Privacy policy

Kongress Dortmund Telefon Kongress Dortmund LinkedIn Schalter Nachtmodus

PRIVACY POLICY

This privacy policy informs you of the type, scope, and purpose of the processing of personal Data (hereinafter referred to as “Data”) within our online offering and the websites, functions, and contents connected therewith, as well as external online presences such as our social media profiles (hereinafter jointly referred to as “Online Offering”). In specific instances, we also refer in this privacy policy to the processing of Data outside our Online Offering. We refer to this separately at the relevant point in this privacy policy. All information provided, and instructions given, in this privacy policy apply accordingly – insofar as applicable in each case – to the processing of Data outside our Online Offering.

With regard to the related terminology, such as “Personal Data” or “Processing”, we refer to the relevant definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller:

Name/Company: Westfalenhallen Unternehmensgruppe GmbH

Street/No.: Strobelallee 45

Postcode, Town/City, Country: 44139 Dortmund, Germany

Local register of companies/No.: Dortmund Magistrates' Court, HRB 2522

Managing Director: Sabine Loos

Telephone no.: 0049 (0)231 1204 0

Email address: medien@westfalenhallen.de

Data Protection Officer:

Christian Volkmer

Projekt 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg, Germany

Telephone no.: 0049 (0) 231 1204 368

Email address: datenschutz@westfalenhallen.de

Types of Data processed:

Personal Data (e.g. title, first name, surname, name suffixes, home address, country, company address, date of birth if applicable, full legal capacity, industrial sector, professional position, scope of decision-making, areas of responsibility, areas of interest)

Contact Data (email address, telephone number landline/mobile, fax number)

Content Data (e.g. contact form text entries, photographs, videos)

Contract Data (e.g. contract deliverable, term, customer category, user name)

Payment Data (e.g. bank details, account data, credit card data, payment history)

Usage Data (e.g. websites visited, use of services, interest in content, access times)

Meta/communication Data (e.g. device information, IP addresses, browser type)

Health Data (severely disabled status)

Processing of special categories of Data (Article 9(1) of the GDPR):

We process, as far as necessary in the specific instance, health data (enquiry as to severe disability status). Beyond that, we do not process any special categories of Data, unless these are supplied for processing by you, e.g. entered in contact forms.

Categories of data subjects whose Data is processed:

Customers / Interested parties / Suppliers / Partners

Visitors and users of our Online Offering. Hereinafter, we refer to you, as a data subject, collectively as “User” or “Users”.

Purpose of the processing:

Provision of the Online Offering, its contents and functions

Provision of contractual services (e.g. ticketing)

Service and customer care.

Responding to contact requests and communications

Marketing, advertising and market research

Security measures

Last revised: May 4, 2026

1. Relevant legal bases

In accordance with Art. 13 of the GDPR, we inform you of the legal basis upon which Data is processed. Where the legal basis is not stated in the privacy policy, the following applies: The legal bases for obtaining consent are Art. 6(1)(a) and Art. 7 of the GDPR and Art. 9(2)(a) and Art. 7 of the GDPR; the legal basis for processing to fulfil our services and implement contractual measures and respond to enquiries is Art. 6(1)(b) of the GDPR; the legal basis for processing to fulfil our legal obligations is Art. 6(1)(c) of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) of the GDPR. In the event that vital interests of the data subject or another natural person make it necessary to process personal Data, Art. 6(1)(d) of the GDPR serves as the legal basis.

2. Changes and updates to the privacy policy

Please inform yourself regularly of the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. expression of consent) or other individual notification.

3. Security measures

3.1. We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Art. 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. The measures include, in particular, ensuring the confidentiality, integrity and availability of Data by controlling physical access to the Data, as well as access to, entry of, disclosure of, assurance of availability of and separation of the Data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, deletion of Data and response to Data compromise situations. Furthermore, we already take the protection of personal Data into account in the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data-protection-friendly default settings (Art. 25 of the GDPR).

3.2. The security measures include, in particular, the encrypted transmission of Data between your browser and our server.

4. Collaboration with processors and third parties

4.1. Where, in the course of our processing, we disclose Data to other persons and companies (contracted processors or third parties), transmit it to them or otherwise grant them access to the Data, this will occur only on the basis of a statutory permission (e.g. if transmission of the Data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6(1)(b) of the GDPR), where you have consented, where a legal obligation provides for this or where necessitated by our legitimate interests (e.g. when using agents, web hosts, etc.).

4.2. Where we commission third parties with the processing of Data on the basis of a so-called “contracted-out data processing agreement”, this is done on the basis of Art. 28 of the GDPR.

5. Transfers to third countries

Where we process Data in a third country (i.e. a country outside the European Union (EU) or outside the European Economic Area (EEA)) or where this occurs in the context of using third-party services or disclosing or transferring Data to third parties, this occurs only in order to fulfil our (pre-)contractual obligations, on the basis of your expression of consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have Data processed in a third country if the special requirements of Art. 44 et seq. of the GDPR are met. In other words, processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the US through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

6. Rights of data subjects

6.1. You have the right to request confirmation as to whether Data in question is being processed, and to information about this Data, as well as further information and a copy of the Data in accordance with Art. 15 of the GDPR.

6.2. In accordance with Art. 16 of the GDPR, you have the right to request that Data concerning you be augmented or that incorrect Data concerning you be corrected.

6.3. In accordance with Art. 17 of the GDPR, you have the right to demand that the Data concerned be deleted without delay or, alternatively, to demand that processing of the Data be restricted in accordance with Art. 18 of the GDPR.

6.4. Under Art. 20 of the GDPR, you have the right to require that Data concerning you, which you have provided to us, be given to you and to demand that it be transferred to other data controllers.

6.5. Furthermore, you have the right under Art. 77 of the GDPR to lodge a complaint with the competent supervisory authority.

7. Right to withdraw consent

Under Article 7(3) of the GDPR, you have the right to withdraw consent given in the past with effect for the future.

8. Right of objection

Under Article 21 of the GDPR, you may object at any time to the future processing of Data pertaining to you. The objection may be made in particular against processing undertaken for the purpose of direct marketing.

9. Collection of access Data and log files

9.1On the basis of our legitimate interests as defined by Article 6(1)(f) of the GDPR, we collect Data on each instance of access to the server on which this service is located (so-called server log files). The access data includes the path of the website accessed, associated files, date and time of access, amount of Data transferred, notification of successful access, browser type and version, the User's operating system, referring URL (the previously visited page), IP address and the requesting provider, as well as other browser header data.

9.2 Log file information is stored for a period of 6 months for security reasons (e.g. to clarify acts of abuse or fraud) and is then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified. As a matter of standard practice, this Data is not passed on to third parties unless this be necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6(1)(c) of the GDPR.

10. Analysis, tracking, optimisation

Technologies of ours or of third parties that are not only used to provide a function within our online offer but also serve exclusively or in addition to the analysis of User behaviour, tracking, optimisation of our marketing activities or other purposes are chiefly set out in our Cookie Policy.

11. Cookies

Information on the cookies we use can be found mainly in our Cookie Policy.

12. Erasure, anonymisation and retention of Data

12.1. Data processed by us is erased (deleted) in keeping with Art. 17 of the GDPR. Unless the Data is erased because processing thereof is required for other and legally permissible purposes, processing is restricted. This means that the Data is blocked and not processed for other purposes.

12.2. Instead of erasing your Data, we will, where applicable, render it anonymous in such a way that it is in future irreversibly impossible to relate the Data back to you as an individual.

12.3 Under statutory provisions, documents are retained in particular for 6 years as per Sect. 257 (1) of the German Commercial Code (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years as per Sect. 147 (1) of the German Taxes & Duties Regulations (books, records, management reports, accounting vouchers, commercial and business letters, documents of relevance to taxation, etc.).

13. Provision of contractual services

13.1. We process personal Data (e.g. title, first and last name, name suffixes, residential address or company address) as well as contractual Data (e.g. contract deliverable, User name and payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6(1)(b) of the GDPR. The information marked as mandatory in online forms is required for entry into the contract.

13.2. We create User accounts as standard practice as part of the provision of our contractual obligations and services – in particular as part of our ticketing processes. The User accounts allow you, in particular, to view the orders you have placed. You are provided with the required compulsory information during the registration process. User accounts are not public and cannot be indexed by search engines. As part of the process of deleting your User account (see 13.3. below), we will irretrievably remove from all systems all Data stored by you or by us during the term of the contract. Therefore, it is your responsibility to back up your Data upon cancellation/termination or before the 3 years expire.

13.3. Your User account and all Data contained (e.g. order data) will be deleted 3 years after registration or at any time following termination of contract by you unless retention obligations – in particular those under commercial or tax law – dictate otherwise (Article 6(1)(c) of the GDPR refers).

13.4 As part of the registration and login processes and as part of the use of our online services we store your IP address and the respective time of the action for a period of 6 months. This Data is stored based upon our and your legitimate interests in retaining documentary evidence of the respective action and in preventing misuse and other unauthorised use. We delete this Data after 6 months. Should this Data need to be retained for evidentiary purposes, such Data is exempt from erasure until the respective incident has been finally clarified. As a matter of standard practice, this Data is not passed on to third parties unless this be necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6(1)(c) of the GDPR.

14. Attendance at trade shows or events, surveillance of premises, recordings (outside the Online Offering)

14.1. At trade shows and other events, film, television and photo recordings are usually made. The Data is processed on the basis of our legitimate interests under Art. 6(1)(f) of the GDPR (public relations / marketing purposes). The recordings may be published on our websites and in social media channels, and/or in print media for purposes of illustrating what we do. We will provide you with further information on the respective processing – where necessary – on the respective day of the trade show or event or, in specific instances, in advance.

14.2. At trade shows and other events, we usually deploy surveillance cameras with recording functions on the premises. We store the recordings made. The recordings are stored only for as long as required for the purposes mentioned below. In this case, the Data is erased after a period of 72 hours, i.e. after 3 days. Processing is conducted in accordance with Sect. 4(1) Sentence 1 Items 2 and 3 of the German Federal Data Protection Act or, where applicable, in accordance with Art. 6(1)(f) of the GDPR within the scope of exercising our rights as operator of the premises or in order to safeguard our legitimate interests or insofar as necessary to fulfil a legal obligation to which we are subject (cf. Art. 6(1)(c) of the GDPR, e.g. for purposes of securing evidence). Processing pursuant to Sect. 4(1) Sentence 1 Items 2 and 3 of the GDPR is carried out in accordance with Sect. 4(1) Sentence 2 Item 1 of the German Federal Data Protection Act in order to protect the life, health or freedom of persons (visitors) on the premises. Furthermore, we have a legitimate interest in deterring potential criminals and in securing evidence in the event of an attempted or actual crime at our expense or at the expense of a visitor. There thus exists a legitimate interest in the prevention and, where applicable, prosecution of criminal offences. We will provide you with further information on the respective processing – where necessary – on the respective day of the trade show or event or, in specific instances, in advance.

14.3 We keep several surveillance cameras with a “record” feature on the premises at all times. The image data of the footage is transmitted in real time to a monitor in the fire safety centre (camera-monitoring principle) and recorded. The recordings are stored only for as long as required for the purposes mentioned below. In this case, the Data is erased after a period of 96 hours, i.e. after 4 days. Processing is conducted in accordance with Sect. 4(1) Sentence 1 Items 2 and 3 of the German Federal Data Protection Act or, where applicable, in accordance with Art. 6(1)(f) of the GDPR within the scope of exercising our rights as operator of the premises or in order to safeguard our legitimate interests or insofar as necessary to fulfil a legal obligation to which we are subject (cf. Art. 6(1)(c) of the GDPR, e.g. for purposes of securing evidence). There thus exists a legitimate interest in the prevention and, where applicable, prosecution of criminal offences. We will provide you with further information on the respective processing – where necessary – on the respective day of the trade show or event or, in specific instances, in advance.

15. Establishing contact

15.1. When establishing contact with us (via the contact form, telephone, fax, post or email), your Data is processed in order to handle your enquiry and process it in accordance with Art. 6(1)(b) of the GDPR. The information marked as mandatory in the contact form is required for processing your enquiry.

15.2. We generally delete enquiries 3 months after receipt, albeit no later than when they have been responded to. Where statutory retention obligations apply, deletion takes place once such obligations lapse (6 years under commercial law / 10 years under tax law).

15.3. You may object at any time to the use of your Personal Data for marketing purposes, either in full or in regard of specific measures, without incurring any costs other than the standard transmission charges.

In accordance with the legal provisions of Section 7(3) of the German Unfair Commercial Practices Act (UWG), we are entitled to use the email address you provided when entering into the contract for the purpose of direct marketing of our own similar goods or services. We will send you these product recommendations regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by email, you may object to the use of your email address for this purpose at any time, without incurring any costs other than the standard transmission charges. Written notification is sufficient for this purpose. Of course, every email always includes an “Unsubscribe” link.

16. Inclusion of share buttons for sharing content on social networks

Our websites do not use social plug-ins from social networks that collect Data. To enable straightforward sharing of content on our websites in social media, the so-called Shariff solution is used for our share buttons (for more information, see: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html).

This prevents our Users' Data from being passed on to social networks without their knowledge when they access our websites. The share buttons using the Shariff solution merely establish a link to the corresponding social network on request – i.e. only after the User has clicked on a share button. The User can then share the content of our websites with other Users, provided that he or she is registered on the corresponding social network. This process varies slightly for each social network. After clicking on the share button, the content to be shared, and the IP address and the general header information of the User's browser are transmitted to the respective social network. Please note that we have no knowledge of the content of the (personal) Data transmitted in the further course of events, nor of its use by the social networks.

For the following social networks, the share buttons mentioned above are offered using the Shariff solution:

Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Opt-out: https://www.facebook.com/settings?tab=ads

Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Opt-out: https://x.com/settings/account/personalization

Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy

Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Provider: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany
Privacy policy: https://www.xing.com/app/share?op=data_protection

17. Online presence on social media

17.1. We maintain online presences on social networks and platforms in order to communicate with customers, interested parties and Users active there, and to inform them about our services. When accessing social networks and platforms, the terms and conditions and data processing guidelines of the respective operator apply.

17.2 Unless stated otherwise in our privacy policy, we process your Data if you communicate it within social networks and platforms, e.g. by making posts on our online presences or by sending us messages.

17.3 Please note that your Data may also be processed by the respective operator outside the European Union or the European Economic Area. As a result, risks may arise for you, and in particular, the enforcement of rights may become more difficult. With regard to US operators certified under the EU-US Privacy Shield, we also point out that they have thereby also committed to comply with EU data protection standards.

17.4 By clicking the respective operator's button, you will be forwarded to our respective online presence in a separate browser window, where, provided you are logged into your User account, you can share or subscribe to our news, etc. The button establishes a direct connection between your browser and the respective operator's server. The respective operator thereby receives notification that you have visited our website via your IP address. The respective operator may collect further Data as soon as you make use of their offerings. In addition, it is then possible for the respective operator to assign your visit to our website to you and your User account (provided you are logged into your User account).

17.5 In addition, your Data will generally be processed for purposes of market research and advertising. This means that profiles can be created based upon your usage behaviour and the preferences and interests identified from it. Such profiles may be used, for example, to display suitable advertisements within our online presence or on other online presences or websites on the basis of the identified interests. Cookies are stored and retained on your device, allowing Data on User behaviour to be collected and bundled for further processing for purposes of identifying your interests. The collection and bundling of this Data may, especially if you are logged into your User account, also be performed via more than one device used by you.

17.6 The processing of Data is based on our legitimate interest in effective information and direct communication with you in relation to our Online Offering pursuant to Art. 6(1)(f) of the GDPR.

17.7 Should you wish to request information or exercise any other rights to which you are entitled, please contact the relevant operator directly in the first instance. The background to this is that only the respective operators have access to your Data and can give you the relevant information and take further action if necessary. However, if you need help in exercising the rights to which you are entitled, you can also contact us at any time.

17.8 A description of the data processing carried out by the respective operator and the requirements for implementing an objection (opt-out) can be found in the information provided by the respective operator:

Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland

Opt-out: https://www.facebook.com/settings?tab=ads

Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Opt-out: https://x.com/settings/account/personalization

Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA

Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Provider: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Deutschland

Provider: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA

Provider: (Instagram) Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland

Provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

Opt-out: https://help.pinterest.com/de/articles/notifications#Web

18. Links

Our websites do not use social plug-ins from social networks that collect Data. Where the Shariff solution is not in use, we only set links on our websites to social networks. This prevents our Users' Data from being passed on to social networks without their knowledge when they access our websites. The links establish a connection to our online presence on the respective social network on request only, thus only after the User has clicked on a link. After the link has been clicked, the IP address and the general header information of the User's browser are transmitted to the respective social network. The social network in question may collect further Data as soon as you make use of their offerings. Please note that we have no knowledge of the content of the (personal) Data transmitted in the further course of events, nor of its use by the social networks.

The links set out above are used for the following social networks:

Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy

Provider: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany
Privacy policy: https://www.xing.com/app/share?op=data_protection

Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

19. Newsletter

19.1 The following information is to inform you about the contents of our newsletter and the registration, dispatch and statistical evaluation procedure, as well as your right of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

19.2 Newsletter content: We send out emails and other (electronic) notifications with promotional information (hereinafter “Newsletter”) only with your consent or on the basis of a legal permission. Where the contents of the Newsletter are specifically described during registration, they are deemed to be the object to which you are expressing consent. In all other respects, our Newsletters contain information about our products, offers, promotions and our company.

19.3 Recording of the double opt-in and changes: Registration for our Newsletter uses a so-called double opt-in process. This means that, after subscribing, you are sent an email asking you to confirm your subscription. This confirmation is necessary so that no one can subscribe using other people's email addresses. Subscriptions to the Newsletter are recorded in order to be able to provide documentary evidence of the subscription process in accordance with legal requirements. This includes recording the times of login and confirmation, and the IP address. Changes to your Data retained by the shipping service provider are also recorded.

19.4 Shipping service provider: The Newsletter is sent out by rapidmail GmbH, Wentzingerstrasse 21, 79106 Freiburg im Breisgau, Germany, hereinafter referred to as the “Shipping Service Provider”.

19.5 If you subscribe to the Newsletter of the Shipping Service Provider, the Data entered in the respective input screen will be transmitted to the controller responsible for data processing. Registration for our Newsletter uses a so-called double opt-in process. This means that, after subscribing, you are sent an email asking you to confirm your subscription. This confirmation is necessary so that no one can subscribe using other people's email addresses. When registering for the Newsletter, the User's IP address and the date and time of subscription are retained. This serves to prevent misuse of the services or the email address of the data subject. The Data will not be passed on to third parties unless there is a legal obligation to disclose. The Data will only be used for purposes of sending out the Newsletter. The subscription to the Newsletter may be cancelled by the data subject at any time. Likewise, consent to the retention of personal Data may be withdrawn at any time. Every Newsletter contains a corresponding link for this purpose. Where the User has given his or her consent, the legal basis for the processing of Data after the User subscribes to the Newsletter is Art.6(1)(a) of the GDPR. The legal basis for sending out the Newsletter as a result of the sale of goods or services is Sect.7(3) of the German Unfair Competitive Practices Act.

19.6 Use of rapidmail

Description and purpose: We use rapidmail for sending out Newsletters. The provider is rapidmail GmbH, Wentzingerstrasse, 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organise and analyse the shipment of Newsletters. The Data entered by you for the purpose of receiving the Newsletter is retained on rapidmail's servers in Germany. If you do not wish any analysis to be performed by rapidmail, you must unsubscribe from the Newsletter. We provide a link for this in every Newsletter notification. Furthermore, you may also unsubscribe from the Newsletter directly on the website. For the purpose of analysis, the emails sent using rapidmail contain a so-called Tracking Pixel which connects to the rapidmail servers when the email is opened. In this way, it can be determined whether a Newsletter notification has been opened. Furthermore, with the help of rapidmail we can determine whether and which links are clicked on in the Newsletter notification. All links in the email are so-called tracking links with which your clicks can be counted.

Legal basis: The legal basis for the data processing is Art. 6(1)(a) of the GDPR.

Recipient: The recipient of the Data is rapidmail GmbH.

Transmission to third countries: The Data is not transferred to third countries.

Duration: The Data retained by us within the scope of your consent for the purpose of the Newsletter is retained by us until you unsubscribe from the Newsletter and will be erased from our servers and from the rapidmail servers after you unsubscribe from the Newsletter. Data retained by us for other purposes (e.g. email addresses for the members' area) remain unaffected by this.

Opportunity to withdraw consent: You have the option at any time to withdraw your consent to data processing with effect for the future. The lawfulness of data processing operations already conducted remains unaffected by such withdrawal of consent.

Further data protection information: For more details, please refer to rapidmail's data security notes at: https://www.rapidmail.de/datensicherheit. For more information on rapidmail's analysis functions, please see the following link: https://www.rapidmail.de/wissen-und-hilfe

19.7 Withdrawal of consent: You may unsubscribe from our Newsletter at any time. You will find a link to cancel receipt of the Newsletter at the end of each Newsletter. In the event of withdrawal of consent, your Data will be erased.

20. Integration of third-party services and content

20.1 We use content or service offerings from third-party providers within our Online Offering on the basis of our legitimate interests (interest in the analysis, optimisation and economic operation of our Online Offering within the meaning of Art. 6(1)(f) of the GDPR). This means that we integrate content and services from third-party providers, such as videos or fonts (hereinafter jointly referred to as “Content”). A precondition for this is that the third-party providers are aware of your IP address, as without the IP address, they would not be able to send the Content to your browser. The IP address is thus required in order to display the Content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the website. The pseudonymised information may also be stored in cookies on your device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our Online Offering, as well as being linked to such information from other sources.

20.2 In the following illustration, we have compiled an overview of third-party providers together with the Content they offer and links to their data privacy notices, which may contain further information on the processing of Data and information on how to object. Please note that we have listed other third-party providers in our cookie policy.

- Payment services provided by TeleCash GmbH & Co. KG

- External code of the JavaScript framework “jQuery”, provided by the JS-Foundation

- Integration of event apps (web apps that are called up via a URL in the browser of a smartphone), provided by LINEUPR GmbH

Adform conversion pixel

To improve the convenience and quality of our service, we use conversion tracking and retargeting technology, both web services provided by Adform ApS, Wildersgade 10B, 1, 1408 Copenhagen K, Denmark.

Conversion tracking: This website uses conversion tracking from Adform. The temporary cookie for conversion tracking is set when a User makes contact with an advertisement placed by Adform.

Users who do not wish to participate in tracking may disable the Adform or Google cookie here at any time via their internet browser or object to data collection and retention with effect for the future. You can delete cookies already stored on your computer in the browser you are using or remove them by deleting temporary websites.

Retargeting: This website uses retargeting technology from Adform. This makes it possible to target those internet Users on our partners' websites who have already shown interest in our website and our products. With retargeting, the advertising material is displayed on the basis of a cookie-based analysis of previous User behaviour. This is a temporary cookie that loses its validity after 60 days. If you do not wish to be shown interest-based advertising by Adform, you may object here to the collection and retention of Data at any time with effect for the future. For more information on Adform's privacy policy, please visit http://site.adform.com/privacy-policy/de/

Seeding conversion tracking

This site uses so-called conversion tracking by the Seeding Alliance (Seeding Alliance GmbH, Gustav-Heinemann-Ufer 74b 50968 Cologne, Germany). When the conversion is completed, a cookie is used to record whether the visitor reached the target page via an advertising medium of the Seeding Alliance. Otherwise, the visitor's Data is not retained, and each conversion is only recorded once per visitor. Under no circumstances will personal Data of the visitor be collected.

Further information on data protection at Seeding Alliance GmbH and the use of cookies, including the possibility of opting out, may be found at https://seeding-alliance.de/datenschutz/

Ligatus conversion pixel

This site uses behavioural targeting by Ligatus GmbH (Christophstrasse 19, D-50670 Cologne, Germany). Ligatus GmbH adheres strictly to the legal requirements for data protection, in particular to the EU General Data Protection Regulation and regulations set out in the German Telemedia Act and the German Federal Data Protection Act. Further information on the cookies used by Ligatus and data protection at Ligatus, as well as an option to object, may be found at https://www.ligatus.de/datenschutz. You may withdraw consent you have already given here: https://ext.ligatus.com/oba-optout/opt-out?action=optout&callback=3.

Outbrain conversion pixel

Our website uses technology from Outbrain, which is used to draw our Users' attention to further Content on our website and on third-party websites that may also be of interest to them. The further reading recommendations integrated by Outbrain, e.g. below an article, are determined on a purely pseudonymous basis on the basis of the previous Content read by the User. For more information on Outbrain's privacy policy, please visit http://www.outbrain.com/de/legal/privacy. You may object to tracking for the display of interest-based recommendations at any time by clicking on the “Opt-out” box under Outbrain's privacy policy, available at http://www.outbrain.com/de/legal/privacy.

Plista conversion pixel

Our website is assisted by fully automated recommendation technology from plista GmbH, Torstrasse 33, 10119 Berlin, Germany. With the aid of this technology, we aim to improve the User experience on our website by recommending articles and advertisements to you, our visitors, that are tailored to your individual interests (so-called usage-based advertising). In order to be able to display usage-based advertising, plista collects information on the usage behaviour of website visitors (so-called usage data) by means of cookies on all websites of the plista partner network and combines these with a random identifier assigned by plista (so-called cookie ID) to form usage profiles. You can find more information on this and on data privacy at plista at https://www.plista.com/de/about/privacy/.

Of course, you are free to disable plista's usage-based advertising at any time by declaring your opt-out at the bottom of the page via https://www.plista.com/de/about/opt-out/.

LinkedIn conversion pixel

Our site uses conversion tracking components from the LinkedIn network. LinkedIn is a service provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, which enables you to be shown relevant advertising based upon your interests. We also receive aggregated and anonymised reports from LinkedIn of ad activity and information about how you interact with our website.

Details on data collection by LinkedIn and on your rights and setting options can be found in LinkedIn's privacy policy. You can find these details at http://www.linkedin.com/legal/privacy-policy

You can object to the analysis of your usage behaviour by LinkedIn and to the displaying of interest-based recommendations (“opt-out”) by clicking on the “Decline on LinkedIn” (for LinkedIn members) or “Decline” (for other Users) button on the following page: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Taboola

Taboola Inc, London (Oneustonsq, 40 Melton Street, 13th Floor, London, NW1 2FD) uses cookies to determine which web pages you visit frequently and how you navigate on our website. For this purpose, device-related data and log data are collected, and usage profiles are generated using pseudonyms. These usage profiles are not merged with Data on the bearer of the pseudonym and do not permit any conclusions to be drawn from your personal Data. Your IP address, for example, is transmitted to Taboola in abbreviated form. https://www.taboola.com/privacy-policy

You may disable tracking at any time in the “User Choices” section on the above page.

Trade Desk pixel

This site uses technology from The Trade Desk Inc, 42 N Chestnut St, Ventura, California, CA – 9300, USA. Information on the surfing behaviour of visitors to the website is collected for marketing purposes in a purely anonymised form, and cookies are set for this purpose. No personal Data is collected or retained during this process.

You may object to the processing of the cookie data generated by The Trade Desk at any time at https://www.adsrvr.org/. For more information on data protection at The Trade Desk, please see https://www.thetradedesk.com/general/privacy-policy

Twitter conversion pixel

Our web pages contain functions from the Twitter service. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and by using the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other Users. Data is also transferred to Twitter as part of this process. We wish to point out that we, as the provider of the web pages, have no knowledge of the content of the Data transmitted or of the ways it may be used by Twitter.

With the aid of the “Twitter pixel” set on our web pages, we are in particular able to track Users' actions after they have seen or clicked on a Twitter advertisement. This procedure is used to evaluate the effectiveness of Twitter advertisements for statistical and market research purposes and can help to optimise future promotional activity. The Data collected is anonymised for our use in such a way that we are unable to draw any conclusions concerning Users' identity. However, the Data is retained and processed by Twitter in such a way that a connection to the respective User profile is possible and in such a way that Twitter is able to use the Data for its own advertising purposes in accordance with Twitter's privacy policy. You may enable Twitter and its partners to serve advertisements on and off Twitter. Furthermore, a cookie may be stored on your computer for these purposes. For more information, please see Twitter's privacy policy at http://twitter.com/privacy. Please click here if you wish to disable the function described above: Opt-out.

Chatbot

Our website uses a Chatbot to provide answers to queries from customers or staff. The provider is Kauz GmbH, Erasmusstrasse 15, 40223 Düsseldorf, Germany.

We have carefully selected the provider, Kauz GmbH, which refrains from collecting or processing any personal Data for the purpose of behavioural analysis. Usage data such as chat duration, message timestamps, the number of exchanges and approximate user locations are stored in anonymised form for purely statistical purposes.

We process your Data solely for the purpose of dealing with your enquiry and for internal purposes (Article 6(1)(b) and Article 6(1)(f) of the GDPR).

Leadinfo

We use the Lead Generation Service provided by Leadinfo B.V., Rotterdam, Netherlands. This service identifies visits to our website by businesses based on IP addresses and displays publicly available information such as company names or addresses. Furthermore, Leadinfo uses two first-party cookies to analyse user behaviour on our website and processes domains from form submissions (e.g. ‘leadinfo.com’) in order to link IP addresses to companies and enhance our services. For further information, please visit www.leadinfo.com. You can also opt out here: www.leadinfo.com/en/opt-out. Leadinfo will no longer collect your Data once you have opted out.

Social media prize draws

If you register for (or take part in) one of our prize draws, we will use your Personal Data to administer and run the competition. The legal basis for this is Article 6(1), Sentence 1 b of the GDPR. Further details concerning prize draws are set out in the Terms and Conditions, which you must accept should you choose to enter the competition.

Eye-Able®

Eye-Able® is a software programme developed by Web Inclusion GmbH to ensure that everyone enjoys barrier-free access to information on the internet. The necessary files, such as JavaScript, stylesheets and images, are loaded from an external server. When features are activated, Eye-Able® saves the settings in the local storage of the browser. All settings are stored locally only and are not transmitted elsewhere. To defend against attacks and provide our service in near real time, Eye-Able® uses the Content Delivery Network (CDN) provided by BunnyWay d.o.o. (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia). This is used for the purpose of fulfilling our contractual obligations to our customers (Article 6(1)(b) of the GDPR) and in the interests of ensuring the secure, fast and efficient provision of our online services by a professional provider (Article 6(1)(f) of the GDPR). All Data transmitted and all servers remain within the EU at all times to ensure that processing complies with the GDPR. Web Inclusion GmbH does not collect or analyse any personal user behaviour or other Personal Data at any time. To ensure that data processing complies with data protection regulations, Web Inclusion GmbH has contracted-out data processing to our hosting provider, BunnyWay. Further information can be found in the Privacy Policies: eye-able.com/datenschutz-eye-able/ https://bunny.net/privacy

Google Ads Customer Match

We use Google Ads Customer Match for our Google marketing. based on your expression of consent under Article 6(1)(a) of the GDPR. When using Customer Match, we upload lists containing encrypted User Data (e.g. names, email addresses, postal addresses, customer-specific identifiers) to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 (hereinafter referred to as “Google”). Google then uses this information to determine the extent to which the User Data provided matches that of existing Google customers. This facilitates creating target groups for the delivery of adverts and campaigns. The encrypted customer Data is automatically deleted once the Customer Match Lists have been created.

Google receives and processes the Data in its capacity as a Processor. To this effect, we have entered into a contracted-out data processing agreement with Google. It cannot be entirely ruled out that Google LLC, domiciled in California, USA, and, possibly, certain US authorities may also have access to the Data stored by Google.

Should you wish to decline participation in tracking, you can refuse the placement of the cookie required for this purpose – for example, via a browser setting that generally disables the automatic placement of cookies, or via our cookie settings. You can also customise personalised advertising in your Google Account under the ‘Privacy’ tab to tailor your preferences. To do this, sign in to Google and click on the ‘Data and privacy’ section under ‘Manage your Google Account’.

Perspective

We use the service provider Perspective Software GmbH, PO Box 659770, 96035 Bamberg, Germany (“Perspective”) to provide our online services. Data processing takes place solely on servers within the EU, whereby Data may also be processed by sub-processors based in the US, which are certified under the EU-US Data Privacy Framework (DPF). Moreover, standard contractual clauses and additional safeguards are in place.

When you access our website, Perspective automatically processes the following Data:

IP address
Browser type and version
Operating system
Internet service provider
Date and time of access
Referrer URL

This Data is used to ensure the technical delivery, stability and security of our service based on Article 6(1)(f) of the GDPR (legitimate interest in the secure provision of the website). The Data is stored for the duration of the session; IP addresses are stored in log files for a maximum of 7 days. For more information, please visit: https://www.perspective.co/datenschutz

Contact and enquiry forms via Perspective

We use the service provider Perspective Software GmbH, PO Box 659770, 96035 Bamberg, Germany (“Perspective”) to process contact, enquiry and application forms. Data is processed on servers located within the EU. However, it cannot be ruled out that certain Data may be processed by sub-processors in the US. These are certified under the EU-US Data Privacy Framework (DPF). In addition, standard contractual clauses and other safeguards are used.

Depending on the purpose, the following Data is processed via these forms:

IP address, date and time of access
Referrer URL
Form fields (e.g. name, email address, message text)
Uploaded files
Contextual information (e.g. selections made, button clicks)

Depending on the context, processing is effected on the basis of:

Article 6(1)(b) of the GDPR (contract or pre-contractual arrangements) or
Article 88 of the GDPR in conjunction with Section 26 of the German Federal Data Protection Act (BDSG) (job applications).

The Data is deleted on becoming superfluous to requirement. We delete your application data no later than six months after the application process has been completed – unless you have consented to it being stored for a longer period.

For more information, please visit: https://www.perspective.co/datenschutz

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is used for the technical management and deployment of scripts (e.g. for Google Analytics or marketing tools). Tag Manager itself does not perform any analyses, does not store any cookies, and does not create its own user profiles.

Technical data (e.g. IP address, browser information) is processed for the purpose of delivering the Tag Manager. Wherever possible, the Tag Manager is not loaded directly from the servers at googletagmanager.com, but via our own infrastructure (e.g. a so-called GTAG gateway). This reduces the amount of Data transferred to Google and makes the processing of technical connection data more privacy-friendly.

Where Data is transmitted to Google (e.g. when the Tag Manager is loaded directly), this may also be transmitted to servers in the US. Google is certified under the EU-US Data Privacy Framework (DPF).

The use of the Tag Manager is based on Article 6(1)(f) of the GDPR (legitimate interest in the efficient and data-protection-compliant management of tracking and marketing services). Where consent is required for embedded tools, these are only activated by Tag Manager once you have given your consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25 of the German Teleservices Data Protection Act (TTDSG).

Google Analytics 4

We use Google Analytics 4 on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

We use Google Analytics 4 to analyse how our website is used, generate reports on visitor activity and evaluate this Data in order to optimise our content.

Google Analytics 4 uses cookies and similar technologies. However, the information collected about your use of the website (e.g. pages visited, browser details, operating system and, where applicable, click paths) is not passed directly to Google, but is first processed via our Server-Side Tagging (SST) server, which we operate on Google Cloud Run in the EU West 3 region (Frankfurt).

On this server, your Data – in particular the IP address transmitted by your device – is anonymised or pseudonymised before being forwarded to Google servers for further processing. In this way, we reduce the direct exchange of Data between your device and Google and enhance the protection of your personal Data.

The Data is used by Google on our behalf solely for the purpose of compiling reports on website activity and providing other services relating to website usage. Based on our settings, this Data is not combined with other Data from Google. Analytics data is retained for 14 months.

The legal basis for the use of Google Analytics 4 is your consent under Article 6(1)(a) of the GDPR, which you give via our cookie consent tool. Google Analytics 4 is not without your consent. You can withdraw your consent at any time via the consent tool, with effect from that point in time onwards.

We have entered into a contracted-out data processing agreement (Article 28 of the GDPR) with Google. Google bases any transfers involving third countries (e.g. the US) on the standard contractual clauses approved by the European Commission. For more information, please see Google's privacy policies at:

policies.google.com/privacy

policies.google.com/technologies/partner-sites

Server-Side Tagging (SST) – Use for other services

In addition to Google Analytics 4, we also use our server-side tagging container (Google Cloud Run, EU West 3 / Frankfurt region) to process and forward Data to other marketing and analytics tools, such as Google Ads or conversion APIs.

The procedure here is the same:

• Data relating to your use of the website is initially transferred to our SST server in the EU.

• Where technically feasible, Data is anonymised or pseudonymised (e.g. by truncating the IP address).

• Only then is the processed information forwarded to the relevant providers.

We only use these tools with your express consent (Article 6(1)(a) of the GDPR) via our cookie consent tool. We may process purely technical log data necessary to ensure smooth operation and IT security on the basis of our legitimate interests pursuant to Article 6(1)(f) of the GDPR.

Where we share Data with third-party providers (e.g. Google, Meta) on the basis of your consent, this Data may also be processed in countries outside the EU (in particular the US). In such cases, transfer is effected on the basis of the standard contractual clauses approved by the European Commission or other safeguards.

You can withdraw your consent to the relevant services at any time via our consent management tool with effect from that point in time onwards.

Google Ads Conversion Tracking

We use Google Ads Conversion Tracking, a service provided by Google Ireland Limited.

A cookie with a limited duration (max. 90 days) is stored on accessing our website via Google Ads; this is used solely to measure the effectiveness of advertising. We only see aggregated figures, such as how many Users clicked an advert and subsequently completed a conversion. Specific individuals cannot be identified.

The legal basis is your expression of consent under Article 6(1)(a) of the GDPR in conjunction with Section 25 of the German Teleservices Data Protection Act (TTDSG). Personal Data is not transferred without prior consent.

Any transfers to the US are based on the standard contractual clauses of the European Commission. Google is also certified under the EU-US Data Privacy Framework (DPF).

Consent Mode v2 has been a mandatory requirement since March 2024. Our cookie banner ensures that consent for the categories “ad_user_data” and “ad_personalization” is obtained in accordance with the GDPR. Without consent, Google only processes anonymised, modelled conversions.

Meta pixel (client-side)

We use the Meta pixel from the social network Facebook or Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; “Meta”) on our website.

The Meta pixel enables us to target visitors to our website with adverts (‘Facebook/Instagram Ads’) and to measure the effectiveness of our advertising campaigns (‘Conversion Tracking’). This pixel allows us to recognise you across Meta’s platforms after you have visited our website and show you adverts there based on your interests.

When you visit our website, your device establishes a direct connection to the Meta servers. The following Data, for example, is processed:

• HTTP headers (IP address, browser information, time of page view)

• Pixel-specific data (pixel ID, cookie information),

• Event data (e.g. products viewed, shopping basket, purchase or registration actions).

Meta may link this Data to your Facebook or Instagram account. Meta may also use it for its own purposes, for example, for profiling and advertising. We have no control over how Meta processes the Data further.

Meta Conversion API (server-side via SST)

In addition to the client-side pixel, we also use the Meta Conversion API (CAPI). In this process, event data is transmitted to Meta on the server side via our server-side tagging container (Google Cloud Run, EU West 3 region, Frankfurt).

How it works:

• Your interactions on the website (e.g. purchases, leads, form submissions) are sent initially to our SST server.

• There, the Data is pseudonymised (e.g. by hashing email addresses using SHA-256) and then forwarded to Meta via a secure interface.

• This ensures that sensitive Data is not sent directly from your device to the Meta servers in the US, but is processed via our EU infrastructure first.

Both the pixel and the conversion API are used for marketing and optimisation purposes, i.e. to target advertising at relevant user groups and to evaluate the success of advertising campaigns statistically.

Legal basis & Data transfer

• Legal basis: The use of the Meta pixel and the conversion API is based solely on your consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25 of the German Teleservices Data Protection Act (TTDSG). No processing takes place without consent.

• Right to withdraw consent: You may withdraw your consent at any time via our consent management tool.

• Transfers to the US: Please note that Data may also be transferred to the US. Meta Platforms Inc. (USA) is certified under the EU–US Data Privacy Framework (DPF), ensuring an adequate level of data protection. We also rely on the Standard Contractual Clauses (SCCs) approved by the European Commission.

More information on data processing by Meta can be found in their privacy policy:

www.facebook.com/about/privacy

TikTok pixel (client-side)

We use the TikTok pixel from the social network TikTok (TikTok Technology Limited, 10–12 Westland Square, Dublin 2, Ireland; ‘TikTok’) on our website.

The TikTok pixel enables us to target visitors to our website with adverts (‘TikTok Ads’) and to measure the effectiveness of our advertising campaigns (‘Conversion Tracking’). This pixel allows us to recognise you on the TikTok platform after you have visited our website and show you adverts there based on your interests.

When you visit our website, your device establishes a direct connection to the TikTok servers. The following Data, for example, is processed:

• HTTP headers (IP address, browser information, time of page view, referrer URL)

• Pixel-specific data (pixel ID, cookie information),

• Event data (e.g. products viewed, shopping basket, purchase or registration actions).

TikTok may link this Data to your TikTok account. TikTok may also use it for its own purposes, for example, for profiling and advertising. We have no control over how TikTok processes the Data further.

TikTok Events API (server-side via SST)

In addition to the client-side pixel, we also use the TikTok Events API (similar to the Meta Conversion CAPI). In this process, event data is transmitted to TikTok on the server side via our server-side tagging container (Google Cloud Run, EU West 3 region, Frankfurt).

How it works:

1. Your interactions on the website (e.g. purchases, leads, form submissions) are sent initially to our SST server.

2. There, the Data is pseudonymised (e.g. by hashing email addresses or telephone numbers using $SHA-256$) and then forwarded to TikTok via a secure interface.

3. This ensures that sensitive Data is not sent directly from your device to the TikTok servers, but is processed via our EU infrastructure first.

Both the pixel and the events API are used for marketing and optimisation purposes, i.e. to target advertising at relevant user groups and to evaluate the success of advertising campaigns statistically.

Legal basis & Data transfer

Legal basis: The use of the TikTok pixel and the events API is based solely on your consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25 of the German Telecommunications-Telemedia Data Protection Act (TDDDG) (formerly the German Teleservices Data Protection Act (TTDSG)). No processing takes place without consent.

Right to withdraw consent: You may withdraw your consent at any time via our consent management tool.

Transfers to third countries: Please note that Data may also be transferred to countries outside the EU (in particular the US and Singapore). In such case, TikTok uses Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of data protection.

More information on data processing by TikTok can be found in their privacy policy:

www.tiktok.com/legal/page/eea/privacy-policy/de

Recaptcha with CaptchaFox

This website uses the “CaptchaFox" service provided by Scoria Labs GmbH, Agnes-Bernauer-Str. 151, 80687 Munich, Germany, for protection against automated access (bots). In such case, the User’s device establishes a connection to the CaptchaFox servers. Technical connection data is processed. CaptchaFox does not use cookies and does not store any personal Data permanently. The legal basis is the legitimate interest of the website operator (Article 6(1)(f) of the GDPR) in ensuring secure and bot-free operation. Further information: https://captchafox.com/de/datenschutz