Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to simply as “data”) that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the course of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).

The terms used are not gender-specific.

Last updated: October 5, 2025

Table of Contents

  • Preamble
  • Controller
  • Overview of Processing Activities
  • Relevant Legal Bases
  • Security Measures
  • Transfer of Personal Data
  • General Information on Data Storage and Deletion
  • Rights of Data Subjects
  • Blogs and Publishing Media
  • Affiliate Programs and Affiliate Links
  • Amendments and Updates
  • Definitions

Controller

Cordula Böck
Hauptstr. 56 a
86825 Bad Wörishofen
Germany

Email address: Cordula.Boeck34@gmail.com

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of Data Processed

  • Inventory data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta, communication, and procedural data

Categories of Data Subjects

  • Prospective customers
  • Users

Purposes of Processing

  • Security measures
  • Affiliate tracking
  • Feedback
  • Provision of our online offering and user-friendliness

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If, in individual cases, more specific legal bases are relevant, we will inform you of these in this privacy policy.

  • Consent (Art. 6(1) sentence 1 lit. a GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

National Data Protection Regulations in Germany

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and the transfer of data, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual German federal states may apply.

Security Measures

In accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input, disclosure, availability assurance, and separation of data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data security threats. We also take data protection into account when developing or selecting hardware, software, and procedures in accordance with the principle of data protection by design and data protection by default.

Securing Online Connections Using TLS/SSL Encryption Technology (HTTPS)

To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access.

TLS, as the more advanced and secure version of SSL, ensures that all data transmissions comply with the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of “HTTPS” in the URL. This serves as an indicator for users that their data is transmitted securely and in encrypted form.

Transfer of Personal Data

In the course of our processing of personal data, it may occur that such data is transferred to or disclosed to other parties, companies, legally independent organizational units, or individuals. Recipients of such data may include, for example, service providers entrusted with IT-related tasks or providers of services and content that are integrated into a website.

In such cases, we comply with the applicable legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your personal data.

General Information on Data Storage and Deletion

We delete personal data processed by us in accordance with legal requirements as soon as the underlying consents are withdrawn or no other legal basis for processing exists. This applies in cases where the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule apply where statutory obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that applies specifically to certain processing activities.

If multiple retention periods or deletion deadlines are specified for a set of data, the longest applicable period shall prevail. Data that is no longer retained for its original purpose but must be kept due to legal requirements or other reasons will be processed exclusively for the purposes that justify its retention.

Data Retention and Deletion Periods

The following general retention and archiving periods apply under German law:

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the working instructions and other organizational documents necessary for their understanding
    (§ 147(1) No. 1 in conjunction with (3) AO, § 14b(1) UStG, § 257(1) No. 1 in conjunction with (4) HGB).
  • 8 years – Accounting records, such as invoices and expense receipts
    (§ 147(1) Nos. 4 and 4a in conjunction with (3) sentence 1 AO, § 257(1) No. 4 in conjunction with (4) HGB).
  • 6 years – Other business records: received commercial or business correspondence, reproductions of sent commercial or business correspondence, and other documents relevant for taxation purposes, such as timesheets, operating cost accounting records, calculation documents, price markings, payroll documents (insofar as they are not accounting records), and cash register tapes
    (§ 147(1) Nos. 2, 3, 5 in conjunction with (3) AO, § 257(1) Nos. 2 and 3 in conjunction with (4) HGB).
  • 3 years – Data required to consider potential warranty, compensation, or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and customary industry practices, is stored for the duration of the regular statutory limitation period of three years
    (§§ 195, 199 BGB).

Commencement of Retention Periods at the End of the Year

If a retention period does not explicitly begin on a specific date and lasts at least one year, it shall commence automatically at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the date on which the termination or other ending of the legal relationship becomes effective.

Rights of Data Subjects under the GDPR

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to Object
    You have the right to object, at any time and on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
    Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to Withdraw Consent
    You have the right to withdraw any consent you have given at any time.
  • Right of Access
    You have the right to request confirmation as to whether personal data concerning you is being processed, and to obtain access to such data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to Rectification
    In accordance with legal requirements, you have the right to request the completion of personal data concerning you or the correction of inaccurate personal data.
  • Right to Erasure and Restriction of Processing
    In accordance with legal requirements, you have the right to request the immediate deletion of personal data concerning you or, alternatively, to request the restriction of processing of such data.
  • Right to Data Portability
    You have the right to receive personal data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transfer of such data to another controller, in accordance with legal requirements.
  • Right to Lodge a Complaint with a Supervisory Authority
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.