legal basis is Art. 6 (1) (e) GDPR. Ultimately, Processing operations could be based on Art. 6 (1) (f) GDPR for legitimate interests.

If the Processing of Personal Data is based on Art. 6 (1) (f) GDPR and no more specific legitimate interests are stated, our legitimate interest is the performance of our business activities for the benefit of the well-being of our staff and our shareholders.

We may send you direct advertising about our own goods or services that are similar to the goods or services you have requested, commissioned or purchased. You may object to direct advertising at any time (e.g. by email). You will not incur any costs other than the transmission costs according to the basic rates.

The criterion for the duration of the storage of Personal Data is the respective statutory retention period. If there is no statutory retention period, the criterion is the contractual or internal retention period. After this period has expired, the corresponding data is routinely deleted if it is no longer required to fulfill or initiate a contract.

We would like to inform you that the provision of Personal Data is partly required by law (e.g., tax regulations) or may also result from contractual obligations (e.g., information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a Data Subject to provide us with Personal Data that must subsequently be processed by us. Failure to provide Personal Data would mean that the contract with the Data Subject could not be concluded. The Data Subject must contact us before providing Personal Data. We will inform the Data Subject on a case-by-case basis.

As a responsible company, we do not normally use automated decision-making or Profiling. If, in exceptional cases, we carry out automated decision-making or Profiling, we will inform the Data Subject either separately or via a sub-item in our Privacy Policy.

Automated decision-making, including Profiling, may take place if (1) this is necessary for the conclusion or performance of a contract, or (2) this is permissible on the basis of Union or Member State legislation, or (3) this takes place with the explicit Consent of the Data Subject.

According to Art. 46 (1) GDPR, the Controller or Processor may only transfer Personal Data to a third country if the Controller or Processor has provided appropriate safeguards and if enforceable rights and effective legal remedies are available to the Data Subjects. Appropriate safeguards can be provided by standard contractual clauses without the need for special approval from a supervisory authority.

The EU standard contractual clauses or other appropriate safeguards are agreed with all recipients from third countries prior to the first transfer of Personal Data, or the transfers are based on adequacy decisions.

In all cases where the European Commission, or a government or competent authority of another country, has decided that a third country ensures an adequate level of protection and/or a valid framework exists (e.g., EU-U.S. Data Privacy Framework), all transfers by us to the members of such frameworks are based solely on the membership of that entity in the respective framework or on the respective adequacy decisions.

As the Controller, we are obliged to inform the Data Subject of the existence of the right to lodge a complaint with a supervisory authority. The right to lodge a complaint is regulated in Art. 77 (1) GDPR. According to this provision, every Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the Data Subject considers that the Processing of Personal Data relating to him or her infringes the General Data Protection Regulation.

GDPR Cookie Compliance is a plugin designed to help website owners comply with the requirements of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other data protection laws. It allows users to manage their cookie settings and gives them control over which cookies are stored on their device. The plugin does not collect any Personal Data, but it helps website operators to document and manage the Consent of their visitors.

The application is installed on our own IT infrastructure. We are the company operating the service.

Legal basis: Processing is based on Art. 6 (1) (c) GDPR because Processing is necessary for compliance with a legal obligation to which the Controller is subject.

We use Google APIs to integrate functions such as geodata, calendar integration, cloud storage or database access into our applications and services. When API calls are made, our application sends requests to Google servers that return or update user information.

Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. EU representative: Google Ireland Limited, Dublin 4, Ireland.

Legal basis: Art. 6 (1) (f) GDPR, whereby the legitimate interest lies in the efficient implementation of processes using APIs.

Further information: support.google.com

Microsoft Teams is a communication and collaboration tool within the Microsoft 365 suite. It enables teams to work together effectively through features such as chat, video calls, meetings, file sharing and integration with other Microsoft products and services.

Operator: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. EU representative: Microsoft Ireland Operations Limited, Dublin 18, Ireland.

Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests).

Further information: privacy.microsoft.com

WhatsApp LLC offers a widely used instant messaging service that enables users to send and receive text messages, voice messages, images, videos and documents. WhatsApp is characterized by end-to-end encryption.

Operator: WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests).

Further information: whatsapp.com

Amazon Web Services (AWS) is a comprehensive and widely used cloud computing service. AWS offers a wide range of infrastructure services such as computing power, storage and database services that enable companies and developers to host and manage applications and services.

Operator: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA. EU representative: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg.

Legal basis: Art. 6 (1) (f) GDPR. Our legitimate interest lies in the reliable and secure provision of our IT infrastructure.

Further information: aws.amazon.com

Google Cloud is a comprehensive suite of cloud computing services offered by Google LLC. It enables companies, developers and organizations to use scalable infrastructure, platform services and specialized applications for data Processing, storage, analysis and much more.

Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. EU representative: Google Ireland Limited, Dublin 4, Ireland.

Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests in efficient, secure and scalable cloud services).

Further information: cloud.google.com

We use Microsoft SharePoint to efficiently organize internal and cross-departmental collaboration, document management, team sites, intranet functions and information exchange. The platform enables us to store, jointly edit and share documents in a structured manner.

Operator: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. EU representative: Microsoft Ireland Operations Limited, Dublin 18, Ireland.

Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interest in efficient organization of internal processes).

Further information: microsoft.com

Cloudflare offers a wide range of services to improve the security, performance and reliability of websites and web applications. Core features include DDoS protection, web application firewall, content delivery network services, secure DNS services and more.

Operator: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. EU representative: Cloudflare Netherlands B.V., Amsterdam, Netherlands.

Legal basis: Art. 6 (1) (f) GDPR, whereby our legitimate interest lies in ensuring the security, performance and reliability of our online presence.

Further information: cloudflare.com

Adobe Fonts is a service from Adobe that provides web developers and designers with access to an extensive library of high-quality fonts to enhance the design and aesthetics of digital content.

Operator: Adobe Systems, Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA. EU representative: Adobe Systems Software Ireland Limited, Dublin 24, Ireland.

Legal basis: Art. 6 (1) (f) GDPR, whereby our legitimate interest lies in the consistent and appealing presentation of our digital content.

Further information: adobe.com

Google Fonts is a free service from Google LLC that provides web developers with a wide range of fonts to improve the design and aesthetics of websites. By integrating Google Fonts, web developers can ensure that texts on their websites are displayed consistently on different devices and browsers.

Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. EU representative: Google Ireland Limited, Dublin 4, Ireland.

Legal basis: Art. 6 (1) (f) GDPR, whereby our legitimate interest lies in improving the user experience by providing a variety of fonts.

Further information: policies.google.com/privacy

Google Maps is a comprehensive mapping and navigation service provided by Google LLC that allows users to view maps, plan routes and find local businesses and services.

Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. EU representative: Google Ireland Limited, Dublin 4, Ireland.

Legal basis: Art. 6 (1) (f) GDPR, whereby our legitimate interest lies in the provision of an efficient, user-friendly and precise navigation service.

Further information: policies.google.com/privacy

Google Analytics is a tool from Google LLC that provides operators of websites and apps with detailed statistics on traffic and user behavior. It enables the collection and analysis of data on website visits, user interactions and conversion rates. Google Analytics uses cookies to collect information about user behavior.

Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. EU representative: Google Ireland Limited, Dublin 4, Ireland.

Legal basis: Art. 6 (1) (f) GDPR, whereby our legitimate interest lies in improving the website, increasing user-friendliness and the effectiveness of online marketing.

Further information: policies.google.com/privacy

We inform our customers and business partners about offers and news at regular intervals by means of a newsletter. You can only receive our newsletter if (1) you have a valid email address and (2) you have registered to receive the newsletter.

For legal reasons, a confirmation email is sent to the email address entered by a Data Subject for the first time using the double opt-in procedure. This confirmation email is used to check whether the owner of the email address has authorized the receipt of the newsletter. The legal basis for sending this confirmation email is Art. 6 (1) (c) GDPR.

We obtain your Consent for the subscription to our newsletter in accordance with Art. 6 (1) (a) GDPR. Your Consent can be revoked at any time. There is a corresponding link in every newsletter for the purpose of revoking Consent.

Our newsletters contain so-called tracking pixels and/or tracking links. Tracking pixels are miniature graphics that are embedded in emails sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns.

The pixel-code or tracking pixel data collected via our newsletter is stored and evaluated by us to optimize the newsletter dispatch and to adapt the content of future newsletters to the interests of the recipients. The above purposes are the legitimate interests pursued by the Controller (Art. 6 (1) (f) GDPR).

You are entitled to withdraw the Consent you gave us via the double opt-in procedure for the newsletter and to cancel the newsletter contract with us at any time.

Google AdSense is an advertising program from Google LLC that enables website operators to generate revenue by placing targeted ads on their websites. AdSense uses algorithms to determine the most relevant ads for each page.

Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. EU representative: Google Ireland Limited, Dublin 4, Ireland.

Legal basis: Art. 6 (1) (f) GDPR, whereby our legitimate interest lies in the effective delivery and personalization of advertising.

Further information: policies.google.com/privacy

Facebook is a social network that offers people the opportunity to connect, share content and communicate online. Facebook also offers companies and organizations a platform for advertising and interacting with their target group.

Operator: Meta Platforms, Inc., 1 Meta Way, Menlo Park, CA 94025, USA. EU representative: Meta Platforms Ireland Ltd., Merrion Road, Dublin D04 X2K5, Ireland.

Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests in improving user experience and personalized advertising).

Further information: facebook.com

Instagram is a widely used social network that allows users to share photos and videos, post stories, and interact with followers and friends.

Operator: Meta Platforms, Inc., 1 Meta Way, Menlo Park, CA 94025, USA. EU representative: Meta Platforms Ireland Ltd., Merrion Road, Dublin D04 X2K5, Ireland.

Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests in improving and personalizing the user experience).

Further information: instagram.com

LinkedIn is a social network for professional contacts and career development. The platform allows users to create a professional profile, network with colleagues, business partners and potential employers.

Operator: LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

Legal basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests such as marketing and recruitment).

Further information: linkedin.com

Meta Platforms is a technology company that operates several social networks and communication platforms, including Facebook, Instagram, WhatsApp, and Messenger. These services enable billions of users worldwide to connect, share content, communicate and build communities.

Operator: Meta Platforms, Inc., 1 Meta Way, Menlo Park, CA 94025, USA. EU representative: Meta Platforms Ireland Ltd., Merrion Road, Dublin D04 X2K5, Ireland.

Legal basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests).

Further information: facebook.com

YouTube is a video sharing and viewing platform used by individuals, artists, businesses, and media companies to publish a variety of content. YouTube offers users the ability to upload, share, comment and interact with a broad community.

Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. EU representative: Google Ireland Limited, Dublin 4, Ireland.

Legal basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests).

Further information: policies.google.com

DHL is a logistics and express shipping provider that offers a wide range of services for international and domestic parcel shipping, freight transportation, e-commerce solutions and supply chain management.

Operator: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.

Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (c) GDPR (legal obligations arising from customs and commercial law).

Further information: dhl.de

We use various Apple products and services in our organisation and on our website. These include the use of Apple hardware, software solutions and cloud services to optimize our business processes, facilitate communication and provide improved services.

Operator: Apple, Inc., One Apple Park Way, Cupertino, CA 95014, USA. EU representative: Apple Distribution International Ltd., Hollyhill Industrial Estate, Cork, Ireland.

Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests in improving services and ensuring a personalized user experience).

Further information: apple.com

Anthropic is a company that focuses on the development of AI systems, security solutions and interpretability solutions for artificial intelligence. When using Anthropic systems, personal data such as usage data and interaction data is processed to improve the performance of the AI models and ensure safer use.

Operator: Anthropic PBC, 548 Market Street, PMB 90375, San Francisco, CA 94104, USA. EU representative: Anthropic Ireland, Ltd., Dublin 4, Ireland.

Legal basis: Art. 6 (1) (f) GDPR, whereby the legitimate interest lies in the improvement of model performance and safety analysis.

Further information: anthropic.com

ChatGPT is an advanced AI-driven platform that enables natural and informative conversations. This technology supports us in a wide range of applications, including customer service, education, content creation and much more.

Operator: OpenAI OpCo, LLC, 3180 18th Street, San Francisco, CA 94110, USA. EU representative: OpenAI Ireland Limited, Dublin 1, Ireland.

Legal basis: Art. 6 (1) (f) GDPR, whereby our legitimate interest lies in the development, improvement and provision of innovative services.

Further information: openai.com

Claude is an AI-powered text generation platform developed by Anthropic. Claude offers services for the automated creation of texts and the editing of content.

Operator: Anthropic PBC, 548 Market Street, PMB 90375, San Francisco, CA 94104, USA. EU representative: Anthropic Ireland, Ltd., Dublin 4, Ireland.

Legal basis: Art. 6 (1) (f) GDPR, whereby the legitimate interest lies in the improvement of performance, user experience and economic efficiency.

Further information: claude.ai

ElevenLabs is a platform for text-to-speech and audio AI that enables users to convert texts into realistic, synthesized speech. Personal data such as text input, language, IP addresses and usage patterns are processed to improve the speech output and personalize the service.

Operator: Eleven Labs, Inc., 169 Madison Avenue, Suite 2484, New York, NY 10016, USA. EU representative: Eleven Labs Poland sp. z o.o., Warsaw, Poland. UK representative: Eleven Labs Ltd., London, United Kingdom.

Legal basis: Art. 6 (1) (f) GDPR, whereby the legitimate interest lies in the optimization and personalization of the text-to-speech service.

Further information: elevenlabs.io

Google Gemini is an AI-powered platform developed by Google to deliver personalized and accurate search results and responses to queries. When using Google Gemini, personal data such as search queries, interaction data, inputs, IP addresses and device information are processed.

Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. EU representative: Google Ireland Limited, Dublin 4, Ireland.

Legal basis: Art. 6 (1) (f) GDPR, whereby the legitimate interest lies in the personalization of search results and the optimization of the user experience.

Further information: gemini.google.com

PayPal is a payment service provider that enables us to process payments for our products and services securely and efficiently online. By using PayPal, personal data such as name, address, e-mail address, payment information and transaction data are processed.

Operator: PayPal, Inc., 2211 N. First Street, San Jose, CA 95131, USA. EU representative: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.

Legal basis: Art. 6 (1) (b) GDPR (contract performance).

Further information: paypal.com

Stripe is a technology company that provides powerful and flexible tools for e-commerce, including payment processing, billing, and fiscal management solutions. Stripe enables businesses of all sizes to accept and process online payments, manage subscriptions, and perform fraud prevention.

Operator: Stripe, Inc., 354 Oyster Point Boulevard, San Francisco, CA 94080, USA. EU representative: Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Dublin, D02 H210, Ireland.

Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests such as improvement of services, fraud prevention).

Further information: stripe.com