Dear visitors,

We are pleased about your visit to our websites. We want you to feel secure and comfortable during your visit. The protection of your privacy is a high priority for us. The following data protection provisions are intended to inform you about our handling of the collection, use, and disclosure of personal data.

1. Responsible Party (Controller)

Henrichs, Thomas Kölner Str. 439 41468 Neuss Germany Email: [email protected]

Tel.: +49 (0) 2131-74 23 482

2. Internal Contact Person for Data Protection Matters

For questions regarding data protection and the exercise of your rights under the GDPR, you may contact the following person: Thomas Henrichs Kölner Str. 439 41468 Neuss Germany Email: [email protected] Tel.: +49 (0) 2131-74 23 482

Note: There is no legal obligation to appoint a Data Protection Officer. Mr Henrichs is the internal contact person and coordinates all data protection-related concerns.

3. Use of Cloudflare (CDN, Security Functions & DDoS Protection)

We use the service Cloudflare for the secure, high-performance, and stable operation of our website, provided by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. To fulfill our transparency obligations, we additionally point to the existence of Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany. Cloudflare functions as a Content Delivery Network (CDN), as a reverse proxy, and as an extensive security service (including DDoS protection, Web Application Firewall, bot management).

a.) Nature and Scope of Processing When accessing our website, all data traffic between your browser and our web server is routed through Cloudflare. In this process, Cloudflare processes the following data categories in particular: b.) End User Data (Website Visitors) IP address of the website visitor, system and browser information, device information, date and time of access, accessed URLs, header information, transferred data volumes, and security-relevant information (e.g., unusual traffic patterns). c.) Cookies Cloudflare sets temporary, technically required cookies (__cf_bm), which serve exclusively to guarantee security and identify bots.

d.) Purposes of Processing The processing serves the following overriding legitimate interests:

• Defence and detection of attacks (especially DDoS and bot attacks) to ensure network security.

• Securing the website via firewall mechanisms.

• Ensuring the availability, stability, and performance of the website.

• Technical necessity: Use occurs specifically for implementing the server-side 301 redirection to resolve indexing problems and to ensure an SEO-optimal redirection chain. Without this function, the website would not be properly indexable and would not be available as desired by the user.

e.) Legal Basis The processing of personal data (especially the IP address) is based on Art. 6(1)(f) GDPR (overriding legitimate interest in a secure, stable, and reliable operation of our website). This interest is supported by Recital 49 GDPR, which recognizes cybersecurity as a legitimate interest. f.) Order Processing An order processing contract (AVV/DPA) exists with Cloudflare pursuant to Art. 28 GDPR. Cloudflare processes the data exclusively according to documented instructions and not for its own primary purposes. Data Transmission to the USA (Third Country Transfer): Cloudflare, Inc. has its registered office in a third country (USA). The transmission of personal data occurs on the basis of the adequacy decision of the European Commission according to Art. 45 GDPR, as Cloudflare is actively certified under the EU–U.S. Data Privacy Framework (DPF). The DPF certification guarantees an adequate level of data protection. In addition to DPF certification, technical and contractual protection measures have been implemented:

• Technical Measures (TOMs): Cloudflare uses advanced encryption protocols, applies the zero-trust principle, and strict multi-factor authentication (MFA) for access to processing systems.

• Contractual Assurance: Cloudflare undertakes to legally challenge official requests from US authorities that conflict with EU law and to inform customers about such requests, insofar as legally permissible.

g.) Storage Period (Data Minimization) We use the Cloudflare Free plan and have deactivated the storage of protocol data regarding visits to our website ("HTTP Request Logs"). Cloudflare does not store these logs by default. The processing of the IP address therefore occurs only briefly for immediate forwarding, threat defense, and for the implementation of the redirection chain. This reduces the storage period to a technical minimum (0 days retention for request logs). Only the internal logs regarding the management of our Cloudflare account ("Audit Logs") are stored for 18 months. Further Information & Rights of Data Subjects: Cloudflare's privacy policy can be found at: https://www.cloudflare.com/privacypolicy/

3.1 Server-Side Processing via Cloudflare Worker (API Endpoints & Structured Data)

In addition to the general Cloudflare integration according to Section 3, we use Cloudflare Workers for the server-side delivery of structured data (JSON-LD) as well as for the provision of technical endpoints under the subdomains pageapi teledtv, blog108 api teledtv, as well as geo signal api teledtv.

a.) Nature and Scope of Processing When retrieving these API endpoints, the Cloudflare Worker processes exclusively technically necessary data required for the delivery of the contents:

• IP address of the requesting client

• Browser and system information

• Date and time of the retrieval

• Requested URL

• Technically necessary header information (e.g., User-Agent for device detection, Accept-Language for language selection) The processing takes place primarily "on the fly" for the delivery of the contents. Cloudflare logs these accesses within the scope of "Workers Logs" for technical diagnostic purposes. On the part of the website operator, no analysis, no tracking, no profiling, and no disclosure of this data takes place. The Workers serve exclusively for the delivery of static content (e.g., structured data for search engines).

b.) Purpose of Processing The processing takes place for:

• Technically necessary provision of API content,

• Search engine and AI optimization (AEO / Schema.org / JSON-LD),

• Improvement of indexability by crawlers,

• Ensuring correct delivery of structured data,

• Securing and stabilizing the API subdomains, as well as for technical error analysis and diagnosis of Worker functionality. No personal evaluation of API retrievals takes place.

c.) Legal Basis Legal basis is Art. 6(1)(f) GDPR (overriding legitimate interest in a functioning, secure, and search engine-optimized delivery of structured web content). This interest also follows from Recital 49 GDPR (security and stability of networks and services). User interests are protected by strict data minimization (no storage beyond technical diagnostic purposes) and short protocol duration (maximum 3 days) and do not conflict with the operator's legitimate interest.

d.) Order Processing & Third Country Transfer The Workers are operated entirely via Cloudflare. The conditions mentioned under Section 3 (DPA, DPF, technical and contractual protection) apply. No separate data outflow to external third parties takes place.

e.) Right of Objection You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Art. 6(1)(f) GDPR. In this case, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

f.) Storage Period Access data is logged by Cloudflare within the scope of "Workers Logs" for technical diagnostic purposes. The storage period is a maximum of 3 days and serves exclusively to ensure the technical functionality and security of the service. No further storage or evaluation by the website operator takes place.

4. Hosting and Technical Provision of the Website via Hostinger

Our website is provided via the website builder and hosting infrastructure of Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus. Hostinger handles the storage of website content as well as the operation of the server systems through which the website is delivered. Since Cloudflare functions as an upstream security and CDN layer (see Section 3), Hostinger only processes personal data when a request is forwarded from Cloudflare to the hosting server.

Processed Data Categories (Server Log Files of Hostinger) Hostinger processes the following data for the technical provision of the system and error diagnosis:

• Browser type and browser version

• Operating system used

• Referrer URL

• Hostname of the accessing device

• Date and time of page view

• IP address (if transmitted by Cloudflare for server processing)

• Technical server status messages (HTTP status codes) This data is automatically stored by Hostinger in server log files. We do not maintain any additional log files outside of Hostinger's systems.

Purposes of Processing Storage of this data is technically necessary:

• To ensure the stability and functionality of the web server,

• To perform error diagnosis,

• To detect and resolve security incidents,

• To ensure the smooth operation of the Hostinger Website Builder. Legal basis is Art. 6(1)(f) GDPR (overriding legitimate interest in a secure and technically functioning operation of our website).

Storage Period at Hostinger Hostinger stores server log files for a limited period. According to our coordination, the storage duration is usually a maximum of 7 days to detect and analyze security incidents. Longer storage only occurs in cases of security-relevant events.

Recipient Hostinger processes the data exclusively within the scope of technical provision. No disclosure to third parties takes place. Further Information: Hostinger Privacy Policy: https://www.hostinger.com/legal/privacy-policy

5. Locally Hosted Webfonts (Hostinger)

Our website uses exclusively webfonts stored locally on Hostinger's servers. No connection to external font servers (e.g., Google Fonts) occurs. Therefore, no personal data is transmitted to third parties or third countries. Delivery of fonts occurs via Hostinger; through the upstream Cloudflare CDN, cached delivery may occur without external third-party providers gaining access to personal data. Further Information: Hostinger Privacy Policy: https://www.hostinger.com/legal/privacy-policy

6. Cookie Consent with CCM19

Our website uses the consent management tool "CCM19" from Papoo Software & Media GmbH, Auguststraße 4, 53229 Bonn, Germany. With CCM19, we obtain your consent for the storage of cookies and the use of external services and document this in a data protection-compliant manner. This ensures that cookies and services are only used on the basis of your consent. Consents are technically stored via a cookie or similar storage mechanisms to be automatically taken into account during later visits. Legal basis for the use of CCM19 is Art. 6(1)(c) GDPR (fulfillment of legal requirements for data protection-compliant design of our website) and Art. 6(1)(f) GDPR (legitimate interest in a user-friendly and legally secure presentation of our online offer). Further information on data protection at CCM19: https://docs.ccm19.com/funktionen/datenschutz/

7. Google Analytics & Google Tag Manager

Our website uses Google Analytics and Google Tag Manager, services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables analysis of website usage. For this purpose, cookies can be set and information such as IP address, browser type, pages viewed, and duration of stay can be processed. The IP address is stored in anonymized form so that no direct personal reference is possible. Data processing occurs exclusively on the basis of your express consent via our cookie consent tool according to Art. 6(1)(a) GDPR. An order processing contract has been concluded with Google. It cannot be excluded that data may also be transmitted to Google LLC servers in the USA. An adequate level of data protection is guaranteed by the use of standard contractual clauses approved by the EU Commission. Google Tag Manager serves to manage website tags, with which, for example, Google Analytics or other services are integrated. Tag Manager itself does not process any personal data. However, due to technical reasons (e.g., when integrating external scripts), it can trigger data transfers such as the IP address. Here, too, use occurs exclusively after your consent via our cookie consent tool. Further information: Google Privacy Policy: https://policies.google.com/privacy Information on GDPR compliance of Google Tag Manager: https://support.google.com/tagmanager/answer/9323295 The use of Google Analytics 4 (GA4) and Google Tag Manager (GTM) occurs only after your express consent. Note on Consent Mode V2 and EEA Compliance: We use Google Consent Mode V2, which transmits the consent signals you provided via CCM19 (parameters ad_user_data and ad_personalization) to Google. This is required to ensure the continuous use of measurement functions and audience-based services according to the Google EU User Consent Policy (EU UCP) for users from the European Economic Area (EEA). Without these signals, Google cannot use this data for personalizing ads or building audiences.

8. Use of Google NotebookLM

a.) Description and Purpose We use the AI-supported service Google NotebookLM from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, exclusively for internal editorial purposes. The service supports us in creating, structuring, and optimizing website content by processing our own text drafts, notes, and research materials, which usually do not contain personal data. No interaction with website visitors takes place, and the service has no direct influence on their use of the website. Processed Data and Data Flow The use of Google NotebookLM occurs exclusively for internal, editorial purposes. Generally, no personal data of visitors to this website (e.g., IP addresses, surfing behavior) is recorded, processed, or transmitted to Google. Likewise, no cookies or similar technologies are set on the end devices of website visitors. In exceptional cases, internal documents containing personal data may be processed (see section "Order Processing"). b.) Location of Processing Processing of data occurs primarily in Ireland by Google Ireland Limited. In certain cases, especially for hosting or backup purposes, further processing by Google LLC or Google Cloud in the USA may take place. We ensure an adequate level of data protection through suitable guarantees (see section "Order Processing and Data Transfer"). c.) Legal Basis The use of Google NotebookLM is based on our legitimate interest according to Art. 6(1)(f) GDPR to ensure efficient and high-quality creation and maintenance of our website content. Since no personal data of website visitors is processed, consent is not required. If internal personal data is processed, this occurs within the scope of order processing (see section "Order Processing and Data Transfer"). Order Processing and Data Transfer to the USA In the event that personal data (e.g., from internal documents or from employees) is processed during the use of Google NotebookLM, Google acts as a processor according to an order processing contract (AVV) under Art. 28 GDPR. A data transfer to the USA can take place and occurs on the basis of the EU–U.S. Data Privacy Framework (DPF), under which Google LLC is certified, or on the basis of the Standard Contractual Clauses (SCC) of the EU Commission according to Art. 46 GDPR. Additional technical and organizational measures (e.g., encryption) guarantee an adequate level of data protection. The AVV can be viewed upon request. Risks Despite the protection measures taken (e.g., DPF, SCC, encryption), a residual risk may exist that US authorities may access internally processed personal data under legal surveillance programs without affected persons having an effective legal remedy. We minimize this risk by limiting transmitted data and additional technical measures. Further Information: Google Privacy Policy: https://policies.google.com/privacy EU–U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/ For questions regarding data processing, please contact us at [email protected]

9. Use of Chatbase AI Chatbot (Consent Gate Solution)

An interactive chatbot from the Chatbase platform is integrated on this website (provider: Chatbase.co Inc., headquarters: Toronto, Canada; server location: USA). The chatbot serves exclusively for voluntary communication with website visitors and is only activated and loaded after your express consent via a consent gate solution. Before your consent, no transmission of data to Chatbase or third parties takes place. This ensures that the processing of your data meets the requirements of the General Data Protection Regulation (GDPR) [1, 2].

a.) Functionality and Data Processing The chatbot uses generative AI technology (e.g., GPT-4o) to generate suitable answers based on your inputs. The AI exclusively processes contents of this website and your entered texts. There is no direct connection to OpenAI or Google. No registration is required for use. No personal data is permanently stored. No creation of user profiles, no tracking, and no profiling takes place. Only technically necessary session cookies are used, which are required for the functionality of the chatbot during your active session. Data is processed exclusively for the provision and optimization of the chatbot by Chatbase. No further data processing by Chatbase takes place. The chatbot is trained exclusively on the contents of this website and only answers questions related to these contents. Inquiries outside this area will not be answered or rejected with a notice.

b.) Third Country Transfer (USA) When using the chatbot, personal data (e.g., IP address, browser information, entered texts) may be transmitted to servers in the USA. Since there is no adequacy decision for the USA according to Art. 45 GDPR, data transfer occurs on the basis of the current Standard Contractual Clauses (SCCs) of the EU Commission according to Art. 46 GDPR [3, 4]. Additionally, so-called "Supplementary Measures" are taken to ensure an adequate level of data protection. An order processing contract (AVV) according to Art. 28 GDPR exists between TELEDTV Digital Marketing (Controller) and Chatbase.co Inc. (Processor), which regulates the data protection-compliant processing of personal data on behalf. This AVV obliges Chatbase to process personal data exclusively according to documented instructions from TELEDTV and to implement suitable technical and organizational measures for the protection of data according to Art. 32 GDPR. The Standard Contractual Clauses (SCCs) were supplemented by Chatbase with additional technical and organizational measures ("Supplementary Measures") to ensure an adequate level of data protection.

c.) Possible Risks Despite the protection measures taken and the application of the Standard Contractual Clauses, it cannot be completely excluded that US authorities may access your data under legal surveillance programs without you, as an affected person, having an effective legal remedy. This residual risk is fundamentally present in data transfers to the USA [5].

d.) Your Consent and Choices The use of the chatbot is voluntary and occurs exclusively after your express and informed consent via the consent gate solution. Without your consent, the Chatbase iframe will not be loaded and the chatbot remains inactive. No data transfer to Chatbase or third parties occurs before you have given your consent. You can withdraw your consent at any time with effect for the future. After withdrawal, the chatbot will be immediately blocked and no longer loaded. External tools or third-party providers have no influence on the activation of the chatbot as long as no consent is present.

e.) Data Protection Contact & Information For questions regarding data protection or the exercise of your rights according to Art. 15 ff. GDPR (e.g., access, rectification, erasure), please contact the Controller named in our general data protection declaration. Alternatively, you can contact Chatbase directly: Email: [email protected] Support: [email protected] Further help: [email protected] Privacy Policy: https://www.chatbase.co/privacy

10. Social Plugins

a.) Xing (Profile Linking) The "XING Share-Button" is used on this website. When this website is accessed, a short-term connection is established via your browser to the servers of XING AG ("XING"), which provide the "XING Share-Button" functions (in particular the calculation/display of the counter value). XING does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. Furthermore, no evaluation of your usage behaviour takes place via the use of cookies in connection with the "XING Share-Button". You can access the current data protection information on the "XING Share-Button" and additional information on this website: https://www.xing.com/app/share?op=data_protection.

b.) LinkedIn (Profile Linking) Privacy Policy for the use of the LinkedIn Recommend Button: Plugins of the social network LinkedIn of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter "LinkedIn") are integrated into this website. You can recognise the LinkedIn plugins by the LinkedIn logo or the "Share-Button" ("Recommend") on this website. When you visit this website, a direct connection is established between your browser and the LinkedIn server via the plugin. LinkedIn thereby receives the information that you have visited this website with your IP address. If you click the LinkedIn "Share-Button" while you are logged into your LinkedIn account, you can link the content of this website to your LinkedIn profile. This allows LinkedIn to associate the visit to this website with your user account. We point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn. Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn's data protection notice. LinkedIn provides these notices here: http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv.

11. Information on YouTube Links

On our website, you will find preview images or text links that refer to videos on the YouTube platform. YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Important: These are pure links. When you access our website, no direct connection is established to YouTube's servers. No data is transmitted to YouTube as long as you are on our website. Only when you click the link do you leave our website and are redirected directly to YouTube. From this point on, the data protection regulations of YouTube/Google apply. We point out that Google LLC is certified under the EU-U.S. Data Privacy Framework. Further information on data processing by Google can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en.

12. HubSpot (Currently no direct connection from website to HubSpot)

We do not currently use any direct technical integration of HubSpot on our website. However, there is a general use of HubSpot for managing contact data if you transmit your data to us by email or other means. An automatic data transfer from the website to HubSpot does not currently take place. As soon as an integration takes place, this section will be updated accordingly. Further information: https://legal.hubspot.com/privacy-policy.

13. Processing of Customer Data to Fulfil Web-Abo Contracts

Within the scope of the web subscription services offered by us (Web-Abo START, PLUS, PRO) as well as the additional offers (Maintenance & Support, Content & Management, AI Chatbot & Automation), we process personal data of our customers to fulfil contractual obligations in accordance with Art. 6(1)(b) GDPR (contract fulfilment).

a.) Scope of processed data:

• Inventory data: Name, address, email, telephone number of the customer or contact person.

• Contract data: Booked Web-Abo package, term, payment data (IBAN, PayPal ID, no full credit card data), communication history.

• Access data: CMS, hosting accounts (e.g., Hostinger), analysis tools (e.g., Google Analytics), email inboxes, and third-party services (e.g., CRM, AI chatbot platforms) required for the provision of the contractually owed services. All data is encrypted and stored securely.

b.) Purpose of processing:

• Creation, maintenance, and technical support of the customer website.

• Fulfilment of contractually agreed services (e.g., SEO, content creation, interface integration).

• Processing of payments and invoicing.

• Communication for contract fulfilment and for support enquiries.

c.) Disclosure of data:

• Only to internal employees or selected subcontractors who act according to instructions and are bound to confidentiality.

• Disclosure to third parties only for contract fulfilment or in the event of a legal obligation.

d.) Storage duration:

• Storage for as long as necessary for contract fulfilment and statutory retention obligations.

• After the purposes cease to exist, the data will be deleted.

14. Order Processing (DPA) TELEDTV

As we obtain access to the customer's systems (CMS, hosting accounts, etc.) within the scope of the Web-Abo services and process personal data of their customers or employees there, if applicable, we act as an order processor within the meaning of Art. 28 GDPR.

• Processing takes place exclusively on the documented instructions of the customer.

• A separate DPA (AVV) is concluded with the customer.

• Technical and organisational measures (TOMs) are complied with.

• An overview of our TOMs as well as a DPA template are provided upon request.

• Note: The processing of personal data within the scope of the Web-Abo services is described in the GTC (AGB) under Section 10.

15. Bing Webmaster Tools

For the analysis and optimisation of our website, we use the Bing Webmaster Tools of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In doing so, no personal data such as IP addresses or user behaviour are processed, as no tracking functions are integrated. The use takes place exclusively for the technical improvement of the website in accordance with Art. 6(1)(f) GDPR (legitimate interest). Further information can be found here: https://www.microsoft.com/en-gb/privacy/privacystatement.

16. External Links and Third-Party Content

Our website contains pure hyperlinks to external websites and offers of third parties. By clicking these links, you leave our sphere of responsibility. We checked the external content for possible legal violations at the time of linking and did not find any illegal content. As soon as you click the link, data can be transmitted to the target server. The respective provider or operator of the target site is responsible for the data collection and processing taking place there. Please observe the respective privacy policies of the third-party providers.

17. Privacy Policy for Affiliate Links

a.) Use of Affiliate Links and Data Processing by Third Parties On our website, we use so-called affiliate links. These are special links to products or services of partner companies (Hostinger, Chatbase, CCM19, meetergo, Finom, eRecht24). If you click on such a link, you will be redirected to the website of the respective partner company. There are no additional costs for you. These links serve to advertise products and services and are marked as advertising. Important note: We ourselves do not currently set our own tracking cookies or comparable technologies on your terminal device via these affiliate links before you click on the link. Our role is limited to providing the link and the mediation.

Data Processing for Commission Allocation (Attribution): When you click the link and are redirected, tracking parameters (e.g., an affiliate ID or a click ID as well as the referrer URL of our site) are transmitted via the URL to the partner by our system. The transmission of this pseudonymised data serves the correct allocation of the commission (attribution). This processing for attribution assignment is based on our legitimate interest in accordance with Art. 6(1)(f) GDPR in the monetisation of our content. Please note that tracking technologies (such as cookies) may be used on the websites of our partner companies as soon as you reach their page. These technologies enable the partner company to facilitate the assignment of commissions and to analyse your usage behaviour on their website. In this context, personal data such as your IP address, the referrer URL, the time of the click, information about your end device used (e.g., browser type, operating system) and, if applicable, further pseudonymised usage data can be processed.

c.) Our Role as a Mediator We would like to clarify that we only act as a mediator within the framework of affiliate marketing. The contract for the advertised products or services is concluded exclusively between you and the respective partner company. We assume no liability for the content or business practices of the partner companies.

d.) Your Rights as a Data Subject With regard to the processing of your personal data by us (within the framework of our own data processing, which does not include tracking through affiliate links), you are entitled to the rights anchored in the GDPR. These include the right to access, rectification, erasure, restriction of processing, data portability, objection, and the right to lodge a complaint with a supervisory authority. For the exercise of your rights, you can contact us at any time. The contact details can be found in our legal notice.

e.) Future Developments and Adjustments Should we implement our own tracking in connection with affiliate links on our website in the future, we will inform you about this transparently and make the necessary adjustments in this privacy policy. This would then also include the introduction of a cookie consent management system to obtain your express consent before corresponding technologies are used on your terminal device.

f.) Finom (Affiliate-Link Business Banking) On our website, we use affiliate links to Finom, a provider of business banking (e.g., https://app.finom.co/r/ftQ8yPGl). When you click on our recommendation link, you will be redirected to the Finom website. Please note that Finom uses cookies and similar technologies on its website to ensure functionality, analyse usage, and enable personalised advertising. This may include the processing of personal data.

Data Processing by Finom: The use of cookies by Finom can include the following categories:

• Necessary Cookies: Required for the basic functionality of the website.

• Analysis Cookies: Serve to improve the services by analysing website usage.

• Marketing Cookies: Used for personalised advertising and to measure campaign performance. Usage data can be shared with partners (e.g., social media platforms).

a.) Consent and Rights: The setting of cookies that are not technically necessary (in particular analysis and marketing cookies) requires your express consent. This is obtained directly by Finom. You have the right to withdraw your consent at any time. Details on cookie use and your rights can be found in Finom's cookie policy and privacy policy, which we recommend you read beforehand.

Commissions and Data Disclosure: We receive a commission if you register with Finom via our link. There are no additional costs for you. Your personal data will not be passed on to us without your separate consent. After redirection to the Finom website, we have no influence on the data processing taking place there.

b.) Legal Basis: The processing of personal data in connection with affiliate links that is not technically necessary is based on your consent in accordance with Art. 6(1)(a) GDPR. The disclosure of the affiliate relationship takes place in accordance with our transparency obligations.

18. Website Check / Website Audit (including provider analysis)

a.) Processed Data and Purpose Within the scope of a website check (e.g., checking GDPR compliance, performance analysis, hosting/provider evaluation, SEO analysis), we process the data provided by you exclusively for the creation, documentation, and transmission of the analysis report as well as for communication with you. This includes in particular:

• The internet address (URL) provided by you as well as any website content transmitted.

• Your contact details (name, email address, telephone number).

• Voluntary additional information within the scope of the order.

• Technical data collected in the course of the analysis (e.g., server IP, provider location, DNS entries, HTTP headers, PageSpeed measurement values).

b.) Legal Bases

• Art. 6(1)(b) GDPR: Processing for the performance of pre-contractual measures or for contract fulfilment.

• Art. 6(1)(f) GDPR: Processing of technical server and provider data in the legitimate interest of a complete analysis.

• Art. 6(1)(a) GDPR: Further use (e.g., for marketing or references) takes place only on the basis of your express consent.

c.) Authorisation and Active Tests By placing the order, you confirm that you are authorised to have the named website checked (e.g., as domain owner or authorised representative). Active security tests (e.g., penetration tests, port scans) take place exclusively following a separate agreement and express consent.

d.) Services Used / Third-Party Providers For the technical analysis, we use established online tools. The selection depends on the nature and scope of the test order. Examples:

• Google PageSpeed Insights

• SISTRIX Toolbox

• Sitechecker Pro

• DomainTools WHOIS

• Sicher3 Webscanner

• eRecht24 Google Fonts Scanner Further services may be called upon to ensure a comprehensive analysis. A current list of the sub-processors used is available upon request.

e.) Disclosure & Order Processing Technical analysis data (e.g., server IP, DNS entries, PageSpeed results) can be transmitted to the tools used. Your personal contact details will not be passed on. Insofar as necessary, contracts for order processing in accordance with Art. 28 GDPR exist.

f.) Third Country Transfers Individual services may process data outside the European Economic Area (EEA). In these cases, we secure the transmission through suitable guarantees in accordance with Art. 46 GDPR (e.g., EU Standard Contractual Clauses) or rely on an adequacy decision in accordance with Art. 45 GDPR. If none of these bases exist, a transmission only takes place with your express consent in accordance with Art. 49 GDPR after prior information about the risks involved.

g.) Storage Duration Analysis and report data are deleted at the latest 30 days after the test report is sent, unless further commissioning takes place or statutory retention obligations prevent this.

h.) Security Measures We use appropriate technical and organisational measures to protect your data, including:

• TLS/HTTPS encryption during data transmission.

• Access restrictions.

• Role-based authorisation concepts. Details on our security measures are available upon request.

i.) Data Subject Rights You have the right to: Access to your stored data; Rectification of incorrect data; Erasure or restriction of processing; Data portability; Objection to processing. Furthermore, you have the right to lodge a complaint with a competent data protection supervisory authority. An overview can be found at: www.bfdi.bund.de.

j.) Liability and Indemnification Insofar as tests have effects on third parties or active tests are planned, this will be agreed upon separately. The client ensures that he is authorised to commission the tests and indemnifies us from any claims by third parties.

k.) Note on Updates The services used may change. We update this information regularly and provide you with a current list upon request.

19. External Online Tests and Speed Analysis

For certain technical analyses such as load speed tests or performance checks (e.g., Google PageSpeed Insights), no personal data is stored by us. The analysis takes place directly on the servers of the respective provider. Only the URL provided by you and technical page information for performance evaluation are processed. Use of this data for advertising purposes or for profiling does not take place. Legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in optimising website performance).

20. Provision of Weather Data by OpenWeatherMap

We use a service on our website to display current weather information. The provider of this service is OpenWeather Ltd., 41A, Vilton Str., 3011, Limassol, Cyprus (hereinafter "OpenWeatherMap").

a.) Nature and Purpose of Data Processing In order to be able to display current weather data for the predefined location "Neuss, Germany", our web server sends an automated enquiry to the programming interface (API) of OpenWeatherMap. This enquiry contains no personal data of yours. In particular, neither your IP address nor other information that allows conclusions to be drawn about your person is transmitted to OpenWeatherMap. Communication takes place exclusively between our server and the servers of OpenWeatherMap. The purpose of this function is to increase the information content and the utility of our website for visitors by providing relevant, location-related additional information.

b.) Legal Basis and Requirement of Consent The processing of the data for the display of the weather information takes place on the basis of our legitimate interest in an attractive and informative design of our online offer in accordance with Art. 6(1)(f) GDPR. Since no personal data of website visitors is processed during this process and no cookies or similar technologies are stored or read on your terminal device, no consent via a consent banner is required for the use of this service.

c.) Order Processing Since no personal data is passed on to OpenWeatherMap in the context of the API enquiry by our server, no order processing within the meaning of Art. 28 GDPR takes place. A Data Processing Agreement (DPA/AVV) is therefore not required.

d.) Storage Duration and Further Information We do not store any data in connection with weather enquiries. We have no influence on the data processing processes at OpenWeatherMap. For further information on the handling of data by the provider itself, we refer to the official privacy policy of OpenWeatherMap, which you can view at the following link: https://openweather.co.uk/privacy-policy.

21. Integration of External Services

Use of Google Maps (inactive) This website uses Google Maps to display maps. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. By using this website, you consent to the collection, processing, and use of automatically collected data as well as data entered by you by Google, one of its representatives, or third-party providers.

The terms of use for Google Maps can be found under:

• Terms of Service for Google Maps: https://www.google.com/intl/en/help/terms_maps/

• Detailed information can be found in Google's Privacy Policy: https://policies.google.com/privacy

Your Rights as a User

• a.) Right to confirmation: Every data subject has the right to request information as to whether personal data concerning them is being processed.

• b.) Right of access (Art. 15 GDPR): Every data subject has the right to receive free information about the personal data stored about them and a copy of this information.

• c.) Right to rectification (Art. 16 GDPR): The data subject has the right to demand the immediate rectification of inaccurate personal data concerning them.

• d.) Right to erasure (Right to be forgotten) (Art. 17 GDPR): Every data subject has the right to demand that personal data concerning them be erased immediately, provided one of the legal reasons applies and insofar as the processing is not necessary.

• e.) Right to restriction of processing (Art. 18 GDPR): Every data subject has the right to demand the restriction of processing if one of the legal reasons applies.

• f.) Right to data portability (Art. 20 GDPR): Every data subject has the right to receive the personal data concerning them in a structured, commonly used, and machine-readable format and to transmit those data to another controller without hindrance.

• g.) Right to withdraw data protection consent (Art. 13 GDPR): Every data subject has the right to withdraw consent to the processing of personal data at any time.

• h.) Right to object (Art. 21 GDPR): Every data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them based on Art. 6(1)(e) or (f) GDPR.

• i.) Automated individual decision-making, including profiling (Art. 22 GDPR): Every data subject has the right not to be subject to a decision based solely on automated processing.

22. Meetergo Appointment Booking Tool with Outlook 2024

This privacy policy describes the processing of personal data within the scope of appointment booking. It supplements our general privacy policy and fulfils the information obligations according to Art. 13/14 GDPR.

• a.) Purpose of data processing: To arrange and manage appointments, we use a hybrid infrastructure of online and offline components. Booking is handled via the service Meetergo, operated by meetergo GmbH, Hauptstraße 44, 40789 Monheim am Rhein, Germany.

• b.) Processed data: Name, email address, telephone number (optional), appointment request, and free-text remarks (optional).

• c.) Technical process of appointment processing:

  1. Booking via Meetergo.

  2. Calendar entry: Automatically entered into our Outlook calendar.

  3. Notification: Confirmation sent to [email protected], hosted by Hostinger International Ltd., Cyprus. A DPA (Art. 28 GDPR) is in place. https://www.hostinger.com/legal/privacy-policy

  4. Local storage: Additionally stored locally in Outlook 2024 Professional Plus on company-owned devices for audit-proof offline documentation.

• e.) Order processing with Meetergo: A DPA (Art. 28 GDPR) has been concluded with Meetergo. Data processing takes place exclusively within the EU/EEA. Further info: https://meetergo.com/en/privacy

• f.) Use of Outlook Online: Synchronisation via a Microsoft Corporation account. Secured by the EU-U.S. Data Privacy Framework (DPF, as of 2025) and Standard Contractual Clauses (SCC). https://privacy.microsoft.com/en-gb/privacystatement

• j.) Your rights: Contact us at [email protected]. Complaints can be lodged with the supervisory authority: https://www.ldi.nrw.de/.

23. Use of Microsoft Teams (Online Meetings and Video Conferences)

We use Microsoft Teams, a communication and collaboration tool of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

• a.) Purpose of processing: Organisation and implementation of online meetings, consultations, presentations, or training sessions.

• b.) Types of data processed: User data (name, email), meeting metadata (topic, date, duration), communication data (chat, audio, video), connection data (IP addresses), and diagnostic data.

• d.) Recipients and data transfer: Transmission to Microsoft Corporation. For EU customers, the EU Data Boundary has been activated since February 2025, ensuring that data is primarily processed within the EU/EFTA.

• e.) Order processing: Regulated by the Microsoft Online Service Terms (OST) and the Microsoft Data Protection Addendum (DPA, as of September 2025).
  

24. Contact Form and Email Contact

This declaration describes the processing of personal data within the scope of using the contact form on our website.

• a.) Purpose of data processing: Exclusively for processing your enquiries (e.g., feedback, advice, offers).

• b.) Processed data: Name, email address, telephone number (optional), subject/message, and IP address (for security and spam prevention).

• c.) Technical process: Data is received via the Hostinger backend. Hostinger International Ltd. acts as an order processor (Art. 28 GDPR). Redirection via Cloudflare or Proofpoint is secured by Standard Contractual Clauses (SCC) or the EU-U.S. Data Privacy Framework (DPF, as of 2025). https://www.hostinger.com/legal/privacy-policy

• e.) Storage duration and erasure: Deleted once the purpose ceases to exist. Statutory retention periods (e.g., 6 years for business correspondence) are observed. The IP address is anonymised or deleted after a maximum of 14 days.

• f.) Security: Hostinger uses technical and organisational measures (TOMs), including TLS/SSL encryption, access controls (2FA), and DDoS protection.
  
  25. Duration for which the personal data is stored
  

  The criterion for the duration of the storage of personal data is the respective statutory retention period. After the period has expired, the corresponding data is routinely deleted, provided it is no longer required for contract fulfilment or contract initiation. Storage duration: The data is deleted as soon as the purpose no longer applies.

  • Enquiries without tax or commercial relevance: Up to 6 months after the final processing of the enquiry.

  • Business-related correspondence (e.g. invoices, booking vouchers): Due to commercial and tax law obligations (§ 257 HGB, § 14b UStG, GoBD), the retention period is 10 years, beginning with the end of the calendar year in which the invoice or the booking transaction was created.
    

  26. Right to lodge a complaint with the competent supervisory authority
  

  In the event of data protection violations, the data subject has a right to lodge a complaint with the competent supervisory authority. This is the State Data Protection Officer (Landesdatenschutzbeauftragte) of the federal state in which our company is based. Data protection declaration created with the interactive template for online legal advice from https://www.123recht.de/info.asp?id=datenschutz.
  

  27. Contact via WhatsApp
  

  Description and purpose of the integration We offer you the opportunity on our website to contact us directly via WhatsApp using a button or an icon. The integration of the WhatsApp service takes place via a privacy-friendly two-click solution or a comparable method that ensures that no connection to the servers of Meta/WhatsApp is established before you actively consent. The aim is to provide you with a fast and uncomplicated communication option to process your enquiries.
  

  Service Provider The "WhatsApp" service is provided by:

  • Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (for users in the EEA).

  • Parent company: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

  Legal basis and consent (two-click solution) When loading our website, no automatic connection to the servers of WhatsApp/Meta is established.

  • a.) Consent before data transmission (First Click): Only through your active action – clicking the WhatsApp button and the subsequent express confirmation in the preceding notice dialogue – is a connection to Meta's servers established.

  • b.) Legal basis: Before forwarding, we obtain your express consent in accordance with Art. 6(1)(a) GDPR.

  • c.) Duty to inform: In the notice dialogue, we inform you transparently that when using WhatsApp, personal data (e.g. IP address, referrer, device information) is transmitted to Meta. Only after your consent by clicking "OK" does the forwarding take place.

  Nature and scope of processed data

  • d.) Data transmission to Meta (after your consent): When clicking the WhatsApp link and confirming in the notice dialogue, Meta/WhatsApp receives at least your IP address, information about the browser and end device (e.g. operating system, language settings), and the origin page (referrer URL).

  • f.) Data processing by us (after contact): If you subsequently contact us via WhatsApp, we additionally process the data you transmit to us, as well as technical metadata: your mobile phone number, your name (if you have stored this in WhatsApp), the content of your message, and timestamps and technical metadata of the communication. We use this data exclusively to process and answer your enquiry. No further processing or disclosure by us takes place.
    

  Joint responsibility (Art. 26 GDPR) For the data processing that takes place after the forwarding and within the WhatsApp application (e.g. storage of the communication on Meta's servers, analysis of user behaviour by Meta), Meta Platforms Ireland Ltd. and, if applicable, Meta Platforms, Inc. (USA) are primarily responsible. We have no influence on this processing. We are not joint controllers within the meaning of Art. 26 GDPR for the processing by Meta.
  

  • g.) Data transfer to third countries (USA): WhatsApp is a service of Meta Platforms, Inc. based in the USA. A data transfer to the USA is therefore possible. The European Commission issued an adequacy decision for the EU-U.S. Data Privacy Framework (DPF) on 10 July 2023. Meta Platforms, Inc. is certified under this framework. The data transfer is therefore based on Art. 45(1) GDPR in conjunction with the DPF. Note on residual risk: Despite the certification, it cannot be ruled out that US authorities may access transmitted data without you having effective legal remedies against this.

  • h.) Storage duration: Your direct WhatsApp communication is stored by us for a maximum of 30 days and then deleted, provided no statutory retention obligation (e.g. commercial or tax law obligations) exists.

  • i.) Further information: Details on data processing by WhatsApp, in particular on your rights against Meta, can be found in the official WhatsApp Privacy Policy (as of October 2025): https://www.whatsapp.com/legal/privacy-policy-eea.
    

  28. Payment processing via Stripe
  

  To process payments (one-time payments and subscriptions) in our online shop, we use the payment service provider Stripe. The European service is operated by: Stripe Technology Company Limited (STC), One Wilton Park, Wilton Place, Dublin 2, D02 FX04, Ireland. When you make a payment via Stripe, the payment data entered by you as well as transaction-related information (e.g. amount, date, time, order number) are transmitted to Stripe. The processing of this data takes place exclusively for the purpose of payment processing.
  

  Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in secure and efficient payment processing). Stripe can further process the data for fraud prevention, credit checks, and to fulfil legal obligations.

  Note for B2B customers: Our online shop is exclusively directed at entrepreneurs within the meaning of § 14 BGB. The personal data collected within the scope of payment processing will be used exclusively for contract processing with these business customers.

  Data transfer to third countries (USA): Stripe also uses companies outside the European Union, in particular the US-based Stripe Inc.. This is secured by:

  • The use of the Standard Contractual Clauses (SCC) of the European Commission.

  • Participation of Stripe in the EU-U.S. Data Privacy Framework (DPF). Further information: https://stripe.com/privacy. The data processing agreement according to Art. 28 GDPR can be viewed at https://stripe.com/legal/dpa.
    

  29. International data transfers in general (Third country transfer)

  When using Google services, a data transfer to the United States of America (USA) may occur. The USA is currently considered a third country with a data protection level that does not correspond to the EU.
  

  Protective measures: The transmission is primarily based on the EU-U.S. Data Privacy Framework (DPF). Google LLC is certified according to the requirements of the DPF. Insofar as the transmission is based on your consent (Art. 49(1)(a) GDPR), it takes place on this basis.

  Qualified risk notice according to Art. 49(1)(a) GDPR: We point out that the transmission to the USA, despite the DPF certification, is associated with specific risks. Specifically, there is the risk that US authorities could access your personal data based on surveillance laws without you, as an affected person from the EU, having effective legal remedies or legal protection options against this. By giving your consent, you accept these risks. Further info on the DPF: https://www.dataprivacyframework.gov/.
  

  30. Closing remark

  The protection of your personal data is an important concern to us. We take technical and organisational measures to protect your data from unauthorised access, loss, or misuse and adapt these regularly to the state of the art. This data protection declaration is regularly reviewed and updated as necessary.
  

  31. Changes to this data protection declaration

  We reserve the right to adapt this data protection declaration as necessary to adapt it to legal requirements and technical changes. The current version published on this website applies.
  
  

Stand: December 2025

Data. Tech. Vision.
Privacy Policy & Data Protection