Data protection

I. General Information

The CTA AG, Hunzigenstrasse 2, 3110 Münsingen, Switzerland (hereinafter «we», «us») appreciates your visit on our website and your interest in our products and services. The protection of your personal data is important to us. In this Privacy Notice, we explain how we collect your personal data, what we do with it, for what purposes and on what legal basis this is done and what rights and claims are associated with it for you. When appropriate we will provide a timely notice to cover any additional processing activities not mentioned in this Privacy Notice. In addition, we may inform you about the processing of your data separately, for example in consent forms, terms and conditions, additional privacy notices, forms and other notices. We use the term «data» here synonymously with «personal data» or «personal information».

This Privacy Notice is aligned with the EU General Data Protection Regulation («GDPR»), the Swiss Data Protection Act («DPA») and the revised Swiss Data Protection («revDPA»). However, whether and to what extent these laws are applicable depends on the individual case.

II. Name and address of the responsible persons

For the data processing described in this privacy notice, the CTA AG
Hunzigenstrasse 2
CH-3110 Münsingen
cta.ch
info@cta.ch is responsible for data protection, unless otherwise communicated in individual cases.
You can reach us for your data protection concerns and the exercise of your rights as follows: info@cta.ch

III. Categories of data we process

The processing of your personal data is limited to data that is necessary for the operation of a functional website and for the provision of our content, products and services. The processing of personal data of our users is based on the purposes described herein or a statutory legal basis. We only collect personal data that is required for the performance and processing of our tasks and services or that you provide to us voluntarily. Depending on the occasion and purpose of the processing, we process different data about you: Technical data
When you use our website or other electronic offerings (e.g. apps), we collect the IP address of your end device and other technical data in order to ensure the functionality and security of these offerings. This data includes logs with records of the use of our systems. We generally keep technical data for 6 months. In order to ensure the functionality of these offerings, we may also assign an individual code to you or your end device (for example as a cookie, see section XIV). Technical data as such does not permit us to draw conclusions about your identity. However, technical data may be linked with other categories of data (and potentially with your person) in relation to user accounts, registrations, access controls or the processing of a contract.

Registration data / Newsletter subscription
Certain offerings and services can only be used with a user account or registration, which can happen directly with us or through our third-party login service providers. In this regard you must provide us with certain data, and we collect data about the use of the offering or service. We generally keep registration data for 12 months from the date the use of the service ceases or the user account is closed.

Communication data
When you are in contact with us via a contact form, by e-mail, telephone, chat, or by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. If we record telephone calls or video conferences, we will draw your attention to this fact. If we have to determine your identity, for example in relation to a request for information, we collect data to identify you (e.g. copy of an identity document). We generally keep this data for 12 months from the last exchange between us. This period may be longer where required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. E-mails in personal mailboxes and written correspondence are generally kept for at least 10 years. Chats are generally stored for 2 years.

Master data
With master data we mean the basic data that we need, in addition to contract data (see below), for the performance of our contractual and other business relationships or for marketing and promotional purposes, such as name and contact details, and information about, for example, your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations and declarations of consent. We process your master data if you are a customer or other business contact or work for one (for example as a contact person of the business partner), or because we wish to address you for our own purposes or for the purposes of a contractual partner (for example as part of marketing and advertising, with newsletters, etc). We receive master data from you (for example when you make a purchase or as part of a registration), from parties you work for, or from third parties such as contractual partners, associations and address brokers, and from public sources such as public registers or the internet (websites, social media, etc.). We generally keep master data for 10 years from the last exchange between us or from the end of the contract. This period may be longer if required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. For contacts used only for marketing and advertising, the retention period is usually much shorter, usually no more than 2 years from the last contact.

Contract data
We collect contract data in relation to the conclusion or performance of a contract, for example information about the contracts and the services provided or to be provided, as well as data from the period leading up to the conclusion of a contract, information required or used for performing a contract, and information about feedback (for example complaints, feedback about satisfaction, etc.). We generally collect this data from you, from contractual partners and from third parties involved in the performance of the contract, but also from third-party sources and from public sources. We generally keep this data for 10 years from the last contract activity or from the end of the contract. This period may be longer where necessary for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons.

Behavioral and preference data
Depending on our relationship with you, we try to get to know you better and to tailor our products, services and offers to you. For this purpose, we collect and process data about your behavior and preferences. We do so by evaluating information about your behavior in our domain, and we may also supplement this information with third-party information, including from public sources. Based on this data, we can for example determine the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose is partly already known to us (e.g. when you use our services), or we obtain this data by recording your behavior (e.g. how you navigate on our website or our app). We anonymize or delete this data when it is no longer relevant for the purposes pursued, which may be – depending on the nature of the data – between 2-3 weeks and 24 months (for product and service preferences). This period may be longer where necessary for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. We describe how tracking works on our website or any other electronic product (e.g. apps) in section XIV.

Other data
We also collect data from you in other situations. For example, data that may relate to you (such as files, evidence, etc.) is processed in relation to administrative or judicial proceedings. We may also collect data for health protection (for example as part of health protection concepts). We may obtain or create photos, videos and sound recordings in which you may be identifiable (for example at events, with security cameras etc.). We may also collect data about who enters certain buildings, and when or who has access rights (including in relation to access controls, based on registration data or lists of visitors etc.), who participates in events or campaigns and who uses our infrastructure and systems and when. The retention period for this data depends on the processing purpose and is limited to what is necessary. This ranges from a few days for many security cameras, to a few weeks for contact tracing and visitor data, which is usually kept for 3 months, to several years or more for reports about events with images. Much of the data set out in this section III is provided to us by you (through forms, when you communicate with us, in relation to contracts, when you use the website, apps etc.). You are not obliged or required to disclose data to us except in certain cases, for example within the framework of binding health protection concepts (legal obligations). If you wish to enter into contracts with us or use our services, you must also provide us with certain data, in particular master data, contract data as well as guest access and registration data, as part of your contractual obligation under the relevant contract. When using our website or other electronic products such as apps, the processing of technical data cannot be avoided. If you wish to gain access to certain systems or buildings, you must also provide us with registration data.

As far as it is not unlawful we also collect data from public sources (for example debt collection registers, land registers, commercial registers, the media, or the internet including social media) or receive data from other companies within our group, from public authorities and from other third parties (such as credit agencies, address brokers, associations, contractual partners, internet analytics services, etc.).

IV. Purposes of the processing

We process your data for the purposes explained below. Further information for the online area can be found in sections XII and XIII. These purposes and the underlying objectives represent legitimate interests of us and, where applicable, of third parties. You will find further information on the legal basis for our processing in section V. Communication
We process your data for purposes related to communication with you, in particular to respond to inquiries and assert your rights (section XI) and to contact you in the event of queries. For this purpose, we use in particular communication data and master data and, in connection with offers and services used by you, also registration data. We keep this data in order to document our communication with you, for training purposes, for quality assurance and for inquiries. Contract fulfillment
We process your data in order to conclude, execute and manage a contract with you. In particular, we process communication data, master data, registration data and contract data about you. This may also include data about third parties, e.g. if you order products or services for the benefit of a third party. This also includes data about potential customers that we obtain from communication with you, at a trade fair or other business event. In the course of contacting you, we use this data to check your creditworthiness and to enter into a business relationship with you. In order to administer and fulfill the contract with you, we may use third parties, such as logistics companies, advertising service providers, banks, insurance companies or credit information providers, to offer you our products and services. In the run-up of a business relationship, we process data to assess creditworthiness and to start a customer relationship. As part of performing contractual relationships, we process data for the administration of the customer relationship, to provide and claim contractual services which includes involving third parties, such as logistics companies, security service providers, advertising service providers, banks, insurance companies or credit information providers. Marketing und relationshipmanagement
We process your data for marketing and relationship management purposes. For example, we send personalized newsletters for products and services from us and, where applicable, from selected third parties (e.g., advertising partners). Marketing and relationship management may include contacting you by email, phone or other channels for which we have contact information from you. We and, where applicable, selected third parties will only show you content or advertisements tailored to your usage patterns or send you emails for marketing purposes (e.g., newsletters) if and to the extent you give us your consent, as required by applicable law. You may object to such marketing activities or revoke your consent at any time (sections XI and XII). In terms of relationship management, we may use a customer relationship management system ("CRM") to store and process your data as described in this Privacy Notice (e.g. about contacts, products and services offered to you, interactions, interests, marketing activities, newsletters, invitations to events and other information). In order to offer you the best products and services and to use our resources as effectively as possible, we may use the CRM together with the group of companies. Group of companies means CTA AG and its subsidiaries. A list of subsidiaries can be found here. Product and service improvement and innovation
We further process your data for market research, to improve our services and operations, and for product development. Security reasons
We also process your data to protect our IT- and other infrastructure (e.g. building). For example, we process data to monitor, analyze and audit our networks and IT infrastructures, including access controls. For security reasons, we may also use various monitoring systems (e.g. cameras), in which case we will inform you separately. Compliance
We may also process your data to comply with regulatory requirements, for example, health security concepts, anti-money laundering measures and the financing of terrorism, tax regulations and others. We may also ask you for additional information to comply with such requirements (“know your customer”, “KYC”) or as otherwise required by law or authorities. Risk management, corporate governance and business development
We process your data as part of our risk management and corporate governance to protect against criminal or abusive activities. As part of our business development, we may sell businesses, parts of businesses or companies to or acquire them from others or enter into partnerships, which may result in the exchange and processing of data based on your consent.

V. Legal basis for the processing of your data

Your consent Insofar as we ask for your consent for certain processing (e.g. for the receipt of newsletters and for personalized content or advertising based on your usage behavior or for the processing of sensitive data), we process your data on the basis of this consent. You can revoke your consent at any time with effect for the future by notifying us in writing (an e-mail will suffice), see our contact details in section II. If you wish to revoke your consent to online tracking, please see section XIV. The revocation of your consent does not affect the lawfulness of the processing we carried out prior to your revocation, nor does it affect the processing of your data on the basis of other grounds for processing. If we have not asked you for your consent, we will process your data on other legal grounds, such as.:

contractual obligation
legal obligation
your other data subjects’ vital legitimate interest
fulfillment of a public task
legitimate interest, which includes compliance with applicable law and the marketing of our products and services, the interest in better understanding our markets and in managing and developing our business, including its activities, in a safe and efficient manner.

VI. Profiling and automated decision making

We may automatically evaluate ("profile") certain of your personal characteristics for the purposes set forth in section IV based on your data (section III), if we want to determine preference data, but also to determine abuse and security risks, to perform statistical evaluations or for operational planning purposes (“profiling”). For the same purposes, we may also create profiles, i.e. we may combine behavioral and preference data, but also master and contract data and technical data assigned to you, in order to better understand you as a person with your different interests and other characteristics. We may also use profiling to assess your creditworthiness. We do not use profiling that may have legal implications for you or similarly affect you significantly without human review. In certain situations, it may be necessary for reasons of efficiency and consistency of decision-making processes that we automate discretionary decisions affecting you with legal effects or possibly significant disadvantages ("automated individual decisions"). In this case, we will inform you accordingly and provide for the measures required by applicable law.

VII. Disclosure of data to third parties and social plug-ins

In relation to our contracts, the website, our apps, services and products, our legal obligations or when otherwise protecting our legitimate interests as well as the other purposes set out in section IV, we may disclose your personal data to third parties, in particular to the following categories of recipients: Offerings of third parties
Our website or other electronic products (e.g. apps) may also contain offerings of third parties. Where you click on such offerings, we transfer your data to the extent required to the respective service provider (e.g. the information about the fact that you have found this offering on our website as well as other information you shared on our website or apps). Service providers
We work with service providers in Switzerland and abroad who process your data on our behalf or in joint responsibility with us, or who receive your data from us on their own responsibility (for example IT providers, shipping companies, advertising service providers, login service providers, cleaning companies, security companies, banks, insurance companies, telecommunication companies, credit information agencies, or address verification providers, lawyers) or whom we engage to process personal data for any of the aforementioned purposes on our behalf and only in accordance with our instructions. Contractual partners including customers
Where required under a contract, we share your data with our contractual partners. Where we sell or purchase a business or assets, we may disclose your data to the potential purchaser or seller to whom we assign or transfer our rights and obligations. Authorities
We may disclose personal data to agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to make such disclosures or if it appears necessary to protect our interests. These authorities are solely responsible for processing your data that they receive from us.. Social plug-ins
On our website or other electronic offerings we do not implement social media plug-ins. Where such plug-ins from third parties are integrated into our website (e.g. linkedIn) we only use it in order to link you to the site of the respective social media provider. Integration of Google Maps
On this website, we use the services of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. The legal basis for the use of the maps is your consent, thus, the integration only takes place after your consent. By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the above-mentioned basic data such as IP- address and timestamp are transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as user profiles and uses them for purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. The information collected is stored on Google servers, also in the USA. For these cases, we have agreed so-called standard data protection clauses with Google, the purpose of which is to ensure an appropriate level of data protection in the third country. For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy. Integration of YouTube videos
We have integrated YouTube videos into our online offering that are stored on YouTube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to YouTube provided that you do not play the videos, however, if you play the videos, the data mentioned below is transferred. We have no influence on this data transfer. The legal basis for the display of the videos is your consent, i.e. the integration only takes place after your consent. By visiting the website, YouTube receives the information that you have called up the corresponding sub-page of our website. In addition, the above-mentioned basic data such as IP-address and timestamp are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right. The information collected is stored on Google servers, including in the USA. For these cases, the provider has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has committed to comply with applicable data protection laws in the international transfer of data. For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and settings options for protecting your privacy: www.google.de/intl/de/policies/privacy. Our social media appearances
We are represented on various social media platforms. We operate these appearances with the following providers: LinkedIn and YouTube where we collect your data as described in section III and further described below. We receive your data and the platforms when you get in contact with us (e.g. when communicating with us, commenting our contents or visit our social media presence). At the same time, the platforms evaluate your use of our online- appearance and link such data with additional information of you known to them (e.g. information on your behavior and your preferences). Further, these platform providers process such data for their own purposes on their own behalf, in particular for marketing, market research (e.g. to personalize adverts) and to control and manage their own platform content (e.g., what content they show you). This also happens, if you do not have a profile on the social media platform yourself. We process this data for the purposes described in section IV, in particular for communication, marketing purposes and market research. You will find information on the corresponding legal basis in section V. We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). The different data processing procedures and its scope may differ depending on the provider of the respective social network. For details on the collection and storage of your personal data as well as about the type, scope and purpose of their use by the provider of the respective social media platform, please refer to the privacy policy of the respective provider:

The privacy policy of LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2 Ireland, you can find at: https://de.linkedin.com/legal/privacy-policy
The privacy policy of YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, you can find at: https://policies.google.com/privacy?hl=de&gl=de.

The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. According to their own statements, all of the aforementioned providers maintain an appropriate level of data protection that corresponds to that of the former EU-US Privacy Shield and, in addition, these platforms or we, as required, have concluded the so-called standard data protection clauses with the companies. We are not aware of how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is transferred to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or whether you visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP-address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your terminal device can be used to track how you have moved around the network. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. This data can be used to offer content or advertising tailored to you. If you wish to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies present on your device and restart your browser. To exercise your data subject rights, you can contact both us or the provider of the social media platform. To the extent that one party is not responsible for responding or must obtain the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profiling or processing of your data when using the website. For questions about the processing of your interaction with us on our site, write to the contact details provided by us above. What information the social media platform receives and how it is used is described by the providers in their privacy notices (see link in the overview above). There you will also find information on contact options as well as on the setting options for advertisements.

VIII. Disclosure of data abroad

As explained in section VII, we disclose data to other parties who are not all located in Switzerland. Your data may therefore be processed both in Europe and in Switzerland; in exceptional cases, in any country in the world. We transfer data to countries without an appropriate data protection level only if this is necessary for the performance of a contract or to assert or defend legal claims, if such transfer is based on your explicit consent or is subject to guarantees ensuring an appropriate data protection such as the standard contractual clauses approved by the European Commission and, respectively, the Federal Council.

IX. How long we retain your personal data

We process your data only for as long as it is necessary to fulfill the purposes for which we collected it, including compliance with legal retention obligations and, to the extent necessary to assert or defend legal claims, until the end of the respective retention period or until the claims in question have been settled. After conclusion of these periods we will destroy your data in compliance with the relevant legal requirements.

X. Security of your personal data

We take appropriate security measures in order to maintain the required security of your personal data and ensure its confidentiality, integrity and availability, and to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access. However, we and your personal data may be attacked by cyber hackings or cyber criminals, brute-force-methods and other criminal or malicious actions, in particular – but without limitation – viruses, fakes, counterfeits, malfunctions and interruptions which all lie outside of our control and area of responsibility. We also have procedures in place to deal with suspected personal data breaches and will notify you and any relevant supervisory authorities of a breach if we are required to do so by law.

XI. Your rights

Depending on the applicable data protection law you have the following rights in relation to the processing of your personal data by us: Right to access
You have the right to request information from us as to whether and what data we process from you; Right to rectification
We will make every effort to keep your personal datda accurate, updated and complete. We encourage you to contact us and let us know should your personal information is incorrect or changes so that we can keep your personal information up to date. Right to erasure
You have the right to have erased your data if personal data is no longer required for the purposes it was collected for or if your personal data was processed unlawfully. Right to restriction
Under certain conditions, you have the right to ask us to restrict the processing of your personal data. Right to data portability
You have the right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller. Right to revocation
Where we process your personal data based on your consent, you have the right to revoke your former consent. Upon the reception of such revocation, we will no longer process your data for the purpose which you gave your consent to in the past, unless processing may rely on another legal basis. Right to complain
Where you are of the opinion that your aforementioned data protection rights are infringed, please let us know of such infringement and contact the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).

XII. Right to object

Subject to applicable law, under certain conditions you have the right to object to the processing of your personal data, in particular where your data is processed based on a public interest, on the basis of a balance of interests or for direct marketing. If you wish to exercise the above-mentioned rights, please contact us at: info@cta.ch or at our contact details in section II, unless otherwise indicated or agreed. Please kindly note that, in order for us to be able to prevent misuse, we need to identify you, for example by means of a copy of your ID card, unless identification is possible otherwise.

XIII. Newsletter

Where you have subscribed to our newsletter, you may unsubscribe from this service at any time by using the unsubscribe link provided for in each newsletter-mailing.

XIV. Cookies

We use cookies on our website and may allow certain third parties to do so as well. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone etc.) when visiting our website. However, depending on the purpose of these cookies, we may ask for your explicit consent before they are used. You can access your current settings when clicking on the link “changing cookie settings” and you may revoke your consent at the same link. You can also set your browser to block or deceive certain types of cookies or alternative technologies, or to delete existing cookies. You can also add software to your browser that blocks certain third-party tracking. You can find more information on the help pages of your browser (usually with the keyword «Privacy») or on the websites of the third parties set out below. Necessary cookies
Some cookies are necessary for the functioning of the website or for certain features. For example, they ensure that you can move between pages without losing information that was entered in a form. They also ensure that you stay logged in. These cookies exist temporarily only («session cookies»). These session cookies will be deleted automatically when you leave our sites. If you block them, the website may not work properly. Other cookies are necessary for the server to store options or information (which you have entered) beyond a session (i.e. a visit to the website) if you use this function (for example language settings, consents, automatic login functionality, etc.). These cookies have an expiration date of up to 12 months. The legal basis for these cookies is our legitimate interest to provide you all functions of our website. Please find below e detailed list including all necessary cookies and its respective expiration date. Performance cookies
In order to optimize our website and related offers and to better adapt them to the needs of the users, we use cookies to record and analyze the use of our website, potentially beyond one session. We use third-party analytics services for this purpose. We have listed them below (see section XV «Monitoring Tools»). For example, we analyze which page a user accesses most frequently and whether error messages are displayed. These cookies do not store any additional information. They are used exclusively to increase user-friendliness and to tailor websites more specifically to the user. Before we use such cookies, we ask for you explicit consent in advance. You can revoke consent at any time through the cookie settings. Performance cookies also have an expiration date of up to 12 months. Details can be found on the websites of the third-party providers. Marketing cookies
We and our advertising partners have an interest in targeting advertising as targeted as possible, i.e. only showing it to those we wish to address. We have listed our advertising partners below. For this purpose, we and our advertising partners – if you consent – use cookies that can record the content that has been accessed or the contracts that have been concluded. This enables us to optimize our content (see section XV «Monitoring Tools») and enables us and our advertising partners to display to you on our website, as well as on other websites, advertisements from us or our advertising partners that we believe will be of interest to you (see section XVII «Tracking Tools»). If you consent to the use of these cookies, you will be shown related advertisements. If you do not consent to them, you will not see less advertisements, but simply any other advertisement. You may change your cookies settings an any time via the cookie settings. Marketing cookies have an expiration period of a few days up to 12 months, depending on the specific circumstances.

XV. Tracking Tools

Based on your consent we use tracking tools to ensure and provide you with a tailored and continuous optimization of our website and other electronic offerings (e.g. apps). Further, we use tracking tools to track the usage of our website and to optimize the content provided to you. Based on your consent, we use Google Analytics. Google Analytics: Google Ireland Ltd. (located in Ireland) is the provider of the service «Google Analytics» and acts as our processor. Google Ireland relies on Google LLC (located in the United States) as its sub-processor (both «Google»). Google collects information about the behavior of visitors to our website (duration, page views, geographic region of access, etc.) through performance cookies (see above) and on this basis creates reports for us about the use of our website. We have configured the service in a way that the IP addresses of visitors are truncated by Google in Europe before forwarding them to the United States and that they cannot be traced back. We have turned off the «Data sharing» option and the «Signals option». Although we can assume that the information we share with Google is not personal data for Google, it may be possible that Google is able to draw conclusions about the identity of visitors based on the data collected, create personal profiles and link this data with the Google accounts of these individuals for its own purposes. In any event, if you consent to the use of Google Analytics, you expressly consent to any such processing, including the transfer of your personal data (in particular website and app usage, device information and unique IDs) to the United States and other countries. Information about data protection with Google Analytics can be found here: https://support. google. com/analytics/answer/6004245 and if you have a Google account, you can find more details about Google's processing here: https://policies. google. com/technologies/partner-sites? hl=en.

Based on your consent, we use the Hotjar solution to improve the user experience. The provider is Hotjar Inc. located at Level 2, St. Julian's Business Centre, 3, Elia Zammit Street, St. Julian's STJ 1000, Malta.

We use Hotjar to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. On our behalf, Hotjar uses this information to evaluate the use of the website, compile reports on website activity and provide other services relating to website activity and internet usage. The information generated by the cookie about your use of our website and other electronic offers (e.g. app) are usually transmitted to and stored on a server of Hotjar. We use Hotjar's anonymization function for this purpose. This shortens your IP address and ensures that the analysis data is not personally identifiable. We do not combine the data with other personal data. We only use the tool in case of your consent, which you can give via the Consent Manager. You can also opt out of the analytics feature by simply enabling the default "Do not Track" feature in your browser. In this case, we will not process your personal data in the manner described here. An explanation of how you can activate the "Do not Track" function can be found at this link: www.hotjar.com/legal/compliance/opt-out/.

XVI. Targeting Tools

Based on your consent, we use the following targeting tools to ensure that only ads that match your actual or inferred interest are displayed on your device: Google Ads
We use the Google Ads service to draw attention to our offers with the help of advertisements. If you access our website via a Google ad, Google Ads will store a cookie in your terminal device. The legal basis for the processing of your data is your consent, i.e. the integration only takes place after your consent. The advertising material is delivered by Google via so-called "ad servers". For this purpose, we and other websites use so-called ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. The Google Ads cookies stored on our website allow us to obtain information about the success of our advertising campaigns. These cookies are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that a user no longer wishes to be addressed) are usually stored as analysis values. The cookies set by Google enable Google to recognize your internet browser. If a user visits certain pages of the website of an Ads customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each ads customer, so that the cookies cannot be tracked across the websites of other ads customers. Through the integration of Google Ads, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider learns your IP address and stores it. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We ourselves do not independently collect personal data in the aforementioned advertising measures, but only provide Google with the opportunity to collect the data. We only receive statistical evaluations from Google that provide information about which ads were clicked on how often and at what prices. We do not receive any further data from the use of the advertising media, in particular we cannot identify the users on the basis of this information. You can withdraw your consent at any time without affecting the permissibility of the processing up to the revocation. The easiest way to revoke your consent is to use our Consent Manager. Further information on data protection at Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, can be found here: https://policies.google.com/privacy?hl=de&gl=de.

XVII. Updates and changes to this Privacy Notice

Due to the continuous development of our website and other electronic products (e.g. apps) and content as well as legal developments and authorities’ requirements we may have to amend this Privacy Notice from time to time. The current version will be published on the website.

Last updated: 01.09.2022