Privacy policy

Privacy Policy

We welcome you to our websites and appreciate your interest. The protection of your personal data is important to us. Therefore, we conduct our activities in accordance with the applicable legal regulations for the protection of personal data and data security. We would like to inform you below about which data from your visit is used for which purposes.

Responsible entity for processing under the GDPR

The controller within the meaning of the General Data Protection Regulation and other data protection laws applicable in the member states of the European Union and other provisions with data protection character is:

Moonrise GmbH

Glücksteinallee 43

68163 Mannheim

https://leslunes.de

support@leslunes.de

Data Protection Officer

Nils Möllers

Keyed GmbH

Siemensstraße 12

48341 Altenberge, Westphalia

info@keyed.de

+49 (0) 2505 - 639797

https://keyed.de

What is personal data?

The term personal data is defined in the Federal Data Protection Act and in the EU GDPR. According to this, it refers to individual details about personal or factual circumstances of a specific or identifiable natural person. This includes, for example, your full name, your address, your phone number, or your date of birth. Learn more here about what data protection exactly is.

Scope of anonymous data collection and data processing

Unless otherwise stated in the following sections, no personal data is generally collected, processed, or used when using our websites. However, we receive certain technical information through the use of analysis and tracking tools based on data transmitted by your browser (for example, browser type/version, operating system used, websites visited on our site including duration of stay, previously visited website). We evaluate this information only for statistical purposes.

Relevant legal bases for the processing of personal data

To the extent that we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations required to take pre-contractual measures.
To the extent that processing personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not outweigh this interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing.

Use of Cookies

The websites of Moonrise GmbH use cookies. Cookies are data stored by the internet browser on the user's computer system. Cookies can be transmitted to the site when a page is accessed, thus enabling the assignment of the user. Cookies help simplify the use of websites for users.

It is always possible to object to the setting of cookies by changing the settings in your internet browser accordingly. Cookies that have been set can be deleted. Please note that if cookies are disabled, not all functions of our website may be fully usable. The data collected from users in this way is pseudonymized through technical measures. Therefore, it is no longer possible to assign the data to the user accessing the site. The data is not stored together with other personal data of the users. When accessing our website, users are informed about the use of cookies for analysis purposes via an info banner and are referred to this privacy policy. This also includes information on how to prevent the storage of cookies in the browser settings. The legal basis for processing personal data using technically necessary cookies is Art. 6 para. 1 lit. f) GDPR. The legal basis for processing personal data using cookies for analysis purposes is, if the user has given consent, Art. 6 para. 1 lit. a) GDPR. Whether and to what extent cookies are used on our website can be found in our cookie banner and in the information in this privacy policy.

Creation of log files

Each time the website is accessed, Moonrise GmbH collects data and information through an automated system. These are stored in the server's log files. The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.
The following data may be collected in this context:

(1) Information about the browser type and the version used
(2) The user's operating system
(3) The user's internet service provider
(4) The user's IP address
(5) Date and time of access
(6) Websites from which the user's system reached our website (referrer)
(7) Websites accessed from the user's system via our website

Duration of personal data storage

Personal data is stored for the duration of the respective statutory retention period. After the period expires, the data will be routinely deleted unless there is a necessity for contract initiation or contract fulfillment.

Ways to get in touch

On the Moonrise GmbH websites, there is a contact form that can be used for electronic communication. Alternatively, contact can be made via the provided email address. If the data subject contacts the controller via one of these channels, the personal data transmitted by the data subject will be automatically stored. The storage serves solely for the purpose of processing or contacting the data subject. The data will not be passed on to third parties. The legal basis for processing the data is, if the user has given consent, Art. 6 para. 1 lit. a) GDPR. The legal basis for processing the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f) GDPR. If the email contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR. The data will be deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when the circumstances indicate that the matter in question has been conclusively clarified.

1. Newsletter based on consent (double opt-in)

You can subscribe to our newsletter by registering via the corresponding form. Registration is done using the double opt-in procedure: after registering, you will receive a confirmation email asking you to confirm your registration. This is to prevent abusive registrations.

When registering, we store the IP address, date, and time of registration to be able to prove the registration. The data is used exclusively for sending the newsletter. Disclosure to third parties only occurs if necessary for sending the newsletter (e.g., to service providers) or if there is a legal obligation.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent).
You can revoke your consent at any time with effect for the future. A corresponding link is included in every email.

2. Direct advertising within the framework of the soft opt-in (§ 7 para. 3 UWG)

If you have provided us with your email address in connection with a registration or purchase, we may use it in accordance with § 7 para. 3 UWG to send you information about similar products from our range.
According to the current case law of the European Court of Justice (judgment of 13.11.2025, C-654/23), no additional legal basis under Art. 6 GDPR is required for this, as Art. 13 para. 2 of the ePrivacy Directive and § 7 para. 3 UWG are considered lex specialis.

We only send advertising for products that are considered "similar" within the meaning of § 7 para. 3 UWG. This includes our entire range of clothing and fashion items.

Objection:
You can object to the use of your email address for direct advertising at any time free of charge. A corresponding unsubscribe link is included in every email. The objection does not affect the use of your customer account or existing contractual relationships.

Klaviyo Inc.

Description and purpose

For sending the newsletter, we use the cloud-based service provider Klaviyo Inc. on our website. Klaviyo is used to create, send, and manage the dispatch of newsletters and marketing emails. When you sign up for our newsletter, we process personal data from you in the form of IP address, email address, date and time, action type, metadata, object and profile reference. Through an integrated data platform and AI, Klaviyo combines marketing automation, analytics, and customer service in a unified solution, which makes it easier for us to get to know our customers better and grow faster.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR and Art. 6 para. 1 lit. f). Our overriding legitimate interest arises from direct marketing for acquiring new customers.

Recipient

The recipient of your personal data is Klaviyo, Inc., 125 Summer Street, Floor 6, Boston, MA, 02110, USA.

Transfer to third countries

Personal data will be transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. In this regard, we have concluded state-approved contractual clauses pursuant to Art. 46 para. 2 lit. c) GDPR, such as the standard contractual clauses approved by the European Commission, with the data importer. Furthermore, we are aware of our responsibility and, where necessary, take additional measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Duration of data storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. Furthermore, the data will be deleted if you assert your right to deletion pursuant to Art. 17 para. 1 GDPR.

Revocation

You have the right to revoke your given consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without providing reasons and takes effect for the future. Revoking consent does not affect the lawfulness of processing carried out up to the point of revocation. For more information, please see our privacy policy under "Rights of the data subjects."

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

You can find more information about data protection at Klaviyo here: https://www.klaviyo.com/legal/data-processing-agreement

Online Store

We use your personal data to process your online purchases (your orders and returns are handled through our online services) and to send notifications about delivery status or alerts in case of issues with the delivery of your items. We use your personal data to process your payments. We also use your data to handle complaints and product warranty claims. Your personal data is used to verify your identity, ensure that you have reached the legal minimum age for online purchases, and to verify your address with external partners. We want to offer you multiple payment options and conduct analyses to determine which payment methods are available to you, including your payment history and credit checks.

Data transfer when using online payment service providers

If you choose to pay with one of the online payment service providers we offer during your order process, your contact details will be transmitted to them as part of the triggered order. The legality of the data transfer is based on Art. 6 para. 1 lit. b) GDPR, for the execution of the payment method you selected, as well as our legitimate interests according to Art. 6 para. 1 lit. f) GDPR to enable a user-friendly and straightforward payment process. The personal data transmitted to the online payment service provider usually includes first name, last name, address, IP address, email address, or other data necessary for order processing, as well as data related to the service, such as type of service, recipient identity, invoice amount and tax percentage, invoice information, etc. This transfer is necessary to perform the service with the payment method you selected, especially to confirm your identity, to manage your payment and customer relationship. Please note: Personal data may also be passed on by the online payment service provider to service providers, subcontractors, or other affiliated companies as far as this is necessary to fulfill contractual obligations from your order or if the personal data is to be processed on behalf of the provider. Depending on the selected payment method, e.g., invoice or direct debit, the personal data transmitted to the provider may be forwarded by the provider to credit agencies. This transfer serves the purpose of identity and creditworthiness checks related to your order. Which credit agencies are involved and which data is generally collected, processed, stored, and shared by the respective provider can be found in the providers' respective privacy policies:

American Express American Express Services Europe Limited, Frankfurt am Main Branch, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main at https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html
Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium at https://www.mastercard.de/de-de/datenschutz.html
Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom at https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA at https://stripe.com/de/privacy#translation g. micropayment GmbH, Scharnweberstrasse 69, D-12587 Berlin at https://www.micropayment.de/about/privacy/
Klarna AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden
(Apple Pay) Apple Distribution International, Hollyhill Industrial Estate, Hollyhill Cork, Ireland;
Shopify Payments, 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5;
Google Pay (Europe), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
UnionPay International Youxian Gongsi German Branch - An der Welle 4, 60322 Frankfurt am Main at
https://www.unionpayintl.com/en/privacyNotice
Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium at
https://help.xe.com/hc/de/sections/19601578205457-Hinweis-zum-Datenschutz
(BLIK) Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland at
https://www.blik.com/media/PRIVACY_POLICY_AND_COOKIES_POLICY.pdf
(Przelewy24) PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland at
https://www.przelewy24.pl/en/information-obligation-gdpr-payer
TWINT AG, Stauffacherstrasse 41, CH-8004 Zurich, Switzerland at
https://www.twint.ch/datenschutz/
iDeal Currence Holding B.V., Beethovenstraat 300, 1077 Amsterdam, Netherlands at
https://ideal.nl/en/ideal-privacy-cookiestatement

Transfer to third countries

We would like to inform you that your personal data may also be transferred to a server in a third country and thus processed outside the EU.

Duration

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Furthermore, the data will be deleted if you withdraw your consent or request the deletion of personal data. Contractual or legal obligation to provide personal data. The provision of personal data is neither legally nor contractually required and is not necessary for concluding a contract. You are also not obliged to provide the personal data. However, failure to provide it may result in you not being able to use this service or not being able to use it fully.

Registration on our website

If the data subject uses the option to register on the website of the controller responsible for processing by providing personal data, the data will be transmitted to the controller responsible for processing in the respective input mask. The data will be stored exclusively for internal use by the controller responsible for processing. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. During registration, the user's IP address as well as the date and time of registration are stored. This serves to prevent misuse of the services. The data will not be passed on to third parties. An exception exists if there is a legal obligation to disclose. Registration of the data is necessary for providing content or services. Registered persons have the option at any time to have their stored data deleted or changed. The data subject can request information about their stored personal data at any time.

Routine deletion and blocking of personal data

The controller responsible for processing processes and stores personal data of the data subject only as long as necessary to achieve the storage purpose. Storage may also take place if provided for by European or national legislators in Union regulations, laws, or other provisions to which the controller responsible for processing is subject. As soon as the storage purpose ceases or a storage period prescribed by the aforementioned provisions expires, the personal data will be routinely blocked or deleted.

Rights of the data subject

If personal data about you is processed, you are a data subject within the meaning of the GDPR and have the following rights against the controller:

Right to information according to Art. 15 GDPR

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing exists, you can request information from the controller about the following:

The purposes for which the personal data are processed;
The categories of personal data being processed;
the recipients or categories of recipients to whom your personal data have been or will be disclosed;
the planned duration of storage of your personal data or, if specific information is not possible, criteria for determining the storage period;
the existence of a right to rectification or deletion of your personal data, a right to restriction of processing by the controller, or a right to object to this processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information about the origin of the data if the personal data are not collected from the data subject;
the existence of automated decision-making, including profiling pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to request information about whether your personal data are transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

Right to correction pursuant to Art. 16 GDPR

You have the right to rectification and/or completion towards the controller if the processed personal data concerning you are incorrect or incomplete. The controller must make the correction without delay.

Right to deletion pursuant to Art. 17 GDPR

(1) You can require the controller to delete your personal data without delay, and the controller is obliged to delete these data without delay if one of the following reasons applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You withdraw your consent on which the processing pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR was based, and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
The personal data concerning you have been processed unlawfully.
The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data concerning you were collected in relation to information society services offered according to Art. 8 para. 1 GDPR.

(2) If the controller has made your personal data public and is obliged to delete it according to Art. 17 para. 1 GDPR, they shall take appropriate measures, including technical measures, considering the available technology and implementation costs, to inform controllers processing the personal data that you as the data subject have requested the deletion of all links to this personal data or copies or replications of this personal data.

(3) The right to deletion does not exist insofar as the processing is necessary

to exercise the right to freedom of expression and information;
to fulfill a legal obligation that requires processing under the law of the Union or the Member States to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health according to Art. 9 para. 2 lit. h) and i) as well as Art. 9 para. 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes according to Art. 89 para. 1 GDPR, insofar as the right mentioned in para. 1 is likely to make the achievement of the objectives of this processing impossible or seriously impaired, or
to assert, exercise, or defend legal claims.

Right to restriction of processing according to Art. 18 GDPR

Under the following conditions, you can request the restriction of the processing of your personal data:

if you dispute the accuracy of your personal data for a period that allows the controller to verify the accuracy of the personal data;
the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise, or defend legal claims, or
if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data has been restricted, these data – apart from their storage – may only be processed with your consent or for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a member state. If the restriction of processing has been imposed according to the above conditions, you will be informed by the controller before the restriction is lifted.

Right to information according to Art. 19 GDPR

If you have asserted the right to rectification, deletion, or restriction of processing against the controller, the controller is obliged to inform all recipients to whom your personal data has been disclosed of this rectification or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed by the controller about these recipients.

Right to data portability according to Art. 20 GDPR

You have the right to receive your personal data that you have provided to the controller in a structured, commonly used, and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided

the processing is based on consent according to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract according to Art. 6 para. 1 lit. b) GDPR and
the processing is carried out using automated procedures. In exercising this right, you also have the right to request that your personal data be transmitted directly from one controller to another controller, provided this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object according to Art. 21 GDPR

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Art. 6 para. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions. The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the option, in connection with the use of information society services – regardless of Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

Right to withdraw the data protection consent declaration pursuant to Art. 7 para. 3 GDPR

You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent until the withdrawal.

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, especially in the Member State of your residence, workplace, or the location of the alleged infringement, if you believe that the processing of your personal data violates the GDPR. The supervisory authority where the complaint was filed will inform the complainant about the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

is necessary for the conclusion or performance of a contract between you and the controller,
is permitted based on Union or Member State legal provisions to which the controller is subject, and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
with your explicit consent.

However, these decisions must not be based on special categories of personal data according to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in a. and c., the controller takes appropriate measures to protect the rights and freedoms as well as your legitimate interests, which include at least the right to request intervention by a person on the part of the controller, to present your own point of view, and to challenge the decision.

Embedding of other third-party services and content

Description and purpose

It may happen that third-party content, such as videos, fonts, or graphics from other websites, is embedded within this online offer. This always requires that the providers of this content (hereinafter referred to as "third-party providers") perceive the IP address of the users. Without the IP address, they could not send the content to the browser of the respective user. The IP address is therefore necessary for displaying this content. We strive to use only such content whose respective providers use the IP address solely for delivering the content. However, we have no influence if the third-party providers store the IP address, for example, for statistical purposes. As far as we know, we inform users about this. We want to provide and improve our online offer through these embeddings.

Legal Grounds

The legal basis for integrating other third-party services and content is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest lies in the intention to present our online presence accordingly and to provide user-friendly and economically efficient services on our part. Further information can be found in the respective privacy statements of the providers.

Contractual or legal obligation to provide personal data

Providing personal data is neither legally nor contractually required and is not necessary for concluding a contract. You are also not obliged to provide personal data. However, failure to provide it may result in you not being able to use this function or not being able to use it fully.

Data transfer to third countries

The controller may transfer personal data to a third country. In principle, the controller can ensure an adequate level of protection for the processing through various appropriate safeguards. It is possible to transfer data based on an adequacy decision, binding corporate rules, approved codes of conduct, standard data protection clauses, or an approved certification mechanism according to Art. 46 para. 2 lit. a) – f) GDPR.

If the controller transfers data to a third country based on the legal basis of Art. 49 para. 1 lit. a) GDPR, you will be informed here about the possible risks of data transfer to a third country.

There is a risk that the third country receiving your personal data may not have an equivalent level of protection compared to the protection of personal data in the European Union. This can be the case, for example, if the EU Commission has not issued an adequacy decision for the respective third country or if certain agreements between the European Union and the respective third country are declared invalid. Specifically, some third countries pose risks regarding the effective protection of EU fundamental rights through the use of surveillance laws (for example, the USA). In such cases, it is the responsibility of the controller and the recipient to assess whether the rights of the data subjects in the third country enjoy an equivalent level of protection as in the Union and can also be effectively enforced.

However, under the General Data Protection Regulation, the level of protection guaranteed across the Union for natural persons should not be undermined when personal data is transferred from the Union to controllers, processors, or other recipients in third countries or to international organizations, even if personal data is transferred from a third country or from an international organization to controllers or processors in the same or another third country or to the same or another international organization.

Additional functions of the website

Google Analytics 4

Description and purpose

This website uses the service "Google Analytics 4", which is offered by Google LLC, to analyze website usage by users. The service uses "cookies" – text files that are stored on your device. First-party cookies are used for this purpose. With a first-party cookie, the user can only be recognized by the site from which the cookie originates, not across multiple domains. The information collected by the cookies is usually sent to a Google server in the USA and stored there. If applicable, Google Analytics is used on this website with the code "gat._anonymizeIp();" to ensure anonymized collection of IP addresses (so-called IP masking). Please also note the following information about the use of Google Analytics: The IP address of users is shortened within the member states of the EU and the European Economic Area. This shortening removes the personal reference of your IP address. For EU citizens, the IP address is also only used to derive location data and then deleted again. You also have the option to enable or disable the collection of detailed location and device data for individual regions (tracking settings). As part of the data processing agreement that the website operators have concluded with Google LLC, Google creates an evaluation of website usage and website activity using the collected information and provides services related to internet usage.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

The personal data will be transferred to the United States. The transfer is subject to appropriate safeguards according to Art. 46 GDPR. We have concluded standard contractual clauses with the data importer for this purpose. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. Furthermore, the data will be deleted if you exercise your right to deletion according to Art. 17 para. 1 GDPR. The maximum storage period is 14 months.

Revocation

You have the right to revoke your given consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without stating reasons and takes effect for the future. The lawfulness of the processing carried out until the revocation is not affected by the revocation of consent. Further information can be found above in our privacy policy under "Rights of the data subjects".

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

More information about the processing of your personal data can be found here: https://support.google.com/analytics/answer/6004245?hl=de https://policies.google.com/privacy?hl=de&gl=de.

Google Ads and Conversion Tracking

Description and purpose

To draw attention to our current projects and developments, planned activities, and services, we run Google AdWords ads and use Google Conversion Tracking as part of this. Google AdWords (Google Ads) is a service of Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). These ads are displayed based on search queries on websites within the Google advertising network. We have the option to combine our ads with specific search terms. Additionally, we use AdWords remarketing lists for search ads. This allows us to tailor search ad campaigns for users who have previously visited our website. Through these services, we can combine our ads with specific search terms or display ads to previous visitors promoting services they viewed on our website. Interest-based offers require an analysis of online user behavior. To perform this analysis, Google uses cookies. When clicking on an ad or visiting our website, a cookie is set on the user's computer by Google. This information is used to target the visitor during a later search query. Further information about the cookie technology used can also be found in Google's website statistics notes and privacy policies. Using this technology, Google and we as the client receive information that a user clicked on an ad and was redirected to our website to contact us via the contact form. Likewise, Google and we as the client receive information via Google forwarding numbers that a user clicked on a phone number of ours on the internet and contacted us by phone. The information obtained is used exclusively for statistical evaluation to optimize ads. We do not receive any information that would personally identify visitors. The statistics provided to us by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were redirected to a page on our website marked with a conversion tag. Based on these statistics, we can track which search terms led to the most clicks on our ads and which ads resulted in contact via the contact form or phone by the user. Regarding telephone contact by interested parties or customers, the statistics provided by Google include the start time, end time, status (missed or received), duration (seconds), caller's area code, phone costs, and call type.

Legal basis

The legal basis for processing your personal data is consent according to Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The data controller responsible for processing your information depends on your habitual residence, unless otherwise specified in the privacy notices of a specific service:

Google Ireland Limited for users of Google services who have their habitual residence in the European Economic Area or Switzerland.
Google LLC for users of Google services who have their habitual residence in the United Kingdom.

Transfer to third countries

The personal data is transmitted to the USA (server location). The transfer is subject to appropriate safeguards according to Art. 46 GDPR. We have concluded standard contractual clauses according to Art. 46 para. 2 lit. c) GDPR with the data importer. Furthermore, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Duration of data storage

Revocation

You have the right to revoke your given consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. Revoking consent does not affect the lawfulness of processing carried out up to the revocation. Further information can be found above in our privacy policy under "Rights of the data subjects."

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

Further information about the processing of your personal data can be found here: www.google.com/policies/privacy/
You can also find information on how Google as a company handles personal data in a business context on Google's Business Data Responsibility Site: https://business.safety.google/privacy/.

Google Ads remarketing service

Description and purpose

Our website uses the Google Ads remarketing service of Google LLC. With the help of this service, we can show visitors to our website interest-based advertising. For this purpose, Google sets cookies and processes information about your usage behavior (e.g., pages visited, click behavior, technical data such as IP address). The purpose is to analyze user behavior in order to show you personalized advertising on other websites.

By using cookies or pixels, the system recognizes returning users and segments them based on their behavior, such as which pages they visited or how long they stayed there.

As part of these remarketing measures, Google processes various personal data. This includes in particular the IP address, information about the device and browser used, as well as the specific usage behavior on the website. This data is collected via cookies and tracking IDs and transmitted to Google.

The collected data is primarily used for personalizing advertising, measuring campaign success, and optimizing ads and target groups.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a)

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

The personal data is transferred to the United States. The transfer is subject to appropriate safeguards according to Art. 46 GDPR. We have, where necessary, concluded appropriate guarantees pursuant to Art. 46 para. 2 GDPR with the data importer. In addition, Google LLC is certified under the Data Privacy Framework. Moreover, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Duration of data storage

Revocation

You have the right to revoke your consent under Art. 6 para. 1 lit. a) GDPR at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. Revoking consent does not affect the lawfulness of processing carried out up to the revocation. Further information can be found above in our Privacy Policy under "Rights of the data subjects."

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

You can find more information about the processing of your personal data here: https://policies.google.com/privacy?hl=de&_gl=1*1ltq0is*_ga*MzE0Mzg4NzI2LjE3NTYxOTYzMTQ.*_ga_V9K47ZG8NP*czE3NTYxOTYzMTMkbzEkZzAkdDE3NTYxOTYzMTYkajU3JGwwJGgw

Google Maps

Description and purpose

This website uses the Google Maps API from Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to visually display geographic information. When using Google Maps, Google also collects, processes, and uses data about the use of the Maps features by visitors to the websites.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

The personal data is transferred to the United States. The transfer is subject to appropriate safeguards according to Art. 46 GDPR. We have, where necessary, concluded appropriate safeguards pursuant to Art. 46 para. 2 GDPR with the data importer. Furthermore, we are aware of our responsibility and take additional measures, where necessary, to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Duration of data storage

Revocation

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

More information about the processing of your personal data can be found here:

https://policies.google.com/privacy?hl=de&gl=del

Microsoft Clarity

Description and purpose

We use the Microsoft Clarity service from Microsoft Corporation on our website. Microsoft Clarity serves the purpose of providing us with better insights into the use of our website to further improve user-friendliness. The service can create heatmaps, overviews of cursor and scroll movements, and process data such as access times and IP addresses.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Transfer to third countries

Duration of data storage

Revocation

You have the right to revoke your given consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without stating reasons and takes effect for the future. The lawfulness of the processing carried out until the revocation is not affected by the revocation of consent. Further information can be found in our privacy policy under “Rights of the data subjects”.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

More information about data protection at Microsoft can be found here: https://privacy.microsoft.com/de-de/privacystatement

Microsoft Ads

Description and purpose

On the website, we use technologies from Microsoft Ads (bingads.microsoft.com), which are provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Microsoft places a cookie on your device if you have reached our website via a Microsoft Bing ad. Microsoft Bing and the website operator can thus recognize that someone clicked on an ad, was redirected to our website, and reached a previously defined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. Microsoft collects, processes, and uses information via the cookie from which usage profiles are created using pseudonyms (Microsoft Conversion Tracking). These usage profiles are used to analyze visitor behavior and to display advertisements. No personal information identifying the user is processed.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"), to whom the data is transferred and where it is stored.

Transfer to third countries

Personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. We have, where necessary, concluded appropriate safeguards with the data importer in accordance with Art. 46 para. 2 GDPR. Furthermore, we are aware of our responsibility and, where necessary, take additional measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Duration of data storage

Revocation

You have the right to revoke your given consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without providing reasons and takes effect for the future. Revoking consent does not affect the lawfulness of processing carried out up to the revocation. Further information can be found above in our privacy policy under "Rights of the data subjects".

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

More information about the processing of your personal data can be found here:

https://privacy.microsoft.com/en-US/privacystatement

Meta Pixel

Description and purpose

To detect your user behavior, we use the so-called Meta Pixel from Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA. This is an analytics tool that measures the effectiveness of advertising. It is a snippet of code for the website that allows measurement, optimization, and building of advertising campaign audiences. With conversion tracking, we can track across devices (including mobile phones, tablets, and desktop computers) which actions people take after seeing our Facebook ads. By creating a Meta Pixel and adding it to our pages where conversions occur (e.g., the purchase confirmation page), we can determine which people complete conversions due to our Facebook ads. The Pixel continues to monitor actions people take after clicking our ads. We can identify on which device our customers saw the ad and on which devices they ultimately completed the conversion. According to Facebook, the data collected includes:

HTTP Headers
HTTP headers contain a set of information sent via a standard web protocol between any browser request and any server on the internet. HTTP headers include information such as IP addresses (which in Germany can only be evaluated at the general country level), web browser details, page location, document, URI reference, and the web browser's user agent.
Pixel-specific data
This includes the Pixel ID and Facebook cookie data used to link events to a specific Facebook ad account and associate them with a person known to Facebook.
Optional values
Developers and marketers can optionally send additional information about the visit through standard and custom data events. Typical custom data events include information about whether a purchase was made on a page, the conversion value, and much more. You can find more information about custom data events here. With your consent, we embed the "Visitor Action Pixel" of Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA, or if you are located in the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, within our website. This conversion tool allows us to track your actions after you have seen or clicked on a Facebook ad. This serves to monitor and analyze the effectiveness of our Facebook ads for statistical purposes and market research. Although we can only see this data in anonymized form, this data is also stored and processed by Facebook. What exactly Facebook does with this data is unknown to us, but it is assumed that Facebook can and will link this data to your Facebook account. Facebook can use this information for advertising, market research, and to tailor Facebook pages to your needs. For this purpose, Facebook and its partners create usage, interest, and relationship profiles, for example, to evaluate your use of our website in relation to the ads shown to you on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook. Cookies may also be stored on your PC for this purpose. Please refer to Facebook's privacy policy for the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights and settings options to protect your privacy. The data may be combined with other Facebook services, such as Custom Audiences.

Advanced Matching

Advertisers can optionally activate the advanced matching feature of the Meta Pixel by sending encrypted information such as email address or phone number to Facebook. Advertisers can send one or more of the following identifiers for matching: email address, phone number, first name, last name, city, state, postal code, date of birth, or gender.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Meta Platforms Inc. (1 Hacker Way, Menlo Park, California 94025, USA) and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Transfer to third countries

The personal data is transferred to the USA. The transfer is subject to appropriate safeguards according to Art. 46 GDPR. We have concluded standard contractual clauses according to Art. 46 para. 2 lit. c) GDPR with the data importer. Furthermore, we are aware of our responsibility and, if necessary, take additional measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Duration of data storage

Revocation

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

You can find more information about the processing of your personal data here: https://www.facebook.com/about/privacy

You can find more information about the Meta Pixel here: https://de-de.facebook.com/business/help/742478679120153?id=1205376682832142

Shopify International Ltd.

Description and purpose

We use the Shopify service on our website, provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address as well as information about the device and browser you use. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and creates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment data, and other data related to the purchase (e.g., phone number, amount of purchases made, etc.). For the analyses, Shopify stores cookies in your browser.

Legal basis

The legal basis for processing your personal data is consent according to Art. 6 para. 1 lit. a) GDPR. In addition, the processing is also based on our legitimate interest according to Art. 6 para. 1 lit. f). Our overriding legitimate interest lies in the appealing and simple presentation of content on our website.

Recipient

The recipient of your personal data is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Transfer to third countries

No transfer of your personal data to a third country takes place. However, we are aware of our responsibility and regularly review the conditions and legal changes. In the event of a transfer to a third country, we will update this information as soon as possible.

Duration of data storage

Revocation

Objection options

You have the right under Art. 21 para. 1 GDPR to object at any time to the processing of your personal data. If you exercise this right, processing for this purpose will no longer take place. Further information can be found above in our Privacy Policy under "Rights of the data subjects."

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

You can find more information about the processing of your personal data here: https://www.shopify.com/de/legal/datenschutz

Description and purpose

Reddit is a social news aggregator, a website where registered users can submit content. Content can consist of either a link or a text post. Other users can rate the posts positively or negatively. The ratings determine the position of the post on the respective Reddit page as well as the homepage. This service is provided by reddit, Inc., c/o Wired, 520 Third St., San Francisco, CA 94107.

Legal basis

The legal basis for processing personal data is consent according to Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient is reddit, Inc., c/o Wired, 520 Third St., San Francisco, CA 94107.

Transfer to third countries

Data is transferred to the USA.

Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. Furthermore, the data will be deleted if you withdraw your consent or request the deletion of personal data.

Option to object

You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of data processing operations that took place in the past.

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Hotjar

Description and purpose

We use Hotjar (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta) to better understand the needs of our users and to optimize the experiences and services offered on this website. Hotjar's technology helps us better understand our users' experiences (e.g., duration of stay on pages, clicked links, etc.), which helps us tailor our offerings based on user feedback. Hotjar uses cookies and other technologies to collect information about the behavior of our users and their devices, including the device's IP address (which is only collected and stored anonymously during website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), and the preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymous user profile.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Hotjar Ltd (Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta).

Transfer to third countries

By using the service, personal data may be transferred to a third country. In the event of a transfer of personal data, the provider ensures the level of protection under the GDPR by complying with Arts. 44 et seq. GDPR. If there is no adequacy decision with the third country where the data importer is located, the transfer is subject to appropriate safeguards. If you have any questions, please feel free to contact our data protection officer.

Duration of data storage

The data will be deleted as soon as it is no longer necessary for achieving the purpose of its collection. Furthermore, the data will be deleted if you exercise your right to deletion under Art. 17 para. 1 GDPR.

Revocation

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

You can find more information about the processing of your personal data here:

https://www.hotjar.com/legal/policies/privacy/

Pinterest Conversion

Description and purpose

Within our online offering, the so-called "Pinterest Tag" from the company Pinterest Inc. is used for analysis, optimization, and the economic operation of our online offering. With the help of the Pinterest Tag, Pinterest can identify visitors to our online offering as a target group for displaying ads (so-called "Pinterest Ads"). Accordingly, we use the Pinterest Tag to show the Pinterest Ads we place only to those Pinterest users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in specific topics or products determined based on the websites visited) that we transmit to Pinterest (so-called "ActALike Audiences"). With the help of the Pinterest Tag, we also want to ensure that our Pinterest Ads correspond to the potential interests of users and do not appear intrusive. Furthermore, the Pinterest Tag allows us to track the effectiveness of Pinterest advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Pinterest ad (so-called "Conversion"). The Pinterest Tag is integrated directly by Pinterest when our web pages are accessed and can store a so-called cookie, i.e., a small file, on your device. If you then log in to Pinterest or visit Pinterest while logged in, the visit to our online offering will be recorded in your profile. The data collected about you is anonymous to us, so it does not allow any conclusions about the identity of users. The processing of data by Pinterest takes place within the framework of Pinterest's data usage policy.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

Recipient is Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

Transfer to third countries

Personal data is transferred to the USA. The transfer is subject to appropriate safeguards according to Art. 46 GDPR. In this regard, we have concluded state-approved contractual clauses with the data importer pursuant to Art. 46 para. 2 lit. c) GDPR, such as the standard contractual clauses approved by the European Commission. Moreover, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Duration of data storage

Revocation

You have the right to revoke your given consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without stating reasons and takes effect for the future. The legality of the processing carried out until the revocation is not affected by the revocation of consent. Further information on this can be found above in our privacy policy under “Rights of the data subjects”.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

Further information on the processing of your personal data can be found here: https://policy.pinterest.com/en/privacy-policy

Web Analytics Service Matomo

Description and purpose

Our website uses Matomo (formerly Piwik), an open-source software for statistical analysis of visitor access. The provider of Matomo is InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo uses cookies that are stored on your computer and allow an anonymized analysis of your use of the website. A conclusion about a specific person is generally not possible, as your IP address is anonymized immediately after processing and before storage. The use of Matomo is intended to improve the quality of our website and its content. This way, we learn how the website is used and can continuously optimize our offer. When individual pages of our website are accessed, the following data is stored: 1. Two bytes of the IP address of the user's calling system 2. The accessed webpage 3. The website from which the user reached the accessed webpage (referrer) 4. The subpages accessed from the accessed webpage 5. The duration of the stay on the webpage 6. The frequency of access to the webpage. The software runs exclusively on the servers of our website. Personal data of users is only stored there. No data is passed on to third parties. The software is configured so that IP addresses are not fully stored, but 2 bytes of the IP address are masked. In this way, it is no longer possible to assign the shortened IP address to the calling computer. The processing of users' personal data enables us to analyze the surfing behavior of our users.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Matomo, InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.

Transfer to third countries

Duration of data storage

Right of Withdrawal

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

You can find more information about the processing of your personal data here:

https://matomo.org/privacy-policy/

Kameleoon

Description and purpose

The website uses the Kameleoon service from Kameleoon GmbH to analyze website usage and optimize the user experience for all visitors. The Kameleoon service does not collect personal data but only processes the data collected by Google Analytics.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Kameleoon GmbH, Beim Alten Ausbesserungswerk 4, 77654 Offenburg, Germany.

Transfer to third countries

Duration of data storage

Revocation

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

More information about the processing of your personal data can be found here: https://www.kameleoon.com/de/datenschutz

Taboola

Description and purpose

We use the Taboola service on our website, which enables personalized recommendations for content and ads based on browsing behavior and customer interests to improve the user-friendliness of our offering. The provider of this service is Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin. Usage profiles are created using pseudonyms; they are not linked to data about the pseudonym holder and do not allow conclusions about personal data. Taboola collects the following user information via cookies: user's operating system, visited websites/content on our websites, referrer/link through which the user came to our website, time and number of website visits, visits to error pages, location information (city and state), IP addresses in shortened form.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin.

Transfer to third countries

Personal data is transferred to Israel. There is an adequacy decision according to Art. 45 para. 1 GDPR with this third country, certifying a comparable and thus adequate level of protection. Furthermore, in the event of a change in the legal situation, we will take further measures as quickly as possible to ensure the protection of personal data.

Personal data is also transferred to the United States. The transfer is subject to appropriate safeguards according to Art. 46 GDPR. We have concluded standard data protection clauses according to Art. 46 para. 2 lit. c) with the data importer. Furthermore, we are aware of our responsibility and, if necessary, take additional measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Duration of data storage

According to Taboola's privacy policy, data is deleted 13 months after the user's last interaction: https://www.taboola.com/de/policies/datenschutzerklaerung#nutzer.

Revocation

You have the right to revoke your given consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without stating reasons and takes effect for the future. Revoking consent does not affect the lawfulness of processing carried out up to the revocation. Further information can be found above in our privacy policy under "Rights of the data subjects."

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

More information about the processing of your personal data can be found here:

https://www.taboola.com/de/privacy-policy

Outbrain Targeted Advertising

Description and purpose

Visitor pixels and cookies from Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011, USA are used on this website for conversion measurement. This allows tracking of user behavior after they have been redirected to the provider's website by clicking on an Outbrain advertisement. This procedure serves to evaluate the effectiveness of Outbrain advertisements for statistical and market research purposes and can help optimize future advertising measures. The collected data is anonymous to us, so it does not allow conclusions about the identity of the users.

Legal basis

The legal basis for processing personal data is consent according to Art. 6 para. 1 lit. a) GDPR.

Recipient

Recipient is Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011, USA.

Transfer to third countries

Data is transferred to the USA.

Duration of data storage

Option to object

You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of data processing operations that took place in the past.

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Criteo SA

Description and purpose

We use the service of Criteo SA on our website. Criteo SA is an internationally active provider of performance marketing and personalized online advertising.
The service is used to show visitors personalized advertisements based on their previous browsing behavior and interests. This service collects information about usage behavior on the website via cookies, pixels, or similar tracking technologies. These data are processed pseudonymously and used to obtain an accurate analysis of user behavior.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Criteo SA, 32 Rue Blanche, 75009 Paris, France.

Transfer to third countries

Duration of data storage

Revocation

You have the right to revoke your given consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. Revoking consent does not affect the lawfulness of processing carried out up to the revocation. For more information, please see our privacy policy under "Rights of the data subjects."

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

You can find more information about data protection at Criteo SA here: https://www.criteo.com/de/privacy/

Adtriba (now Funnel AB)

Description and purpose

We use the services of Adtriba on our website, but Adtriba now belongs to Funnel AB. Funnel acquired Adtriba in June 2024, combining Adtriba's advanced marketing measurement technology with Funnel's marketing intelligence platform. This combination enables Funnel to offer its customers, who want to increase the effectiveness of their marketing efforts across all channels, a more comprehensive solution.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

Recipient of your personal data is Funnel AB, Klarabergsgatan 29, 111 21, Stockholm.

Transfer to third countries

The personal data could be transferred to the United States. The transfer is subject to appropriate safeguards according to Art. 46 GDPR. In this regard, we have concluded state-approved contractual clauses according to Art. 46 para. 2 lit. c) GDPR, such as the standard contractual clauses approved by the European Commission with the data importer. Furthermore, we are aware of our responsibility and, if necessary, take additional measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Duration of data storage

Revocation

You have the right to revoke your given consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. The lawfulness of the processing carried out until the revocation is not affected by the revocation of consent. Further information can be found in our privacy policy under "Rights of the data subjects."

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

You can find more information about data protection at Adtriba (Funnel) here:

https://funnel.io/legal/adtriba/terms-and-conditions-german

https://funnel.io/privacy

Insider

Description and purpose

We use the Insider service on our website. Insider is an omnichannel and customer engagement platform that helps companies create and automate personalized marketing campaigns across various communication channels. This service collects, analyzes, and uses data from website and app users to enable personalized customer experiences and targeted marketing measures. User data from different sources can be combined to create a unified, cross-channel customer profile.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

Recipient of your personal data is Insider, 1 Scotts Road #24-10 Shaw Centre, Singapore (2282208).

Transfer to third countries

Duration of data storage

Revocation

You have the right to revoke your given consent at any time, cf. Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. Revoking consent does not affect the lawfulness of processing carried out up to the revocation. For more information, please see our privacy policy under "Rights of the data subjects."

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

For more information about data protection at Insider, please see here:

https://useinsider.com/privacy-policy-for-roundtables

TVSquared/ Innovid

Description and purpose

We use the TVSquared service on our website, which belongs to Innovid. Innovid supports us with advertising, personalization, and measurement in the field of Connected TV (CTV). Through a global infrastructure that enables data-driven personalization, real-time decisions, scaled ad delivery, and accredited measurements, Innovid offers its customers and partners optimized solutions that maximize the value of advertising investments across screens and devices.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

Recipients of your personal data are TV Squared Limited, Fifth Floor 1 Exchange Crescent, Conference Square, Edinburgh EH3 8UL and Innovid LLC 30 Irving Place, 12th Floor, New York, NY 10003.

Transfer to third countries

Duration of data storage

Revocation

You have the right to revoke your given consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. The lawfulness of processing carried out until the revocation is not affected by the revocation of consent. Further information can be found in our privacy policy under "Rights of the data subjects."

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Additional privacy information

Further information on data protection at TVSquared and Innovid can be found here:

https://1-demo-clients.tvsquared.com/u/tcs/read#%2F

https://www.innovid.com/privacy-policy

Applications (Training & Job Offers)

By submitting the application to us, applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy policy. The legal basis for processing applicant data is Art. 88 GDPR, § 26 BDSG-new, and Art. 9 para. 2 lit. b) GDPR. If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily provided during the application process, their processing is additionally based on Art. 9 para. 2 lit. b) GDPR (e.g., health data, such as severe disability status or ethnic origin). If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants during the application process, their processing is additionally based on Art. 9 para. 2 lit. a) GDPR (e.g., health data if required for professional practice). If provided, applicants can submit their applications to us via an online form on our website. The provision of the online form is done by Personio through integration on our website. There is a data processing agreement with Personio in accordance with Art. 28 GDPR.

The data is transmitted to us encrypted according to the state of the art. Furthermore, applicants can send us their applications via email. However, please note that emails are generally not sent encrypted and applicants must ensure encryption themselves. Therefore, we cannot assume responsibility for the transmission path of the application between the sender and the reception on our server and recommend using an online form or postal mail instead. In addition to applying via the online form and email, applicants still have the option to send their application by post. The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. The applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Deletion takes place after a period of six months so that we can answer any follow-up questions about the application and fulfill our documentation obligations under the General Equal Treatment Act. Invoices for any travel expense reimbursement are archived in accordance with tax regulations.

Data recipients

To the extent permitted or required by law or to the extent you have consented, we also share your personal data with other recipients who provide services for us. We limit the transfer of your personal data to what is necessary. Some of our service providers receive your personal data as data processors and are then strictly bound by our instructions when handling your personal data (data processing agreement according to Art. 28 GDPR). Some recipients act independently with your data, which we transmit to them. The following categories of service providers/recipients may receive your data:

Providers of email marketing via newsletters
Providers of hosting services for operating our servers
Service providers in the area of applications to support the selection of candidates
Service providers for development work, including programming, development, maintenance, and support of software applications
Service providers for postal services
External legal consultations
Marketing agencies/website management
Additional IT service providers (e.g., system houses)
Other services and tools

The service providers we commission must meet strict confidentiality requirements. They only receive the necessary access to your data to perform the assigned tasks.

In the event of suspicion of a criminal offense, data may be disclosed to law enforcement authorities.

Security

We have implemented extensive technical and organizational safeguards to protect your data from accidental or intentional manipulation, loss, destruction, or unauthorized access. Our security procedures are regularly reviewed and adapted to technological advances. Furthermore, data protection is continuously ensured through ongoing auditing and optimization of the data protection organization.

Conclusion

Moonrise GmbH reserves all rights to make changes and updates to this privacy policy. This privacy policy was created by the data protection management system as part of hellotrust, a brand of Keyed GmbH.

Discover our bestsellers

Privacy policy

Privacy Policy

Responsible entity for processing under the GDPR

Data Protection Officer

What is personal data?

Scope of anonymous data collection and data processing

Relevant legal bases for the processing of personal data

Use of Cookies

Creation of log files

Duration of personal data storage

Ways to get in touch

Newsletter

1. Newsletter based on consent (double opt-in)

2. Direct advertising within the framework of the soft opt-in (§ 7 para. 3 UWG)

Klaviyo Inc.

Description and purpose

Legal basis

Recipient

Transfer to third countries

Duration of data storage

Revocation

Contractual and legal obligation

Additional privacy information

Online Store

Data transfer when using online payment service providers

Transfer to third countries

Duration

Registration on our website

Routine deletion and blocking of personal data

Rights of the data subject

Right to information according to Art. 15 GDPR

Right to correction pursuant to Art. 16 GDPR

Right to deletion pursuant to Art. 17 GDPR

Right to restriction of processing according to Art. 18 GDPR

Right to information according to Art. 19 GDPR

Right to data portability according to Art. 20 GDPR

Right to object according to Art. 21 GDPR

Right to withdraw the data protection consent declaration pursuant to Art. 7 para. 3 GDPR

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Automated individual decision-making including profiling

Embedding of other third-party services and content

Description and purpose

Legal Grounds

Contractual or legal obligation to provide personal data

Data transfer to third countries

Additional functions of the website

Google Analytics 4

Description and purpose

Legal basis

Recipient

Transfer to third countries

Duration of data storage

Revocation

Contractual and legal obligation

Additional privacy information

Google Ads and Conversion Tracking

Description and purpose

Legal basis

Recipient

Transfer to third countries

Duration of data storage

Revocation

Contractual and legal obligation

Additional privacy information

Google Ads remarketing service

Description and purpose

Legal basis

Recipient

Transfer to third countries

Duration of data storage

Revocation

Contractual and legal obligation

Additional privacy information

Google Maps

Description and purpose

Legal basis

Recipient

Transfer to third countries

Duration of data storage