We are delighted that you are interested in our organization. The protection of your personal data is particularly important to our management. You can use our websites without disclosing any personal data to us. However, if you wish to use more specific services via our websites, other internet presences, applications, and social media pages, we may need to process your personal data. If we wish to process data about you and cannot invoke any other legal basis, we will always ask for your consent first (e.g., via a cookie banner).

We always comply with applicable data protection laws when handling your personal data (such as your name, address, email address, or telephone number). This privacy policy informs you about the data we process. It also explains your rights as a data subject.

We have taken various technical and organizational measures to protect your data on our websites as best as possible. Nevertheless, there are always risks on the Internet, and complete protection is not possible. Therefore, you can also send us your personal data by other means, such as by telephone, if you prefer.

This privacy policy not only serves to fulfill the obligations under the GDPR and to comply with the laws of the member states of the European Union (EU) and the European Economic Area (EEA). This privacy policy also aims to comply with legal provisions such as those in the United Kingdom (UK GDPR), the Swiss Federal Act on Data Protection and the Swiss Data Protection Ordinance (DSG, DSV), California Consumer Privacy Act (CCPA/CPRA), China's Personal Information Protection Law (PIPL), Delaware Personal Data Privacy Act (DPDPA), Tennessee Information Protection Act (TIPA), Minnesota Consumer Data Privacy Act (MCDPA), Iowa Act Relating to Consumer Data Protection (ICDPA), Maryland Online Data Privacy Act (MODPA), Nebraska Data Privacy Act (NDPA), New Hampshire Consumer Data Privacy Law (SB255), New Jersey Data Privacy Law (SB332), South Carolina Consumer Privacy Bill (House Bill 4696), and other global data protection regulations and shall be interpreted accordingly. The following privacy policy shall be interpreted for each country, state, or federal state in such a way that the terms and legal bases used correspond to the terms and legal bases used in the respective state or federal state.

For reasons of better readability, our websites, publications, communications, and privacy policy do not use masculine, feminine, diverse, or other gender identities (m/f/d/other) simultaneously. All formulations used apply equally to all genders.

If you have any suggestions for improving the text in this privacy policy, or if you require an external data protection officer, please contact the author of the text: Prof. Dr. h.c. Heiko Jonny Maniero, LL.B., LL.M.mult., M.L.E..

1. Definitions

In our privacy policy, we use specific terms from various data protection laws. We want our policy to be easy to understand, so we explain these terms in advance.

The following definitions are based, where applicable, on the case law of the Court of Justice of the European Union (CJEU), the European Court of Justice (ECJ), the Swiss Federal Supreme Court (BGE), the Supreme Court of the United Kingdom (UKSC), or national data protection laws or national case law of a state or federal state, including but not limited to California, including case law, also under common law, if this is necessary for the application of the law in individual cases.

We use the following terms in this privacy policy, among others:

a) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more special characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person, or who must be regarded as such on the basis of national data protection laws or the national jurisdiction of a state or federal state, including case law, including under common law.

b) data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller, a processor, an international organization, or another data recipient, and persons who must be regarded as such under national data protection laws or the national jurisdiction of a state or federal state, including case law, including under common law.

c) Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

e) Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Responsible party

The controller is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processors

A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

i) Recipient

A recipient is a natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party

A third party is a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and the European Economic Area, British data protection laws, Swiss data protection laws (DSG, DSV), Californian data protection laws (CCPA/CPRA), Chinese data protection law (PIPL), as well as international laws and other provisions relating to data protection is:

Kite Dynamics AG
Renzwiesen 6
70327 Stuttgart
Germany

Phone: +49 711 248922-199
Email: info@kitedynamics.com
Website: https://www.kitedynamics.com/

3. Name and contact details of the data protection officer: Prof. Dr. h.c. Heiko Jonny Maniero

Franz-Joseph-Str. 11
80801 Munich
Germany

Tel.: +49 (0)178 - 6264376
Email: info@dg-datenschutz.de

Collection of general data and information

Our websites collect a range of general data and information each time a data subject or automated system accesses the websites. This general data and information is stored in the log files of the respective server. Among other things, the following may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which the accessing system reaches our websites (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our websites, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serves to avert danger in the event of attacks on our information technology systems.

When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is required in order to (1) deliver the content of our websites correctly, (2) optimize the content of our websites and the advertising for them, (3) ensure the long-term functionality of our information technology systems and the technology of our websites, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by us statistically and also with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The data in the server log files is stored separately from all personal data provided by a data subject.

The purpose of processing is to avert danger and ensure IT security, as well as the aforementioned purposes. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest is, in particular, the protection of our information technology systems. The log files are deleted once the specified purposes have been achieved.

4. Contact options via the website and other data transfers and your consent

Our websites contain information that enables quick electronic contact with our company and direct communication with us, which also includes a general address for electronic mail (e-mail address) and, if applicable, a telephone number. If a data subject contacts us by email, via a contact form, via an input form, or in any other way, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted to us on a voluntary basis by a data subject is processed for the purposes of processing or contacting the data subject.

For the transmission, storage, and processing of your contact details and inquiries, and for establishing contact, we obtain your consent in accordance with Art. 6 (1) (a) GDPR and Art. 49 (1) (1) (a) GDPR as follows:

By submitting your personal data, you voluntarily consent to the processing of your entered or transmitted personal data for the purpose of processing your inquiry and contacting you. By submitting your data to us, you also voluntarily give your express consent in accordance with Art. 49 (1) (1) (a) GDPR in data transfers to third countries to and by the companies and for the purposes specified in this privacy policy, in particular for such transfers to third countries for which there is or is not an adequacy decision by the EU/EEA, as well as to companies or other entities that are not subject to an existing adequacy decision on the basis of self-certification or other accession criteria, and in which or for which there are significant risks and no adequate safeguards for the protection of your personal data (e.g., due to §702 FISA, Executive Order EO12333, and the CloudAct in the USA). When you gave your voluntary and express consent, you were aware that third countries may not have an adequate level of data protection and that your rights as a data subject may not be enforceable. You can revoke your consent under data protection law at any time with effect for the future. Revoking your consent does not affect the lawfulness of the processing carried out on the basis of your consent until revocation. With a single action (input and transmission), you grant multiple consents. These include consents under EU/EEA data protection law as well as those under the CCPA/CPRA, ePrivacy and Telemedia Act, and other international legal provisions that are required, among other things, as the legal basis for planned further processing of your personal data. By performing this action, you also confirm that you have read and understood this privacy policy.

5. Routine deletion and restriction of personal data

We process and store personal data for the period necessary to achieve the purpose of the processing or as provided for by the European Directive and Regulation legislator or other legislator in laws or regulations to which we are subject, or as long as there is a legal basis for the processing.

If the purpose of processing no longer applies, if a storage period prescribed by European directives and regulations or other competent legislators expires, or if the legal basis for processing no longer applies, personal data will be routinely restricted or deleted in accordance with legal requirements.

6. Rights of the data subject under the GDPR

a) Right to confirmation

Every data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed.

If a data subject wishes to exercise this right, they can contact us at any time.

b) Right to information

Every data subject has the right to obtain from the controller, at any time and free of charge, information about the personal data stored about them and a copy of this data. Furthermore, the European legislator has granted the data subject the right to obtain the following information:

• the purposes of processing,
• the categories of personal data that are processed,
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
• where possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
• the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing,
• the existence of a right of appeal to a supervisory authority,
• if the personal data is not collected from the data subject: all available information about the origin of the data,
• the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Furthermore, the data subject has the right to obtain information about whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right, they can contact us at any time.

c) Right to rectification

Every data subject has the right to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing, including by means of a supplementary statement.

If a data subject wishes to exercise this right, they can contact us at any time.

d) Right to erasure (right to be forgotten)

Every data subject has the right to request that the controller erase personal data concerning them without undue delay, provided that one of the following grounds applies and processing is not necessary:

• The personal data was collected for purposes or processed in other ways for which it is no longer necessary.
• The data subject withdraws their consent on which the processing was based in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
• The personal data was processed unlawfully.
• The erasure of personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• Personal data was collected in relation to the services offered by the information society in accordance with Art. 8 (1) GDPR.

If one of the above reasons applies and a data subject wishes to have personal data stored by us deleted, they can contact us at any time.

If we have made the personal data public and our organization is obliged to delete the personal data as the controller pursuant to Art. 17 (1) GDPR, we shall take reasonable steps, including technical measures, taking into account the available technology and implementation costs, to inform other controllers who process the published personal data that the data subject has requested those other controllers to delete all links to, or copies or replications of, that personal data, unless the processing is necessary.

e) Right to restriction of processing

Every data subject has the right to obtain from the controller restriction of processing where one of the following applies:

• The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject refuses to have the personal data deleted and instead requests the restriction of the use of the personal data.
• The controller no longer needs the personal data for the purposes of processing, but the data subject needs it to assert, exercise, or defend legal claims.
• The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by us, they can contact us at any time.

f) Right to data portability

Every data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising their right to data portability pursuant to Art. 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

If a data subject wishes to exercise this right, they can contact us at any time.

g) Right to object

Every data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.

If we process personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing purposes. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to us processing their data for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, the data subject has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

If a data subject wishes to exercise this right, they may contact us at any time. Furthermore, in connection with the use of information society services, the data subject is free to exercise their right to object by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

h) Automated individual decision-making, including profiling

Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the controller, or (2) is authorized by Union or Member State law to which the controller is subject and that law provides for appropriate measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.

If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the controller, or (2) is made with the explicit consent of the data subject, we take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.

If a data subject wishes to exercise this right, they can contact us at any time.

i) Right to revoke consent under data protection law

Every data subject has the right to withdraw their consent to the processing of personal data at any time.

If a data subject wishes to exercise this right, they can contact us at any time.

7. General purpose of processing, categories of processed data, and categories of recipients

The general purpose of processing personal data is to handle all processes relating to the controller, customers, interested parties, business partners, or other contractual or pre-contractual relationships between the aforementioned groups (in the broadest sense) or legal obligations of the controller. This general purpose applies if no more specific purposes for a specific processing operation are specified.

The categories of personal data that we process are customer data, prospect data, employee data (including applicant data), and supplier data. The categories of recipients of personal data are public authorities, external bodies, internal processing, intra-group processing, and other bodies.

A list of our processors and data recipients in third countries and, where applicable, international organizations is either published on our website or can be requested from us free of charge.

8. Legal basis for processing

Article 6(1)(a) of the GDPR serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 (1) (b) GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If we are subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) (c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were to be injured and their name, age, health insurance details, or other vital information had to be passed on to a doctor, hospital, or other third party. In this case, the processing would be based on Art. 6 (1) (d) GDPR.

If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, the legal basis is Article 6(1)(e) GDPR.

Ultimately, processing operations could be based on Art. 6 (1) (f) GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this regard, the legislator took the view that a legitimate interest could be assumed, for example, if the data subject is a customer of the controller (Recital 47, sentence 2 of the GDPR).

9. Legitimate interests in processing pursued by the controller or a third party and direct marketing

If the processing of personal data is based on Art. 6 (1) (f) GDPR and no more specific legitimate interests are specified, our legitimate interest is the performance of our business activities for the benefit of our staff and our shareholders.

We may send you direct marketing about our own goods or services that are similar to the goods or services you have requested, ordered, or purchased. You may object to direct marketing at any time (e.g., by email). This will not incur any costs other than the transmission costs according to the basic rates. The processing of personal data for direct marketing purposes is based on Art. 6 (1) (f) GDPR. The legitimate interest is direct marketing.

Our messages and newsletters may also constitute direct marketing communications within the meaning of Article 13(2) of EU Directive 2002/58 (Directive on privacy and electronic communications) and the national law resulting from the Directive, provided that we have obtained your electronic and other contact information in connection with the sale of a service or product, which includes the creation of a free user account that allows you, among other things, to access free content on our websites and publications (newsletters, etc.), provided that we advertise similar products or services through direct marketing, so that direct marketing is also permissible without consent (see ECJ, judgment of November 13, 2025, Case C 654/23). In such cases, you can refuse the use of your contact information at any time free of charge.

10. Duration for which personal data is stored

The criterion for the duration of storage of personal data is the respective statutory retention period. If there is no statutory retention period, the criterion is the contractual or internal retention period. After the period has expired, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of a contract. This applies in particular to all processing operations for which no more specific criteria have been specified.

11. Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We would like to inform you that the provision of personal data is in some cases required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information about the contractual partner). In some cases, it may be necessary for a data subject to provide us with personal data in order to conclude a contract, which we must then process. For example, the data subject is obliged to provide us with personal data if our organization concludes a contract with them. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject must contact us. We will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide personal data, and what the consequences of not providing personal data would be.

12. Existence of automated decision-making

As a responsible company, we normally refrain from automated decision-making or profiling. If, in exceptional cases, we do carry out automated decision-making or profiling, we will inform the person concerned either separately or via a sub-item in our privacy policy (here on our website). In this case, the following applies:

Automated decision-making, including profiling, may occur if (1) it is necessary for entering into, or performing, a contract between the data subject and us, or (2) it is authorized by Union or Member State law to which we are subject and which also provides for appropriate measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) it is based on the data subject's explicit consent.

In the cases referred to in Art. 22 (2) (a) and (c) GDPR, we take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject. In these cases, you have the right to obtain the intervention of a person on the part of the controller, to express your own point of view, and to contest the decision.

Meaningful information about the logic involved, as well as the scope and intended effects of such processing for the data subject, will be included in this privacy policy where appropriate.

13. Recipients in a third country and suitable or adequate safeguards and how to obtain a copy of them or where they are available.

According to Art. 46 (1) GDPR, the controller or processor may only transfer personal data to a third country if the controller or processor has provided appropriate safeguards and if the data subjects have enforceable rights and effective legal remedies. Adequate safeguards may be provided by standard data protection clauses without the need for specific approval by a supervisory authority, Art. 46 (2) (c) GDPR.

Before the first transfer of personal data, the EU standard data protection clauses or other appropriate safeguards are agreed with all recipients from third countries, or the transfers are based on adequacy decisions. This ensures that appropriate safeguards, enforceable rights, and effective legal remedies are guaranteed for all processing of personal data. Any data subject can obtain a copy of the standard data protection clauses or adequacy decisions from us. In addition, the standard data protection clauses and adequacy decisions are available in the Official Journal of the European Union.

Article 45(3) of the GDPR authorizes the European Commission to decide, by means of an implementing act, that a non-EU country ensures an adequate level of protection. This means a level of protection for personal data that is essentially equivalent to the level of protection within the EU. Adequacy decisions mean that personal data can flow from the EU (as well as from Norway, Liechtenstein, and Iceland) to a third country without further obstacles. Similar rules apply to the United Kingdom, Switzerland, and some other countries.

In all cases where the European Commission, or a government or competent authority of another country, has decided that a third country ensures an adequate level of protection and/or that a valid framework exists (e.g. EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework), all transfers by us to members of such frameworks (e.g., self-certified entities) are based solely on the membership of that entity in the respective framework or on the respective adequacy decisions. If we or one of our group companies are members of such a framework, all transfers to us or our group company are based exclusively on the membership of the respective company in this framework. If we or one of our group companies are located in a third country with an adequate level of protection, all transfers to us or our group company are based exclusively on the respective adequacy decisions.

Any data subject may obtain a copy of the frameworks from us. The frameworks are also available in the Official Journal of the European Union, in published legal materials, or on the websites of data protection supervisory authorities or other authorities or institutions.

14. Right to lodge a complaint with a data protection supervisory authority

As the responsible party, we are obliged to inform the data subject of their right to lodge a complaint with a supervisory authority. The right to lodge a complaint is regulated in Art. 77 (1) GDPR. According to this provision, any data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work, or place of the alleged infringement, if the data subject considers that the processing of personal data concerning them infringes the General Data Protection Regulation, without prejudice to any other administrative or judicial remedy. The right to lodge a complaint has been restricted by the EU legislator solely in that it can only be exercised before a single supervisory authority (Recital 141, sentence 1 GDPR). This provision is intended to prevent duplicate complaints on the same matter by the same data subject. If a data subject wishes to lodge a complaint about us, they are therefore requested to contact only one supervisory authority.

15. Blog and comment function

A blog is a publicly accessible portal where one or more individuals, known as bloggers or web bloggers, post articles or publish their thoughts in so-called blog posts. In our blog, you can leave individual comments on blog posts if you wish.

If you leave your own comments on our blog, information about the time the comment was posted and your user name (or pseudonym, if applicable) will be stored, published, and distributed in addition to the comments themselves. By submitting comments, you enter into a publication agreement with us that grants us all of your worldwide copyright usage rights free of charge and irrevocably. This includes, in particular, the rights to reproduce, distribute, and make publicly available all comments you have submitted. The legal basis for processing is therefore Art. 6 (1) (b) GDPR.

The purposes of processing are to provide a blog with a comment function and to allow comments to be posted.

Furthermore, when you submit a comment, the IP address assigned to your Internet connection by your Internet service provider (ISP) is logged. The IP address is stored for security reasons and in case you violate the rights of third parties or post illegal content in a comment you have submitted. The storage of this personal data is therefore in our own interest so that we can exculpate ourselves in the event of a legal violation. The above purposes are the legitimate interests pursued by the controller (Art. 6 (1) (f) GDPR). This data will not be passed on to third parties unless there is a legal obligation to do so or the disclosure serves the purpose of criminal prosecution or exculpation.

16. Cookies and external links, advertising IDs, and your consent

We use cookies, advertising IDs, and external links on our websites to improve the user experience and optimize our advertising and existing processes. Cookies are small text files that are stored by your browser on your computer or system and contain information that allows us to identify you more quickly when you visit our website. Almost all modern websites use cookies, advertising IDs, and/or external links.

Cookies have a so-called cookie ID. This ID is unique for each cookie and helps to distinguish your browser from others. This allows us to tailor our service to your needs and provide you with a personalized user experience. Cookies also make it easier for you to use websites. For example, you do not have to log in to an online shop or website every time if a cookie has stored your data. You can disable the use of cookies in your browser at any time or delete stored cookies. Please note that without stored cookies, you may not be able to use all the functions on our websites.

Advertising IDs are linked to your hardware. This ID is unique to each device and helps distinguish your devices from others. This allows us to tailor our service to your needs and provide you with a personalized user experience.

External connections are established to load and store external content and external cookies, and also serve to optimize the user experience, advertising, and our processes. The legal basis for the storage and reading of our cookies, advertising IDs, and the establishment of external connections are the aforementioned legitimate interests (Art. 6 (1) (f) GDPR), unless separate consent has been obtained from you in accordance with Art. 6 (1) (a) GDPR and/or Art. 49 (1) (1) (a) GDPR.

The following applies to all cookies, advertising IDs, and external links included in a cookie banner:

By clicking on the consent button in our cookie banner, you voluntarily consent to the setting or activation of the respective cookies and external connections, as well as to the transmission of advertising IDs and operating system advertising IDs, such as AdIDs (Android), IDFAs (Apple), or the Windows advertising ID, (consent pursuant to Art. 6 (1) (a) GDPR), whose functions are explained in more detail in this privacy policy or in the documents linked below or external links and are therefore known to you. By clicking the consent button, you also voluntarily give your express consent in accordance with Art. 49 (1) (1) (a) GDPR to personalized advertising, advertising ID transmissions, and other data transmissions to third countries to and by the companies and for the purposes mentioned in this privacy policy, in particular for such transmissions to third countries for which there is or is not an adequacy decision by the EU/EEA, as well as to companies or other entities that are not subject to an existing adequacy decision based on self-certification or other accession criteria, and in which or for which there are significant risks and no adequate safeguards for the protection of your personal data (e.g., due to § 702 FISA, Executive Order EO12333, and the CloudAct in the USA). When you gave your voluntary and express consent, you were aware that third countries may not have an adequate level of data protection and that your data subject rights may not be enforceable. You can revoke your consent under data protection law at any time with effect for the future, e.g., by changing your cookie settings or deleting your cookies. Revoking your consent does not affect the lawfulness of the processing carried out on the basis of your consent until revocation. With a single action (clicking the consent button), you grant multiple consents. This includes consent in accordance with EU/EEA data protection law as well as CCPA/CPRA, ePrivacy and telemedia law, and other international legal provisions that are necessary for, among other things, storing and reading information and are required as a legal basis for planned further processing of the data read. Your consent includes, in particular, express consent to all downstream data processing by third-party providers, which may also take place in unsafe third countries, in particular for personalized and targeted advertising, by all companies named in our privacy policy, as well as their subcontractors and controllers who receive or are transmitted data from these third-party providers or from us within a data processing chain. You are aware that you can refuse your consent by clicking on the other button or, if necessary, make individual settings. By doing so, you also confirm that you have read and taken note of this privacy policy.

For all cookies and external links included in our cookie banner, the legal basis is consent in accordance with Art. 6 (1) (a) GDPR and/or express consent in accordance with Art. 49 (1) (1) (a) GDPR, in addition to the legal basis listed in other sections of this privacy policy.

17. Data protection provisions regarding the use of JavaScript and JavaScript frameworks

On our website, we use JavaScript or JavaScript frameworks as a client-side programming language or JS framework for the dynamic display of content and interaction in the browser. Among other things, JavaScript enables the display of pop-ups, the loading of dynamic content, the tracking of user behavior, the sending of forms, and communication with third-party providers via APIs. JavaScript is not a standalone software product with an external operating company, but rather a scripting language integrated into web browsers by default that is executed on our websites.

The JavaScript-based source code is hosted on our own IT infrastructure and executed by the web browser. We are the operating company of the service.

In addition, we may use various open-source JavaScript libraries or frameworks in our web development, such as Vue JS, Angular JS, or similar projects. These serve to expand the functionality of our website in a structured, modular way, particularly for client-side validation, optimizing user guidance, reducing loading times, and asynchronous data processing. As far as technically possible, we host these components locally on our own IT infrastructure so that no data is transferred to third parties. In certain cases, however, individual components may be integrated via external sources such as content delivery networks (CDNs). This may involve establishing connections to third-party servers, where IP addresses, technical metadata, or usage parameters in particular are processed.

Purposes for which the personal data is to be processed and the legal basis for processing: The purpose of processing is to enable interactive features, dynamic content, easier development, client-side validation, and improved user guidance. Processing is based on Art. 6 (1) (f) GDPR. The legitimate interest lies in simplifying development and providing a functional and user-friendly website.

The criteria for determining the duration for which personal data is processed are based on the respective purpose of the interaction, in particular the duration of the respective session or the storage of client-side information (e.g., in connection with cookies or local storage). The provision of personal data is necessary for the use of interactive website functions.

18. Privacy policy regarding the use and application of Webflow

Webflow is an innovative design and development platform that allows users to visually design professional websites without having to write code. Webflow offers a wide range of web design features, including responsive layouts, CMS, e-commerce, and hosting services to meet the needs of designers, developers, and businesses of all sizes.

When using Webflow services, personal data such as names, email addresses, payment information, and professional information is processed. In addition, usage data such as information about created websites, interaction data, and access statistics may be collected. This data is necessary to provide the services, manage user accounts, improve support, and offer personalized experiences.

The operator of the service and thus the recipient of the personal data is: Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. For data subjects in the EU and the EEA, Webflow B.V., Zomerstraat 17-A, NL-5397 GH Lith, Netherlands, acts as the contact and representative within the meaning of Art. 27 GDPR. The representative under national law in the United Kingdom is: Webflow Europe UK Ltd., Birchin Court, 5th Floor, 19–25 Birchin Lane, London, EC3V 9DU, United Kingdom.

Purposes for which the personal data is to be processed and the legal basis for processing: The purpose of data processing is to use the web design and development platform. The processing is based on the fulfillment of a contract pursuant to Art. 6 (1) (b) GDPR, to which the data subject is a party, as well as on legitimate interests pursuant to Art. 6 (1) (f) GDPR, such as the use of an efficient platform, the optimization of the user experience, and the use of effective customer support.

The operating company of the service is based in a third country, namely the USA. Transfers to third countries may be based on the conclusion of standard contractual clauses or other suitable or appropriate safeguards referred to in Art. 46 (2) GDPR. The operating company of the service may be a certified member of one or more of the Data Privacy Frameworks. For more information, please visit https://www.dataprivacyframework.gov/list. You can request a copy of the appropriate or adequate safeguards from us.

The criteria for determining the duration for which personal data is processed are the contractual relationship between us and the service operator or statutory or contractual retention periods. The provision of personal data is neither required by law or contract nor necessary for the conclusion of a contract. You are not obliged to provide us or the operating company of the service with personal data. However, if you do not provide such data, you may not be able to use our services or those of the operating company of the service.

Further information and Webflow's applicable privacy policy can be found at https://webflow.com.

19. Privacy policy regarding the use and application of Cloudflare

Cloudflare offers a wide range of services to improve the security, performance, and reliability of websites and web applications. Core features include DDoS protection, web application firewall, content delivery network services, secure DNS services, and more. By using Cloudflare, we can protect our online presence from cyber attacks, improve the loading speed of our website, and ensure the overall availability of our services.

When using Cloudflare services, data such as IP addresses, system configurations, and network traffic information is processed. This information is necessary to ward off threats, optimize traffic, and provide insights into website usage.

The operator of the service and thus the recipient of the personal data is: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. For data subjects in the EU and the EEA, Cloudflare Netherlands B.V., Keizersgracht 62, 1015CS Amsterdam, Netherlands, acts as the contact and representative within the meaning of Art. 27 GDPR. The representative under national law in the United Kingdom is: Cloudflare, Ltd., County Hall/The Riverside Building, Belvedere Road, London, SE1 7PB, United Kingdom.

Purposes for which the personal data is to be processed and the legal basis for processing: The purpose of processing is to use services to secure and optimize websites and web applications. Processing is based on Art. 6 (1) (f) GDPR, whereby the legitimate interest lies in ensuring the security, performance, and reliability of our online presence.

The operating company of the service is based in a third country, namely the USA. Transfers to third countries may be based on the conclusion of standard contractual clauses or other suitable or appropriate safeguards referred to in Article 46 (2) of the GDPR. The operating company of the service may be a certified member of one or more of the data privacy frameworks. Further details can be found at https://www.dataprivacyframework.gov/list. You can request a copy of the appropriate or adequate safeguards from us.

The criteria for determining the duration for which personal data is processed are the contractual relationship between us and the service operator or statutory or contractual retention periods. The provision of personal data is neither required by law or contract nor necessary for the conclusion of a contract. You are not obliged to provide us or the operating company of the service with personal data. However, if you do not provide such data, you may not be able to use our services or those of the operating company of the service.

Further information and the applicable data protection provisions of Cloudflare, Inc. can be found at https://www.cloudflare.com.

20. Privacy policy regarding the use and application of jsDelivr

jsDelivr is a public, free content delivery network that enables developers to efficiently host and deliver web libraries, jQuery plugins, CSS frameworks, fonts, and other JavaScript resources. By using jsDelivr, web developers can improve the loading times of their websites by ensuring that these resources are loaded from servers that are geographically closer to the end users.

When using jsDelivr, data such as users' IP addresses, type of resources requested, time of access, and browser information are processed. This data is primarily collected for service provision, performance optimization, and security purposes. jsDelivr employs data protection and security measures to protect the data collected, with a particular focus on compliance with the General Data Protection Regulation and other data protection laws.

The operator of the service and thus the recipient of the personal data is: Volentio JSD Limited, Northside House, Mount Pleasant, Barnet, EN4 9EB, United Kingdom.

Purposes for which the personal data is to be processed and the legal basis for processing: The purpose of processing is the efficient provision of web content via the CDN. Processing is based on legitimate interests pursuant to Art. 6 (1) (f) GDPR, namely optimizing website loading times, improving the user experience, and ensuring the security of the service.

The criteria for determining the duration for which personal data is processed are the contractual relationship between us and the service operator or statutory or contractual retention periods. The provision of personal data is neither required by law or contract nor necessary for the conclusion of a contract. You are not obliged to provide us or the operating company of the service with personal data. However, if you do not provide such data, you may not be able to use our services or those of the operating company of the service.

Further information and jsDelivr's applicable privacy policy can be found at https://www.jsdelivr.com.

21. Data protection provisions regarding the use of jQuery

jQuery is a widely used JavaScript library that web developers use to simplify and speed up HTML document management, event handling, animation, and Ajax interactions. The use of jQuery on our website serves to create a smoother and more interactive user experience. When you visit our website, jQuery may be used to collect certain data, such as information about user behavior and interactions on the site.

This data processing is indirect and primarily aimed at improving website performance and user-friendliness. jQuery itself, as a client-side library, does not store or process personal data on its own servers. jQuery runs in the user's browser and can be used for dynamic content updates, which also involves transmitting data to external servers.

The operator of the service and thus the recipient of the personal data is: The jQuery Foundation, c/o Open JS Foundation, 1 Letterman Drive, Suite D4700, San Francisco, CA 94129, USA.

Purposes for which the personal data is to be processed and the legal basis for processing: The purpose of using jQuery is to improve the user experience on our website by providing an efficient interaction experience. The processing is based on Art. 6 (1) (f) GDPR, whereby the legitimate interest lies in the provision and use of a functional, user-friendly, and visually appealing website.

The operating company of the service is based in a third country, namely the USA. Transfers to third countries may be based on the conclusion of standard contractual clauses or other suitable or appropriate safeguards referred to in Art. 46 (2) GDPR. The operating company of the service may be a certified member of one or more of the Data Privacy Frameworks. Further details can be found at https://www.dataprivacyframework.gov/list. You can request a copy of the appropriate or adequate safeguards from us.

The criteria for determining the duration for which personal data is processed are the contractual relationship between us and the service operator or statutory or contractual retention periods. The provision of personal data is neither required by law or contract nor necessary for the conclusion of a contract. You are not obliged to provide us or the operating company of the service with personal data. However, if you do not provide such data, you may not be able to use our services or those of the operating company of the service.

The jQuery privacy policy is available at https://jquery.com/.

22. Privacy policy regarding the use of Nginx Helper

Nginx Helper is a WordPress plugin for optimizing the integration of WordPress with the Nginx web server. It offers features such as automatic cache deletion, URL redirection management, and support for configuring the Nginx server to improve the performance of WordPress websites. The plugin does not store any personal data of website visitors, but only supports technical aspects of server administration and server optimization.

The application is installed on our own IT infrastructure. We are the operating company for the service.

Purposes for which the personal data is to be processed and the legal basis for processing: The purpose of using NginxHelper is to optimize web server performance for WordPress websites, which serves to reduce loading times and improve the user experience. The processing is based on Art. 6 (1) (f) GDPR, whereby the legitimate interest lies in technical optimization and efficient resource management.

The criteria for determining the period for which personal data is processed are internal, legal, or contractual retention periods. The use of personal data is neither required by law or contract nor necessary for the conclusion of a contract. You are not obliged to provide us with personal data. If you do not provide us with personal data, you may not be able to use our services, functionality, or plugin.

Further information about Nginx Helper can be found at WordPress.org.