Privacy policy

I. Name and address of the person responsible

TriaPrima GmbH

representative d. the managing director Dirk Wasserthal

Head office Wiesbaden

Kaiser-Friedrich-Ring 14

65185 Wiesbaden

Phone: +49 (0) 611-16870157

Email: [email protected]

II. Basics of data processing

Scope of data processing

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how this is done and for what purpose. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of the data against access by third parties is not possible.

As a matter of principle, we only process personal data of our users to the extent that this is necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 letter a of the EU General Data Protection Regulation (“GDPR”) as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 letter b GDPR as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 letter c GDPR as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 letter f GDPR as the legal basis for processing.

Data sharing

Your personal data will not be transferred to third parties for purposes other than those listed below.

The controller may use service providers who act as processors to provide IT and other administrative support (e.g. service providers who offer IT hosting or maintenance support). These service providers may have access to your personal information to the extent necessary to provide such services.

Any access to your personal information is limited to those who need the information to complete their activities.

The controller may disclose your personal data if this is requested in particular by government authorities, external authorities and courts.

Data transfer to third countries

If we transfer data to a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing occurs as part of the use of third-party services (third-party plug-ins) or the disclosure or transfer of data to other persons, bodies or companies take place, this only takes place in accordance with the legal requirements. Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection or on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Articles 44 to 49 DSGVO, EU standard contractual clauses to ensure an adequate level of data protection (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors; https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en).

SSL encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the website operator. You can recognize an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and by the lock symbol in your browser bar.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Data deletion and storage period

The personal data will be stored by the controller and its service providers for as long as necessary until our obligations have been fulfilled. The data will be stored for as long as necessary for the purpose according to the GDPR. As soon as those responsible no longer need the data to fulfill their contractual or legal obligations, they will be removed from our systems and records and/or measures will be taken so that their personal data is anonymized and they are no longer identifiable. Excepted are cases in which we need to retain your personal data to comply with legal or regulatory obligations to which the controller is subject. This applies in particular to legally prescribed retention obligations such as those arising from the Commercial Code and tax law, which usually result in retention obligations of between 5 and 10 years. It is also possible that we need to preserve evidence within the statute of limitations, which is usually 3 years but can be up to 30 years.

III. Your rights

As a person affected by the processing of your data, you have the following rights against the website operator according to the GDPR:

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of access (Art. 15 DSGVO)

You have the right to request information from us at any time about the data we hold about you. The information concerns, among other things, the categories of data processed by us, the purpose of the processing of the data, the origin of the data and, if applicable, recipients to whom your data are transmitted. You can also get a free copy of your data from us.

Right of rectification (Art. 16 DSGVO)

You can also ask us to correct your data. For this purpose, we take reasonable steps to keep your information accurate, complete, and current.

Right to erasure (Art. 17 DSGVO)

Likewise, you can demand that we delete your data, provided that the legal requirements for this are met. This may be the case, among others, if:

– the data is no longer necessary for the purposes for which it was collected or otherwise processed,

– you revoke your consent, which is the basis for data processing, and there is no other legal basis for the processing,

– you object to the processing of your data and there are no overriding legitimate reasons for the processing, or you object to data processing for direct advertising purposes,

– the data was processed unlawfully,

– the processing is not necessary to ensure compliance with a legal obligation that requires us to process your data.

The right to deletion (“right to be forgotten”) does not apply in exceptional cases if processing is necessary for the reasons listed in Article 17 paragraph 3 GDPR. This may be the case, for example, if the processing is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims (Article 17 paragraph 3 letters a and e GDPR).

Right to restriction of processing (Art. 18 DSGVO)

You may request us to restrict the processing of your data if you dispute the accuracy of the data within the period of time we need to verify the accuracy of the data,

the processing is unlawful and you refuse the erasure of your data and request the restriction of use instead,

we no longer need your data, but you need it to assert, exercise or defend legal claims,

you have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh yours.

Right to data portability (Art. 20 DSGVO)

At your request, we will also transfer your data (if technically possible) to another data controller. You have this right if the data processing is based on your consent or is necessary to perform a contract.

Right to object (Art. 21 GDPR):

You can object to the processing of your data at any time if you cite reasons arising from your particular situation. This is possible if the data processing is based on your consent or on our legitimate interests or the legitimate interests of a third party. In the event of an objection, we will no longer process your data. However, this is not the case if compelling legitimate grounds for processing can be demonstrated by us and these override your interests or if we need your data to assert, exercise or defend legal claims.

If personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling, insofar as it is connected to such direct advertising. In the event of an objection to processing for direct advertising purposes, we will no longer process the personal data concerned for these purposes.

Complaint to supervisory authorities

You have the right to file a complaint with a competent data protection authority. This results from Art. 77 GDPR. Complaints to the supervisory authority can be made informally.

IV. Informational use of the website

During the purely informative use of the website, certain information is sent to the server of our website by the browser used on your end device for technical reasons, for example your IP address. We process this information to provide the content of the website that you have accessed. To ensure the security of the IT infrastructure used to provide the website, this information is also temporarily stored in a so-called web server log file.

These include in particular:

· Browser type and browser version

· operating system used

· Referrer URL

· Host name of the accessing computer

· Time of server request

· IP address

· Opt-in cookie data (absolutely necessary data such as your consent and, if applicable, your individual selection for the use of cookies on your device).

The collection of this data takes place on the legal basis of the balancing of interests according to Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to ensure the security of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and evidentiary documentation of faults (e.g. DDoS attacks).

This data is not merged with other data sources. Data is stored in server log files in a form that allows the identification of the data subjects for a maximum period of 7 days, unless a security-related event occurs (e.g. a DDoS attack). In the event of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully clarified.

The collection of data to provide the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility for the user to object

V. Use of cookies

Our websites use cookies. We use the processing and storage functions of your device’s browser and collect information from the memory of your device’s browser. Cookies are small text files that are stored on your computer and saved by your browser. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again. This website uses the following types of cookies:

Technically necessary cookies

We use cookies to make our website work. Some elements of our website require that the accessing browser can be identified even after a page change. The following data is stored and transmitted in the cookies:

The following data is stored and transmitted in the cookies:

(a) Consents;

(b) language settings;

(c) items in a shopping cart;

(d) Login Information.

Cookies that are not technically necessary (analysis cookies)

We also use cookies. We also use cookies on our website that enable us to analyze the surfing behavior of users on the website. The following data can be transmitted in this way:

· Search terms entered,

· Frequency of page views,

· Use of website functions.

When you access our website, you will be informed about the use of cookies for analysis purposes and your consent to the processing of the personal data used in this context will be obtained. In this context, a reference is also made to this data protection declaration.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 letter f GDPR. The legal basis for the processing of personal data using analysis cookies, if the user has given his consent, is Article 6 Paragraph. 1 letter a GDPR.

The purpose of using technically necessary cookies is to temporarily process the content and functions of the website accessed by the user (e.g. shopping cart, adoption of language settings, log-in information) on our web server. For these, it is necessary that the browser is recognized even after a page change. The user data collected through technically necessary cookies are not used to create user profiles.

The analysis cookies are used for the purpose of improving the website and to better achieve the website’s goals (e.g. frequency of visits, increase in page views) and to continually optimize our offering. The behavior of users is recorded on our website and analyzed in a pseudonymized form using cookies that are not technically necessary. Pseudonymous usage profiles are created, but are not merged with data about the bearer of the pseudonym.

The data is processed for the purpose of providing the website content accessed by the user and measuring the web audience on the websites. Our legitimate interest also exists in these purposes.

Cookies are stored on the user’s computer and transmitted by the user to our site. As a user, you therefore have full control over the use of cookies. The storage period of the individual cookies used can be found in the text display when you call up the website. Cookies that have already been saved can be deleted at any time. This can also be automated. Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.

VI. Google Analytics, Conversion Tracking

To measure the web audience, we use the analysis and tracking technology Google Analytics from the provider Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Visits to our website are recorded via Google Analytics and analyzed in an anonymous form.

We use these analysis and tracking technologies to use cookies to record and analyze usage behavior on our website in order to improve the website and to better achieve the website’s goals (e.g. frequency of visits, increase in page views). In addition, to record and analyze usage behavior on our website for the purposes of (conversion) tracking and (re-)targeting. There is no automated decision making.

Personal data processed:

· IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access (“HTTP data”).

· Data about the use of the website, in particular page views, frequency of visits and time spent on pages accessed (“Google Analytics profile data”).

· Unique visitor ID to identify returning visitors, number of visits by the visitor, time of first visit, previous visits and current visit, start and expected end of the current visit, visitor category to which a user belongs, source or campaign that explains, how a user got to the website (“Google Analytics cookie data”).

The legal basis for the processing of users’ personal data is consent (Article 6 paragraph 1 letter a GDPR).

The processing of users’ personal data enables us to measure the web audience and analyze the surfing and purchasing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website (e.g. frequency of visits, increase in page views). This helps us to continually improve our website and its user-friendliness. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 Paragraph. 1 letter f GDPR. Pseudonymous usage profiles are created from this information. The pseudonymous usage profiles are not merged with data about the bearer of the pseudonym. The aim of the procedure is to examine where users come from, which areas of the website are visited and how often and for how long which sub-pages and categories are viewed.

So-called IP anonymization is activated on this website for the use of the web analysis tool Google Analytics. This means that the IP address transmitted by the browser for technical reasons is anonymized by shortening the IP address (by deleting the last octet of the IP address) before it is stored. By anonymizing the IP address, the user’s interest in protecting personal data is sufficiently taken into account.

The data will be deleted as soon as it is no longer required for our recording purposes. The storage period is 2 months.

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install. The current link is http://tools.google.com/dlpage/gaoptout?hl=de .

For data transfer to the USA, the Commission’s US Data Privacy Frameworks adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and the guarantees in the form of the EU standard contractual clauses exist: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de . Data protection notice from Google: https://policies.google.com/privacy?hl=de

VII. Google Tag Manager

We have integrated the Google Tag Manager (GTM) on this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The GTM collects data on the website and forwards it to the connected analysis tools. The tools save and evaluate these. The GTM does not store any data itself. He doesn’t have access to it. The GTM only collects data on how individual tags are used. The IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access (“HTTP data”) are collected.

The legal basis for the processing of this data is Article 6 Paragraph. 1 letter a GDPR; consent can be revoked at any time.

GTM enables us to integrate tags on our website, analyze them and provide a user-friendly offer. This also lies in our legitimate interest in the use of GTM (Art. 6 Para. 1 Letter f GDPR).

The personal data is transmitted anonymously to Google. This means that the IP address transmitted by the browser for technical reasons is anonymized by shortening the IP address (by deleting the last octet of the IP address) before it is stored. By anonymizing the IP address, the user’s interest in protecting personal data is sufficiently taken into account.

The data will be deleted as soon as it is no longer required for our recording purposes. The storage period is 2 years.

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install. The current link is http://tools.google.com/dlpage/gaoptout?hl=de .

For data transfer to the USA, the Commission’s US Data Privacy Frameworks adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and the guarantees in the form of the EU standard contractual clauses exist: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de . Data protection information from Google: https://policies.google.com/privacy?hl=de

VIII. Meta Pixels, Custom Audiences

This website uses Meta Custom Audiences (target group formation) with the Meta Pixel and the server-side conversion API (“API”) from Meta Platforms Ireland Ltd. (“Meta”). This means that users of the website can be shown interest-based advertisements (“Meta Ads”) when they visit a Meta social network (e.g. Facebook, Instagram), associated apps and websites. Our aim is to show you advertising that is of interest to you in order to make our website more interesting for you.

The Meta Pixel uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. We also record using. Meta cookies are used to record and analyze usage behavior on our website for the purposes of (conversion) tracking and (re-)targeting. There is no automated decision making. The information generated by the cookie about your use of this website is usually transferred to a server in the USA and stored there.

Due to the Meta pixel used, your browser automatically establishes a direct connection to the Meta server. Using the API, web events from your browser are transmitted directly to Meta via a server connection. These events are used for the extended comparison of the integrated meta pixel. The data transmitted via the Meta Pixel and the API is used for success measurement, reporting and ad optimization. If you are registered with a Meta service, Meta can assign the website visit to your account.

Even if you are not registered on a Meta platform or have not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features.

It exists with Meta (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Meta Platform, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA; data protection declaration: https://www.facebook.com/privacy/policy/) for the collection and recording of data (but not further processing) an agreement on joint responsibility within the meaning of Article 26 GDPR (https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Meta must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Meta has agreed to fulfill the rights of those affected (i.e. users can, for example, send information or deletion requests directly to Meta).

The following data is recorded by the Meta Pixel:

· HTTP data – all information commonly contained in HTTP headers. This is a standard web protocol that is sent between all browser requests and all servers on the Internet. This information may include data such as IP addresses, web browser information, page location, document, referrer and person using the website.

· Pixel-specific data – including the pixel ID and the meta cookie.

· Button click data – all buttons clicked by website visitors, the labels of those buttons, and all pages viewed as a result of those button clicks.

· Event data (which can be transmitted from us to Meta via meta pixels and relates to people or their actions, e.g. information about visits to websites, interactions with content, functions, installations of apps, Purchases of products, etc.; the event data is collected for the purpose of forming target groups for content and advertising information (custom audiences),

· Contact information, especially when using Meta Custom Audience, such as email, address, number, for purchasing a product or service.

· Content data (websites visited, online networks used)

The legal basis for the processing of personal data is Article 6 Paragraph. 1 letter. a DSGVO; the consent can be revoked at any time.

We use the meta pixel and the API for the following purposes:

· To deliver our advertisements to visitors to our online offering as a target group (so-called “Custom Audiences”) and to determine them for the display of advertisements (so-called “Meta-Ads”). We use the meta pixel and the API to show the meta ads we place only to those meta users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products). of the websites visited) which we transmit to Meta (so-called “Custom Audiences”).

· We want to ensure that our meta ads match the potential interest of users and are not annoying.

· To measure the effectiveness of meta-ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a meta-ad and interacted with our products (so-called “conversion”).

With the help of the use of Meta Pixel and the API, we are able to record and analyze data, for example when an item is added to the shopping cart or when a purchase is completed, and to continually improve our offers on the website for users. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 Paragraph. 1 letter f GDPR.

The data will be deleted as soon as it is no longer required for our recording purposes. Storage period session/1 year.

For data transfer to the USA, the Commission’s US Data Privacy Frameworks adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and the guarantees in the form of the EU standard contractual clauses exist: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de .

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent. You can find opt-out options in Meta’s data protection regulations under opt-out option: https://www.facebook.com/settings?tab=ads .

To set which types of advertisements are shown to you within Meta, you can go to the page set up by Meta and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/adpreferences/ad_settings/?entry_product= account_settings_menu . The settings are platform-independent, meaning they are applied to all devices, such as desktop computers or mobile devices.

IX. Contact form and email contact

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are in particular:

· First name Name

· E-mail address

· Phone number.

· Content of the request

The following data is also stored at the time the message is sent:

· The user’s IP address (anonymized)

· Date and time of order

For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of emails (e.g. the providers involved) as well as the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that e-mails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot take any responsibility for the transmission path of the e-mails between the sender and the reception on our server.

The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 letter a GDPR.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 letter f) GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 letter b GDPR.

The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. In the event of revocation of consent or storage, please send an email with the appropriate subject to the person responsible.

All personal data stored in the course of contacting us will be deleted in this case.

X. Live chat, push notifications

Live chat

We use the live chat software tool “Userlike” (Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne, Germany) on our website to process live inquiries from our users directly via the website. The software sets a cookie on the user’s computer (see Use of Cookies). If individual pages of our website are accessed, the following data is stored.

· Date and time of the chat, browser type/version, IP address, operating system used, URL of the previously visited website,

· If applicable, first name, last name and email address,

· Content of the request.

The legal basis for processing the data transmitted in the course of sending an email is the legitimate interest in accordance with Art. 6 para. 1 letter f GDPR. The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 letter a GDPR. If chat contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph. 1 letter b GDPR.

We process the personal data from the input mask solely to process the live chat. If you contact us via live chat, this also represents the necessary legitimate interest in processing the data.

The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the chat history, this is the case when the respective history with the user has ended. The process ends when it can be seen from the circumstances that the matter in question has been finally clarified. The additional personal data collected during the sending process is stored for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). In the event of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully clarified.

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us via live chat, they can object to the storage of their personal data at any time. In such a case, the chat process cannot be continued. In the event of revocation of consent or storage, please send an email with the appropriate subject to the person responsible.

Push messages

We use the push notification tool “OneSignal” (OneSignal, a company based in the USA, located at 2850 S Delaware St #201, San Mateo, CA 94403, USA.) on our website to provide real-time notifications. Reporting, A/B testing and the ability to send personalized messages. OneSignal processes your data in the USA, among other places. As an active participant in the EU-US Data Privacy Framework, OneSignal ensures the correct and secure transfer of personal data from EU citizens to the USA. In addition, OneSignal uses so-called standard contractual clauses (Art. 46 Para. 2 and 3 GDPR), which are provided by the EU Commission. These clauses ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries. Further information on the EU-US Data Privacy Framework can be found here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en . Further information about the standard contractual clauses can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de . OneSignal privacy policy: https://onesignal.com/privacy_policy .

The OneSignal platform places a cookie on the user’s computer (see Use of Cookies). If individual pages of our website are accessed, the following data is stored.

· Date and time of the chat, browser type/version, IP address, operating system used, URL of the previously visited website,

· If applicable, first name, last name, telephone number and email address.

The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 letter a GDPR. If a push message is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 Paragraph. 1 letter b GDPR.

The processing of personal data helps us to improve our advertising approach to our users. If you contact us via push message, this also includes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted as soon as the user objects to receiving push notifications or revokes their consent. The additional personal data collected during the sending process is stored for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). In the event of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully clarified.

The user has the option at any time to revoke his consent to the processing of personal data and to object (see under “Your rights”). If the user receives a push notification, they can object to the storage of their personal data at any time. In such a case, the push notifications will not be continued. In the event of an objection, revocation of consent or storage, please send an email with the appropriate subject to the person responsible.

XI. Newsletter

On the website we offer you the possibility to subscribe to our electronic newsletter. If you purchase goods or services on our website and provide your email address, we may subsequently use it to send you a newsletter. In such a case, the newsletter will only be used to send direct advertising for similar goods or services. No data is passed on to third parties in connection with the processing of data for the dispatch of newsletters. The data will be used exclusively for sending the newsletter. Shipping service provider: CleverReach GmbH & Co. KG //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany.

The data from the input mask is transmitted to us.

· IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access, which are displayed when you access the form for subscribing to and unsubscribing from our newsletters website via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons (“HTTP data”),

· Data that is stored on the user’s device to provide the form for subscribing to and unsubscribing from our newsletter (“newsletter form cookie data”),

· Salutation, last name, email address (required), title, first name, company (voluntary), which we collect when you register for the newsletter (“subscription data”).

· Date and time of registration for the newsletter, date and time of sending the registration notification in the double opt-in procedure, date and time of confirmation of registration in the double opt-in procedure and IP address of the device used for confirmation, date and time of a Any unsubscription from the newsletter that we incur for technical reasons when registering and unsubscribing from the newsletter (“subscription and unsubscription data”)

· Data about the use of the newsletter and the shops, in particular the opening rate of the newsletter, click rate of individual linked posts, list of pages visited in the shop, total sales of products sold in the web shop via links in the newsletter in usage profiles, which we use by analyzing usage behavior in the newsletter create pseudonyms (“usage profile data”).

· In order to provide you with the form for subscribing to and unsubscribing from our newsletter on the website, we use cookies on the website (see section ‎Use of cookies), with which we process personal data.

The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 letter a GDPR. The legal basis for sending the newsletter as a result of purchasing our products is Section 7 Paragraph 3 UWG.

We process data of our newsletter subscribers for the following purposes:

· Sending newsletters, invitations to events and information about special offers,

· Providing the form for subscribing and unsubscribing from our newsletter on the website,

· Double opt-in procedure to confirm the subscription,

Storage and processing for evidentiary purposes for the possible assertion, exercise or defense of legal claims,

Analysis of the usage behavior of newsletter subscribers in our newsletter and creation of usage profiles when using pseudonyms for the purpose of personalizing the newsletter.

The collection of the e-mail address and the first name of the user serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

No data is passed on to third parties in connection with the processing of data for the dispatch of newsletters. The data will be used exclusively for sending the newsletter.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s email address and first name are therefore stored for as long as the newsletter subscription is active. We also store this data for evidentiary purposes for the possible assertion, exercise or defense of legal claims for a transitional period of three years from the end of the year in which you unsubscribed and, in the event of any legal disputes, until their termination. The other personal data collected as part of the registration process is usually deleted after a period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack). In the event of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully clarified.

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. This also enables the revocation of consent to the storage of personal data collected during the registration process. Unsubscribing is possible at any time, for example via a link at the end of each newsletter. Alternatively, you can send your request to unsubscribe at any time by email to [email protected].

XII. Online shop

There are various options available to you when ordering from our online shop. You can basically place the order as a registered customer using your user account. To provide various functions in our online shop, for the wish list, for the conclusion and execution of purchase contracts, for age verification to check the purchaser’s age in the ordering process, for the administration and collection of our purchase price claims, for the provision of the We process functions of the user account, for the identification of collectors when collecting ordered goods using an official photo ID, to check whether the collector is the customer or a person authorized by the customer, as well as for evidentiary purposes and to fulfill retention obligations Use of our online shops different personal data, for example your data that you provide to us in the order form. A transfer of data to third parties does not take place. The following data is collected as part of the registration process.

· Items in a shopping cart (“purchasing data”),

· Salutation, first name, last name, telephone number, date of birth, billing and delivery address as well as your email address. When opening a user account, we also collect a freely selectable password and, for business customers, the company and VAT ID number (“contact details”),

· (depending on the payment method selected, the details that must be provided for payment with the respective payment method (“payment data”),

· Last name, first name, date of birth, address and information that an official photo ID was present and that the person collecting an order could be clearly identified (“ID data”),

· Information about current open items, incoming payments, dunning levels, ongoing debt collection processes, returns (“debtor data”).

At the time of registration, the following data is also stored

· IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access, which occurs when using our shop via the Hypertext Transfer Protocol (Secure) ( HTTP(S)) arise for technical reasons (“HTTP data”).

We process data in particular for the following purposes:

Providing forms for registering and ordering goods as a customer and submitting offers as a customer for our services and goods on the website,

· Storing the goods in the shopping cart,

Storage and processing for evidentiary purposes for the possible assertion, exercise or defense of legal claims,

· Sending and delivery of information related to the purchased goods,

· Bookkeeping and invoicing as well as the proper storage of documents to fulfill legal, in particular money laundering, commercial and tax, retention obligations

· Payments and processing of payments (e.g. advance payment, bank transfer, direct debit),

· Double opt-in procedure to confirm registration for the newsletter,

· Analysis of the usage behavior of customers and users and creation of usage profiles using pseudonyms,

In order to provide you with the form for registering as a customer and ordering goods on the website, we use cookies on the website (see section Cookies), by means of which we process personal data.

The legal basis for the processing of the data is the conclusion of a contract pursuant to Art. 6 para. 1 letter b GDPR. The processing of the data is necessary for the conclusion of a contract with the user (customer) or for the implementation of pre-contractual measures. If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent pursuant to Art. 6 para. 1 letter a GDPR. The legal basis for the use of double opt-in procedures is also Art. 6 Para. 1 letter f GDPR. Our legitimate interest is the legally secure documentation of your registration and order to purchase our goods.

We store this data for evidence purposes for any assertion, exercise or defense of legal claims and, in addition, for a transitional period of three years from the end of the year in which you unsubscribed and, in the event of any legal disputes, until their termination as well as for the fulfillment of money laundering, commercial and tax retention obligations. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract.

Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations. If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

We offer payment via PayPal as a payment option. For this purpose, payment data may be transmitted to payment service providers with whom we work. The legal basis is Art. 6 para. 1 letters b or f GDPR.

Further information on how the payment service provider processes your personal data can be found in their privacy policy. PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal 2449 Luxembourg, data protection declaration: https://www.paypal.com/us/webapps/mpp/ua/privacy-full

XIII. purchase

On our website you have the possibility to use our contact form to sell coins to us there. There are various options available to you for selling through our website. You can basically make the sale as a registered customer using your user account. For the provision of various functions in our purchase store, for the conclusion and execution of purchase contracts and for the provision of the user account functions, we process various personal data when you use our purchase store, for example your data that you provide to us in the sales form.

· IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access (log data).

· Data that you provide to us to process your sale as a guest or registered customer (contact details);

· Data that you provide to us for payment of the items you sell (payment data);

· Log data that arises for technical reasons when opening a user account (user account log data);

· Information in transactional emails that we send for the (re)processing of your sales request (e.g. confirmation of receipt) (transactional email data).

The legal basis for collecting this data is Article 6 paragraph 1 letter f of the GDPR. Our legitimate interest is to provide the content of the website accessed by the user.

The purpose of data processing is: conclusion and fulfillment of purchase contracts concluded via our purchase store. This includes, in particular, preparing the shipment of the respective goods to us (depending on the shipping method you have chosen; see the description on our website), reviewing your sales offer, and sending transactional emails to inform you about the respective status of your order.

We store the data until the purchase has been completed. We also store this data for evidence purposes for the possible assertion, exercise or defense of legal claims for a transitional period of three years from the end of the year in which you provided us with the data and, in the event of any legal disputes, until their termination.

We also store this data beyond that, insofar as legal, in particular commercial and tax law, retention obligations exist. Depending on the type of documents, there may be retention obligations under commercial and tax law of six or ten years (Section 147 of the German Fiscal Code (AO), Section 257 of the German Commercial Code (HGB).

XIV. Cloud services (SAAS)

We use software services accessible via the Internet and running on the servers of cloud services (“SAAS” =Software as a Service), in particular the accounting software https://www.zervant.com/de/ from Zervant Oy (GmbH), Keilaranta 17, 02150 Espoo, Finland. Data protection: https://www.zervant.com/de/datenschutzregulations/ .based in the EU.

In this context, personal data may be processed and stored on the servers of the providers to the extent that these are part of communication processes with us or are otherwise processed by us as set out in the context of this privacy policy. This data may include, in particular, master data and contact data of customers, (potential) business and contractual partners data on transactions, contracts, other processes and their contents. The cloud service providers also process usage data and metadata, which they use for security purposes and service optimization.

If we use SAAS to provide forms or other documents and content to other users or publicly accessible websites, the providers may place cookies on users’ devices for purposes of web analytics or to remember and store users’ settings (e.g., in the case of media controls).

The following data can be processed:

· Inventory data (e.g. names, addresses),

· Contact details (e.g. email, telephone numbers),

· Content data (e.g. text entries, photographs, videos),

Log data (e.g. websites visited, interest in content, access times),

· Meta/communication data (e.g. device information, IP addresses).

Affected persons can be: customers, employees (e.g. employees, applicants), interested parties, (potential) contractual partners.

If consent is given, the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

Insofar as the use of SAAS is based on (pre)contractual services, the legal basis is the performance of the contract and the execution and processing of pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO). Otherwise, user data is processed on the basis of a balancing of interests. Our legitimate interest is the efficient, secure internal administration (Art. 6 para. 1 p. 1 lit. f. DSGVO).

The purpose of data processing is the safe and efficient storage and organization of documents, internal administration and accounting.

We store the data until the expiry of the retention obligation under money laundering law, i.e. for a period of five years after the end of the calendar year in which the business relationship was terminated or the information was ascertained (Section 8 (4) of the German Money Laundering Act (GWG)). In addition, we store the data insofar as other legal, in particular commercial or tax law, retention obligations exist. Depending on the type of documents, there may be retention obligations under commercial and tax law of six or ten years (§147 of the German Fiscal Code (AO), §257 of the German Commercial Code (HGB)).

XV. Protection against brute force and DDoS attacks

We protect our websites from unauthorized access and malicious cyberattacks. Among other things, an endpoint firewall and a malware scanner are used.

For this we use the WordPress plugin Wordfence. Wordfence is a plugin for the WordPress content management system. The provider is Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA. Our websites establish a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the access made to our website and, if necessary, block them.

For this purpose, Wordfence uses a cookie to record, evaluate and analyze usage behavior on our website (e.g. frequency of page views on the website). In this way, we also process log data that arises for technical reasons when using the web analysis tool used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes a unique ID for (re)identification of returning visitors , IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

The legal basis for the processing of users’ personal data is Article 6 paragraph 1 letter a GDPR, insofar as the consent requires the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of this and Section 25 paragraph . 1 TTDSG includes. Consent can be revoked at any time.

The processing of users’ personal data enables us to protect the functions and infrastructure of our website from cyberattacks as effectively as possible and to take measures against IP addresses that are classified as questionable. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 Paragraph. 1 letter f GDPR.

The data is stored in server log files in a form that allows the identification of the data subjects for a maximum period of 7 days, unless a security-related event occurs (e.g. a DDoS attack). In the event of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully clarified.

The collected data is sent to our service provider’s servers in the USA. Our service provider receives the data as our processor. There is an order processing contract with the provider.

For data transfer to the USA, the Commission’s US Data Privacy Frameworks adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and the guarantees in the form of the EU standard contractual clauses exist: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de . Further data protection information: https://www.wordfence.com/privacy-policy/

XVI. CAPTCHA

We use the Cloudflare Turnstile software on our website, a service provided by Cloudfare GmbH, Rosental 7, 80331 Munich, Germany. The software automatically checks whether the data entered on our websites (e.g. in a registration or contact form) is by human users or bots. To do this, it examines, for example, the IP address, mouse movements made and the length of time the user stays on the page. Cloudflare Turnstile is a CAPTCHA replacement. In order for Cloudflare Turnstile to check whether users are real, the tool looks for signals of human actions in the background. If the user has an Apple device with the latest versions of macOS or iOS, Turnstile can use private access tokens to validate a device and thus a user without providing user data – with the exception of data such as user agent and browser characteristics capture or save. In this way, the tool does not pass on any data to the provider Cloudflare or other third parties. However, if other devices are involved, the CAPTCHA replacement collects personal data.

In this way, we process log data that arises for technical reasons when using the web analysis tool used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes a unique ID for the (re-) recognition of returning visitors, IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. The analyzes run completely in the background. Users are not informed that an analysis is taking place.

As far as data is processed, the legal basis for the processing of personal data using technically necessary log data is Art. 6 para. 1 letter f GDPR.

The purpose of data processing is to protect the content of the website accessed by the user from abusive automated spying and SPAM. Our legitimate interest also lies in this purpose.

The provider Cloudfare Turnstile is headquartered in San Francisco in the USA.

For data transfer to the USA, the Commission’s US Data Privacy Frameworks adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and the guarantees in the form of the EU standard contractual clauses exist: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de .

Data protection information from Cloudflare Turnstile from Cloudfare GmbH, Rosental 7, 80331 Munich, Germany. Cloudflare’s privacy policy can be found at the following link: https://www.cloudflare.com/de-de/privacypolicy/ .

XVII. Google Review

The website contains so-called third-party plug-ins from the provider Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, with which you can use the functionalities offered by the providers on the website. The plug-ins are integrated into the website using a so-called “2-click solution”. With this solution, the respective plug-in is not activated directly when you access the website, but only when you press the activation button provided for the respective plug-in. When you access the website, the provider of the respective plug-in cannot initially collect any personal data from you via the respective plug-in. The 2-click solution ensures that your Internet browser does not initially establish a connection to the servers of the provider of the respective plug-in when you access the website. Only when you press the button provided to activate the respective plug-in will the respective plug-in be activated. The activation button contains the name of the respective plug-in and, if applicable, a logo of the third-party provider. As a result of activation, a connection is established to the servers of the provider of the respective plug-in. This means that the provider of the respective activated plug-in can also collect personal data from you. Activating the respective plug-in is technically comparable to clicking on a link to an external website, with the difference that the content accessed does not appear in a new window/tab in your Internet browser, but is visually embedded in our website. The data exchange initiated by you activating and using the plug-in takes place exclusively between your Internet browser and the servers of the provider of the respective plug-in.

If you activate a third-party plug-in, you are using a functionality offered by the provider of the respective plug-in under their own responsibility, which is only visually embedded in the display of our website. When activating the respective plug-in, the provider of the respective plug-in may receive personal data from you. When activating the respective plug-in, the provider of the respective plug-in may also use cookies. When you activate the respective plug-in, the provider of the respective plug-in can at least receive the information that our website was accessed under the IP address assigned to you at the time of access. If you are registered as a user on the respective social media platform, the provider of the respective plug-in can usually also assign the data received to your user account. We would like to point out that we have no knowledge of the specific data collected by the provider of the respective plug-in. We also have no knowledge of the specific purposes of processing the collected data by the provider of the respective plug-in or of further details of the data processing of the respective provider. In particular, we do not know whether the respective provider processes the data collected solely to provide the functionality of the respective plug-in (e.g. for sharing certain content or making a comment) or for any other purposes (e.g. to create usage profiles or to personalize advertising).

For data transfer to the USA, the Commission’s US Data Privacy Frameworks adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and the guarantees in the form of the EU standard contractual clauses exist: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de .

· Data protection: https://policies.google.com/privacy?hl=de&gl=de ;

· Terms of Use:

https://developers.google.com/youtube/iframe_api_reference

https://policies.google.com/terms?hl=de

XVIII. Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. In order to use the functions of Google Maps, it is necessary to save your IP address. This

Information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google can use Google Web Fonts for the purpose of uniform font display. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. The use of Google Maps is in the interest of an attractive presentation of our online offerings and to make it easy to find the places we indicate on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 letter f GDPR.

If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 letter a GDPR, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting). Consent can be revoked at any time.

For data transfer to the USA, the Commission’s US Data Privacy Frameworks adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and the guarantees in the form of the EU standard contractual clauses exist: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de .

Data protection: https://policies.google.com/privacy?hl=de&gl=de .

XIX. WhatsApp Business Communications

On this website you have the opportunity to send text messages, photos, videos and voice messages to us via the WhatsApp Business instant messaging service. WhatsApp is an application of WhatsApp Ireland Limited based in the EU.

The following data can be processed: location information, documents, links and contact details.

In addition, WhatsApp can store data that users share with the app. For example

· News,

· Photos,

· Videos,

· Billing data and

· stored profile pictures.

The legal basis for the processing of users’ personal data is Article 6 paragraph 1 letter a GDPR. The user can revoke their consent to data collection at any time.

The purpose is to make contact with us simple, user-friendly and optimal via instant messaging. This also includes our legitimate interest in using the instant messaging service (Article 6 paragraph 1 letter f GDPR).

WhatsApp only saves all data in encrypted form. Accordingly, the group cannot view the data. According to WhatsApp, photos and videos are only temporarily stored. Then WhatsApp removes them. The app only saves messages until the recipient has received them. She then deletes them. If a message is not delivered within 30 days, WhatsApp will also delete it.

In its terms and conditions, WhatsApp states that it will pass on collected data to the parent company Meta in the USA and to other companies that belong to Meta. In addition, it remains open to sharing data with external companies, service providers and partners. However, personal data can also be passed on to the company WhatsApp LLC. This company is based in the USA. There is an adequacy decision for data transfer to the USA. In addition, the Commission’s US Data Privacy Frameworks adequacy decision is available for data transfer to the USA: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and there are guarantees in the form of the EU -Standard contractual clauses: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de .

There is an order processing contract. WhatsApp Business receives the data as our processor. Further information on how to handle user data can be found in the

· Data protection https://www.whatsapp.com/legal/privacy-policy-eea?lang=de_DE

· Terms of use: https://www.whatsapp.com/legal/channels-terms-of-service-eea?lang=de_DE

XX. YouTube player

This website embeds videos from the YouTube website. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is integrated, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited.

Furthermore, YouTube can store various cookies on your device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, improve user experience and prevent fraud attempts.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Para. 1 letter f GDPR. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 letter a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For data transfer to the USA, the Commission’s US Data Privacy Frameworks adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and the guarantees in the form of the EU standard contractual clauses exist: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Further information on how to handle user data can be found in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de .