Privacy Policy
1. Data Protection at a Glance
General Information
The following notes provide a simple overview of what happens to your personal data when you visit this website. “Personal data” means any data with which you could be personally identified. Detailed information on data protection can be found in the full privacy policy below.
Data Collection on This Website
Who is responsible for data collection on this website?
The data processing on this website is performed by the website operator. The operator’s contact details can be found below under Notice on the Responsible Party in this privacy policy.
How do we collect your data?
Your data are collected, firstly, when you provide it to us. For example, this can be data you enter into a contact form. Other data are collected automatically or after your consent by our IT systems when you visit the website. These are primarily technical data (e.g. web browser, operating system, or time of page view). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. If contracts are concluded or initiated via the website, any data you submit will also be processed for handling offers, orders, or other contractual requests.
What rights do you have regarding your data?
You have the right at any time to obtain, free of charge, information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time with effect for the future. Furthermore, under certain circumstances you have the right to request the restriction of processing of your personal data. You also have a right to lodge a complaint with the competent supervisory authority. For further details, please refer to Your Rights in this privacy policy. You can contact us at any time regarding privacy questions.
Analysis Tools and Third-Party Tools
When visiting this website, your browsing behavior may be statistically evaluated. This happens mainly with so-called analytics programs or through third-party tracking tools. The analysis of your browsing behavior is typically anonymous; we cannot trace it back to you personally. You can object to this analysis or prevent it by not using certain tools. Detailed information on such analytics can be found in the sections of this privacy policy below describing the relevant tools.
2. Hosting
External Hosting
This website is hosted by an external provider (Hostinger.com). All personal data collected on this website are stored on the servers of the hoster. This may include IP addresses, contact requests, meta and communication data, contract and contact data, names, website accesses, and other data generated via a website. The hoster is used for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our website securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR). If a corresponding consent was requested, processing occurs solely on the basis of Art. 6(1)(a) GDPR and §25(1) TTDSG (the German Telecommunications-Telemedia Data Protection Act), insofar as the consent allows storage of cookies or access to information on the user’s device (e.g. device fingerprinting). The consent can be revoked at any time.
Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding such data. We have concluded a Data Processing Agreement with the hosting provider to ensure GDPR-compliant processing.
Hostinger
Provider: HOSTINGER operations, UAB, Švitrigailos str. 34, Vilnius 03230 Litauen
3. General Notes and Mandatory Information
Data Protection
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data may be collected. Personal data is any data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for, as well as how and for what purpose it is processed.
We point out that data transmission on the internet (e.g. communication by e-mail) can have security vulnerabilities. Complete protection of data from access by third parties is not possible.
Notice on the Responsible Party
The responsible party (data controller) for data processing on this website is:
Apotheosis Apex LLC
2880 W Oakland Park Blvd, Suite 225C
Oakland Park, FL 33311, USA
Email: support@aromayacht.com
The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g. names, email addresses, etc.).
Storage Duration
Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us only as long as necessary to fulfill the purposes for which it was collected. If you make a legitimate request for deletion or revoke your consent to processing, we will delete your data, provided we have no other legally permissible grounds for storing it (e.g. tax or commercial law retention periods); in the latter case, deletion occurs after those grounds cease to apply.
General Information on Legal Bases
Where we obtain your consent for certain processing operations, Art. 6(1)(a) GDPR serves as the legal basis. If special categories of data (as defined in Art. 9(1) GDPR) are processed based on consent, the legal basis is Art. 9(2)(a) GDPR. In cases of an explicit consent to data transfers to third countries, processing is based on Art. 49(1)(a) GDPR. If cookies or similar technologies are used and you have given consent, the additional legal basis is §25(1) TTDSG. You can revoke any consent at any time. If your data is necessary for the performance of a contract or pre-contractual measures, we process it on Art. 6(1)(b) GDPR. If processing is necessary for compliance with a legal obligation, Art. 6(1)(c) GDPR applies. Processing may also be based on our legitimate interest (Art. 6(1)(f) GDPR) in cases where another legal basis does not apply. The specific legal bases for each processing activity are explained in the relevant parts of this privacy policy.
Recipients of Personal Data
In the course of our business, we may share personal data with external parties (such as service providers or subcontractors) only if it is necessary for contract performance, if we are legally required to do so (e.g. data transfer to tax authorities), if we have a legitimate interest in the disclosure (Art. 6(1)(f) GDPR), or if another legal permission applies. When engaging processors (Auftragsverarbeiter) to process data on our behalf, we do so only on the basis of a valid Data Processing Agreement (Art. 28 GDPR). In cases of joint processing with partners, we conclude an agreement specifying our respective responsibilities (Art. 26 GDPR).
Note on Data Transfers to the USA and Other Third Countries
We use some tools and services from companies based in the USA or other countries outside the EU/EEA that do not provide the same level of data protection as Europe. When these tools are active, your personal data may be transmitted to and processed in such third countries (e.g. the USA). We must inform you that in these countries, it is possible that authorities (e.g. U.S. intelligence agencies) may access the data without you having comparable legal recourse to object. It cannot be guaranteed that these entities afford the same level of protection for personal data as is required within the EU. We have no control over these processing activities by third-party recipients in foreign jurisdictions.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You may revoke an already given consent at any time with future effect. An informal message by email to us is sufficient for this purpose. The legality of any data processing carried out prior to your revocation remains unaffected by the withdrawal.
Right to Object to Processing in Specific Cases and to Direct Marketing (Art. 21 GDPR)
If the processing of your personal data is based on Art. 6(1)(e) or 6(1)(f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data (this also applies to any profiling based on those provisions). The respective legal basis for processing can be found in this privacy policy. If you file an objection, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims (Art. 21(1) GDPR).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing (including profiling related to such direct marketing). If you object, your personal data will no longer be used for direct advertising (Art. 21(2) GDPR).
Right to Lodge a Complaint with a Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to file a complaint with a supervisory authority – in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. This right to complain exists without prejudice to any other administrative or judicial remedies.
Right to Data Portability
You have the right to have data which we process on the basis of your consent or in performance of a contract automatically, delivered to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will be done to the extent technically feasible.
Right of Access, Correction, and Deletion
Within the framework of the applicable legal provisions, you have the right at any time to obtain information about your stored personal data, its origin and recipients, and the purpose of the data processing (free of charge). If applicable, you also have a right to have this data corrected, blocked, or deleted. For any questions about personal data, you can contact us at any time using the contact details provided in our imprint/legal notice.
Right to Restriction of Processing
You have the right to request the restriction of processing of your personal data. You can contact us at any time regarding this request. The right to restrict processing applies in the following cases:
- Disputing Data Accuracy: If you contest the accuracy of your personal data we hold, we will usually need time to verify the accuracy. For the duration of this verification, you have the right to request restriction of processing of your personal data.
- Unlawful Processing: If the processing of your personal data was/is unlawful, you may request restriction of processing instead of deletion.
- Data No Longer Needed: If we no longer need your personal data, but you need it for the establishment, exercise, or defense of legal claims, you have the right to request restriction of processing instead of deletion.
- Pending Objection Outcome: If you have objected to processing pursuant to Art. 21(1) GDPR, a balancing of your interests against ours must be carried out. As long as it is not clear whose interests prevail, you have the right to request restriction of processing of your personal data.
If processing has been restricted, such data—apart from being stored—will only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for important reasons of public interest of the EU or a Member State.
SSL/TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the browser’s address line starting with “https://” instead of “http://” and the lock icon displayed in your browser address bar. If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.
Objection to Promotional Emails
We hereby object to the use of the contact data published in our obligatory website imprint for sending unsolicited advertising and informational materials. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of promotional information, such as spam emails.
4. Data Collection on This Website
Cookies
Our website uses so-called “cookies.” Cookies are small data files and do not harm your device. They may be stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them or they are automatically removed by your web browser.
Cookies can be set by us (first-party cookies) or by third-party companies (third-party cookies). Third-party cookies enable features or services provided by third parties on or through the website (e.g. cookies for processing payment services).
Cookies serve various functions. Many cookies are technically necessary because certain website functions would not work without them (for example, the shopping cart or video display). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are necessary to carry out electronic communications, to provide certain functions you request (e.g. for the shopping cart), or to optimize the website (e.g. cookies to measure web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized delivery of its services. Insofar as we have requested your consent to store cookies or similar recognition technologies, processing occurs solely on the basis of that consent (Art. 6(1)(a) GDPR and §25(1) TTDSG); you may revoke your consent at any time.
You can configure your browser to inform you about cookie settings and to allow cookies only on a case-by-case basis, to accept cookies for certain cases or generally exclude them, and to enable automatic deletion of cookies upon closing the browser. If cookies are disabled, the functionality of this website may be limited.
For details on specific cookies and third-party services used on this site, please see the relevant sections of this privacy policy below.
Consent Management with Real Cookie Banner
Our website uses the Real Cookie Banner consent tool to obtain your consent for storing certain cookies or for using certain technologies, and to document these consents in a privacy-compliant manner. The provider of this tool is devowl.io GmbH, Tannet 12, 94539 Grafling, Germany (“Real Cookie Banner”). Real Cookie Banner is locally hosted on our servers, so no connection to the provider’s servers is established for this function.
Real Cookie Banner stores a necessary cookie in your browser to be able to remember the consent you have given or revoked. The data collected by Real Cookie Banner will be stored until you request us to delete it, you delete the Real Cookie Banner cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal retention obligations remain unaffected.
The use of Real Cookie Banner is carried out in order to obtain the legally required consents for the use of cookies and certain technologies. The legal basis for this is Art. 6(1)(c) GDPR.
Server Log Files
The provider of the website automatically collects and stores information in server log files, which your browser automatically transmits. This may include:
- Browser type and version,
- Operating system used,
- Referrer URL (the page visited previously),
- Hostname of the accessing computer,
- Time of the server request, and
- IP address.
These data are not combined with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website – for this purpose, server log files must be collected.
Contact Form
If you send us inquiries via a contact form, the information you provide in the form, including the contact details you enter, will be stored by us for the purpose of processing your inquiry and for any follow-up questions. We do not share this data without your permission.
The processing of data entered into the contact form is based on your consent (Art. 6(1)(a) GDPR) if consent was requested. You may revoke your consent at any time by notifying us (e.g. via email); such a revocation will affect future processing only. If your inquiry is related to the performance of a contract or is necessary for pre-contractual measures, we may alternatively process your data on the basis of Art. 6(1)(b) GDPR (performance of contract). In other cases, processing relies on our legitimate interest in effective handling of inquiries (Art. 6(1)(f) GDPR) or on another applicable legal basis. The data you submit via the contact form will remain with us until you request deletion, revoke your consent, or the purpose for storing the data no longer applies (e.g. once your inquiry has been resolved). Mandatory statutory retention requirements remain unaffected.
Inquiry by Email, Telephone, or Fax
If you contact us by email, phone, or fax, your inquiry and all related personal data (e.g. name, query details) will be stored and processed by us for the purpose of handling your request. We will not transmit this data to others without your consent.
The legal basis for this processing is Art. 6(1)(b) GDPR if your request is connected to an existing contract or needed for pre-contractual steps. In all other cases, processing is based on your consent (Art. 6(1)(a) GDPR) if obtained, or on our legitimate interests (Art. 6(1)(f) GDPR) in the effective handling of inquiries addressed to us. You may revoke any consent given, at any time, with future effect.
Data sent by you via inquiries will remain with us until you request us to delete it, you revoke your consent (if that was the basis), or the storage purpose no longer applies (e.g. once your issue is resolved). Mandatory legal provisions (especially statutory retention periods) remain unaffected.
Processing of Customer and Contract Data
We collect, process, and use personal data only to the extent necessary for the establishment, content, or modification of a legal relationship (contractual “inventory data”). This is done on the basis of Art. 6(1)(b) GDPR, which permits data processing for the fulfillment of a contract or pre-contractual measures. We also collect, process, and use personal data regarding the use of this website (usage data) only as far as necessary to enable the user to use the service or to bill the user for it.
The collected customer data will be deleted after the order is completed or the business relationship is terminated. Statutory retention periods (e.g. tax and accounting requirements) remain unaffected.
Encrypted Payment Transactions on this Website
If, as part of an order or contract on this site, you are obliged to submit your payment information (such as credit card or bank account details), this data will be required for payment processing. Payment transactions using common payment methods (Visa/MasterCard, bank transfers, etc.) are carried out exclusively via encrypted SSL or TLS connections. You can recognize an encrypted connection by the browser’s address line starting with “https://” and the lock symbol in the browser address bar. In the case of encrypted communication, any payment data you transmit to us cannot be read by third parties.
5. Social Media
Social Media Elements with Shariff
This website uses social media plug-in elements (e.g. icons or share buttons for Facebook, X/Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr). To protect your data, we have integrated these elements using the “Shariff” solution. Shariff prevents these social media elements from transferring your personal data to their respective platforms when you merely load our site. This means no information is transmitted to the social network provider unless you actively click the social media button.
Only when you activate a social media plugin by clicking its button will a direct connection to the provider’s server be established (this constitutes your consent to data transfer to that provider). Once activated, the social media provider (such as Facebook or Instagram) receives the information that you have visited our site with your IP address. If you are logged into your account with that social media provider at the same time, the provider can potentially associate your visit to our site with your user account.
Activating the plugin constitutes consent in the sense of Art. 6(1)(a) GDPR and §25(1) TTDSG. You can revoke this consent at any time with future effect.
Our website integrates elements of the social network Facebook. Provider: Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, data collected via these elements may also be transmitted to servers in the USA and other third countries.
An overview of Facebook’s social plugins can be found here: developers.facebook.com/docs/plugins/ (Facebook’s developer site).
If the social media element is active (you have clicked it), a direct connection is established between your device and the Facebook server. Facebook thereby receives the information that you visited our site with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, the content of our site may be linked to your Facebook profile. This allows Facebook to associate your visit to our site with your user account. Please note that as the website provider, we do not have full knowledge of the content of the data transmitted to Facebook or how Facebook uses it. For more information, please see Facebook’s privacy policy at facebook.com/privacy/explanation.
The use of Facebook plug-in elements occurs only with your consent (legal basis: Art. 6(1)(a) GDPR and §25(1) TTDSG). You can revoke this consent at any time with future effect.
Insofar as personal data collected on our website via the active Facebook element is shared with Facebook (Meta Platforms Ireland Ltd.), we and Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are joint controllers for this data processing (Art. 26 GDPR). This joint responsibility is limited to the collection of data and its transmission to Facebook. Any processing by Facebook after the transfer is not part of the joint controllership. We have entered into a joint processing agreement with Facebook which sets out our respective responsibilities. The wording of that agreement can be found here: facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy information when using the Facebook tool and for the secure implementation of the tool on our site, and Facebook is responsible for the data security of its products. Data subject rights (e.g. access requests) regarding data processed by Facebook can be asserted directly against Facebook. If you assert such rights to us, we are obliged to forward them to Facebook.
Data transfer to the USA by Facebook is based on the EU Commission’s Standard Contractual Clauses (SCCs). Details can be found here: facebook.com/legal/EU_data_transfer_addendum and at facebook.com/help/566994660333381.
Facebook is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the EU and USA to ensure an equivalent level of data protection for data transferred to the US. Companies certified under the DPF commit to comply with these data protection standards. According to the U.S. Department of Commerce’s DPF list, Facebook (Meta Platforms, Inc.) is certified. For details, see the official DPF website: dataprivacyframework.gov/participant?id=4452.
Our website includes features of the Instagram service. Provider: Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland.
If the Instagram social plug-in is active (clicked), a direct connection is established between your device and Instagram’s servers. Instagram thereby receives information about your visit to our site (including your IP address). If you are logged into Instagram, Instagram can associate your visit to our site with your Instagram account when you click the Instagram button. We, as website operator, do not have full knowledge of the content of the data transmitted or its use by Instagram.
The use of Instagram plug-in features occurs only with your consent (Art. 6(1)(a) GDPR and §25(1) TTDSG). You can revoke this consent at any time with future effect.
As with Facebook, whenever the above-described Instagram tool is active and personal data is collected on our site and forwarded to Instagram (Meta Platforms Ireland Ltd.), we and Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, are joint controllers for that processing (Art. 26 GDPR). The joint responsibility is limited to data collection and transmission to Instagram/Facebook. Any subsequent processing by Meta is not part of the joint responsibility. Our respective duties have been set out in a joint controller agreement (available at facebook.com/legal/controller_addendum). According to that agreement, we are responsible for providing privacy information about the Facebook/Instagram tools and for implementing the tools on our site in a privacy-secure manner, and Facebook is responsible for the security of its platform products. Data subject rights with respect to data processed by Facebook/Instagram can be exercised directly against Meta. If you assert your rights with us, we must forward your request to Meta.
Data transfers to the USA by Instagram are based on the EU Standard Contractual Clauses. Details can be found here: facebook.com/legal/EU_data_transfer_addendum, privacycenter.instagram.com/policy/, and facebook.com/help/566994660333381. Further information can be found in Instagram’s privacy policy: privacycenter.instagram.com/policy/.
Meta (Facebook/Instagram) is also certified under the EU–US Data Privacy Framework (see above under Facebook for details).
Note: Other social networks – such as X (Twitter), Pinterest, LinkedIn, etc. – are not actively integrated with tracking on our site (beyond the passive Shariff social share buttons). If in the future we integrate additional social media platforms, we will update this policy accordingly.
6. Analytics and Advertising Tools
We use the following tools to analyze the usage of our website and to serve advertising. These tools may employ cookies or similar technologies to track user behavior. Where required by law, we only use these tools with your consent.
Google Tag Manager
We use Google Tag Manager, a tag management service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager allows us to integrate and manage various marketing and analytics scripts (“tags”) on our website. The Tag Manager itself does not create user profiles, nor does it store cookies or carry out its own analytics. However, it does trigger other tags which may collect personal data in some cases. Google Tag Manager may collect your IP address, which could be transmitted to Google’s servers in the United States.
Google Tag Manager is used in our legitimate interest of enabling a quick and easy integration and administration of multiple tools on our website (Art. 6(1)(f) GDPR). If you have given consent to certain tracking, then the use of Tag Manager (to load those tags) is based exclusively on your consent (Art. 6(1)(a) GDPR and §25(1) TTDSG for device access). You can revoke consent at any time.
Google is certified under the EU–US Data Privacy Framework (DPF), which obliges Google to comply with EU data protection standards for data processed in the USA. Details can be found on the U.S. government’s DPF website.
Google Ads Conversion Tracking
This website uses Google Ads (formerly Google AdWords) and Google Ads Conversion Tracking, services provided by Google Ireland Ltd., Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. We run Google Ads campaigns to display our advertisements on external websites (including Google search results and the Google Display Network) and use conversion tracking to measure the success of those ads. When you click on a Google ad that we have placed, a conversion cookie is set on your device. This cookie expires after about 30 days and is not used to identify you personally. If you visit certain pages on our site before the cookie expires, Google and we can recognize that you clicked the ad and were redirected to our site.
Each Google Ads advertiser gets a different cookie, so cookies are not tracked across different advertisers’ websites. The information collected via the conversion cookie is used to generate aggregate conversion statistics for us. We can see the total number of users who clicked on our ad and proceeded to a page tagged with a conversion tracking tag. However, we do not receive information that personally identifies any user.
We use Google Ads Conversion Tracking based on our legitimate interest in measuring the effectiveness of our ads and optimizing our advertising spend (Art. 6(1)(f) GDPR). If you have provided consent for marketing cookies, then the use is alternatively based on Art. 6(1)(a) GDPR. Google Ads may also result in personal data being transmitted to Google LLC servers in the USA.
You can find more information about Google’s data practices in Google’s Privacy Policy: policies.google.com/privacy.
How to Opt Out: If you do not wish to participate in tracking, you can opt-out by disabling the Google conversion tracking cookie via your internet browser’s settings (see Google Ads settings or use a browser plugin). For example, you can download and install the Google opt-out browser plugin available at: google.com/settings/ads/plugin. Note that if you disable cookies, certain functions of this site may be limited. If we have requested your consent for cookies, you can also revoke that consent at any time via our Cookie Consent tool or the methods described above.
Google Ads Remarketing
We utilize Google Ads Remarketing features to advertise this website in Google search results and on third-party websites to previous visitors. Provider: Google Ireland Ltd., Gordon House, Barrow St, Dublin, D04 E5W5, Ireland. For this purpose, Google sets a cookie in your browser when you visit our site, which enables interest-based advertising via a pseudonymous cookie ID based on the pages you visited.
The processing is based on our legitimate interest in optimally marketing our website (Art. 6(1)(f) GDPR). If you have additionally consented to Google linking your web and app browsing history to your Google account and using information from your Google account to personalize ads, then Google may use your data together with Google Analytics data (if present) to create cross-device remarketing profiles. In that case, if you are logged into your Google account while visiting our site, Google will use your data in combination with Analytics to define audience lists for cross-device ad targeting. This means your personal data may be temporarily linked by Google with Google Analytics data to form target groups. (Note: We currently do not use Google Analytics on this site, so this particular cross-service integration may not occur.)
Google Ads Remarketing may involve data transfers to Google LLC servers in the USA. Google has committed to use Standard Contractual Clauses and is certified under the Data Privacy Framework, as mentioned above, to safeguard such transfers.
How to Opt Out: You can permanently opt-out of Google Ads remarketing by disabling cookies for advertising purposes. For example, you can download and install the browser plug-in from Google at: google.com/settings/ads/onweb/. Alternatively, you can adjust your ad preferences on the website of the Digital Advertising Alliance (DAA) at aboutads.info or configure your browser to block cookies. Please note that opting out of personalized ads does not mean you will no longer see ads – but the ads will be less tailored to your interests.
Meta Pixel (Facebook Pixel)
To measure the effectiveness of our Facebook/Instagram advertising, this website uses the Meta Pixel (formerly known as Facebook Pixel) provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland . According to Meta, data collected via the pixel may be transmitted to Meta servers in the USA and other countries .
The Meta Pixel allows us to track the behavior of visitors after they click on one of our ads on Meta’s platforms (e.g. on Facebook or Instagram) and are redirected to our website. This enables us to analyze the success of our ads for statistical and market research purposes and helps us optimize future advertising campaigns .
The data collected via the pixel is anonymous to us – we cannot see personal information of individual users. However, Meta may process the data and link it to your Meta account, allowing Meta to use the data for its own advertising purposes, in accordance with Meta’s Data Usage Policy. This may result in Meta displaying our ads to you on its platforms or on other sites (i.e., we may participate in Meta’s “Custom Audiences” program) . We have no control over Meta’s use of the data. For details on how Meta processes your data, please refer to Meta’s privacy policy: facebook.com/about/privacy/ .
The use of Meta Pixel is done only with your consent (Art. 6(1)(a) GDPR and §25(1) TTDSG for any cookie placement or device recognition). You can revoke your consent at any time with future effect, e.g. via our Cookie Consent tool.
Enhanced Matching: If you have given consent, we may use Meta’s optional Advanced Matching feature. This allows us to send hashed customer data we collect (e.g. email addresses or phone numbers) to Meta along with the pixel data, in order to improve ad targeting (for example, to better match website visitors with their Facebook/Instagram profiles). This data is transmitted in encrypted form (hashes) and is used to create more refined Custom Audiences and to improve conversion tracking.
Joint Control Information: When the Meta Pixel is active, we and Meta Platforms Ireland Ltd. are jointly responsible for the collection and transmission of data from our site to Meta (Art. 26 GDPR). Our joint responsibilities have been defined in an agreement (see facebook.com/legal/controller_addendum for details). In summary, we are responsible for properly informing you about the pixel (which we are doing via this privacy policy) and implementing the tool in a privacy-compliant manner on our site, and Meta is responsible for the secure processing of the data on its end and handling data subject rights related to data held on Meta’s systems. You can contact Meta directly to exercise your data subject rights regarding data Meta holds; if you submit such a request to us, we will forward it to Meta .
Data transmitted to Meta may be stored and processed by Meta in the USA. Meta relies on the EU’s Standard Contractual Clauses for such transfers , and Meta is certified under the EU–US Data Privacy Framework, as noted earlier, which aims to ensure an adequate level of protection for personal data.
Opt-Out Options: You can object to Meta Pixel’s data collection and use in several ways:
- Use the ad preferences settings in your Facebook account to adjust what types of ads you see. For example, you can disable the “Custom Audiences” remarketing feature via facebook.com/ads/preferences when logged in.
- If you do not have a Facebook/Instagram account, you can opt out of usage-based advertising from Meta through the European Interactive Digital Advertising Alliance at youronlinechoices.com.
- You can also adjust cookie settings via our Cookie Consent Banner to disable marketing cookies (which include the Meta Pixel).
Meta Conversion API
We have also implemented the Meta Conversion API on this website. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, data collected via the Conversion API may also be transmitted to Meta servers in the USA or other non-EU countries.
The Meta Conversion API allows us to capture interactions on our website (such as form submissions, purchases, etc.) and send this information directly from our servers to Meta, in order to improve the performance tracking of our Facebook/Instagram advertising and to refine ad targeting. This server-to-server integration can supplement the Meta Pixel, especially for users who may have disabled or blocked the browser-based tracking.
Through the Conversion API, we may transmit events such as the time of visit, pages visited, IP address, user agent (browser information), and, if applicable, other specific data like purchased items or order values (collectively “event data”). For a detailed overview of what data can be transmitted via the Conversion API, Meta provides documentation here: developers.facebook.com/docs/marketing-api/conversions-api/parameters.
The use of Meta Conversion API occurs only with your consent (Art. 6(1)(a) GDPR and §25(1) TTDSG). You may revoke your consent at any time.
When the Conversion API is active, we and Meta Platforms Ireland Ltd. are jointly responsible (as joint controllers under Art. 26 GDPR) for the collection and transmission of data to Meta, just as with the Meta Pixel (see the Joint Control Information under Meta Pixel above for details). The joint processing agreement mentioned applies here as well.
Data sent via the Conversion API to Meta is subject to the same safeguards as described above for Meta Pixel. Meta uses Standard Contractual Clauses for data transfers and is certified under the Data Privacy Framework .
All the opt-out options described above for the Meta Pixel (such as adjusting ad preferences or disabling marketing cookies) equally apply to the Conversion API, since it is another channel of sending the same event data to Meta. By revoking or not giving consent for Meta tracking, the Conversion API events will also not be sent.
7. Newsletter
Newsletter Data
If you would like to receive the newsletter offered on our website, we require an email address from you and information that allows us to verify that you are the owner of the provided email address and consent to receive the newsletter. We do not collect further data, or only on a voluntary basis. We use these data solely for delivering the requested information and do not disclose them to third parties.
The processing of the data entered into the newsletter sign-up form is based exclusively on your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of the data, the email address, and its use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of any data processing performed before your revocation remains unaffected.
The data you provide for the purpose of receiving the newsletter will be stored by us (and/or the newsletter service provider) until you unsubscribe from the newsletter, at which point it will be removed from the distribution list. Upon your unsubscription or if the newsletter service is discontinued, your data will be deleted from the newsletter mailing list. We reserve the right to remove or block email addresses in our mailing list at our discretion in the context of our legitimate interest as per Art. 6(1)(f) GDPR (for example, in case of repeated delivery failures).
Data that we store for other purposes (e.g. emails provided for member accounts or purchases) remain unaffected by the newsletter list deletion.
After you unsubscribe from the newsletter, your email address may be stored separately on a blacklist to ensure we do not send you further mailings. The data in the blacklist is used only for this purpose and not combined with other data. This serves both our interest and your interest in complying with legal requirements for sending newsletters (legitimate interest under Art. 6(1)(f) GDPR). The blacklist storage is indefinite in time. You may object to the storage if you have reasons that outweigh our legitimate interest.
Newsletter Distribution via ConvertKit
We use the external service ConvertKit to manage and send our email newsletter. Provider: ConvertKit LLC, 750 W Bannock Street #761, Boise, ID 83702, USA. ConvertKit is an email marketing platform that helps us organize subscribers, design email campaigns, and analyze newsletter performance.
If you subscribe to our newsletter, the data you provide (e.g. your email address and any other information submitted for subscription) will be transmitted to and stored on ConvertKit’s servers in the USA. ConvertKit will process this data on our behalf for the purpose of sending you our newsletter emails and evaluating their effectiveness (e.g. open rates, link clicks). ConvertKit may also process some technical data (such as IP address, email client, and timestamp of interaction) to help us understand how recipients engage with our newsletters. For example, emails sent through ConvertKit may include a so-called web beacon (a tiny image file) that is retrieved from ConvertKit’s server when you open the email. This allows us to determine whether a newsletter was opened and which links were clicked, if any. This information can be used to make our content more relevant and to improve future newsletters.
The use of ConvertKit is based on your consent (Art. 6(1)(a) GDPR). When you sign up for our newsletter, we will request your consent to process your data via ConvertKit and to send you emails. You can withdraw this consent at any time by unsubscribing from the newsletter or notifying us, as described above.
Data Transfer and Security: ConvertKit is a U.S.-based service, so your personal data (e.g. email address) is transferred to the United States. To protect such transfers, we have entered into Standard Contractual Clauses with ConvertKit as recommended by the EU Commission, obligating ConvertKit to protect the data of our users and process it in compliance with EU data protection standards. We have also executed a Data Processing Agreement with ConvertKit (as required by Art. 28 GDPR), in which ConvertKit commits to process personal data of our subscribers only according to our instructions and in line with GDPR.
ConvertKit’s privacy policy provides further details on its data handling and can be found here: convertkit.com/privacy. If you have any concerns about your data in relation to our newsletter, feel free to contact us.
8. Audio and Video Conferencing
Data Processing via Conference Tools
We use online conferencing tools (e.g. Zoom, Google Meet) to communicate with customers and other parties. Below we list the specific tools we use. When you communicate with us by video or audio conference via the internet, your personal data are processed both by us and by the provider of the conferencing tool .
The conferencing tools collect the data you provide/input to use the tools (such as your name and email address) and the data generated in the course of the conference itself (such as your video/audio feed, chat messages, and other metadata). The exact data collected can vary depending on the tool and how it is used. Many tools also process technical information about your device, network, and the timing/duration of your participation in the conference.
Why and on what basis we use these tools: The primary purpose of using conferencing tools is to communicate with prospective or existing contractual partners and to deliver services to our customers (e.g. holding online meetings or webinars). In those cases, the legal basis for processing your data via these tools is Art. 6(1)(b) GDPR (contract or pre-contractual measures). Additionally, using these tools generally helps us facilitate and speed up communication with anyone contacting our company, which is a legitimate interest of ours (Art. 6(1)(f) GDPR). If we have asked for your consent for a specific use within the tool (for example, to record a session or to invite you to a public webinar), processing is based on consent (Art. 6(1)(a) GDPR); you may revoke consent at any time for future operations.
Data retention: Data we directly collect via video/audio conferences (e.g. meeting recordings, screenshots, chat logs) will be erased from our systems as soon as you ask us to delete it, or when the purpose for storage no longer applies, whichever comes first. Your communications with us via these tools will generally not be stored longer than necessary for the given purpose (e.g. after a customer support query is resolved, the call content is not retained, though basic logging data may remain as required). Mandatory legal retention obligations (e.g. business correspondence archiving) remain unaffected.
Please note that we do not have full control over how the conferencing tool providers store your data. The providers may store data (such as your account information or meeting metadata) for their own business purposes and durations. For details, please consult the privacy policies of the respective providers.
The conferencing tools we use:
Zoom
We use Zoom for some online meetings and calls. Provider: Zoom Video Communications, Inc., 55 Almaden Blvd, 6th Floor, San Jose, CA 95113, USA. For details on data processing by Zoom, please see Zoom’s privacy policy: zoom.us/privacy.
When you participate in a Zoom meeting organized by us, any personal information you provide to join (such as your name, email, etc.) and any data you generate during the meeting (video, audio, chat contributions) will be processed by Zoom and stored on Zoom’s servers. Zoom may transfer personal data to the U.S. or other third countries. Zoom states that such transfers are safeguarded by Standard Contractual Clauses. We have entered into a Data Processing Agreement with Zoom to ensure that Zoom handles our users’ data in compliance with GDPR and only according to our instructions.
Data Security: Zoom communications are encrypted (Zoom offers TLS encryption and, depending on settings, end-to-end encryption for meetings). However, the level of encryption may depend on the meeting configuration.
/**********************************************************************\
Your Rights: At any time, you have the rights described in Section 3 (e.g. to access, rectify, or delete your data, or to object to processing). To exercise these rights regarding data processed in conferencing tools, contact us. If necessary, we will coordinate with the tool provider (e.g. Zoom or Google) to fulfill your request.
We continuously update this privacy policy as required to reflect changes in our data practices or applicable laws. The current version of the privacy policy is indicated by the date below.
Last updated: July 25, 2025
**********************************************************************/