Privacy Policy

This privacy policy informs you about the type, scope, and purpose of processing personal data (hereinafter referred to as “data”) in the context of providing our services, as well as within our online offerings and the associated websites, features, and content, including external online presences such as our social media profiles (hereinafter collectively referred to as “online services”). For the definitions of terms such as “processing” or “controller,” please refer to Article 4 of the General Data Protection Regulation (GDPR).Controller:
Lunavia Agency
Agiou Andreou 15
1722 Nea Smirni
GreeceEmail: [email protected]Responsible person:
Marcel FuchsTypes of Processed Data
• Inventory data (e.g., personal master data, names, or addresses).
• Contact data (e.g., email, phone numbers).
• Content data (e.g., text inputs, photographs, videos).
• Usage data (e.g., visited websites, interest in content, access times).
• Meta/Communication data (e.g., device information, IP addresses).Categories of Affected Persons
Visitors and users of the online services (hereinafter referred to as “users”).Purpose of Processing
• Provision of the online services, its functions, and content.
• Responding to contact inquiries and communication with users.
• Security measures.
• Reach measurement/Marketing.Used Terminology
“Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered identifiable if they can be directly or indirectly identified, particularly by means of assignment to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.“Processing” refers to any operation or series of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.“Pseudonymization” is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures that ensure the personal data cannot be attributed to an identified or identifiable natural person.“Profiling” refers to any type of automated processing of personal data that involves using that data to evaluate certain personal aspects related to a natural person, particularly to analyze or predict aspects regarding work performance, economic status, health, personal preferences, interests, reliability, behavior, location, or movements of that person.“Controller” refers to the natural or legal person, authority, institution, or other body that determines, alone or jointly with others, the purposes and means of processing personal data.“Processor” refers to the natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller.Applicable Legal Bases
In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing activities. For users within the scope of the General Data Protection Regulation (GDPR), i.e., the EU and EEA, the following applies if the legal basis is not explicitly stated in this privacy policy:
• The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR.
• The legal basis for processing for the performance of our services and for taking contractual measures, as well as for responding to inquiries, is Article 6(1)(b) GDPR.
• The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR.
• In the event that processing is necessary to protect vital interests of the data subject or another natural person, the legal basis is Article 6(1)(d) GDPR.
• The legal basis for processing necessary to perform a task that is in the public interest or in the exercise of official authority vested in the controller is Article 6(1)(e) GDPR.
• The legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) GDPR.
• The processing of data for purposes other than those for which they were collected is governed by the provisions of Article 6(4) GDPR.
• The processing of special categories of data (as per Article 9(1) GDPR) is governed by the provisions of Article 9(2) GDPR.Security Measures
We take appropriate technical and organizational measures to ensure a level of protection that is suitable for the risk, in accordance with legal requirements, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons.These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as the access, input, transfer, availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Additionally, we consider data protection when developing or selecting hardware, software, and procedures, in line with the principle of data protection by design and by default.Cooperation with Processors, Joint Controllers, and Third Parties
If we disclose data to other individuals or companies (processors, joint controllers, or third parties) as part of our processing activities, transmit data to them, or otherwise grant them access to the data, this will only be done based on a legal authorization (e.g., if transmitting data to third parties, such as payment service providers, is necessary for contract fulfillment), if the user has given consent, if required by law, or based on our legitimate interests (e.g., when using service providers, web hosts, etc.).If we disclose data to other companies within our corporate group, transmit data, or otherwise grant access, this is particularly for administrative purposes as a legitimate interest and, if applicable, based on a legal foundation in accordance with applicable laws.Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU), European Economic Area (EEA), or the Swiss Confederation) or if this occurs as part of the use of third-party services or disclosure/transmission of data to other persons or companies, this will only happen if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will only process or allow processing of data in a third country if the legal requirements are met. This means that processing will take place, for example, on the basis of specific guarantees such as an officially recognized determination of an adequate level of data protection comparable to that of the EU or compliance with officially recognized specific contractual obligations.Rights of Data Subjects
You have the right to request confirmation as to whether personal data is being processed and to obtain information about this data as well as additional details and a copy of the data in accordance with legal requirements.In accordance with legal requirements, you have the right to request the completion of your data or the correction of inaccurate data concerning you.Subject to legal requirements, you have the right to request the immediate deletion of the data concerning you or, alternatively, to request the restriction of the processing of your data in accordance with legal requirements.Right to Data Portability
You have the right to request that the personal data you have provided to us be made available to you in a structured, commonly used, and machine-readable format and to request its transmission to other controllers in accordance with legal requirements.Right to Lodge a Complaint
You also have the right, in accordance with legal requirements, to lodge a complaint with the competent supervisory authority.Right of Withdrawal
You have the right to withdraw any consent you have given with effect for the future.Right to Object
You may object to the future processing of personal data concerning you at any time in accordance with legal requirements. The objection can specifically be made against processing for direct marketing purposes.Cookies and Right to Object to Direct Marketing
Cookies are small files stored on users’ devices. They can store various pieces of information. A cookie primarily serves to store data about a user (or the device on which the cookie is stored) during or after their visit to an online offer.
• Temporary cookies (also called session cookies or transient cookies) are deleted after a user leaves the online offer and closes their browser. For example, the contents of a shopping cart or a login status can be stored in such a cookie.
• Permanent cookies (also called persistent cookies) remain stored even after the browser is closed. For example, the login status can be saved if users revisit the site after several days. Interests may also be stored in such cookies, which are then used for reach measurement or marketing purposes.
• Third-party cookies are cookies placed by providers other than the controller operating the online service. (Otherwise, if the cookies are placed only by the controller, they are called “first-party cookies.”)We may use temporary and permanent cookies and inform users about this in our privacy policy.If users do not wish for cookies to be stored on their devices, they are asked to disable the relevant option in their browser settings. Stored cookies can be deleted in the browser’s settings. Disabling cookies may result in limited functionality of this online offer.A general objection to the use of cookies for online marketing purposes can be made for a variety of services, especially in the case of tracking, on the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, cookies can be prevented from being stored by disabling them in the browser settings. Please note that this may mean that not all functions of this online offer can be used.Data Deletion
The data we process will be deleted or restricted in processing in accordance with legal requirements. Unless explicitly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and no legal retention obligations oppose deletion.If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.Changes and Updates to the Privacy Policy
We kindly ask you to regularly review the content of our privacy policy. We will update the privacy policy as soon as changes in the data processing we perform make this necessary. We will inform you if any changes require your involvement (e.g., consent) or any other individual notification.Business-Related ProcessingIn addition, we process:
• Contractual data (e.g., subject of the contract, duration, customer category).
• Payment data (e.g., bank details, payment history)
from our customers, prospects, and business partners for the purpose of providing contractual services, customer service, marketing, advertising, and market research.

Order Processing in the Online Shop and Customer Account
We process the data of our customers in the context of order processes in our online shop to enable them to select and order the chosen products and services, as well as to facilitate payment, delivery, and execution.The processed data includes inventory data, communication data, contractual data, payment data, and the individuals affected by the processing are our customers, prospects, and other business partners. The processing is carried out to provide contractual services within the operation of an online shop, invoicing, delivery, and customer services. We use session cookies to store the shopping cart contents and permanent cookies to store the login status.The processing is done to fulfill our services and to implement contractual measures (e.g., processing of order processes), and as far as legally required (e.g., legal obligation to archive business transactions for commercial and tax purposes). Required data is necessary to establish and fulfill the contract. We disclose data to third parties only in the context of delivery, payment, or in accordance with legal permissions and obligations, or if this is based on our legitimate interests (e.g., to legal and tax advisors, financial institutions, shipping companies, or authorities).Users can optionally create a user account, where they can view their orders. During registration, required mandatory information is provided to users. The user accounts are not public and cannot be indexed by search engines. When users cancel their user accounts, their data related to the account will be deleted unless retention is necessary for commercial or tax reasons. Data in the customer account will remain until deletion, followed by archiving in case of legal obligations or our legitimate interests (e.g., in the case of legal disputes). Users are responsible for securing their data before the contract ends, in case of cancellation.As part of registration, re-login, and the use of our online services, we store the IP address and time of the respective user action. The storage is based on our legitimate interests and the user’s interest in protection against abuse and other unauthorized use. These data are not disclosed to third parties unless it is necessary to pursue our legal claims as a legitimate interest or there is a legal obligation.The data will be deleted after the statutory warranty and other contractual rights or obligations have expired, and the necessity of data retention is reviewed every three years. In the case of legal archiving obligations, deletion will occur after the expiration of those obligations.Agency Services
We process the data of our customers within the framework of our contractual services, including conceptual and strategic advice, campaign planning, software and design development/consultation or maintenance, campaign execution and process handling, server administration, data analysis/consulting, and training services.In this context, we process inventory data (e.g., customer master data such as names or addresses), contact data (e.g., email, phone numbers), content data (e.g., text entries, photographs, videos), contractual data (e.g., contract subject, duration), payment data (e.g., bank details, payment history), usage and metadata (e.g., for evaluating and measuring the success of marketing activities). We generally do not process special categories of personal data unless they are part of a commissioned processing. The affected individuals include our customers, prospects, as well as their customers, users, website visitors, employees, or third parties. The purpose of processing is to provide contractual services, invoicing, and customer service. The legal basis for processing arises from Art. 6(1) b DSGVO (contractual services), Art. 6(1) f DSGVO (analysis, statistics, optimization, security measures). We process data necessary to establish and fulfill the contractual services and point out the necessity of providing them.Disclosure to external parties occurs only if it is required as part of an order. When processing the data entrusted to us in the context of an order, we act according to the instructions of the client and in accordance with the legal provisions of commissioned processing as per Art. 28 DSGVO, and we process the data only for the contractual purposes.We delete data after the expiration of statutory warranty and comparable obligations. The necessity of retaining data is reviewed every three years. In the case of legal archiving obligations, deletion occurs after their expiration (6 years according to § 257(1) HGB, 10 years according to § 147(1) AO). In the case of data disclosed to us by the client in the course of an order, we delete the data according to the client’s instructions, generally after the completion of the order.Therapeutic Services and Coaching
We process the data of our clients and prospects, as well as other clients or contract partners (collectively referred to as “clients”) according to Art. 6(1) b DSGVO, in order to provide our contractual or pre-contractual services. The data processed, the nature, scope, and purpose, and the necessity of their processing depend on the underlying contractual relationship. The processed data generally includes client master data (e.g., name, address, etc.), contact data (e.g., email address, phone number, etc.), contractual data (e.g., services provided, fees, contact person names, etc.), and payment data (e.g., bank details, payment history, etc.).As part of our services, we may also process special categories of data according to Art. 9(1) DSGVO, particularly health-related information about clients, potentially related to their sexual life, sexual orientation, ethnic origin, or religious or philosophical beliefs. We obtain explicit consent from clients in accordance with Art. 6(1) a, Art. 7, Art. 9(2) a DSGVO, and process such special categories of data for health care purposes based on Art. 9(2) h DSGVO, § 22(1) No. 1 b. BDSG, if necessary.If necessary for contract performance or legally required, we disclose or transmit client data within communication with other professionals, third parties involved in contract execution (e.g., billing agencies or comparable service providers), or if it serves the legitimate interest in efficient and cost-effective healthcare, as per Art. 6(1) f DSGVO, or if required to protect vital interests according to Art. 6(1) d DSGVO. If consent is obtained, data may also be shared according to Art. 6(1) a, Art. 7 DSGVO.The data will be deleted when no longer required for the fulfillment of contractual or statutory obligations, and the necessity of retention will be reviewed every three years. Otherwise, statutory retention periods apply.Contractual Services
We process the data of our contractual partners, prospects, and other clients, customers, and contract partners (collectively referred to as “contractual partners”) according to Art. 6(1) b DSGVO to provide our contractual or pre-contractual services. The processed data depends on the underlying contractual relationship.The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g., email addresses and phone numbers), and contractual data (e.g., services provided, contractual contents, contractual communication, contact person names) and payment data (e.g., bank details, payment history).Special categories of personal data are generally not processed, unless part of a commissioned or contractual processing.Data required for the establishment and performance of contractual services are processed and the necessity of their provision is pointed out to the contractual partners. Disclosure to external parties occurs only if necessary for the contract. When processing data entrusted to us as part of an order, we act according to the instructions of the client and in accordance with the legal provisions.In the context of using our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests and those of the user in protecting against misuse and unauthorized use. These data are not disclosed to third parties unless necessary to pursue our claims or if legally required.Data will be deleted when no longer needed for fulfilling contractual or statutory duties, and the necessity of retaining data will be reviewed every three years. Statutory retention obligations apply otherwise.

External Payment Service ProvidersWe use external payment service providers through whose platforms users and we can perform payment transactions (e.g., with links to their privacy policies: PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)).In fulfilling contracts, we use the payment service providers based on Article 6(1)(b) of the GDPR. Otherwise, we use external payment service providers based on our legitimate interests according to Article 6(1)(f) of the GDPR to offer users effective and secure payment options.The data processed by the payment service providers include personal data such as names, addresses, bank details like account numbers or credit card numbers, passwords, TANs, and checksums, as well as transaction-related information, such as contract details, amounts, and recipient information. These details are necessary to complete transactions. However, the data are only processed and stored by the payment service providers. We do not receive account or credit card information but only confirmation or denial of the payment. In some cases, the data may be transmitted to credit rating agencies by the payment service providers for identity and credit checks. For more information, please refer to the terms and privacy policies of the respective payment service providers.The terms and conditions and privacy policies of the respective payment providers apply to the payment transactions. We refer to these for further information and for exercising rights like revocation, access, and other rights of the data subjects.Administration, Financial Accounting, Office Organization, Contact ManagementWe process data for administrative tasks, business operations, financial accounting, and to comply with legal obligations, such as data archiving. In doing so, we process the same data that we process in providing our contractual services. The legal grounds for processing are Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Customers, prospects, business partners, and website visitors are affected by this processing. The purpose and our interest in processing is to maintain business operations, perform our tasks, and deliver our services. The deletion of data concerning contractual services and communications complies with the provisions related to these processing activities.We may disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors, as well as other fee-charging bodies and payment service providers.Furthermore, for business management purposes, we store details about suppliers, event organizers, and other business partners, such as for future contact. These mostly business-related data are generally stored permanently.Business Analysis and Market ResearchTo operate our business economically, to recognize market trends and user preferences, we analyze the data related to business transactions, contracts, inquiries, etc. We process data such as account details, communication data, contractual data, payment data, usage data, and metadata based on Article 6(1)(f) of the GDPR. Affected persons include business partners, prospects, customers, visitors, and users of our online offerings.The analyses serve business evaluations, marketing, and market research. We may take into account user profiles of registered users with data such as their services used. The analyses help us increase user friendliness, optimize our offerings, and improve the business management. These analyses are for internal use and are not disclosed to third parties, unless they are anonymous analyses with aggregated data.If these analyses or profiles contain personal data, they will be deleted or anonymized after contract termination or two years from the contract conclusion. Otherwise, business management analyses and general trend determinations are created anonymously wherever possible.Privacy Notices in the Recruitment ProcessWe process applicant data only for the purpose of and within the scope of the recruitment process, in compliance with legal regulations. The processing of applicant data occurs to fulfill our (pre)contractual obligations during the recruitment process in accordance with Article 6(1)(b) GDPR and Article 6(1)(f) GDPR, if the data processing is required in legal proceedings (in Germany, § 26 BDSG also applies).The recruitment process requires applicants to submit their data. The necessary applicant data are marked if we provide an online form; otherwise, it follows the job descriptions and generally includes personal information, contact details, and application documents such as a cover letter, resume, and certificates. Applicants may voluntarily provide additional information.By submitting an application to us, applicants agree to the processing of their data for recruitment purposes as outlined in this privacy policy.If special categories of personal data (such as health information or ethnic origin) are provided during the recruitment process, they will be processed based on Article 9(2)(b) GDPR (e.g., health data like disability status) or Article 9(2)(a) GDPR (e.g., health data if necessary for job performance).Applications can be submitted to us via an online form, which encrypts the data for secure transmission. Alternatively, applicants can submit their applications via email, but note that emails are generally not encrypted, and applicants are responsible for encryption. We cannot take responsibility for email transmission security and recommend using the online form or postal submission.If an applicant is hired, their data will be further processed for employment purposes. If the application is unsuccessful, the data will be deleted, unless the applicant withdraws the application, in which case the data will also be deleted.The data will be deleted six months after the end of the recruitment process unless we need them for further legal obligations.Registration FunctionUsers can create an account. The necessary required information for registration will be provided to users, and the data will be processed based on Article 6(1)(b) GDPR for the purpose of providing the account. The data processed include login information (name, password, email address). The data provided during registration are used for the account’s purpose.Users may be informed by email about relevant information regarding their account, such as technical changes. If users cancel their account, their data related to the account will be deleted, subject to legal retention obligations. It is up to the users to back up their data before cancellation.For registration and account functions, we store the user’s IP address and the time of each action. This is based on our legitimate interest as well as the user’s interest in protecting against misuse and unauthorized use. These data are not passed to third parties unless required for asserting our claims or legally mandated.ContactWhen contacting us (e.g., through a contact form, email, phone, or social media), the user’s information is processed to handle and complete the inquiry according to Article 6(1)(b) GDPR (contractual/pre-contractual relationships) and Article 6(1)(f) GDPR (other inquiries). User data may be stored in a Customer Relationship Management system (CRM system) or similar query management tool.We delete inquiries when no longer necessary. We review necessity every two years; legal archiving obligations apply.NewsletterWith the following information, we inform you about the content of our newsletter, the registration, delivery, and statistical analysis procedures, and your right to object. By subscribing to our newsletter, you agree to receive it and the described procedures.Content of the Newsletter: We only send newsletters, emails, and other electronic notifications with promotional information (hereinafter referred to as “newsletter”) with the consent of the recipients or a legal basis. If specific content is described when registering for the newsletter, it will govern the consent of users. Otherwise, our newsletters contain information about our services and us.Double Opt-In and Logging: The newsletter registration follows a double opt-in process. You will receive an email asking you to confirm your registration. This confirmation is necessary to prevent others from registering with your email address. The registration process is logged to comply with legal requirements, including storing the registration and confirmation times and the IP address.Subscription Data: To register for the newsletter, you only need to provide your email address. Optionally, we ask for your name to address you personally.Newsletter Delivery and Success Measurement: We send newsletters based on the recipients’ consent according to Article 6(1)(a), Article 7 GDPR, and Section 7(2)(3) UWG, or if consent is not required, based on our legitimate interests in direct marketing according to Article 6(1)(f) GDPR in conjunction with Section 7(3) UWG.The logging of the registration process is based on our legitimate interests according to Article 6(1)(f) GDPR. Our interest lies in using a user-friendly, secure newsletter system that serves both our business interests and the expectations of users.Newsletter – Delivery Service ProviderThe newsletter is sent via a service provider. The privacy policy of the service provider can be reviewed here: [Link to Privacy Policy]. The service provider is used based on our legitimate interests under Article 6(1)(f) GDPR and a data processing agreement according to Article 28(3)(1) GDPR.The service provider may use the data of recipients in pseudonymized form for optimizing or improving its services, e.g., for technical optimization or statistical purposes, but not to contact recipients or share data with third parties.Newsletter – Success MeasurementThe newsletters contain a “web beacon,” i.e., a pixel-sized file that is retrieved when the newsletter is opened. This provides technical information, such as browser details, system information, IP address, and access times.This data helps improve services based on technical data or user behavior, such as the times and locations of access. It also includes

Hosting and Email SendingThe hosting services we use provide the following services: infrastructure and platform services, computing power, storage space, database services, email sending, security services, and technical maintenance services, which we use for the operation of this online offering.In doing so, we and our hosting provider process personal data such as inventory data, contact data, content data, contractual data, usage data, metadata, and communication data of customers, prospects, and visitors to this online offering, based on our legitimate interests in providing this online offering efficiently and securely, in accordance with Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).Collection of Access Data and Log FilesWe, or our hosting provider, collect data on each access to the server on which this service is located (so-called server log files) based on our legitimate interests in accordance with Art. 6 (1) lit. f GDPR. The access data includes the name of the retrieved website, file, date and time of retrieval, transferred data volume, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.Log file information is stored for a maximum of 7 days for security reasons (e.g., to investigate abuse or fraud) and is then deleted. Data that needs to be retained for evidence purposes are excluded from deletion until the respective incident is fully clarified.Google AnalyticsWe use Google Analytics, a web analysis service provided by Google LLC (“Google”), based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering in accordance with Art. 6 (1) lit. f GDPR). Google uses cookies. The information generated by the cookie about the use of the online offering by users is usually transmitted to and stored on a server of Google in the USA.Google is certified under the Privacy Shield Agreement, which guarantees compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).Google will use this information on our behalf to evaluate the usage of our online offering by users, to compile reports on activities within the online offering, and to provide other services related to the use of the online offering and internet usage. Pseudonymous user profiles may be created from the processed data.We use Google Analytics only with IP anonymization enabled. This means that the user’s IP address will be shortened by Google within the member states of the European Union or other countries party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting the settings in their browser software. In addition, users can prevent the collection of data generated by the cookie and related to their use of the online offering by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.Further information on data usage by Google, setting options, and opt-out options can be found in Google’s privacy policy (https://policies.google.com/privacy) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).User data will be deleted or anonymized after 14 months.Google AdSense with Personalized AdsWe use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering in accordance with Art. 6 (1) lit. f GDPR).Google is certified under the Privacy Shield Agreement, which guarantees compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).We use the AdSense service to display advertisements on our website and receive compensation for their display or other usage. To this end, usage data such as the click on an ad and the user’s IP address are processed, with the last two digits of the IP address being truncated. Therefore, the processing of user data is pseudonymized.We use AdSense with personalized ads. Google uses data about the websites or apps visited by users and the user profiles created from this to draw conclusions about their interests. Advertisers use this information to tailor their campaigns to these interests, which is beneficial for both users and advertisers. For Google, ads are considered personalized when collected or known data determines or influences the ad selection. This includes, among other things, previous search queries, activities, website visits, the use of apps, demographic and location information. Specifically, this includes demographic targeting, interest category targeting, remarketing, as well as targeting on lists for customer matching and audience lists uploaded to DoubleClick Bid Manager or Campaign Manager.Further information on data usage by Google, setting options, and opt-out options can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).Facebook Pixel, Custom Audiences, and Facebook ConversionWithin our online offering, we use the Facebook Pixel from the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), based on our legitimate interests in the analysis, optimization, and economic operation of our online offering.Facebook is certified under the Privacy Shield Agreement, which guarantees compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).Using the Facebook Pixel, Facebook can determine the visitors of our online offering as a target group for displaying ads (so-called “Facebook Ads”). Consequently, we use the Facebook Pixel to display Facebook Ads only to Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g., interests in specific topics or products determined by the visited websites), which we transmit to Facebook (so-called “Custom Audiences”). The Facebook Pixel helps ensure that our Facebook Ads match users’ potential interests and are not intrusive. It also allows us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing if users were directed to our website after clicking on a Facebook ad (so-called “Conversion”).Data processing by Facebook is carried out within the framework of Facebook’s Data Use Policy. General information about the display of Facebook Ads can be found in Facebook’s Data Use Policy: https://www.facebook.com/policy. Specific information and details about the Facebook Pixel and its functionality can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.You can opt-out of the collection by the Facebook Pixel and the use of your data for displaying Facebook Ads. To set which types of ads are shown to you within Facebook, you can visit the page provided by Facebook and follow the instructions for setting up ads based on usage: https://www.facebook.com/settings?tab=ads. These settings are platform-independent, meaning they will apply to all devices, such as desktop computers or mobile devices.You can also opt-out of the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative’s opt-out page (http://optout.networkadvertising.org/) and additionally through the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).