Cold Mastery

Legal

Privacy Policy

This policy explains how personal data is processed when you visit this website, contact us, and use the Cold Mastery app. A compact, app-focused summary is also available at App Privacy.

This is a courtesy English translation. In case of any discrepancy, the German version prevails.

Preamble

With the following privacy policy we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).

The terms used are not gender-specific.

Last updated: 10 June 2026

Table of contents

Controller

Fabian Weiß
Kolonnenstr. 8
10827 Berlin, Germany

Email address: privacy@coldmastery.com

Overview of processing operations

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of data processed

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and procedural data.
  • Log data.

Categories of data subjects

  • Service recipients and clients.
  • Communication partners.
  • Users.

Purposes of processing

  • Provision of contractual services and fulfilment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Organisational and administrative procedures.
  • Feedback.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 (1) sentence 1 (a) GDPR) – The data subject has given their consent to the processing of personal data relating to them for one or more specific purposes.
  • Performance of a contract and pre-contractual enquiries (Art. 6 (1) sentence 1 (b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or to carry out pre-contractual measures taken at the data subject’s request.
  • Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR) – Processing is necessary to safeguard the legitimate interests of the controller or a third party, provided that the interests, fundamental rights and freedoms of the data subject requiring the protection of personal data do not override those interests.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include in particular the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases including profiling. Furthermore, the data protection laws of the individual federal states may apply.

Relevant legal bases under the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection (“Swiss DPA”). Unlike the GDPR, for example, the Swiss DPA generally does not require that a legal basis for the processing of personal data be stated, and the processing of personal data is carried out in good faith, lawfully and proportionately (Art. 6 (1) and (2) Swiss DPA). In addition, we only obtain personal data for a specific purpose recognisable to the data subject and only process it in a manner compatible with that purpose (Art. 6 (3) Swiss DPA).

Note on the applicability of the GDPR and the Swiss DPA: These privacy notices serve to provide information both under the Swiss DPA and under the General Data Protection Regulation (GDPR). For this reason, please note that, due to the broader geographical application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal data”, “overriding interest” and “particularly sensitive personal data” used in the Swiss DPA, the terms “processing” of “personal data” as well as “legitimate interest” and “special categories of data” used in the GDPR are applied. However, the legal meaning of the terms continues to be determined in accordance with the Swiss DPA insofar as the Swiss DPA applies.

Security measures

In accordance with legal requirements and taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as the access, input, disclosure, securing of availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subjects’ rights, the erasure of data, and responses to threats to the data. We also take the protection of personal data into account when developing or selecting hardware, software and procedures, in accordance with the principle of data protection by design and by default.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorised access, we rely on TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorised access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signalled by the display of HTTPS in the URL. This serves as an indicator to users that their data is transmitted securely and encrypted.

Transmission of personal data

In the course of our processing of personal data, it may happen that the data is transmitted to, or disclosed to, other bodies, companies, legally independent organisational units or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks, or providers of services and content embedded in a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

International data transfers

Data processing in third countries: Insofar as we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or this occurs in the context of using third-party services or the disclosure or transmission of data to other persons, bodies or companies (which is apparent from the postal address of the respective provider or where the privacy policy expressly refers to the transfer of data to third countries), this is always carried out in accordance with the legal requirements.

For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of the EU Commission dated 10 July 2023. In addition, we have concluded Standard Contractual Clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations to protect your data.

This two-fold safeguard ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the Standard Contractual Clauses serve as an additional safeguard. Should changes arise in connection with the DPF, the Standard Contractual Clauses take effect as a reliable fallback option. This ensures that your data remains appropriately protected even in the event of any political or legal changes.

For each service provider, we inform you whether they are certified under the DPF and whether Standard Contractual Clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, appropriate safeguards apply, in particular Standard Contractual Clauses, explicit consents, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en.

Disclosure of personal data abroad: In accordance with the Swiss DPA, we only disclose personal data abroad if adequate protection of the data subjects is ensured (Art. 16 Swiss DPA). Where the Federal Council has not determined adequate protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative safeguards.

For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of Switzerland dated 15 September 2024. In addition, we have concluded standard data protection clauses with the respective providers that have been approved by the Federal Data Protection and Information Commissioner (FDPIC) and establish contractual obligations to protect your data.

This two-fold safeguard ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the standard data protection clauses serve as an additional safeguard. Should changes arise in connection with the DPF, the standard data protection clauses take effect as a reliable fallback option. This ensures that your data remains appropriately protected even in the event of any political or legal changes.

For each service provider, we inform you whether they are certified under the DPF and whether standard data protection clauses are in place. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, appropriate safeguards apply, including international treaties, specific guarantees, standard data protection clauses approved by the FDPIC, or binding corporate data protection rules previously recognised by the FDPIC or a competent data protection authority of another country.

General information on data storage and erasure

We erase personal data that we process in accordance with the legal provisions as soon as the underlying consents are withdrawn or there are no further legal grounds for processing. This applies to cases where the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule apply where statutory obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal proceedings or to protect the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and erasure of data that applies specifically to certain processing operations.

Where multiple statements regarding the retention period or erasure deadlines for a piece of data exist, the longest period is always decisive. Data that is no longer retained for the originally intended purpose, but due to legal requirements or other reasons, is processed exclusively for the reasons that justify its retention.

Retention and erasure of data: The following general periods apply to retention and archiving under German law:

  • 10 years – retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the work instructions and other organisational documents required to understand them (Section 147 (1) no. 1 in conjunction with (3) AO, Section 14b (1) UStG, Section 257 (1) no. 1 in conjunction with (4) HGB).
  • 8 years – accounting documents, such as invoices and cost receipts (Section 147 (1) no. 4 and 4a in conjunction with (3) sentence 1 AO and Section 257 (1) no. 4 in conjunction with (4) HGB).
  • 6 years – other business documents: received commercial or business letters, copies of dispatched commercial or business letters, and other documents insofar as they are relevant for taxation, e.g. hourly wage slips, operating cost statements, calculation documents, price labelling, but also payroll documents insofar as they are not already accounting documents, and cash register receipts (Section 147 (1) no. 2, 3, 5 in conjunction with (3) AO, Section 257 (1) no. 2 and 3 in conjunction with (4) HGB).
  • 3 years – data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to process related enquiries, based on past business experience and customary industry practices, is stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 BGB).

Retention and erasure of data: The following general periods apply to retention and archiving under Swiss law:

  • 10 years – retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting documents and invoices, as well as all necessary work instructions and other organisational documents (Art. 958f of the Swiss Code of Obligations (CO)).
  • 10 years – data necessary to consider potential compensation claims or similar contractual claims and rights, as well as to process related enquiries, based on past business experience and customary industry practices, is stored for the period of the statutory limitation period of ten years, unless a shorter period of five years is decisive, which is relevant in certain cases (Art. 127, 130 CO). After five years, claims for rent, lease and capital interest as well as other periodic payments, for the supply of food, for board and lodging, and for tavern debts, as well as for craftsmanship, retail sale of goods, medical care, professional work by lawyers, legal agents, attorneys and notaries, and from the employment relationship of employees, become time-barred (Art. 128 CO).

Commencement of the period at the end of the year: If a period does not expressly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships within the scope of which data is stored, the event triggering the period is the point at which the termination or other ending of the legal relationship takes effect.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you carried out on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent given at any time.
  • Right of access: You have the right to request confirmation as to whether data concerning you is being processed, and to obtain access to that data as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to rectification: In accordance with the legal requirements, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to request that data concerning you be erased without delay, or alternatively, in accordance with the legal requirements, to request a restriction of the processing of the data.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.
  • Complaint to a supervisory authority: In accordance with the legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Rights of data subjects under the Swiss DPA:

As a data subject, you have the following rights in accordance with the provisions of the Swiss DPA:

  • Right of access: You have the right to request confirmation as to whether personal data concerning you is being processed, and to receive the information necessary for you to assert your rights under this act and to ensure transparent data processing.
  • Right to data release or transfer: You have the right to request the release of your personal data that you have disclosed to us in a commonly used electronic format.
  • Right to rectification: You have the right to request the rectification of inaccurate personal data concerning you.
  • Right to object, erasure and destruction: You have the right to object to the processing of your data, as well as to request that the personal data concerning you be erased or destroyed.

Health data (heart rate) via Apple Health (HealthKit)

Our app accesses the following health data – exclusively after your explicit consent via the Apple Health (HealthKit) system dialog: heart rate (read access, for the live display and evaluation of your cold response during a session), resting heart rate (read access, on the iPhone only, to put your readings into context), and workouts (write access, to save your cold session as a workout in Apple Health).

The legal basis for the processing of this health data (a special category of personal data within the meaning of Art. 9 GDPR) is your explicit consent (Art. 9 (2) (a) in conjunction with Art. 6 (1) sentence 1 (a) GDPR), which you can withdraw at any time with effect for the future (iOS Settings → Privacy & Security → Health, or in the Health app).

Where the data remains: Your health data is processed exclusively locally on your device. Evaluations derived from heart rate (e.g. average and peak values) are stored exclusively locally on your device and are not transferred to the cloud. We never transmit your health data to our own servers or to third parties, do not use it for advertising purposes, and do not pass it on to third parties.

Synchronisation: Session metadata without health data (e.g. date, duration, temperature) may be synchronised between your devices via your personal, private iCloud (Apple CloudKit). This data resides in your own iCloud account; we have no access to it. Apple’s privacy provisions apply in addition.

Web analytics with Vercel Web Analytics

On our website we use Vercel Web Analytics, a cookieless, privacy-friendly analytics service provided by Vercel Inc. (USA). Only aggregated usage data is collected (e.g. pages viewed, referral source, approximate region, device and browser type). No cookies are set and no user profiles that can be recognised across websites are created; the direct identification of individual visitors is not possible. The legal basis is our legitimate interest in statistical, data-minimising reach measurement (Art. 6 (1) sentence 1 (f) GDPR). As Vercel is a US provider, data may be transferred to the USA; the basis for this is the EU Standard Contractual Clauses.

Provision of the online offering and web hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

  • Types of data processed: Usage data (e.g. page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved); log data (e.g. log files relating to logins or the retrieval of data, or access times). Content data (e.g. textual or pictorial messages and posts as well as related information, such as details of authorship or the time of creation).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing and legitimate interests: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
  • Retention and erasure: Erasure in accordance with the information in the section “General information on data storage and erasure”.
  • Legal bases: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR).

Further information on processing operations, procedures and services:

  • Provision of the online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called a “web host”); legal bases: legitimate interests (Art. 6 (1) sentence 1 (f) GDPR).
  • Collection of access data and log files:Access to our online offering is logged in the form of so-called “server log files”. The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, the referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. The server log files can be used, on the one hand, for security purposes, e.g. to avoid overloading the servers (in particular in the event of abusive attacks, so-called DDoS attacks), and, on the other hand, to ensure the utilisation and stability of the servers; legal bases: legitimate interests (Art. 6 (1) sentence 1 (f) GDPR). Erasure of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further retention is necessary for evidentiary purposes is exempt from erasure until the respective incident has been finally clarified.
  • Vercel: services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity) as well as a development environment; service provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA; legal bases: legitimate interests (Art. 6 (1) sentence 1 (f) GDPR); website: https://vercel.com; privacy policy: https://vercel.com/legal/privacy-policy; data processing agreement: https://vercel.com/legal/dpa. Basis for third-country transfers: EU/EEA – Standard Contractual Clauses (https://vercel.com/legal/dpa), Switzerland – Standard Contractual Clauses (https://vercel.com/legal/dpa).

Use of cookies

This website does not set any tracking or marketing cookies and therefore does not display a cookie consent banner. No consent management solution is used. Technically necessary cookies are only used where strictly required for the operation of the site. The analytics service we use (see the section “Web analytics with Vercel Web Analytics”) works without cookies and without cross-device recognition.

Processing of data in the context of applications (apps)

We process the data of users of our application insofar as this is necessary in order to provide users with the application and its functionalities, to monitor its security, and to develop it further. We may also contact users in compliance with the legal requirements, where communication is necessary for the purposes of administering or using the application. For the rest, with regard to the processing of users’ data, we refer to the privacy notices in this privacy policy.

Legal bases:The processing of data necessary for the provision of the application’s functionalities serves to fulfil contractual obligations. This also applies where the provision of the functions requires a permission from users (e.g. release of device functions). Insofar as the processing of data is not necessary for the provision of the application’s functionalities but serves the security of the application or our business interests (e.g. collection of data for the purposes of optimising the application or for security purposes), it is carried out on the basis of our legitimate interests. Insofar as users are expressly asked for their consent to the processing of their data, the processing of the data covered by the consent is carried out on the basis of the consent.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); usage data (e.g. page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing and legitimate interests: Provision of contractual services and fulfilment of contractual obligations; security measures. Provision of our online offering and user-friendliness.
  • Retention and erasure: Erasure in accordance with the information in the section “General information on data storage and erasure”.
  • Legal bases: Performance of a contract and pre-contractual enquiries (Art. 6 (1) sentence 1 (b) GDPR). Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR).

Further information on processing operations, procedures and services:

  • Device permissions for access to functions and data:The use of our application or its functionalities may require permissions from users for access to certain functions of the devices used, or to the data stored on the devices or accessible with the help of the devices. By default, these permissions must be granted by users and can be withdrawn at any time in the settings of the respective devices. The exact procedure for controlling app permissions may depend on the user’s device and software. If clarification is needed, users can contact us. We point out that refusing or withdrawing the respective permissions may affect the functionality of our application.

Obtaining applications via app stores

Our application is obtained via special online platforms operated by other service providers (so-called “app stores”). In this context, the privacy notices of the respective app stores apply in addition to our privacy notices. This applies in particular with regard to the reach measurement and interest-based marketing procedures used on the platforms, as well as any chargeability.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).
  • Data subjects: Service recipients and clients. Users (e.g. website visitors, users of online services).
  • Purposes of processing and legitimate interests: Provision of contractual services and fulfilment of contractual obligations. Provision of our online offering and user-friendliness.
  • Retention and erasure: Erasure in accordance with the information in the section “General information on data storage and erasure”.
  • Legal bases: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR).

Further information on processing operations, procedures and services:

Contact and enquiry management

When you contact us (e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relationships, the information provided by the enquiring persons is processed insofar as this is necessary to respond to the contact enquiries and any requested measures.

  • Types of data processed: Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or pictorial messages and posts as well as related information, such as details of authorship or the time of creation). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).
  • Data subjects: Communication partners.
  • Purposes of processing and legitimate interests: Communication; organisational and administrative procedures; feedback (e.g. collecting feedback via an online form). Provision of our online offering and user-friendliness.
  • Retention and erasure: Erasure in accordance with the information in the section “General information on data storage and erasure”.
  • Legal bases: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR). Performance of a contract and pre-contractual enquiries (Art. 6 (1) sentence 1 (b) GDPR).

Further information on processing operations, procedures and services:

  • Contact form: When you contact us via our contact form, by email or by other means of communication, we process the personal data transmitted to us in order to respond to and handle the respective request. This usually includes information such as name, contact information and, where applicable, further information provided to us and necessary for appropriate handling. We use this data exclusively for the stated purpose of making contact and communicating; legal bases: performance of a contract and pre-contractual enquiries (Art. 6 (1) sentence 1 (b) GDPR), legitimate interests (Art. 6 (1) sentence 1 (f) GDPR).

Newsletter and electronic notifications

We send newsletters, emails and other electronic notifications (hereinafter “newsletter”) only with the consent of the recipients or on a legal basis. Insofar as the contents of a newsletter are described during sign-up, these contents are decisive for the user’s consent. To sign up for our newsletter, providing your email address is usually sufficient. However, in order to be able to offer you a personalised service, we may ask you to provide your name for personal address in the newsletter, or for further information if this is necessary for the purpose of the newsletter.

Erasure and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for erasure is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a block list (so-called “blocklist”).

The logging of the sign-up process is carried out on the basis of our legitimate interests for the purpose of demonstrating its proper conduct. Insofar as we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.

Contents: Notification about the launch and availability of our app.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).
  • Data subjects: Communication partners.
  • Purposes of processing and legitimate interests: Direct marketing (e.g. by email or post).
  • Legal bases: Consent (Art. 6 (1) sentence 1 (a) GDPR).
  • Right to object (opt-out): You can cancel receipt of our newsletter at any time, i.e. withdraw your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter, or you can otherwise use one of the contact options stated above, preferably email, for this purpose.

Amendment and updating

We ask you to inform yourself regularly about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

Insofar as we provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses may change over time, and we ask you to verify the details before making contact.

Definitions of terms

In this section you will find an overview of the terms used in this privacy policy. Insofar as the terms are legally defined, their legal definitions apply. The following explanations, on the other hand, are intended primarily to aid understanding.

  • Inventory data: Inventory data comprises essential information required for the identification and management of contractual partners, user accounts, profiles and similar assignments. This data may include, among other things, personal and demographic details such as names, contact information (addresses, telephone numbers, email addresses), dates of birth and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between persons and services, facilities or systems by enabling unambiguous assignment and communication.
  • Content data: Content data comprises information generated in the course of creating, editing and publishing content of all kinds. This category of data may include texts, images, videos, audio files and other multimedia content published on various platforms and media. Content data is not limited to the actual content but also includes metadata that provides information about the content itself, such as tags, descriptions, author information and publication dates.
  • Contact data: Contact data is essential information that enables communication with persons or organisations. It includes, among other things, telephone numbers, postal addresses and email addresses, as well as means of communication such as social media handles and instant messaging identifiers.
  • Meta, communication and procedural data: Meta, communication and procedural data are categories that contain information about the manner in which data is processed, transmitted and managed. Meta data, also known as data about data, comprises information that describes the context, origin and structure of other data. It may include details on file size, the creation date, the author of a document and revision histories. Communication data records the exchange of information between users via various channels, such as email traffic, call logs, messages on social networks and chat histories, including the persons involved, timestamps and transmission paths. Procedural data describes the processes and workflows within systems or organisations, including workflow documentation, transaction and activity logs, and audit logs used to track and verify operations.
  • Usage data: Usage data refers to information that records how users interact with digital products, services or platforms. This data comprises a wide range of information that shows how users use applications, which functions they prefer, how long they spend on certain pages, and which paths they take through an application. Usage data may also include the frequency of use, timestamps of activities, IP addresses, device information and location data. It is particularly valuable for analysing user behaviour, optimising user experiences, personalising content and improving products or services. In addition, usage data plays a decisive role in identifying trends, preferences and potential problem areas within digital offerings.
  • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, comprises any kind of automated processing of personal data consisting of the use of such personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behaviour and interests, such as interaction with websites and their content, etc.) (e.g. interests in certain content or products, click behaviour on a website, or whereabouts). Cookies and web beacons are often used for profiling purposes.
  • Log data: Log data is information about events or activities that have been logged in a system or network. This data typically contains information such as timestamps, IP addresses, user actions, error messages and other details about the use or operation of a system. Log data is often used to analyse system problems, for security monitoring, or to create performance reports.
  • Reach measurement: Reach measurement (also referred to as web analytics) serves to evaluate the visitor flows of an online offering and may include the behaviour or interests of visitors in certain information, such as the content of web pages. With the help of reach analysis, operators of online offerings can, for example, recognise at what time users visit their web pages and which content they are interested in. This enables them, for example, to better adapt the content of the web pages to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognise returning visitors and thus obtain more accurate analyses of the use of an online offering.
  • Controller: The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data, be it collecting, evaluating, storing, transmitting or erasing.
  • Contract data: Contract data is specific information relating to the formalisation of an agreement between two or more parties. It documents the conditions under which services or products are provided, exchanged or sold. This category of data is essential for the management and fulfilment of contractual obligations and includes both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data may include the start and end dates of the contract, the type of agreed services or products, price agreements, payment terms, termination rights, renewal options and special terms or clauses. It serves as the legal basis for the relationship between the parties and is decisive for clarifying rights and obligations, enforcing claims and resolving disputes.
  • Payment data: Payment data comprises all information required to process payment transactions between buyers and sellers. This data is of crucial importance for e-commerce, online banking and any other form of financial transaction. It includes details such as credit card numbers, bank details, payment amounts, transaction data, verification numbers and billing information. Payment data may also include information about payment status, chargebacks, authorisations and fees.

App Privacy (summary) · Legal Notice · Contact