Legal

Privacy Policy

Controller: InterNexum GmbH · As of: June 2026

The protection of your personal data (also “data”) is an important concern to us. In the following, we would like to inform you comprehensively about which categories of data we process for which purposes when you use our website and when registering domain names.

This privacy policy is based on the requirements of the EU General Data Protection Regulation (GDPR) and also takes into account the requirements of the NIS2 Directive, which entails additional security measures for registrars and registries. Please note that our privacy policy may change over time due to the implementation of new technologies or changes in the law.

Our privacy policy is divided into the following sections:

A. General — Information about the controller, the data protection officer, your rights, the legal bases for data processing, the retention period, as well as notes on children, recipients of data, third-country transfers, data security and automated decisions including profiling.
B. Processing of specific personal data — Details on the processing of personal data for the technical provision of the website, for security and performance purposes, for commercial services, for contact and CRM, and for newsletters and social media integrations.
C. Statistics and web analytics – Use of cookies — Information on the use of web analytics and statistics tools as well as advertising based on tracking and retargeting.
D. Processing of personal data when registering domain names — Specific information on the processing of your data in connection with domain registrations, including the requirements of the NIS2 Directive.

We recommend that you read the individual sections carefully in order to gain a comprehensive understanding of our data processing practices. Please note that this policy may change over time due to changes in the legal framework or technical developments.

A. General

1. Controller

The controller within the meaning of Art. 4 No. 7 of the EU General Data Protection Regulation (“GDPR”) is InterNexum GmbH, Blumenstraße 54, 02826 Görlitz, Germany.

InterNexum GmbH determines the purposes and means of the processing of your personal data on this website.

2. Data Protection Officer

You can reach our external data protection officer at:

IITR Datenschutz GmbH
Dr. Sebastian Kraska
Marienplatz 2, 80331 Munich
Germany
Email: email@iitr.de
Phone: 089-18917360

Data subjects may also address declarations and requests for information to the internal data protection office for prompt processing: datenschutz@internexum.de.

3. Your rights

In accordance with the statutory provisions, you can assert the following rights free of charge against the controller of the data processing:

Withdrawal of your consent (Art. 7 (3) GDPR);
Right of access (Art. 15 GDPR);
Right to rectification or erasure (Art. 16 and Art. 17 GDPR);
Right to restriction of processing (Art. 18 GDPR);
Right to data portability (Art. 20 GDPR);
Right to object to processing (Art. 21 GDPR).

To assert claims under the GDPR, please use the controller's contact details given above or, alternatively, contact the data protection officer. If you would like to contact us by email, please use an address registered in our system so that we can identify you.

Complete data security cannot be guaranteed by us in email communication, so we recommend postal mail for confidential information.

If you believe that the processing of your personal data violates data protection law, you have the right under Art. 77 (1) GDPR to lodge a complaint with a data protection supervisory authority of your choice.

4. Legal bases

In principle, we only process data if we have a legal basis to do so. We go into the individual bases in more detail in the descriptions of the individual processing activities. In general, however, the following applies:

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) sentence 1 lit. a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary for the performance of a contract, Art. 6 (1) sentence 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.
If the processing is necessary to fulfil a legal obligation to which we are subject, Art. 6 (1) sentence 1 lit. c) GDPR serves as the legal basis for the processing.
If the processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) sentence 1 lit. f) GDPR serves as the legal basis for the processing.

5. Retention period

We delete the data we process or restrict its processing in accordance with the statutory provisions, in particular Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, we delete stored data as soon as it is no longer required for the intended purpose. Storage beyond the point at which the purpose ceases to apply only takes place where this is necessary for other and legally permissible purposes or where the data must be retained due to statutory retention obligations. In these cases, processing is restricted, i.e. blocked and not processed for other purposes.

Statutory retention obligations arise, for example, from § 257 (1) of the German Commercial Code (HGB) (6 years for commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and from § 147 (1) of the German Fiscal Code (AO) (10 years for books, records, management reports, accounting vouchers, commercial and business letters, documents relevant to taxation, etc.).

6. Children

Our web offering is not directed at children under the age of 16.

7. Recipients, third-country transfers, linked third-party websites

Below we would like to inform you about the third parties and processors to whom we transmit personal data. On our website, we use various services provided by third parties. These have different purposes, which we will explain in more detail in the individual descriptions. In general, however, these services serve to make our website functional, secure and visually and content-wise appealing, and to continuously optimise it. In general terms, we transmit personal data to the following categories of third parties:

Billing service providers, printing and postal service providers, insurers, telecommunications service providers, insurance brokers and experts for the assessment and settlement of claims, authorities insofar as a legitimate request has been made, credit institutions and payment service providers for processing payments, external accountants, auditors, legal advisors and auditors.

Insofar as personal data is transferred to a third country or an international organisation, we will inform you separately about the transfer and the underlying justification. The transfer is safeguarded by standard contractual clauses (Implementing Decision EU/2021/914) under Art. 46 GDPR or other suitable transfer safeguards under Art. 44 et seq. GDPR.

When we use processors to process data, who are of course bound by our instructions, they are carefully selected, commissioned and regularly monitored by us. The commissions are based on data processing agreements in accordance with Art. 28 GDPR. The processors do not process data for their own purposes.

The processors include, among others, our cloud services provider, which is used, for example, to store documents and files. In this context, we use the services of the following service providers. In particular, the use of these service providers serves the following purposes: electronic communication, appointment scheduling (calendar), document management and file exchange, word, presentation and spreadsheet processing, processing of form data from our website, customer support and request management. For this purpose, we use the services of the following providers:

Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India. Further information at zoho.com/privacy.html. Zoho uses standard contractual clauses under Art. 46 GDPR to ensure an adequate level of data protection.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Further information at google.com/policies/privacy and cloud.google.com/security/privacy. Standard contractual clauses have been concluded between Google Ireland Ltd. and the parent company to guarantee a secure level of data protection even in the third country USA.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Website: microsoft.com/de-de; privacy statement: privacy.microsoft.com; security information: microsoft.com/trustcenter.

Our website may contain links to third-party websites. We would like to emphasise that we are not the controller within the meaning of Art. 4 No. 7 GDPR for the processing of your personal data on these websites. Please consult the privacy policies of the respective websites before disclosing personal data.

8. Data security

We apply technical and organisational measures to protect your personal data against loss, manipulation, destruction or other attacks by unauthorised persons. We continuously improve our security measures in line with the current state of the art. When transmitting your personal data via this website, we use transport encryption technology (TLS).

9. Automated decision-making including profiling

We use automated decision-making procedures including profiling to optimise our marketing measures and to provide you with relevant information and offers. These processes are carried out using the Zoho One service, which provides various modules for analysing and segmenting leads.

As part of this processing, we analyse, for example, the pages you visit, the links you click and other activities in order to better understand your interests and preferences. Based on this information, we can make automated decisions, such as classification into categories (e.g. “hot”, “warm”, “cold”), in order to provide you with suitable offers and content.

We use the following service provider for this purpose:

Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India. Further information at zoho.com/privacy.html. Zoho uses standard contractual clauses under Art. 46 GDPR to ensure an adequate level of data protection.

You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you. If you object to this processing, you can contact us at any time and object to the use of your data for these purposes. In this case, your data processing will be adjusted accordingly.

B. Collection and processing of your personal data

1. Technical provision of the website, hosting

Each time content on the website is accessed, data is temporarily stored there in so-called log files, which may allow identification. The following data is collected:

Date and time of access
IP address of the requesting computer
Hostname of the accessing computer
Website from which the website was accessed
Websites accessed via the website
Page visited on our website
Amount of data transferred
Notification of whether the access was successful
Information about the browser type and the version used
Operating system

The temporary storage of the data is necessary for the course of a website visit in order to enable the website to be delivered. Further storage of the log files takes place in order to ensure the functionality of the website and the security of the information technology systems. In doing so, your IP address is shortened as quickly as possible in such a way that identification of your person is no longer possible. The legal basis for the temporary storage is Art. 6 (1) sentence 1 lit. b) GDPR. The legal basis for the further storage with a shortened IP address is Art. 6 (1) sentence 1 lit. f) GDPR. Our legitimate interest is the protection of our information technology systems (in particular in the case of abusive attacks, so-called DDoS attacks). A personal evaluation of the data, in particular for marketing purposes, does not take place without prior consent.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are kept accessible to administrators only.

To operate our websites, we use hosting providers to process meta and communication data of our website users on our behalf and on the basis of our legitimate interests in an efficient and secure provision of this website in accordance with Article 6 (1) sentence 1 lit. f) and Article 28 GDPR. We conclude data processing agreements with these providers to ensure that your data is protected in accordance with the legal requirements.

2. Security and performance

Content Delivery Network and Web Application Firewall (CloudFlare)

On the website, we use the CloudFlare service (service provider: Cloudflare Inc., 101 Townsend Street, San Francisco, California 94107, USA) to secure our website (Web Application Firewall) and to optimise loading times (Content Delivery Network).

When you access our site, your requests are routed via CloudFlare's server, whereby statistical access data about the visit to our website is collected and a cookie is stored by CloudFlare via your internet browser on your device. The access data includes your IP address, the page(s) of our website accessed, the type and version of your browser, your operating system, the referrer URL (i.e. the page from which you came to us), the time you spend on our website and the frequency with which you access our pages. The analysis based on this data is necessary in order to detect and ward off attacks. Cookies are used to recognise your device. An analysis for the purposes of statistical evaluation or advertising does not take place.

CloudFlare guarantees compliance with the EU level of data protection by means of standard contractual clauses.

The legal basis is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. This lies in the secure operation of our website and its optimisation.

Further information on the collection and use of the data can be found at cloudflare.com/privacypolicy.

Google reCAPTCHA

We use the “Google reCAPTCHA” service (hereinafter “reCAPTCHA”) on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). reCAPTCHA is intended to check whether the data entry on our website (e.g. in a contact form) is made by a human or by an automated program. To this end, reCAPTCHA analyses the behaviour of website visitors based on various characteristics. This analysis begins automatically as soon as a visitor enters the website. As part of the analysis, reCAPTCHA evaluates various information (e.g. IP address, the visitor's time on the website, mouse movements or other behavioural signals). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background, and website visitors are not separately informed that an analysis is taking place. The storage and analysis of this data takes place on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in protecting our web offerings against abusive automated spying and against SPAM. Insofar as corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent covers the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time. Further information on Google reCAPTCHA and Google's privacy policy and terms of use can be found at policies.google.com/privacy and policies.google.com/terms. Google holds a certification under the “EU-US Data Privacy Framework” (DPF). This agreement between the European Union and the USA ensures compliance with European data protection standards for data processing in the USA. Further information on this can be found at dataprivacyframework.gov.

Use of Cloudflare Turnstile

To protect our web forms, we use “Cloudflare Turnstile”, a service provided by Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA. Turnstile checks whether an entry is made by a natural person in order to prevent misuse by automated systems. In doing so, technical information (e.g. IP address, browser information, operating system, time spent) may be transmitted to Cloudflare. According to the provider, no personal data is used for advertising purposes and no cookies are set.

The data processing takes place on the basis of Art. 6 (1) lit. f GDPR – our legitimate interest in the security of our website.

You can find further information in Cloudflare's privacy policy: cloudflare.com/de-de/privacypolicy.

3. Commercial and business services

In order to provide pre-contractual and contractual services, for invoicing, for the purpose of customer support, to fulfil entrepreneurial and legal obligations, and for the purpose of internal organisation and administration, we must process the personal data you provide. As part of the data collection, we will inform you which categories of data are required for this. As a rule, these are contact data, payment data (payment method, invoices, payment history), detailed data on the contract (subject service, contract term, remuneration information).

Beyond the termination of the contractual services (including continuing obligations), legal obligations to store your personal data may exist. Particularly relevant here are retention obligations under tax and commercial law. In addition, we must store personal data as long as warranty or guarantee periods are running.

a. Account registration

You can register a customer account. The registration of domain names or the use of other commercial services is only possible if you have a registered account. During registration, you must provide some personal data that is marked as “mandatory field”. As a rule, these are the following data categories:

Contact name (first name, surname), address, city, postal code, country, telephone number, email address

In addition, the date and time of registration are stored together with your IP address.

If you register an account as a company, we also collect the following data:

Company/organisation, tax number

We use this data to identify customers and to manage your account. The data is also used to pre-fill the forms for registering your domain name. The legal basis for the processing is, pursuant to Art. 6 (1) sentence 1 lit. b) GDPR, the necessity of processing personal data to perform a contract or to carry out pre-contractual measures.

In addition, you can voluntarily provide further categories of data. The processing of this data takes place on the basis of our legitimate interest in additional verification and faster communication. The legal basis for the processing is Art. 6 (1) sentence 1 lit. f) GDPR.

Furthermore, you choose a user ID and a password to log in to your account. Please ensure that no unauthorised person gains access to the login data for your account.

A registered account is necessary to register domain names and to use other services. For the processing of your personal data when registering domain names, please refer to the section D. Processing of personal data when registering domain names.

b. Webinars

We offer our customers the opportunity to participate in webinars. For this purpose, we process your email address (sending invitations and appointment reminders, registration with the service provider), your name, possibly your billing address, and information about your company. For the technical provision, we also process the categories of data listed under server log files. After the end of the event, we process your email address for the purpose of sending supplementary information. The processing is necessary for the performance of the contract. To conduct webinars, we use the following processors:

WebinarGeek B.V., Chroomstraat 12, Zoetermeer, Netherlands. Further data protection information: webinargeek.com/privacy, webinargeek.com/cookies
Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India. Further data protection information: zoho.com/privacy.html

c. Direct marketing

We have a legitimate interest (direct advertising, recital 47 GDPR) within the meaning of Art. 6 (1) sentence 1 lit. f) GDPR in advertising to customers (persons with whom we maintain a business relationship) by email or post. In particular, we may send you news about our company or group companies, information about events and invitations to evaluate our services and products.

For this purpose and for sending the newsletter, we use the following processors:

Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India. Further data protection information: zoho.com/privacy.html
Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin. Further data protection information: brevo.com/de/legal/privacypolicy

Insofar as personal data is transmitted to Zoho, Zoho guarantees compliance with the EU level of data protection by means of standard contractual clauses. Further information can be found at zoho.com/privacy.html.

d. Payment

We use various payment methods from third-party payment service providers. If you choose one of these payment methods, your payment data is forwarded to the respective payment service provider for payment processing. These third-party providers process your personal data as independent controllers in accordance with their privacy policies. The transmission is based on the performance of the contract pursuant to Art. 6 (1) sentence 1 lit. b) GDPR and on our legitimate interests in secure payment processing and fraud prevention pursuant to Art. 6 (1) sentence 1 lit. f) GDPR.

Please observe the general terms and conditions, terms of use and privacy policies of the respective payment provider.

PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Privacy policy
SOFORT, Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany. Privacy policy
Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, D02 H210. Privacy policy

When selecting the payment methods purchase on account and instalment purchase, the following personal data in particular is processed by us or the payment service provider as the responsible body for the purpose of payment processing and, in this context, for identity and credit checks:

Contact and identification information: name, date of birth, national identification number, title, billing and delivery address, email address, mobile phone number; nationality, salary, etc.
Payment information: debit and credit card data (card number, expiry date and the CVV check digit), account number, etc.
Information about the processing of the order, such as product type, product number, price, etc.

In the event that the payment method “purchase on account” or “instalment purchase” is selected, we reserve the right to process personal data and information about the user's previous payment behaviour as well as probability values for the user's future payment behaviour (so-called scoring) in order to decide whether the payment method can be offered to the user. The scoring is calculated on the basis of scientifically recognised mathematical-statistical procedures.

4. Contact, CRM and ticket system

You can contact us by email, fax, telephone and via our contact forms to request a quote or to conduct other correspondence. In order to process your request, we process names, email addresses, possibly the name of your company, position, and mandatory information that is absolutely necessary for the creation of a quote. The processing of your data in the course of contact by email, contact form or telephone takes place on the basis of our legitimate interest in good customer service pursuant to Art. 6 (1) sentence 1 lit. f) GDPR or pursuant to Art. 6 (1) sentence 1 lit. b) GDPR, insofar as the contacts are related to contractual performance obligations, such as applying for a dispute entry.

Contacting us for abuse and complaint reports (abuse and complaint management) requires that you log in to your account. In addition, the data categories listed under “log files” are processed. If you would like to apply for a dispute entry, we also need your further contact details (surname, first name, address, company name) and a description of your concern, stating the relevant domain.

We delete your contact requests immediately after processing, unless statutory retention periods require further storage. After answering your request, we archive your request immediately. Access is only possible to a very limited extent. Purely informational requests, i.e. those that do not lead to a contract or do not contain any other content subject to retention, are deleted at the end of the year in which the request was made. See “retention periods” for further information.

When using our contact form and our website, we also process data about your interactions in order to process your request and provide you with tailored information. This data can be stored in a customer relationship management system (“CRM system”), provided that a business relationship exists or, on the basis of previous communication, a business initiation can be expected. We use the “Zoho” CRM system provided by Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India. Zoho offers tracking functions to analyse user behaviour on our website, personalise interactions and provide targeted content or offers. This identification only takes place after your express consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR. You can withdraw this consent at any time.

We also use Zoho for our ticket management system in order to process customer requests efficiently. In doing so, your contact details, requests and all communication are systematically recorded and stored in order to ensure complete processing and tracking. For this purpose, we have concluded a data processing agreement with Zoho, in which Zoho undertakes to process user data only in accordance with our instructions. The legal basis for this is Art. 6 (1) sentence 1 lit. f) GDPR on the basis of our legitimate economic interests in being able to systematically manage customer and prospect contact data. In the case of personal data in the CRM system, it is checked after two years at the end of the respective calendar year whether further storage is necessary. If there is no need for this or no further statutory retention obligations, the data is deleted. Insofar as personal data is transmitted to Zoho, Zoho guarantees compliance with the EU level of data protection by means of standard contractual clauses. Further information can be found at zoho.com/privacy.html.

5. Newsletter

With your consent, we use your personal data to send you our newsletters and thereby inform you about news from our company, new services and products, and events tailored to your interests. This includes information about current or future service and product offers as well as events with the participation of our company or group companies (e.g. trade fairs). In order to send you the newsletter, we need your email address. The legal basis for the processing is your consent pursuant to Art. 6 (1) sentence 1 lit. a), Art. 7 GDPR. We use the personal data you provide during registration exclusively for sending our newsletter. After registering your email address, you will receive an email from us in which you must confirm by clicking a link that you wish to receive the newsletter. If the confirmation by hyperlink does not take place within a period of 7 days, your data will be blocked and deleted after one month. We are also entitled to store your IP addresses and the times of registration and confirmation in order to verify your registration and to clarify any possible misuse of your personal data appropriately.

We use the service provider Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India, for sending and analysing our newsletters. For this purpose, we have concluded a data processing agreement with Zoho, which ensures that your data is processed only in accordance with our instructions. Data processing by Zoho takes place in compliance with the standard contractual clauses in order to ensure an adequate level of data protection in accordance with the EU GDPR. Further information can be found at zoho.com/privacy.html.

We may analyse our newsletter campaigns. When you open an email, a file contained in the email (a so-called web beacon) connects to our newsletter server, which is operated by Zoho. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked, if any. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). This information cannot be directly assigned to the individual newsletter recipient, but serves the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of recipients.

Since we base the processing on your consent, this means that you have the right to withdraw your consent at any time or to object to the processing of your personal data for the purpose of sending the newsletter. In this case, we will immediately remove you from our newsletter distribution list in order to comply with your wishes. You can withdraw your consent at any time by sending an email to our data protection officer or by following the instructions at the end of an advertising/newsletter email. If you send us an email, please tell us what your withdrawal relates to so that we can identify your request.

6. Social media integration

Unless otherwise stated, we process your data on the basis of our legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) GDPR in order to improve the content and make use more convenient for you. The purposes described coincide with our legitimate interests. If cookies are used when integrating social media content, this takes place on the basis of your consent pursuant to Art. 6 (1) sentence 1 lit. a), Art. 7 GDPR.

a. Links to social media profiles

On our website, we also link to our presences on various social networks. The integration takes place via a linked graphic of the respective network. This prevents an automatic connection to the server of the respective network from being established when our website is accessed; instead, the user is only redirected to the service of the respective social network by clicking on the corresponding graphic.

After being redirected, information is collected by the respective network, whereby it cannot be ruled out that the data collected in this way is processed in the USA.

The data collected is initially the IP address, date, time and page visited. However, if you are logged into your user account of the respective network, the network operator may be able to assign the collected information of the specific visit to your personal account. If you interact via a “share” button of the respective network, this information can be stored in your personal account and possibly published. If you want to prevent the collected information from being assigned directly to your user account, you must log out before clicking on the graphic or the “share” button.

The following social networks are integrated into our site by linking:

Facebook — Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA. Privacy policy
Instagram — Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA. Privacy policy
Twitter — Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. Privacy policy
LinkedIn — LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. Privacy policy
Xing — New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Privacy policy
YouTube — Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy

b. YouTube

On our website, we embed videos from YouTube by Google (service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

The integration improves our website by introducing ourselves through short videos or explaining our business model.

If you are logged into YouTube or Google, your data is assigned directly to your account; otherwise, the data is assigned to an advertising ID separate from your account.

We use YouTube in “extended data protection mode” in order to be able to show you these videos. According to YouTube, this means that data is only transmitted to YouTube's server when you actually start a video.

Insofar as Google Ireland Limited transmits personal data to the US parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Google guarantees compliance with the EU level of data protection by means of standard contractual clauses.

The legal basis is your consent pursuant to Art. 6 (1) lit. a) GDPR, which can be granted on your first visit to the website. This consent can be withdrawn at any time in the cookie settings by deleting the cookies of this site in your own browser.

YouTube stores cookies permanently on your device. If you do not agree to this, you have the option of preventing the storage of cookies by means of a setting in your browser.

Detailed information on the purpose and scope of data collection and on the retention period by Google can be found in the provider's privacy policy at policies.google.com/privacy.

C. Statistics and web analytics – Use of cookies

In some cases, we or our partners use cookies or process your data in a way that requires your consent. Cookies are small text files that can be stored on your device when you visit our website. Tracking is possible with various technologies such as pixel technology or log file analysis. Consent is given via the so-called cookie banner, which must be actively clicked. Our cookie policy explains how you can deactivate individual functions that you have agreed to. There you will find information about when cookies expire, how to delete cookies and how to withdraw your consent.

Unless otherwise stated, the processing described in this section is based on your consent pursuant to Article 6 (1) sentence 1 lit. a), Article 7 GDPR. Further information on how to withdraw your consent can be found in our Cookie Policy. This is linked in the footer of our website.

1. Web analytics, statistics tools

In order to determine which content on our website is most interesting to you, we continuously measure the number of visitors and the most viewed content. For this purpose, we process your data,

to record the number of visitors to our websites,
to record the respective visiting times of our website visitors and
to record the sequence in which different websites and product pages are visited in order to optimise our website.

a. Zoho

On this website, we use the Zoho Analytics service provided by Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India, to analyse the use of our web offering and for tracking/marketing measures in order to provide you with the advertising that really interests you. For analysis purposes and as part of the optimisation of our marketing measures, the following data may be collected and processed via Zoho:

Geographic location
Browser type
Navigation information
Referrer URL
Performance data
Login information for the Zoho service
Files viewed on site
Domain names
Pages viewed
Aggregated usage
Operating system version
Internet service provider
IP address
Device identifier
Duration of the visit
Operating system
Access times
Clickstream data
Device model and version

For the purpose of web analysis, so-called “web beacons” are used and “cookies” are also set, which are stored on your computer and which enable us to analyse your use of the website. Further information about the use of cookies by Zoho can be found at zoho.com/de/privacy/cookie-policy.html.

The legal basis for the processing is your consent, which can be withdrawn at any time with effect for the future, pursuant to Art. 6 (1) sentence 1 lit. a), Art. 7 GDPR, which you have given via the cookie settings. You can withdraw your consent at any time with effect for the future via the cookie settings.

b. Matomo/Piwik

On our website, we use the open-source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. This serves to analyse visitor flows on our website. This allows us to recognise which subpages are used most frequently. By evaluating the data obtained, we are able to compile information about the use of our website. This helps us to continuously improve our website and its user-friendliness.

For this purpose, pseudonymous user profiles are created, which can be assigned to the browser you use by means of a cookie stored on your computer. When individual pages of our website are accessed, the following data is stored:

The accessed web page
The website from which the user reached the accessed web page (referrer)
The subpages accessed from the accessed web page
The time spent on the web page
The frequency with which the web page is accessed

The software runs exclusively on the servers of our website. The personal data of users is stored only there. The data is not passed on to third parties. When using Matomo, we deliberately refrain from processing your complete IP address.

The legal basis for the processing of user data is your consent, which can be withdrawn at any time, pursuant to Art. 6 (1) lit. a, Art. 7 (3) GDPR. To withdraw your consent, please use the settings banner at the end of this privacy policy. In this way, a cookie is set on your system that signals to our system not to store the user's data.

The data is deleted after 60 days. Further information can be found at matomo.org/privacy.

2. Advertising based on tracking and retargeting

We want to show you – also on the websites of our advertising partners – only advertising that really interests you. We therefore use tracking and retargeting technologies on our website for advertising tailored to your interests. For this purpose, cookies are usually used, but in some cases also other technologies such as so-called “fingerprinting”. The cookies temporarily stored for this purpose enable our retargeting partners to recognise the visitors to our website under a pseudonym and to show you only products that are likely to interest you. With fingerprinting, your device is recognised on the basis of your computer hardware, software, add-ons and your browser settings.

Unless otherwise stated, the processing described in this section is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a), Art. 7 GDPR. Learn more about how you can withdraw your consent in our cookie privacy settings. There you will also learn the functional duration of the individual cookies and how they can be deleted.

We use the data collected for statistical and advertising purposes and in detail

for targeted advertising, including via advertising networks in cooperation with partners,
to measure the success of and account for advertising measures between advertising partners and us,
to understand which advertising you have already seen in order to prevent you from seeing the same advertising again, and
to assess which parts of our website need to be optimised.

Unless otherwise stated, we use the following services as processors and contractually oblige them to process data only on our behalf.

LinkedIn Insights Tag

We use the LinkedIn Insights Tag, a service of LinkedIn Corporation, as a tool to analyse your behaviour on our website in order to be able to offer you interest-based and behaviour-oriented marketing. This also includes conversion measurement in order to increase the effectiveness of our marketing activities. This is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, linkedin.com. Further information can be found at linkedin.com/legal/privacy-policy.

The Insight Tag will collect the following information about you and transmit it to LinkedIn: URL, referrer URL, IP address, device and browser data, and a timestamp. In exceptional cases, profile data may be processed together with the above-mentioned data categories. This is the case if you are a member of LinkedIn. In this context, we would like to draw your attention to the setting options within your LinkedIn profile.

LinkedIn will provide us with an analysis of the use of our website in aggregated form, so that we are able to improve our website and content for our users. This data is also used for targeted measures for advertisements on the LinkedIn platform.

We are jointly responsible with LinkedIn Corp. for the collection and transfer of data to LinkedIn; however, any processing of data after the transfer is the sole responsibility of LinkedIn. The Insight Tag collects and transmits data only after your express consent in the cookie banner that is displayed to you when you access our website.

LinkedIn will encrypt your data, the IP addresses will be truncated, and direct identifiers will be removed within seven days in order to render the data pseudonymous. The remaining, pseudonymised data is then deleted within 90 days.

The legal basis for this procedure is your consent, Art. 6 (1) sentence 1 lit. a), Art. 7 GDPR. Further information can be found at linkedin.com/psettings/guest-controls/retargeting-opt-out.

D. Processing of personal data when registering domain names

1. Data collected and purposes of processing

As part of the registration of domain names, we collect the following personal data:

Name
Address
Email address
Telephone number
IP address

In addition, depending on the requirements of the respective registration bodies and the NIS2 Directive, further personal data may be required. In individual cases, this may include information such as your identity card number, your date of birth or other identification data. This additional data is used to ensure the security of domain registrations, to comply with legal obligations and to detect possible cases of misuse.

Some of this data may be made publicly accessible as part of WHOIS queries, provided that no specific data protection regulations conflict with this.

2. Legal bases for processing

The processing of the above-mentioned personal data takes place on the following legal bases:

Art. 6 (1) lit. b GDPR: Performance of a contract – The processing is necessary to perform the contract for the registration and management of the domain.
Art. 6 (1) lit. c GDPR: Legal obligation – The processing is necessary to comply with legal obligations, such as the requirements of the registration bodies and the requirements of the NIS2 Directive.
Art. 6 (1) lit. f GDPR: Legitimate interest – In certain cases, the processing may be necessary to detect cases of misuse or to ensure the security of our IT systems.

3. Disclosure of data

Your personal data is passed on to the responsible registration bodies in order to carry out the domain registration. In addition, data may be passed on to authorities or other authorised bodies as part of compliance with the NIS2 Directive, in particular in the event of security-relevant incidents. Furthermore, the data may be passed on to service providers who support us in the operation and management of the domain, e.g. registrars, hosting providers.

4. Data transfer to third countries

In cases where the registration body is based outside the EU/EEA, personal data may be transferred to third countries. These transfers take place on the basis of appropriate safeguards, such as standard contractual clauses, in order to ensure the protection of your data.

5. Retention period

The personal data is stored for the duration of the contractual relationship. After the end of the contractual relationship, the data is deleted, unless statutory retention obligations exist or the data is still required to safeguard legitimate interests. Under the NIS2 Directive, additional retention periods may apply, in particular in connection with the traceability of security-relevant incidents.

6. Security measures

In order to comply with the NIS2 Directive, we have implemented extensive technical and organisational measures to ensure the security of your personal data. This includes, among other things, encryption technologies, regular security checks and measures for rapid response to security incidents.