Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process, for which purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, as well as within external online presences such as our social media profiles (collectively referred to as the “Online Offering”).

The terms used are not gender-specific.

Last updated: December 4, 2025

Contents Overview

Controller

The controller can be contacted at: info@frostshock.de

Overview of Processing

The following overview summarizes the types of data processed, the purposes of their processing, and the categories of data subjects.

Types of Processed Data

  • Inventory data.
  • Employee data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and procedural data.
  • Log data.

Categories of Data Subjects

  • Service recipients and clients.
  • Employees.
  • Interested parties.
  • Communication partners.
  • Users.
  • Business and contractual partners.
  • Third parties.
  • Whistleblowers.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Office and organizational procedures.
  • Organizational and administrative processes.
  • Provision of our online offering and user experience.
  • Information technology infrastructure.
  • Whistleblower protection.
  • Business processes and economic procedures.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations of your or our country of residence or domicile may apply. If more specific legal bases are relevant in individual cases, we will inform you in this privacy policy.

  • Consent (Art. 6 (1) (a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR) – Processing is necessary for the performance of a contract with the data subject or to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 (1) (c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 (1) (f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Germany: In addition to the GDPR, national data protection laws apply in Germany, including the Federal Data Protection Act (BDSG). The BDSG contains specific provisions on rights of access, deletion, objection, processing of special categories of personal data, data processing for other purposes, transmission, and automated decision-making including profiling. State-level data protection laws may also apply.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, type, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and responses to threats to the data. We also take into account the protection of personal data when developing or selecting hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Securing online connections using TLS/SSL (HTTPS): To protect the data of users transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are fundamental protocols for secure data transmission on the internet. They encrypt information transmitted between the website or app and the user’s browser (or between two servers), preventing unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transfers meet the highest security standards. Websites secured with SSL/TLS display “HTTPS” in the address bar, signaling to users that their data is being transmitted securely and in encrypted form.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consent is withdrawn or there are no further legal bases for processing. This applies in cases where the original purpose of the processing no longer applies or the data is no longer required. Exceptions apply where statutory obligations or specific interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of other natural or legal persons, must be archived accordingly.

Our data protection notices contain additional information on retention and deletion that apply specifically to certain processing operations.

If several different retention periods or deletion deadlines are specified for data, the longest period is generally decisive. Data that are no longer required for the original purpose but are retained due to legal requirements or other reasons are processed solely for the reasons that justify their retention.

Retention and deletion of data: The following general retention and archiving periods apply under German law:

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets and the working instructions and other organizational documents required for their understanding (§ 147 (1) no. 1 in conjunction with (3) AO, § 14b (1) UStG, § 257 (1) no. 1 in conjunction with (4) HGB).
  • 8 years – Accounting records such as invoices and cost receipts (§ 147 (1) nos. 4 and 4a in conjunction with (3) sentence 1 AO and § 257 (1) no. 4 in conjunction with (4) HGB).
  • 6 years – Other business documents: received commercial or business letters, copies of sent commercial or business letters, and other documents relevant for taxation, such as hourly wage slips, cost accounting sheets, calculation documents, price notices as well as payroll documents, insofar as they are not already accounting vouchers, and cash register strips (§ 147 (1) nos. 2, 3, 5 in conjunction with (3) AO, § 257 (1) nos. 2 and 3 in conjunction with (4) HGB).
  • 3 years – Data that is required to take into account potential warranty and compensation claims or similar contractual claims and rights, as well as related inquiries, based on previous business experience and common industry practice, is stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Commencement of periods at year-end: If a period does not explicitly begin on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data are stored, the triggering event is the effective date of termination or other end of the legal relationship.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, in particular those arising from Articles 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions. Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent you have given at any time with effect for the future.
  • Right of access: You have the right to obtain confirmation as to whether personal data concerning you is being processed, and, where that is the case, access to such personal data and information in accordance with legal requirements, as well as a copy of the data.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of inaccurate personal data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request the erasure of personal data concerning you without undue delay, or alternatively the restriction of processing of the data in accordance with legal requirements.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller or to have them transmitted, in accordance with legal requirements.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, of your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Business Services

We process data of our contractual and business partners, e.g. customers and prospects (collectively referred to as “contractual partners”), in the context of contractual and comparable legal relationships, as well as associated measures and for communication with contractual partners (or pre-contractually), for example to respond to inquiries.

We process this data in order to fulfill our contractual obligations. These include, in particular, obligations to provide the agreed services, obligations to update, and to provide remedies in the event of defects in quality or other service disruptions. Furthermore, we process the data to safeguard our rights and for administrative tasks associated with these obligations and for the organization of our business. In addition, we process the data on the basis of our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business from misuse, risks to their data, secrets, information and rights (e.g. by involving telecommunication, transport and other support services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities).

Within the scope of applicable law, we only disclose data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or for the fulfillment of legal obligations. Contractual partners are informed about further forms of processing, for example for marketing purposes, within this privacy policy.

We inform contractual partners about the data required for the aforementioned purposes before or during data collection, for example in online forms, by special marking (e.g. colors) or symbols (e.g. asterisks), or personally.

We delete data after the expiry of statutory warranty and comparable obligations, usually after four years, unless the data is stored in a customer account, for example because statutory archiving obligations apply (as is generally the case for tax purposes with a retention period of ten years). Data that has been disclosed to us by the contractual partner in the context of an order will be deleted in accordance with applicable requirements and usually after completion of the order.

  • Types of data processed: Inventory data (e.g. full name, address, contact information, customer number); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses, phone numbers); contract data (e.g. contract subject, term, customer category); usage data (e.g. page views, dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, timestamps, identifiers, persons involved).
  • Data subjects: Service recipients and clients; prospects; business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative processes; business processes and economic procedures.
  • Retention and deletion: Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR); legal obligation (Art. 6 (1) (c) GDPR); legitimate interests (Art. 6 (1) (f) GDPR).

Further notes on processing operations, procedures and services:

  • Online shop, order forms, e-commerce and performance of services: We process the data of our customers in order to enable them to select, purchase and order the chosen products, goods and related services, as well as to pay for them and to receive them or have them carried out. Where necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to deliver or perform services for our customers. For processing payment transactions, we use the services of banks and payment service providers. The information required is identified as such during the order or comparable purchase process and includes the information necessary for delivery or provision and billing, as well as contact information, in order to be able to clarify any questions; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Provision of the Online Offering and Web Hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

  • Types of data processed: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, timestamps, identifiers, persons involved); log data (e.g. log files relating to logins or data retrieval or access times); content data (e.g. textual or visual messages and posts and related information, such as authorship or time of creation).
  • Data subjects: Users (e.g. website visitors and users of online services).
  • Purposes of processing: Provision of our online offering and user experience; information technology infrastructure (operation and provision of information systems and technical devices, e.g. computers, servers).
  • Retention and deletion: Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
  • Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).

Further notes on processing operations, procedures and services:

  • Provision of the online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity and software that we obtain from a corresponding server provider (“web host”); Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Email dispatch and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of recipients and senders, as well as further information concerning email transmission (e.g. the providers involved) and the contents of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails are generally not transmitted in encrypted form on the internet. As a rule, emails are encrypted during transport, but not on the servers from which they are sent and where they are received (unless end-to-end encryption is used). We therefore cannot assume responsibility for the transmission of emails between the sender and receipt on our server; Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).
  • WordPress.com: Hosting and software for creating, providing and operating websites, blogs and other online offerings; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://wordpress.com; Privacy policy: https://automattic.com/de/privacy/; Data processing agreement: https://wordpress.com/support/data-processing-agreements/; Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider).

Use of Cookies

The term “cookies” refers to functions that store and read information on users’ devices. Cookies can be used for various purposes, such as ensuring the functionality, security and comfort of online offerings, as well as for analyzing visitor flows. We use cookies in accordance with legal requirements. Where necessary, we obtain users’ consent in advance. If consent is not required, we rely on our legitimate interests. This is the case where storing and reading information is essential in order to provide content and functions explicitly requested by users. This includes, for example, storing settings and ensuring the functionality and security of our online offering. Consent can be withdrawn at any time. We clearly inform users about the scope of consent and which cookies are used.

Notes on legal bases under data protection law: Whether we process personal data using cookies depends on whether users give consent. If consent is given, it serves as the legal basis for processing. In the absence of consent, we rely on our legitimate interests, which are explained in this section and in the context of the respective services and procedures.

Storage period: Regarding storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, login status can be stored and preferred content can be displayed directly when a user revisits a website. Likewise, user data collected via cookies may be used for reach measurement. Unless we provide explicit information about the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

General notes on withdrawal and objection (opt-out): Users can withdraw consent they have given at any time and can also object to processing in accordance with legal requirements, including through the privacy settings of their browser.

  • Types of data processed: Meta, communication and procedural data (e.g. IP addresses, timestamps, identifiers, persons involved).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR); consent (Art. 6 (1) (a) GDPR).

Further notes on processing operations, procedures and services:

  • Processing of cookie data based on consent: We use a consent management solution by which we obtain users’ consent to the use of cookies or to the procedures and providers listed in the consent management tool. This process serves to obtain, log, manage and document consents, in particular with regard to the use of cookies and comparable technologies used to store, read and process information on users’ devices. As part of this process, users’ consents to the use of cookies and the associated processing of information, including specific processing and providers listed within the consent management tool, are obtained. Users also have the option of managing and withdrawing their consents. Consent declarations are stored in order to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies, so that consent can be assigned to a specific user or device. Unless specific details on the providers of consent management services are given, the following general notes apply: the storage period for consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information about the scope of consent (e.g. relevant categories of cookies and/or service providers), as well as information about the browser, system and device used; Legal bases: Consent (Art. 6 (1) (a) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails and other electronic notifications (hereinafter referred to collectively as “newsletter”) only with the consent of the recipients or on the basis of legal permission. Where the contents of the newsletter are specifically described in the course of registration, they are decisive for the users’ consent. In order to subscribe to our newsletter, it is generally sufficient to provide your email address. However, in order to offer you a personalized service, we may additionally ask you to provide your name for personal address in the newsletter or further information, if this is necessary for the purposes of the newsletter.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove prior consent. Processing of this data is limited to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. If we are subject to obligations to permanently observe objections, we may store the email address in a blocklist for this purpose alone.

The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of proving its proper implementation. Insofar as we commission a service provider with sending emails, this is done on the basis of our legitimate interests in an efficient and secure email delivery system.

Content: Information about us, our services, actions and offers.

  • Types of data processed: Inventory data (e.g. full name, address, contact information, customer number); contact data (e.g. postal and email addresses, phone numbers); meta, communication and procedural data (e.g. IP addresses, timestamps, identifiers, persons involved); usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g. by email or post).
  • Legal bases: Consent (Art. 6 (1) (a) GDPR).
  • Right to object (opt-out): You can cancel the receipt of our newsletter at any time, i.e. withdraw your consent or object to further receipt. You will find a link to unsubscribe at the end of each newsletter or you can use one of the contact options provided above, preferably email.

Further notes on processing operations, procedures and services:

  • Measurement of opening and click rates: Our newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server or, if we use a mailing service provider, from their server when the newsletter is opened. Within the scope of this retrieval, technical information such as browser details and your system, as well as your IP address and time of access, are collected. This information is used to technically improve our newsletter on the basis of the technical data, target groups and their reading behavior, determined by their access locations (which can be determined with the help of the IP address) or access times. This analysis also includes determining whether and when newsletters are opened and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until it is deleted. The evaluations help us recognize the reading habits of our users and adapt our content to them or send different content according to the interests of our users. The measurement of opening and click rates and the storage of the measurement results in users’ profiles is carried out only with their consent; Legal bases: Consent (Art. 6 (1) (a) GDPR).

Privacy Information for Whistleblowers

In this section, you will find information on how we handle data of persons who provide information (“whistleblowers”), as well as of affected and involved parties in the context of our whistleblower procedures. Our aim is to offer a straightforward and secure way to report possible misconduct by us, our employees or service providers, in particular actions that violate laws or other applicable regulations.

Legal bases (Germany): Insofar as we process data in order to fulfill our legal obligations under the German Whistleblower Protection Act (Hinweisgeberschutzgesetz – HinSchG), the legal basis for processing is Article 6 (1) (c) GDPR and, in the case of special categories of personal data, Article 9 (2) (g) GDPR, § 22 BDSG, each in conjunction with § 10 HinSchG. This concerns the obligation to establish and operate an internal whistleblower reporting office, the fulfillment of its statutory tasks and, if the data collected in the reporting procedure is used, the implementation of further investigations or employment law measures against persons who have been found to have committed a violation.

Insofar as we process data (in particular in cases of established misconduct) in the context of or for the preparation of legal defense, this is based on our legitimate interests in acting in a legally compliant and ethical manner in accordance with Article 6 (1) (f) GDPR.

If you have given us consent to the processing of personal data for specific purposes, processing is carried out on this basis pursuant to Article 6 (1) (a) GDPR; in the case of special categories of personal data, processing may additionally be based on the relevant legal provisions.

Types of data processed:

In the context of receiving and processing reports and the subsequent whistleblower procedure, we may process various data. This includes, in particular, data provided by a whistleblower, such as:

  • Name, contact details and place of residence of the person submitting the report;
  • Names and details of potential witnesses or persons affected by the report;
  • Names and details of the persons against whom the report is directed;
  • Data relating to the alleged misconduct;
  • Other relevant details provided by the whistleblower.

For the purpose of reviewing the facts and continuing the procedure, we additionally process the following personal data:

  • Unique identifier of the report;
  • Contact details of the reporting person, if provided;
  • Personal data of persons named in the report, if provided;
  • Personal data of persons who are indirectly affected by the report, if provided.

Special categories of personal data:

In the course of our activities, we may also process special categories of personal data, particularly if such information is provided by a whistleblower. These include:

  • Health-related data of a person;
  • Data on the racial or ethnic origin of persons;
  • Information on a person’s religious or philosophical beliefs;
  • Details about a person’s sexual orientation.

Such data is only processed where it is relevant for the assessment of the report or required by law.

Use of our online forms: Please note that it is possible to submit reports anonymously. To ensure the security of your data when using our online forms, we recommend opening them in the “incognito mode” of your browser. You can open an incognito window as follows: a) On a Windows PC: open your browser and press Ctrl+Shift+N; b) On a Mac: open your browser and press Command+Shift+N; c) On mobile devices: switch to private mode using the tab menu.

When you access our website in normal mode, your browser automatically sends certain information to our server, such as browser type and version and the date and time of access. This also includes the IP address of your device. This data is temporarily stored in a log file and automatically deleted after a maximum of 30 days.

The processing of the IP address serves technical and administrative purposes in establishing the connection to our website. It ensures the security, stability and functionality of the whistleblower form and is an important component of our measures for ensuring confidential communication.

Providing your name: You have the option of submitting reports anonymously. Insofar as this is not prohibited by national laws, we nevertheless recommend that you provide your name and contact details, as this enables us to follow up the report more effectively and contact you directly if necessary.

If you provide your name and contact details, your identity will be treated as strictly confidential. Exceptions to this confidentiality only exist if we are legally obliged to disclose your identity. This may be necessary, for example, in order to protect our rights or the rights of our employees, customers, suppliers or business partners.

Disclosure of data to third parties: Data relating to reports is only disclosed to third parties under certain circumstances. This occurs either (a) if you have given us your explicit consent; or (b) if there is a legal obligation to disclose the data. Possible recipients include public authorities, government, regulatory or tax authorities, where disclosure is necessary to comply with a legal or regulatory obligation. In addition, within the framework of legal provisions, we may engage lawyers and other professional advisors to review suspected misconduct and, where necessary, take appropriate measures following an investigation, such as initiating disciplinary or legal proceedings. Carefully selected and supervised service providers (for example, operators of a web-based reporting system) may also receive data for these purposes. These service providers are contractually obliged to comply with applicable data protection laws.

Data retention and deletion: Personal data is processed only for as long as necessary to fulfill the purposes described above. If the data is no longer required for these purposes, it will be deleted. In certain situations, data may be retained for a longer period in order to fulfill legal requirements, as long as this is necessary and proportionate. In such cases, data will be stored only for the period and to the extent required by law.

Technical and organizational measures: We have implemented the necessary contractual, technical and organizational measures to ensure the security of all data processed by us. Data is processed exclusively for the purposes set out above. Incoming reports are processed only by authorized persons who have access to the respective reports and carry out the subsequent examination of the facts. Our employees who handle such reports are specially trained and obligated to maintain confidentiality.

  • Types of data processed: Inventory data (e.g. full name, address, contact details, customer number); employee data (information on employees and similar persons); contact data (e.g. postal and email addresses, phone numbers); content data (e.g. textual or visual messages and entries, as well as information relating to them, such as authorship details); usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data subjects: Employees (e.g. staff, applicants, temporary staff and comparable persons); third parties; whistleblowers.
  • Purposes of processing: Whistleblower protection.
  • Retention and deletion: Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
  • Legal bases: Consent (Art. 6 (1) (a) GDPR); legal obligation (Art. 6 (1) (c) GDPR); legitimate interests (Art. 6 (1) (f) GDPR).

Changes and Updates

We kindly ask you to regularly review the content of this privacy policy. We will update this privacy policy as soon as changes in our data processing activities make this necessary. We will inform you if the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

If we provide addresses and contact details of companies and organizations in this privacy policy, please note that these details may change over time. We therefore ask you to check the information before contacting them.

Definitions

In this section, you will find an overview of the terms used in this privacy policy. Where terms are defined by law, the legal definitions apply. The explanations below are intended primarily to aid understanding.

  • Employees: Employees are persons who are in an employment relationship, whether as staff, salaried employees or in similar positions. An employment relationship is a legal relationship between an employer and an employee based on an employment contract or agreement. It includes the employer’s obligation to pay remuneration and the employee’s obligation to provide work. The employment relationship comprises various phases, including its establishment (conclusion of the employment contract), performance (the period during which the employee performs their work) and termination (e.g. by dismissal, termination agreement or otherwise). Employee data includes all information that relates to such persons and is processed in the context of their employment, such as personal identification data, identifiers, salary and bank details, working hours, vacation entitlements, health data and performance evaluations.
  • Inventory data: Inventory data includes essential information required for the identification and administration of contractual partners, user accounts, profiles and similar assignments. This data may include personal and demographic information such as names, contact information (addresses, phone numbers, email addresses), dates of birth and specific identifiers (e.g. user IDs). Inventory data forms the basis for formal interactions between individuals and services, organizations or systems by enabling clear assignment and communication.
  • Content data: Content data includes information generated in the course of creating, editing and publishing content of any kind. This category includes texts, images, videos, audio files and other multimedia content published on various platforms and media. Content data also includes metadata that provides information about the content, such as tags, descriptions, author information and publication dates.
  • Contact data: Contact data is essential information that enables communication with individuals or organizations. It includes, for example, phone numbers, postal addresses and email addresses, as well as communication identifiers such as social media handles and instant messaging IDs.
  • Meta, communication and procedural data: Meta, communication and procedural data include information on how data is processed, transmitted and managed. Metadata (data about data) includes information describing the context, origin and structure of other data, such as file size, creation date, document author and change history. Communication data records the exchange of information between users via various channels (e.g. email traffic, call logs, messages in social networks, chat histories), including the persons involved, timestamps and transmission paths. Procedural data describes processes and workflows within systems or organizations, including workflow documentation, logs of transactions and activities, and audit logs used to track and review processes.
  • Usage data: Usage data relates to information that records how users interact with digital products, services or platforms. This data includes, for example, how users use applications, which functions they prefer, how long they stay on certain pages, and which paths they take through an application. Usage data may also include frequency of use, timestamps of activities, IP addresses, device information and location data. Such data is particularly valuable for analyzing user behavior, optimizing user experience, personalizing content and improving products or services, as well as for identifying trends, preferences and potential problem areas.
  • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Log data: Log data is information about events or activities recorded in a system or network. This data typically includes information such as timestamps, IP addresses, user actions, error messages and other details relating to the use or operation of a system. Log data is often used to analyze system problems, monitor security or create performance reports.
  • Controller: The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
  • Processing: “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and includes virtually any handling of data, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing or destroying.
  • Contract data: Contract data includes specific information relating to the formalization of an agreement between two or more parties. It documents the conditions under which services or products are provided, exchanged or sold. This category of data is essential for managing and fulfilling contractual obligations and includes the identification of the contracting parties as well as the specific terms and conditions of the agreement. Contract data may include the start and end dates of the contract, the type of agreed services or products, price agreements, payment terms, termination rights, renewal options and special conditions or clauses.
  • Payment data: Payment data includes all information necessary for processing payment transactions between buyers and sellers. This data is essential for e-commerce, online banking and other financial transactions. It includes details such as credit card numbers, bank details, payment amounts, transaction data, verification numbers and billing information, as well as information about payment status, chargebacks, authorizations and fees.

Created with the free privacy policy generator by Dr. Thomas Schwenke (Datenschutz-Generator.de)