With the following Privacy Policy, I would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that I process, for what purposes, and to what extent.

This Privacy Policy applies to all processing of personal data carried out by me, both in the context of providing my services and, in particular, on my websites, in mobile applications, as well as within external online presences such as my social media profiles (hereinafter collectively referred to as the “online offering”).

The terms used are gender-neutral.

Last updated: 23 February 2026

Table of contents
Preamble
Responsible party
Overview of processing operations
Relevant legal basis
Security measures
Transfer of personal data
International data transfers
General information on data storage and deletion
Rights of data subjects
Business services
Payment procedures
Provision of online services and web hosting
Use of cookies
Registration, Login, and User Account
Blogs and Publication Media
Contact and Inquiry Management
Audio Content
Newsletters and Electronic Notifications
Web Analysis, Monitoring, and Optimization
Presence on Social Networks (Social Media)
Plug-ins and Embedded Functions and Content
Changes and Updates
Definition of Terms

Controller

Cordula Böck
Hauptstr. 56 a
86825 Bad Wörishofen
Bavaria, Germany

Email: contact@cybersecureguard.org

Imprint: https://cybersecureguard.org/imprint

---

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of processing, and refers to the categories of data subjects.

Types of Data Processed

• Master data

• Payment data

• Contact data

• Content data

• Contract data

• Usage data

• Meta, communication and procedural data

• Log data

Categories of Data Subjects

• Service recipients and clients

• Prospective customers

• Communication partners

• Users

• Business and contractual partners

• Educational and course participants

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations

• Communication

• Security measures

• Direct marketing

• Reach measurement

• Tracking

• Office and organizational procedures

• Target group formation

• Organizational and administrative procedures

• Feedback

• Marketing

• Profiles with user-related information

• Provision of my online offering and user-friendliness

• Information technology infrastructure

• Public relations

• Business processes and economic operations

---

Applicable Legal Bases

Relevant Legal Bases under the GDPR

Below you will find an overview of the legal bases of the GDPR on which I process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or my country of residence or establishment. Should more specific legal bases apply in individual cases, I will inform you accordingly in this Privacy Policy.

• Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.

• Contract Performance and Pre-Contractual Requests (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or for taking steps at the request of the data subject prior to entering into a contract.

• Legal Obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

• Legitimate Interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

---

National Data Protection Regulations in Germany

In addition to the provisions of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

The BDSG contains specific provisions, in particular regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, data transfers, and automated decision-making in individual cases, including profiling.

Furthermore, data protection laws of the individual federal states may apply.

---

Security Measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, I implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to data, as well as access, input, disclosure, availability safeguards and separation of data.

Furthermore, I have established procedures to ensure the exercise of data subject rights, the deletion of data and responses to data breaches. I also consider the protection of personal data during the development or selection of hardware, software and procedures in accordance with the principle of data protection by design and by default.

---

Securing Online Connections via TLS/SSL Encryption (HTTPS)

To protect users’ data transmitted via my online services against unauthorized access, I use TLS/SSL encryption technology.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between a website or application and the user’s browser (or between two servers), thereby protecting the data from unauthorized access.

TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of “HTTPS” in the URL. This serves as an indicator to users that their data is transmitted securely and in encrypted form.

Transfer of Personal Data

In the course of processing personal data, it may occur that I transfer such data to other entities, companies, legally independent organizational units, or individuals, or disclose it to them.

Recipients of this data may include, for example, service providers entrusted with IT tasks or providers of services and content integrated into a website.

In such cases, I comply with the applicable legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure the protection of your personal data.

---

International Data Transfers

Data Processing in Third Countries

If I transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or through the disclosure or transfer of data to other persons, entities, or companies (which may be identifiable by the provider’s postal address or by an explicit reference to third-country transfers in this Privacy Policy), this is always carried out in compliance with the applicable legal requirements.

For data transfers to the United States, I primarily rely on the Data Privacy Framework (DPF), which has been recognized as a secure legal framework by an adequacy decision of the European Commission dated 10 July 2023.

In addition, I have concluded Standard Contractual Clauses (SCCs) with the respective providers in accordance with the requirements of the European Commission, establishing contractual obligations to protect your data.

This dual safeguard ensures comprehensive protection of your data:
The DPF constitutes the primary level of protection, while the Standard Contractual Clauses serve as an additional safeguard.

Should changes occur within the framework of the DPF, the Standard Contractual Clauses function as a reliable fallback mechanism. This ensures that your data remains adequately protected even in the event of political or legal changes.

For each individual service provider, I inform you whether they are certified under the DPF and whether Standard Contractual Clauses are in place.

Further information on the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce:
https://www.dataprivacyframework.gov

For data transfers to other third countries, appropriate safeguards apply, in particular Standard Contractual Clauses, explicit consent, or legally required transfers.

Information on third-country transfers and existing adequacy decisions can be found on the website of the European Commission:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en

---

General Information on Data Storage and Deletion

I delete personal data that I process in accordance with the statutory provisions as soon as the underlying consents are withdrawn or no further legal bases for processing exist.

This applies in cases where the original purpose of processing no longer applies or the data is no longer required.

Exceptions to this rule exist where legal obligations or specific legitimate interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for the assertion, exercise, or defense of legal claims, must be archived accordingly.

This Privacy Policy contains additional information on the retention and deletion of data that specifically applies to certain processing activities.

If multiple retention periods or deletion deadlines are specified for a particular dataset, the longest period always applies.

Data that is no longer required for its original purpose but must be retained due to legal requirements or other reasons will be processed exclusively for the purposes that justify its retention.

---

Retention and Deletion of Data

The following general retention periods apply under German law:

10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the working instructions and other organizational documents required to understand them (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).

8 years – Accounting documents, such as invoices and expense receipts (§ 147 para. 1 no. 4 and 4a in conjunction with para. 3 sentence 1 AO, and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).

6 years – Other business documents: received commercial or business letters, copies of sent commercial or business letters, and other documents relevant for taxation, e.g., wage slips, cost accounting sheets, calculation documents, price markings, payroll records (if not already accounting documents), and cash register receipts (§ 147 para. 1 no. 2, 3, 5 in conjunction with para. 3 AO, § 257 para. 1 no. 2 and 3 in conjunction with para. 4 HGB).

3 years – Data necessary to consider potential warranty and compensation claims or similar contractual claims and rights, and to process related inquiries, based on previous business experience and standard industry practice. This corresponds to the regular statutory limitation period of three years (§§ 195, 199 BGB).

Beginning of Retention Period

If a period does not explicitly begin on a specific date and is at least one year in length, it automatically begins at the end of the calendar year in which the event triggering the period occurred.

In the case of ongoing contractual relationships within which data is stored, the triggering event is the effective termination or other conclusion of the legal relationship.

---

Rights of Data Subjects

As a data subject under the GDPR, you are entitled to various rights, in particular under Articles 15 to 21 GDPR:

Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on those provisions.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.

Right to Withdraw Consent

You have the right to withdraw any consent given at any time.

Right of Access

You have the right to request confirmation as to whether data concerning you is being processed and to obtain access to that data as well as further information and a copy of the data in accordance with statutory provisions.

Right to Rectification

You have the right, in accordance with statutory provisions, to request the completion or correction of inaccurate personal data concerning you.

Right to Erasure and Restriction of Processing

You have the right, in accordance with statutory provisions, to request the immediate erasure of personal data concerning you or, alternatively, to request restriction of processing.

Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to me in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Business Services

I process personal data of my contractual and business partners, such as clients, customers, prospective clients, suppliers, and other cooperation partners (collectively referred to as “contractual partners”), for the initiation, execution, and administration of contractual relationships and comparable legal relationships.

This includes pre-contractual measures taken at the request of the data subject, as well as communication in connection with the respective contractual relationship.

The processing serves, in particular, the fulfillment of my primary and ancillary contractual obligations. This includes the provision of agreed services, any update and information obligations, the handling of warranty claims and other service disruptions, the processing of withdrawals, the termination of continuing obligations, reversals, refunds, and the handling of other contract-related declarations and inquiries.

Both one-time contracts and ongoing contractual relationships are covered.

In particular, I process master data such as name, address, and, where applicable, company details; contact data such as email address and telephone number; contractual and service data such as subject matter of the contract, contract term, order or transaction number; usage and service data; payment and billing data; as well as communication content and communication histories.

Where necessary, I also process data disclosed or transmitted to me in the course of performing a specific assignment.

In addition, I process data to safeguard my rights and to fulfill legal obligations. This includes, in particular, commercial and tax retention obligations, documentation requirements, and, where applicable, verification and accountability obligations.

Processing may also be based on my legitimate interests in proper business management, internal administration, risk management, IT security, and the protection of my business operations and contractual partners against misuse, data breaches, and threats to confidential information and other legal interests.

This may include the involvement of external service providers such as IT and telecommunications providers, transport and logistics companies, payment service providers, banks, tax advisors, legal advisors, or other auxiliary service providers, insofar as this is necessary for contract performance or the fulfillment of legal obligations.

Personal data is disclosed to third parties only to the extent necessary for contract performance, for pre-contractual measures, for the protection of legitimate interests, or for compliance with legal obligations.

Any additional processing, particularly for marketing purposes, is described separately within this Privacy Policy.

The data required in individual cases is communicated to contractual partners at the time of data collection, for example through corresponding markings in online forms or during personal contact.

Data is deleted as soon as it is no longer required for the above-mentioned purposes and no statutory retention obligations apply.

Statutory retention periods, in particular under commercial and tax law, may require longer storage. Data transmitted in connection with a specific assignment is deleted after completion of the assignment and expiration of any applicable retention periods, unless further legal or contractual obligations require continued storage.

The legal basis for processing is Article 6(1)(b) GDPR for pre-contractual measures and contract performance, Article 6(1)(c) GDPR for compliance with legal obligations, and, where applicable, Article 6(1)(f) GDPR for the protection of legitimate interests.

Where processing is based on Article 6(1)(f) GDPR, it serves my legitimate interests in proper and efficient business organization, internal administration and documentation of business processes, the assertion and defense of legal claims, ensuring IT and data security, preventing misuse and fraud, and the economic management and further development of my business operations.

These interests exist in particular to ensure secure and legally compliant business operations and to safeguard my entrepreneurial capacity to act.

---

Categories of Data Processed

• Master data (e.g., full name, residential address, contact information, customer number)

• Payment data (e.g., bank details, invoices, payment history)

• Contact data (e.g., postal and email addresses, telephone numbers)

• Contract data (e.g., subject matter of the contract, term, customer category)

• Usage data (e.g., page views, duration of visits, click paths, device types, operating systems, interactions with content and functions)

• Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

---

Categories of Data Subjects

• Service recipients and clients

• Prospective clients

• Business and contractual partners

• Educational and course participants

---

Purposes of Processing and Legitimate Interests

• Provision of contractual services and fulfillment of contractual obligations

• Security measures

• Communication

• Office and organizational procedures

• Administrative processes

• Business operations and economic procedures

---

Retention and Deletion

Deletion is carried out in accordance with the information provided in the section “General Information on Data Storage and Deletion.”

---

Legal Bases

• Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR)

• Legal obligation (Art. 6(1)(c) GDPR)

• Legitimate interests (Art. 6(1)(f) GDPR)

---

Online Shop, Order Forms, E-Commerce and Service Fulfillment

I process customer data in order to enable the selection, purchase, or ordering of selected products, goods, and related services, as well as their payment and delivery or execution.

Where necessary for order fulfillment, I engage service providers, particularly postal, freight, and shipping companies, to carry out delivery or performance.

For the processing of payment transactions, I use the services of banks and payment service providers.

The required information is marked as such within the ordering process and includes the data necessary for delivery or provision, billing information, and contact details for potential inquiries.

Legal basis: Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR)

---

Educational and Training Services

I process data of participants in my educational and training services (collectively referred to as “trainees”) in order to provide training services.

The type, scope, purpose, and necessity of processing depend on the underlying contractual and training relationship.

Processing may also include performance assessments and evaluation of my services and those of instructors.

In the course of my activities, I may process special categories of personal data, particularly health-related data, as well as data revealing ethnic origin, political opinions, religious or philosophical beliefs.

Where required, I obtain explicit consent for such processing. Otherwise, special categories of data are processed only where necessary for providing training services, for preventive healthcare, social protection, or the protection of vital interests.

Legal basis: Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR)

---

Technical Services

I process data of my clients and customers in order to enable the selection, commissioning, payment, and provision or execution of selected services or works.

Required information is marked accordingly within the order or contractual process and includes data necessary for service provision, billing, and communication.

Where I gain access to information relating to end customers, employees, or other persons, I process such data in accordance with legal and contractual requirements.

Legal basis: Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR)

---

Payment Procedures

Within the framework of contractual and other legal relationships, legal obligations, or based on legitimate interests, I offer secure and efficient payment options and use banks and additional payment service providers (collectively referred to as “payment service providers”).

Payment transactions are carried out exclusively via encrypted connections in accordance with the state of the art.

Data processed by payment service providers includes master data (e.g., name and address), bank details (e.g., account or credit card numbers), passwords, TANs, checksums, as well as contractual and transaction-related information.

The entered data is processed and stored exclusively by the payment service providers. I do not receive account or credit card-related information, but only confirmation or rejection of payment.

Payment service providers may transmit data to credit agencies for identity and creditworthiness checks. Reference is made to the terms and privacy policies of the respective payment service providers.

---

Legal Bases

• Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR)

• Legitimate interests (Art. 6(1)(f) GDPR)

---

Payment Service Providers

Apple Pay
Provider: Apple Inc., Cupertino, CA, USA
Legal basis: Art. 6(1)(b) GDPR
Website: https://www.apple.com/de/apple-pay/
Privacy Policy: https://www.apple.com/legal/privacy/de-ww/

Google Pay
Provider: Google Ireland Limited, Dublin, Ireland
Legal basis: Art. 6(1)(b) GDPR
Website: https://pay.google.com/
Privacy Policy: https://policies.google.com/privacy

Mastercard
Provider: Mastercard Europe SA, Belgium
Legal basis: Art. 6(1)(b) GDPR
Website: https://www.mastercard.de
Privacy Policy: https://www.mastercard.de/de-de/datenschutz.html

Stripe
Provider: Stripe, Inc., USA
Legal basis: Art. 6(1)(b) GDPR
Privacy Policy: https://stripe.com/de/privacy
Third-country transfer basis: Data Privacy Framework (DPF)

Visa
Provider: Visa Europe Services Inc., London, UK
Legal basis: Art. 6(1)(b) GDPR
Website: https://www.visa.de
Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

Provision of the Online Offering and Web Hosting

I process users’ data in order to provide my online services.
For this purpose, I process the user’s IP address, which is necessary to transmit the content and functions of my online services to the user’s browser or end device.

---

Categories of Data Processed

• Usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, device types used and operating systems, interactions with content and functions)

• Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

• Log data (e.g., log files relating to logins, data retrieval, or access times)

---

Categories of Data Subjects

Users (e.g., website visitors, users of online services)

---

Purposes of Processing and Legitimate Interests

• Provision of my online offering and user-friendliness

• Information technology infrastructure (operation and provision of information systems and technical equipment such as computers and servers)

• Security measures

---

Retention and Deletion

Deletion is carried out in accordance with the information provided in the section “General Information on Data Storage and Deletion.”

---

Legal Basis

Legitimate interests (Art. 6(1)(f) GDPR)

---

Additional Information on Processing Activities, Procedures and Services

Provision of the Online Offering via Rented Server Infrastructure

To provide my online offering, I use storage space, computing capacity, and software that I rent or otherwise obtain from a server provider (web hosting provider).

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

---

Collection of Access Data and Log Files

Access to my online offering is logged in the form of so-called “server log files.”

Server log files may include the address and name of retrieved web pages and files, date and time of access, volume of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (previously visited page), IP addresses, and the requesting provider.

Server log files may be used for security purposes, for example to prevent server overload (particularly in the event of abusive attacks such as DDoS attacks), and to ensure server stability and performance.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Deletion of data:
Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is excluded from deletion until final clarification of the respective incident.

---

Use of Cookies

The term “cookies” refers to functions that store information on users’ end devices and retrieve it from those devices.

Cookies may be used for various purposes, including ensuring functionality, security, and convenience of online offerings, as well as for analyzing visitor flows.

I use cookies in accordance with statutory provisions. Where required, I obtain users’ prior consent.

If consent is not required, I rely on my legitimate interests. This applies where storing and retrieving information is strictly necessary to provide expressly requested content and functions. This includes, for example, saving user preferences and ensuring functionality and security of my online offering.

Consent can be withdrawn at any time. I clearly inform users about the scope of consent and which cookies are used.

---

Legal Basis under Data Protection Law

Whether I process personal data using cookies depends on consent.

If consent is given, it serves as the legal basis.
Without consent, I rely on my legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

---

Storage Duration

With regard to storage duration, the following types of cookies are distinguished:

Temporary Cookies (Session Cookies)

Temporary cookies are deleted at the latest after a user leaves the online offering and closes their end device (e.g., browser or mobile application).

Persistent Cookies

Persistent cookies remain stored even after the end device is closed.

For example, login status may be stored and preferred content displayed directly when a user revisits a website.

User data collected via cookies may also be used for reach measurement.

Unless explicit information about the type and storage duration of cookies is provided (e.g., within the consent process), users should assume that cookies may be persistent and that the storage period may be up to two years.

---

General Information on Withdrawal and Objection (Opt-Out)

Users may withdraw their consent at any time and may also object to processing in accordance with statutory provisions, including by adjusting their browser’s privacy settings.

---

Categories of Data Processed

• Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

---

Categories of Data Subjects

Users (e.g., website visitors, users of online services)

---

Legal Bases

• Legitimate interests (Art. 6(1)(f) GDPR)

• Consent (Art. 6(1)(a) GDPR)

---

Processing of Cookie Data Based on Consent

I use a consent management solution to obtain users’ consent for the use of cookies or for the procedures and providers specified within the consent management solution.

This procedure serves to obtain, document, manage, and withdraw consent, particularly in relation to the use of cookies and comparable technologies used to store, retrieve, and process information on users’ end devices.

Within this process, users’ consent is obtained for the use of cookies and the associated processing of information, including the specific processing activities and providers listed within the consent management procedure.

Users also have the option to manage and withdraw their consent.

Consent declarations are stored in order to avoid repeated requests and to provide proof of consent in accordance with legal requirements.

Storage takes place server-side and/or in a cookie (so-called “opt-in cookie”) or via comparable technologies in order to assign consent to a specific user or their device.

Unless specific information on consent management service providers is provided, the following general information applies:

The duration of consent storage is up to two years.
A pseudonymous user identifier is created and stored together with the time of consent, information about the scope of consent (e.g., relevant cookie categories and/or service providers), as well as information about the browser, system, and device used.

Legal basis: Consent (Art. 6(1)(a) GDPR)

Registration, Login and User Account

Users may create a user account.

During registration, the required mandatory information is communicated to users and processed for the purpose of providing the user account on the basis of contractual performance.

The processed data includes, in particular, login information (username, password, and email address).

When users make use of the registration and login functions and use their user account, I store the IP address and the time of the respective user action.

Storage takes place on the basis of my legitimate interests as well as the users’ legitimate interests in protection against misuse and unauthorized use.

As a general rule, this data is not disclosed to third parties unless such disclosure is necessary to pursue legal claims or there is a statutory obligation to do so.

Users may be informed via email about processes relevant to their user account, such as technical changes.

---

Categories of Data Processed

• Master data (e.g., full name, address, contact information, customer number)

• Contact data (e.g., postal and email addresses, telephone numbers)

• Content data (e.g., textual or visual messages and contributions, authorship information, time of creation)

• Usage data (e.g., page views, duration of visits, click paths, device types, operating systems, interactions with content and functions)

• Log data (e.g., log files relating to logins, data retrieval, or access times)

---

Categories of Data Subjects

Users (e.g., website visitors, users of online services)

---

Purposes of Processing and Legitimate Interests

• Provision of contractual services and fulfillment of contractual obligations

• Security measures

• Organizational and administrative procedures

• Provision of my online offering and user-friendliness

---

Retention and Deletion

Deletion is carried out in accordance with the section “General Information on Data Storage and Deletion.”

Data is deleted after termination of the user account.

---

Legal Bases

• Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR)

• Legitimate interests (Art. 6(1)(f) GDPR)

---

Additional Information on Processing Activities

Deletion of Data After Termination

If users terminate their user account, their data relating to the user account will be deleted, subject to any statutory authorization, obligation, or user consent to retain it.

Legal basis: Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR)

No Obligation to Retain Data

It is the responsibility of users to secure their data prior to termination of the contract.

I am entitled to irretrievably delete all data stored during the contractual relationship once the contract ends.

Legal basis: Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR)

---

Blogs and Publication Media

I use blogs or comparable means of online communication and publication (hereinafter referred to as “publication medium”).

Reader data is processed only to the extent necessary for the presentation of the publication medium, communication between authors and readers, or for security purposes.

For all other matters, reference is made to the information regarding the processing of visitors within this Privacy Policy.

---

Categories of Data Processed

• Master data

• Contact data

• Content data

• Usage data

• Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

---

Categories of Data Subjects

Users (e.g., website visitors, users of online services)

---

Purposes of Processing and Legitimate Interests

• Feedback (e.g., collection of feedback via online forms)

• Provision of my online offering and user-friendliness

• Security measures

• Organizational and administrative procedures

---

Legal Basis

Legitimate interests (Art. 6(1)(f) GDPR)

---

Comments and Contributions

If users leave comments or other contributions, their IP addresses may be stored on the basis of my legitimate interests.

This serves security purposes in case someone leaves unlawful content in comments or posts (e.g., insults, prohibited political propaganda). In such cases, I may be held liable for the comment or post and therefore have a legitimate interest in identifying the author.

Furthermore, I reserve the right, on the basis of legitimate interests, to process user data for spam detection.

On the same legal basis, I reserve the right, in the case of surveys, to store IP addresses for their duration and to use cookies to prevent multiple votes.

Personal information provided within comments and contributions, including contact and website information, as well as the content information itself, is stored permanently until the user objects.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

---

Gravatar Profile Images

I use the Gravatar service within my online offering, particularly within the blog.

Gravatar is a service that allows users to register and store profile images linked to their email address. If users leave posts or comments on other online presences (especially blogs) using the respective email address, their profile images may be displayed next to their posts or comments.

For this purpose, the email address provided by the user is transmitted to Gravatar in encrypted form to verify whether a profile exists. This is the sole purpose of transmitting the email address. It is not used for any other purpose and is subsequently deleted.

The use of Gravatar is based on my legitimate interests, as it allows authors of posts and comments to personalize their contributions with a profile image.

By displaying the images, Gravatar becomes aware of the users’ IP addresses, as this is necessary for communication between a browser and an online service.

If users do not wish a profile image associated with their email address at Gravatar to appear in comments, they should use an email address not registered with Gravatar.

Users may also use an anonymous email address or no email address if they do not wish their email address to be transmitted.

Users can completely prevent data transmission by not using the commenting system.

Service provider:
Aut O’Mattic A8C Ireland Ltd., Dublin, Ireland

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Website: https://automattic.com
Privacy Policy: https://automattic.com/privacy

Data Processing Agreement: Provided by the service provider
Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses

---

UpdraftPlus

Backup software and backup storage

Service provider:
Simba Hosting Ltd., United Kingdom

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Website: https://updraftplus.com
Privacy Policy: https://updraftplus.com/data-protection-and-privacy-centre

Contact and Inquiry Management

When contacting me (e.g., by post, contact form, email, telephone, or via social media), as well as within the context of existing user or business relationships, the data provided by the requesting persons is processed insofar as this is necessary to respond to the contact inquiries and any requested measures.

---

Categories of Data Processed

• Contact data (e.g., postal and email addresses, telephone numbers)

• Content data (e.g., textual or visual messages and contributions, including authorship information and time of creation)

• Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

---

Categories of Data Subjects

Communication partners

---

Purposes of Processing and Legitimate Interests

• Communication

• Organizational and administrative procedures

• Feedback (e.g., collection of feedback via online forms)

• Provision of my online offering and user-friendliness

---

Retention and Deletion

Deletion is carried out in accordance with the section “General Information on Data Storage and Deletion.”

---

Legal Bases

• Legitimate interests (Art. 6(1)(f) GDPR)

• Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR)

---

Additional Information on Processing Activities

Contact Form

When contacting me via contact form, email, or other communication channels, I process the personal data transmitted to me for the purpose of responding to and handling the respective request.

This generally includes information such as name, contact details, and, where applicable, additional information provided that is necessary for proper handling.

I use this data exclusively for the stated purpose of contact and communication.

Legal bases:

• Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR)

• Legitimate interests (Art. 6(1)(f) GDPR)

---

Audio Content

I use hosting services from service providers in order to offer audio content for listening and download.

For this purpose, I use platforms that enable the uploading, storage, and distribution of audio material.

---

Categories of Data Processed

• Usage data (e.g., page views, duration of visits, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions)

• Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

• Log data (e.g., log files relating to logins, data retrieval, or access times)

---

Categories of Data Subjects

Users (e.g., website visitors, users of online services)

---

Purposes of Processing and Legitimate Interests

• Reach measurement (e.g., access statistics, recognition of returning visitors)

• Creation of user-related profiles

• Provision of my online offering and user-friendliness

---

Retention and Deletion

Deletion is carried out in accordance with the section “General Information on Data Storage and Deletion.”

---

Legal Basis

Legitimate interests (Art. 6(1)(f) GDPR)

---

Newsletter and Electronic Notifications

I send newsletters, emails, and other electronic notifications (hereinafter “newsletter”) exclusively with the consent of the recipients or on the basis of a statutory provision.

If the content of the newsletter is described during registration, such content is decisive for users’ consent.

Registration for my newsletter generally requires only an email address.

However, in order to provide a personalized service, I may request your name for personal address within the newsletter or additional information where necessary for the purpose of the newsletter.

---

Deletion and Restriction of Processing

I may store unsubscribed email addresses for up to three years on the basis of my legitimate interests before deleting them, in order to be able to prove previously given consent.

Processing of this data is limited to the purpose of defending against potential claims.

An individual deletion request is possible at any time, provided that the former existence of consent is confirmed.

In cases where there is a legal obligation to permanently observe objections, I reserve the right to store the email address solely for this purpose in a suppression list (“blocklist”).

The logging of the registration process is based on my legitimate interests for the purpose of proving its proper execution.

If I engage a service provider to send emails, this is done on the basis of my legitimate interests in an efficient and secure mailing system.

---

Content

Information about me, my services, promotions, and offers.

---

Categories of Data Processed

• Master data (e.g., full name, address, contact information, customer number)

• Contact data (e.g., email address, telephone number)

• Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

• Usage data (e.g., page views, duration of visits, click paths, interactions with content)

---

Categories of Data Subjects

Communication partners

---

Purposes of Processing

Direct marketing (e.g., via email or postal mail)

---

Legal Bases

• Consent (Art. 6(1)(a) GDPR)

• Legitimate interests (Art. 6(1)(f) GDPR)

---

Right to Object (Opt-Out)

You may unsubscribe from the newsletter at any time, i.e., withdraw your consent or object to further receipt.

An unsubscribe link is included at the end of each newsletter. Alternatively, you may use one of the contact methods provided above, preferably by email.

---

Additional Information on Processing Activities

Mailchimp

Email marketing, automation of marketing processes, collection, storage and management of contact data, measurement of campaign performance, analysis of recipient interactions, personalization of content.

Service provider:
Rocket Science Group LLC, Atlanta, USA

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Website: https://mailchimp.com
Privacy Policy: https://mailchimp.com/legal/
Data Processing Agreement: https://mailchimp.com/legal/

Basis for third-country transfers:
Data Privacy Framework (DPF), Standard Contractual Clauses

Additional security information:
https://mailchimp.com/de/help/mailchimp-european-data-transfers

Web Analytics, Monitoring and Optimization

Web analytics (also referred to as “reach measurement”) is used to evaluate visitor traffic within my online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, in the form of pseudonymous values.

With the help of reach analysis, I can, for example, identify at what times my online offering, or its functions and content, are used most frequently, or encourage reuse. I am also able to understand which areas require optimization.

In addition to web analytics, I may also use testing procedures (e.g., A/B testing) to test and optimize different versions of my online offering or parts of it.

Unless stated otherwise below, for these purposes profiles may be created, i.e., data aggregated into a usage process, and information may be stored in and later retrieved from a browser or end device. The collected information includes, in particular, websites visited and elements used there, as well as technical details such as the browser used, the computer system used, and information on usage times.

If users have consented to the collection of their location data either to me or to the providers of the services I use, location data may also be processed.

In addition, users’ IP addresses are stored. However, I use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users.

In general, no directly identifying data (such as email addresses or names) is stored within the scope of web analytics, A/B testing, and optimization; instead, pseudonyms are used. This means that neither I nor the providers of the software used know the actual identity of users, but only the information stored in their profiles for the respective procedures.

Notes on legal bases: If I ask users for their consent to use third-party providers, consent constitutes the legal basis for processing. Otherwise, user data is processed on the basis of my legitimate interests (i.e., interest in efficient, cost-effective, and user-friendly services). In this context, I also refer to the information on the use of cookies in this Privacy Policy.

---

Categories of Data Processed

• Usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, device types used and operating systems, interactions with content and functions)

• Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

---

Categories of Data Subjects

Users (e.g., website visitors, users of online services)

---

Purposes of Processing and Legitimate Interests

• Reach measurement (e.g., access statistics, recognition of returning visitors)

• Profiles with user-related information (creation of user profiles)

• Provision of my online offering and user-friendliness

---

Retention and Deletion

Deletion is carried out in accordance with the section “General Information on Data Storage and Deletion.”

Cookies may be stored for up to two years (unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of two years).

---

Security Measures

IP masking (pseudonymization of the IP address)

---

Legal Bases

• Consent (Art. 6(1)(a) GDPR)

• Legitimate interests (Art. 6(1)(f) GDPR)

---

Additional Information on Processing Activities, Procedures and Services

Google Analytics

I use Google Analytics to measure and analyze the use of my online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It serves to assign analysis information to an end device in order to identify which content users accessed within one or more usage sessions, which search terms they used, whether they returned, or how they interacted with my online offering.

The time and duration of use are also stored, as well as the sources referring users to my online offering and technical details about their devices and browsers.

Pseudonymous user profiles may be created using information from the use of different devices, and cookies may be used.

Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude/longitude of the city), continent, country, region, and subcontinent (and ID-based counterparts).

For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for any other purposes.

When Google Analytics collects measurement data, all IP lookups are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing.

Service provider: Google Ireland Limited, Dublin, Ireland
Legal basis: Consent (Art. 6(1)(a) GDPR)
Website: https://marketingplatform.google.com/intl/de/about/analytics/
Security measures: IP masking
Privacy Policy: https://policies.google.com/privacy
Data processing agreement: https://business.safety.google/adsprocessorterms/
Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses
Opt-out:

• Browser add-on: https://tools.google.com/dlpage/gaoptout

• Ad personalization settings: https://myadcenter.google.com/personalizationoff
  Further information: https://business.safety.google/adsservices/

---

Presences in Social Networks (Social Media)

I maintain online presences within social networks and process user data in this context in order to communicate with users active there or to provide information about me.

I note that user data may be processed outside the European Union. This may result in risks for users, for example because the enforcement of user rights may be more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created based on users’ behavior and resulting interests. These profiles may then be used to place advertisements within and outside the networks that presumably match users’ interests.

For this purpose, cookies are generally stored on users’ devices, in which usage behavior and user interests are stored. In addition, data may be stored within usage profiles independently of the devices used by users (in particular if users are members of the respective platforms and logged in).

For a detailed description of the respective processing activities and opt-out options, I refer to the privacy policies and information provided by the operators of the respective networks.

In the case of access requests and the assertion of data subject rights, I also note that these can be exercised most effectively with the providers. Only they have access to user data and can directly take appropriate measures and provide information. If you still need assistance, you may contact me.

---

Categories of Data Processed

• Contact data (e.g., postal and email addresses, telephone numbers)

• Content data (e.g., textual or visual messages and contributions, including authorship information and time of creation)

• Usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions)

---

Categories of Data Subjects

Users (e.g., website visitors, users of online services)

---

Purposes of Processing and Legitimate Interests

• Communication

• Feedback (e.g., collection of feedback via online forms)

• Public relations

---

Retention and Deletion

Deletion is carried out in accordance with the section “General Information on Data Storage and Deletion.”

---

Legal Basis

Legitimate interests (Art. 6(1)(f) GDPR)

---

Additional Information on Processing Activities, Procedures and Services

Facebook Pages

Profiles within the Facebook social network. I am jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data from visitors to my Facebook page (“Fan Page”). This includes, in particular, information about user behavior (e.g., viewed or interacted content, actions taken) and device information (e.g., IP address, operating system, browser type, language settings, cookie data).

Further details can be found in Facebook’s Data Policy:
https://www.facebook.com/privacy/policy/

Facebook also uses this data to provide me with statistical evaluations via “Page Insights,” which show how people interact with my page and its content. The basis is an agreement with Facebook (“Page Insights Information”):
https://www.facebook.com/legal/terms/page_controller_addendum

Further information is available here:
https://www.facebook.com/legal/terms/information_about_page_insights_data

Users can therefore address access or deletion requests directly to Facebook. User rights (in particular access, deletion, objection, and complaints to a supervisory authority) remain unaffected.

Joint controllership is limited exclusively to the collection of data by Meta Platforms Ireland Limited (EU). Further processing, including possible transfer to Meta Platforms Inc. in the USA, is the sole responsibility of Meta Platforms Ireland Limited.

Service provider: Meta Platforms Ireland Limited, Dublin, Ireland
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://www.facebook.com
Privacy Policy: https://www.facebook.com/privacy/policy/
Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses
https://www.facebook.com/legal/EU_data_transfer_addendum

---

LinkedIn

Social network. I am jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitor data used to create “Page Insights” (statistics) for my LinkedIn profiles.

This data includes information about the types of content users view or interact with, and the actions they take. It also includes device details such as IP addresses, operating system, browser type, language settings, and cookie data, as well as profile information such as job function, country, industry, seniority, company size, and employment status.

LinkedIn’s data protection information can be found here:
https://www.linkedin.com/legal/privacy-policy

I have concluded a specific agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum”):
https://legal.linkedin.com/pages-joint-controller-addendum

LinkedIn has agreed to fulfill data subject rights (e.g., users may submit access or deletion requests directly to LinkedIn). User rights (in particular access, deletion, objection, and complaints to a supervisory authority) are not restricted by this agreement. Joint controllership is limited to collection and transmission of data to LinkedIn Ireland Unlimited Company (EU). Further processing, especially transfers to LinkedIn Corporation in the USA, is the sole responsibility of LinkedIn Ireland Unlimited Company.

Service provider: LinkedIn Ireland Unlimited Company, Dublin, Ireland
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://www.linkedin.com
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses
https://legal.linkedin.com/dpa
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

---

X

Social network
Service provider: X Internet Unlimited Company, Dublin, Ireland
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://x.com
Privacy Policy: https://x.com/de/privacy

---

YouTube

Social network and video platform
Service provider: Google Ireland Limited, Dublin, Ireland
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Privacy Policy: https://policies.google.com/privacy
Basis for third-country transfers: Data Privacy Framework (DPF)
Opt-out: https://myadcenter.google.com/personalizationoff

---

Plug-ins and Embedded Functions and Content

I integrate functional and content elements into my online offering that are obtained from the servers of their respective providers (hereinafter “third-party providers”). These may include, for example, graphics, videos, or maps (collectively referred to as “content”).

Integration always requires that third-party providers process users’ IP addresses, as they could not otherwise deliver the content to the user’s browser. The IP address is therefore required to display such content or functions.

I strive to use only content whose providers use the IP address solely for delivering the content.

Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website.

The pseudonymous information may also be stored in cookies on users’ devices and may include technical information about browser and operating system, referring websites, time of visit, and further information about the use of my online offering, and may also be linked with such information from other sources.

Notes on legal bases: If I ask users for their consent to use third-party providers, consent constitutes the legal basis. Otherwise, user data is processed based on my legitimate interests (i.e., interest in efficient, cost-effective, and user-friendly services). In this context, I also refer to the information on the use of cookies in this Privacy Policy.

---

Categories of Data Processed

• Usage data

• Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

---

Categories of Data Subjects

Users (e.g., website visitors, users of online services)

---

Purposes of Processing and Legitimate Interests

• Provision of my online offering and user-friendliness

• Reach measurement

• Tracking (e.g., interest- and behavior-based profiling, use of cookies)

• Target group formation

• Marketing

---

Retention and Deletion

Deletion is carried out in accordance with the section “General Information on Data Storage and Deletion.”
Cookies may be stored for up to two years (unless otherwise stated).

---

Legal Bases

• Consent (Art. 6(1)(a) GDPR)

• Legitimate interests (Art. 6(1)(f) GDPR)

---

Additional Information on Processing Activities

YouTube Videos

Video content
Service provider: Google Ireland Limited, Dublin, Ireland
Legal basis: Consent (Art. 6(1)(a) GDPR)
Website: https://www.youtube.com
Privacy Policy: https://policies.google.com/privacy
Basis for third-country transfers: Data Privacy Framework (DPF)
Opt-out:

• Browser add-on: https://tools.google.com/dlpage/gaoptout

• Ad personalization settings: https://myadcenter.google.com/personalizationoff

---

Amendments and Updates

I ask you to regularly review the content of this Privacy Policy. I will update this Privacy Policy as soon as changes in my data processing activities make this necessary.

I will inform you if changes require an action on your part (e.g., consent) or any other individual notification.

If I provide addresses and contact details of companies and organizations in this Privacy Policy, please note that addresses may change over time. Please verify the information before contacting the respective providers.

---

Definitions

In this section you will find an overview of the terms used in this Privacy Policy. Where terms are defined by law, those legal definitions apply. The explanations below are primarily intended to support understanding.

Master Data

Master data includes essential information necessary to identify and manage contractual partners, user accounts, profiles, and similar assignments. Such data may include personal and demographic information such as names, contact details (addresses, telephone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Master data forms the basis for any formal interaction between persons and services, institutions, or systems by enabling clear assignment and communication.

Content Data

Content data includes information generated in the creation, editing, and publication of all types of content. This category may include texts, images, videos, audio files, and other multimedia content published across different platforms and media. Content data also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates.

Contact Data

Contact data is essential information enabling communication with individuals or organizations. It includes telephone numbers, postal addresses, and email addresses, as well as communication identifiers such as social media handles and instant messaging identifiers.

Meta, Communication and Procedural Data

Meta, communication, and procedural data includes information describing how data is processed, transmitted, and managed. Metadata (“data about data”) describes context, origin, and structure of other data, such as file size, creation date, document author, and revision history. Communication data captures the exchange of information between users via channels such as email traffic, call logs, social media messages, and chat histories, including parties involved, timestamps, and transmission routes. Procedural data describes processes and workflows within systems or organizations, including workflow documentation, transaction logs, activity logs, and audit logs used for traceability and verification.

Usage Data

Usage data refers to information that records how users interact with digital products, services, or platforms. It can include which functions are used, how long users stay on specific pages, navigation paths, frequency of use, timestamps, IP addresses, device information, and location data. Usage data is valuable for analyzing user behavior, optimizing user experience, personalizing content, and improving products or services.

Personal Data

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). A person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Profiles with User-Related Information

Processing of “profiles with user-related information” (“profiles”) includes any automated processing of personal data consisting of using such data to evaluate, analyze, or predict certain personal aspects relating to a natural person. Depending on the type of profiling, this may include information about demographics, behavior, interests, and interactions with websites and content, etc. Cookies and web beacons are often used for profiling purposes.

Log Data

Log data consists of information about events or activities recorded in a system or network. It typically includes timestamps, IP addresses, user actions, error messages, and other details about system use or operation. Log data is often used for troubleshooting, security monitoring, or performance reporting.

Reach Measurement (Web Analytics)

Reach measurement (web analytics) evaluates visitor flows and may include behavior or interests in particular information, such as website content. Reach analysis can help determine when users visit websites and which content they are interested in, enabling better adaptation of content to visitors’ needs. Pseudonymous cookies and web beacons are often used to recognize returning visitors and obtain more accurate analytics.

Tracking

“Tracking” refers to the ability to monitor user behavior across multiple online offerings. Typically, behavior and interest information is stored in cookies or on servers of tracking technology providers (profiling). This information may then be used, for example, to display advertisements likely to match users’ interests.

Controller

The “controller” is the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of processing personal data.

Processing

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. This term is broad and includes almost any handling of data, such as collection, analysis, storage, transmission, or deletion.

Contract Data

Contract data is specific information relating to the formalization of an agreement between two or more parties. It documents the terms under which services or products are provided, exchanged, or sold. This includes identification of the contractual parties and specific terms such as start and end dates, scope of services, pricing, payment conditions, termination rights, renewal options, and special clauses.

Payment Data

Payment data includes all information required to process payment transactions between buyers and sellers. This may include credit card numbers, bank details, amounts, transaction data, verification numbers, and invoice information. Payment data can also include payment status, chargebacks, authorizations, and fees.

Target Group Formation (Custom Audiences)

Target group formation (“custom audiences”) refers to defining audiences for advertising purposes, e.g., displaying ads. For example, based on a user’s interest in certain products or topics, it may be inferred that the user is interested in ads for similar products or for the online shop where they viewed products. “Lookalike audiences” refer to audiences similar to an existing target group, where content is shown to users whose profiles or interests presumably match those of the original audience. Cookies and web beacons are commonly used for custom and lookalike audiences.