Privacy Policy

Privacy Policy of Nambin Yoga

A. General Information

§ 1 Information about the collection of personal data

(1) The following provides information about the processing of personal data when using our website https://nambinyoga.com/. Personal data includes all data that can be personally related to you, such as name, address, email addresses, and user behavior. Our aim is to inform you about our processing procedures and, at the same time, to comply with legal obligations, particularly those arising from the EU General Data Protection Regulation (GDPR).

(2) The data controller pursuant to Article 4(7) of the GDPR is Mrs. Liana Hoffmann, Wasserkrueger Weg 127B, 23879 Moelln, Email Address: info@nambinyoga.com (see our imprint).

(3) When you contact us via email or through a contact form, the data you provide (your email address, your name, and optionally your phone number) will be stored by us to respond to your inquiries. We delete the data collected in this context if the request is associated with a contract, according to the contract duration timelines. Otherwise, we delete the data when storage is no longer necessary or restrict processing if legal retention obligations exist.

(4) If we use contracted service providers for specific functions of our offering or intend to use your data for promotional purposes, we will carefully select and monitor these service providers. Detailed information about the respective processes will be provided below. We will also specify the defined criteria for the storage duration.

 § 2 Your rights

(1) You have the following rights regarding the personal data concerning you in relation to a controller: 

  • Right to information,

  • Right to correction or deletion,

  • Right to restriction of processing,

  • Right to object to processing,

  • Right to data portability.

(2) Additionally, you have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us.

§ 3 Processing of Personal Data When Visiting Our Website

During the informative use of the website, which involves merely viewing without registration or providing other information, we process the personal data that your browser transmits to our server. The data described below are technically necessary for us to display our website to you, ensure stability and security, and therefore must be processed by us. The legal basis is Article 6(1) sentence 1 lit. f GDPR:

  • IP address

  • Date and time of the request

  • Time zone difference from Greenwich Mean Time (GMT)

  • Content of the request (visited page)

  • Access status/HTTP status code

  • - Amount of data transmitted

  • - Previously visited page

  • - Browser

  • - Operating system

  • - Language and version of the browser software.

These are the data elements processed, and they are technically necessary for the reasons mentioned earlier to display the website and ensure stability and security.

§ 4 Additional Features and Offers on Our Website

(1) In addition to the purely informative use of our website, we offer various services that you can use if interested. We also utilize additional common functions for the analysis or marketing of our offerings, which are further detailed below. For this purpose, you generally need to provide additional personal data, or we process such additional data to perform the respective services. The principles of data processing mentioned earlier apply to all data processing purposes described here.


(2) In some cases, we use external service providers to process your data. These providers are carefully selected by us, bound by our instructions, and subject to regular monitoring.

(3) Furthermore, we may disclose your personal data to third parties when promotions, contests, contract completions, or similar services are offered jointly by us with partners. Depending on the service, your data may also be collected independently by the partners. More information is available when you provide your data or in the description of the respective offers below.

 (4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.

§ 5 Objection or Revocation of the Processing of Your Data

(1) If you have given consent for the processing of your data, you can revoke it at any time. Such a revocation affects the permissibility of processing your personal data after you have expressed it to us. The permissibility of processing your data until the time of your revocation remains unaffected.

(2) If we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary to fulfill a contract with you, which will be explained by us in each case in the following description of the functions. If you exercise such an objection, please explain the reasons why we should not process your personal data as we have done. In the event of your objection, we will examine the situation and either stop or adjust the data processing, or we will demonstrate our compelling legitimate reasons for continuing the processing.

 (3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your objection to advertising by contacting us using the contact information provided above

§ 6 Processing of Data from Your Devices ("Cookie Policy")

(1) In addition to the data mentioned above, we use technical tools for various functions during your use of our website, especially cookies, which can be stored on your end device. When you visit our website and at any time thereafter, you have the choice of whether to generally allow the setting of cookies or select individual additional functions. You can make changes in your browser settings or through our consent manager. Below, we first describe cookies from a technical perspective (2) before going into your individual choices, describing technically necessary cookies (3), and cookies that you can voluntarily enable or disable (4).

(2) Cookies are text files or information in a database that are stored on your hard drive and associated with the browser you are using, allowing the entity setting the cookie to receive certain information. Cookies cannot execute programs or transmit viruses to your computer but primarily serve to make the Internet offering faster and more user-friendly. This website uses the following types of cookies, the functionality, and legal basis of which will be explained below:

- Transient cookies: Such as session cookies, are automatically deleted when you close your browser or log out. They contain a session ID, allowing different requests from your browser to be assigned to the common session, and your computer can be recognized when you return to our website.

- Persistent cookies: Such cookies are automatically deleted after a predefined period, which varies depending on the cookie. In your browser settings, you can view the set cookies and their durations at any time and manually delete them.

- These functions are not based on cookies but on similar technical mechanisms, such as Flash cookies, HTML5 objects, or an analysis of your browser settings. The result is that we can use the techniques described below. Here too, you can of course consent or object.

(3) Mandatory, technically necessary functions for displaying the website: The technical structure of the website requires us to use techniques, especially cookies. Without these techniques, our website cannot be displayed (completely correctly), or support functions may not be enabled. These are generally transient cookies that are deleted after the end of your website visit or, at the latest, when you close your browser. You cannot deselect these cookies if you want to use our website. The individual cookies are visible in the consent manager. The legal basis for this processing is Art. 6(1) sentence 1 lit. f GDPR.

(4) Optional cookies with your consent: We only use various cookies with your consent, which you can select during your first visit to our website via the so-called cookie consent tool. The functions are activated only if you agree and can serve, among other things, to analyze and improve visits to our website, facilitate operation across different browsers or devices, recognize you on a return visit, or display advertising (possibly also to align advertising with interests, measure the effectiveness of ads, or show interest-based advertising). The legal basis for this processing is Art. 6(1) sentence 1 lit. a GDPR. You can revoke your consent at any time without affecting the legality of the processing until the revocation.

We will describe the functions we use, which you can individually select and revoke through the consent manager, below.

§ 7 SSL Encryption

Visiting our website and the transmission of personal data or user content is secured by SSL encryption. Please ensure that SSL encryption is activated on your end. The use of encryption is easily recognizable: the display in your browser's address bar changes from "http://" to "https://" when SSL encryption is active. Data encrypted via SSL is not readable by third parties. Therefore, only transmit your confidential information when SSL encryption is activated, and if you have any doubts, feel free to contact us.

B. Hosting via Squarespace

Our website is built on the Squarespace website builder system. The provider of this service is the US-based company Squarespace, Inc., located at 225 Varick Street, 8 Clarkson St, New York, NY 10014, USA.

Squarespace processes data in the USA. According to the Data Privacy Framework for secure data transfer from the EU to the USA, the use of all US service providers is legally secure if they are certified under the DPF (Data Privacy Framework) (you can find the official DPF list here). As of the current status, Squarespace is DPF certified, thus officially complying with applicable data protection laws for international data transfer. You can find more information about data privacy at Squarespace here: [https://de.squarespace.com/data-privacy].

C. Special Forms of Website Usage

1. Use of Blog Features

In our blog, where we publish various posts on topics related to our activities, you cannot submit public comments.

2. Use of Our Contact Form & Email Contact

(1) On our website, there is a contact form that can be used for electronic communication. If a user takes advantage of this opportunity, the data entered into the input mask is transmitted to us and stored. This data includes:

- Name

- Email address

During the submission process, your consent is obtained, and reference is made to this privacy policy.

Alternatively, contact can be made via the provided email address. In this case, the personal data transmitted by the user via email is stored. There is no disclosure of this data to third parties, and the data is used exclusively for processing the conversation.

(2) The legal basis for processing data, if the user has given consent, is Art. 6(1)(a) GDPR. The legal basis for processing data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6(1)(b) GDPR.

(3) The processing of personal data from the input mask is solely used for processing the contact request. In the case of contact via email, there is also the necessary legitimate interest in processing the data.

Other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

(4) The data is deleted as soon as it is no longer required for the purpose of its collection. For the personal data from the contact form's input mask and those transmitted via email, this is the case when the respective conversation with the user is completed. The conversation is deemed to be ended when it can be inferred from the circumstances that the relevant matter has been conclusively clarified. The additional personal data collected during the submission process is deleted at the latest after a period of seven days.

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

3. Online Meetings via Google Meet

We use Google Meet for conducting online meetings. The service provider is the US-based company Google Inc. In Europe, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for the service. Google processes data in the USA. According to the Data Privacy Framework for secure data transfer from the EU to the USA, the use of all US service providers is legally secure if they are certified under the DPF (Data Privacy Framework) (you can find the official DPF list here). As of the current status, Google is DPF certified and thus officially complies with international data protection laws for data transfer. For more information on privacy at Google, please visit https://policies.google.com/privacy

4. Online Meetings via Zoom

We use Zoom for conducting online meetings. The service provider is the American company Zoom Video Communications, located in San Jose, 55 Almaden Boulevard, 6th Floor, CA 95113.

Zoom processes data in the USA. According to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. As of the current status, Zoom is not a certified company under the Data Privacy Framework (DPF) (you can find the official DPF list here)

As the basis for data processing with recipients located in third countries, Zoom uses Standard Contractual Clauses according to Art. 46, para. 2 and 3 of the GDPR. Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are designed to ensure that your data complies with European data protection standards when processed in third countries (such as the USA). Through these clauses, Zoom commits to maintaining the European level of data protection in the processing of your personal data, even when the data is processed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other information, here: [https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de](https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de)

You can find more information about data protection at Zoom here: [https://explore.zoom.us/de/privacy/?tid=331692117834](https://explore.zoom.us/de/privacy/?tid=331692117834)

5. Adobe Fonts

We use the web font hosting service Adobe Fonts on our website. The service provider is the American company Adobe Inc. In Europe, Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, is responsible.

Adobe processes data in the USA. According to the Data Privacy Framework for secure data transfer from the EU to the USA, the use of all US service providers is legally secure if they are certified under the DPF (Data Privacy Framework) (you can find the official DPF list here). As of the current status, Adobe is DPF certified and thus officially complies with international data protection laws for data transfer.

For more information on privacy at Adobe, please visit [https://www.adobe.com/de/privacy/eudatatransfers.html](https://www.adobe.com/de/privacy/eudatatransfers.html)

6. Google Fonts

We use the web font hosting service Google Fonts on our website. The service provider is the American company Google Inc. In Europe, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible.

Google processes data in the USA. According to the Data Privacy Framework for secure data transfer from the EU to the USA, the use of all US service providers is legally secure if they are certified under the DPF (Data Privacy Framework) (you can find the official DPF list here). As of the current status, Google is DPF certified and thus officially complies with international data protection laws for data transfer. The use of Google Fonts on our website is based on your consent under Art. 6(1)(a) GDPR. If this consent is given, it constitutes the legal basis for the processing of personal data by Google Fonts. In addition, we have a legitimate interest in using Google Fonts to optimize our online service, based on Art. 6(1)(f) GDPR. However, Google Font is only used with your explicit consent.

When you visit our website, fonts are loaded via Google Fonts, which involves the transmission of data to Google. This includes your IP address and the fact that you have visited our website. Google Fonts is designed to minimize the collection of end-user data. However, data such as language settings, IP address, browser version, screen resolution, and browser name are transmitted to Google during a Google Font request. It is not definitively known whether Google stores this data. Google uses the data to analyze the popularity of fonts and publishes certain data, such as which websites use Google Fonts, in their BigQuery database.

Google stores requests for CSS assets on its servers for one day, mainly located outside the EU. This storage allows us to use fonts via a Google stylesheet. The actual font files are retained by Google for one year, aiming to optimize the loading times of websites. After the initial visit, the fonts are cached, and subsequent visits to websites result in immediate loading. Google may occasionally update font files to improve their efficiency and coverage.

For more information on privacy at Google, please visit https://policies.google.com/privacy

7. Payment Processing

(1) You can pay in our webshop using the online payment service PayPal. The service provider is the American company PayPal Inc. For the European region, the company responsible is PayPal Europe S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

PayPal processes data in the USA. According to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. As of the current status, PayPal is not a certified company under the Data Privacy Framework (DPF) (you can find the official DPF list here).

As the basis for data processing involving recipients based in third countries, PayPal uses Standard Contractual Clauses according to Art. 46, Abs. 2 and 3 GDPR. Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards when processed in third countries (such as the USA). Through these clauses, PayPal commits to maintaining the European level of data protection when processing your personal data, even if the data is processed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale

You can find more information about privacy at PayPal herehttps://www.paypal.com/webapps/mpp/ua/privacy-full

(2) If you make payments to third parties (such as hotel bookings) or through third parties (bank transfers), the privacy policies of the involved third parties apply.

8. Hotel Booking through Our Website

(1) On our website, there is also the option to make hotel bookings, which are directly billed by the hotel. If a user chooses this option, we collect the name and email address of the customer and provide this information to the respective hotel so that an invoice can be directly generated by the hotel for the customer, and the customer's booking can be managed.

For the processing of data, your consent is obtained during the submission process, and reference is made to this privacy policy. Alternatively, booking is possible via the provided email address. In this case, the personally identifiable data transmitted with the email are stored, and they are forwarded to the respective hotel for the purpose of booking management and invoicing.

(2) The legal basis for processing the data, where the user has given consent, is Art. 6 para. 1 lit. a GDPR, and for contract fulfillment, it is Art. 6 para. 1 lit. b GDPR. The legal basis for processing data transmitted via email is Art. 6 para. 1 lit. f GDPR. If the email contact aims at the conclusion of a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

(3) The processing of personal data serves the fulfillment of the contract we have entered into with you and for the mediation of the hotel booking.

(4) The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The deletion at the respective hotel is subject to its privacy policies and must be obtained there. The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued, and the contract cannot be fulfilled

9. Integration of MomoYoga

To English: We use MomoYoga on our website. MomoYoga is a US-based company. MomoYoga processes data in the USA. According to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. As of the current status, MomoYoga is not DPF certified (here is the official DPF list).

If you use Momoyoga as a yogi, your data will be used by Momoyoga for the following purposes:

1. To create a yogi profile within the Momoyoga environment.

2. To sign up at one or more studios.

3. For internal statistical analysis.

4. To provide secure access to your yogi profile.

5. To forward email notifications from the yoga studio.

You can find more information about data protection at MomoYoga here https://www.momoyoga.com/en/privacy

D. Newsletter

(1) You can subscribe to our newsletter, through which we inform you about our current interesting offers, by giving your consent. The advertised goods and services are specified in the declaration of consent.

(2) For the subscription to our newsletter, we use the so-called double-opt-in procedure. This means that after your registration, we will send you an email to the specified email address, in which we ask for confirmation that you are the owner of the provided email address and wish to receive notifications. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. Additionally, we save your respective IP addresses and the times of registration and confirmation. The purpose of the procedure is to verify your registration and, if necessary, clarify any potential misuse of your personal data.

(3) The mandatory information for sending the newsletter is solely your email address. [The provision of additional, separately marked data is voluntary and is used to address you personally.] After your confirmation, we save your email address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

(4) You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare your revocation by clicking on the link provided in every newsletter email, using the form on the website, sending an email to [mail@nambinyoga.com], or by sending a message to the contact details provided in the imprint.

(5) Additionally, you can also give your consent for us to evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the data mentioned above [in § 3] and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID. Information about your user behavior is collected exclusively in pseudonymized form, so the IDs are not linked to your other personal data, and direct personal identification is excluded.

You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us through another contact method, as outlined above. The information is stored as long as you have subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images by default in your email program. In this case, the newsletter will not be displayed completely, and you may not be able to use all functions. If you manually display the images, the aforementioned tracking takes place.

E. Web Analytics - Web tracking using Google Analytics

(1) This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The purpose of using this tool is to enable the analysis of user interactions on websites and in apps, and to improve and make our offer more interesting for you as a user based on the obtained statistics and reports.

(2) We primarily capture the interactions between you as a user of the website and our website using cookies, device/browser data, IP addresses, and website or app activities. In Google Analytics, your IP addresses are also recorded to ensure the security of the service and to provide us, as website operators, with information about the country, region, or location of the respective user (so-called "IP location determination"). For your protection, we use the anonymization function ("IP Masking"), which means that Google shortens the IP addresses by the last octet within the EU/EEA.

(3) Google acts as a data processor, and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually truncated) IP addresses about your use of this website are usually transmitted to a server of Google in the USA and processed there. For these cases, Google has reportedly set a standard that corresponds to the former EU-US Privacy Shield and has committed to complying with applicable data protection laws in international data transfers. We have also agreed on so-called standard contractual clauses with Google, the purpose of which is to ensure an adequate level of data protection in the third country.

(4) The legal basis for the collection and further processing of information (which occurs for a maximum of 14 months) is your given consent (Art. 6(1) lit. a DS-GVO). The revocation of your consent is possible at any time without affecting the legality of the processing until the revocation. In apps, you can reset the advertising ID in the settings of Android or iOS. You can easily revoke your consent via our Consent Manager or install the Google browser add-on, which is available at the following link:https://tools.google.com/dlpage/gaoptout

(5) For more information on the scope of Google Analytics, please visit https://www.google.com/google-ad-manager/platform/terms/. Google provides information on data processing when using Google Analytics at the following link: https://support.google.com/analytics/answer/6004245?hl=de/. General information on data processing, which, according to Google, also applies to Google Analytics, can be found in Google's privacy policy at www.google.de/intl/de/policies/privacy/


F. Social Media

10. Use of Social Media Plugins

(1) We currently use the following social media plugins: Instagram, Facebook, YouTube, Pinterest, Twitter "X," and LinkedIn, which are only loaded if you have previously activated the function through your consent. Through the plugins, we offer you the opportunity to interact with social networks and other users. The legal basis for using the plugins is Art. 6 para. 1 sentence 1 lit. a GDPR, meaning that integration only occurs with your consent.

(2) The plugin provider stores the data collected about you as user profiles and uses them for advertising, market research, and/or tailored design of its website. Such an evaluation is carried out, in particular, (even for users not logged in) for the purpose of displaying tailored advertising and informing other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact the respective plugin provider to exercise this right. Data is transferred regardless of whether you have an account with the plugin provider and are logged in. If you are logged in to the plugin provider, your data collected by us will be directly associated with your existing account with the plugin provider. If you activate the button and link the page, for example, the plugin provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, especially before activating the button, as this allows you to avoid association with your profile with the plugin provider.

(3) The collected information is stored on the servers of the providers, including servers outside of Europe for international providers. According to the Data Privacy Framework for secure data transfer from the EU to the USA, the use of all US service providers is legally secure if they are certified under the DPF (Data Privacy Framework) (you can find the official DPF list here). As of the current status, Meta is DPF certified, officially complying with applicable data protection laws for international data transfer. We have also agreed on so-called standard data protection clauses with the providers, the purpose of which is to ensure an adequate level of data protection in third countries.

(4) Der Widerruf Ihrer Einwilligung ist jederzeit möglich, ohne dass davon die Zulässigkeit der Verarbeitung bis zum Widerruf berührt wird. Den Widerruf können Sie am einfachsten über unseren Consent-Manager durchführen oder über die Funktionen der Social-Media-Anbieter.

(4) Revoking your consent is possible at any time without affecting the legality of the processing until revocation. You can easily revoke your consent through our Consent Manager or by using the features provided by the social media providers.

(5) For more information on the purpose and scope of data collection and processing by the plugin providers, please refer to the privacy policies of these providers. There, you will also find additional information about your rights and options to protect your privacy. Here are the addresses of the respective plugin providers and URLs to their privacy policies:

- Instagram and Facebook are services provided by Meta Platforms Ireland Limited, 4 Merrion Road, Dublin 4, D04 X2K5, Ireland. Information about Meta's privacy practices can be found here: https://www.facebook.com/privacy/center/

- Pinterest is a service provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). Information about Pinterest's privacy practices can be found here: https://policy.pinterest.com/de/privacy-policy

- Twitter/"X" is a service provided by Twitter International Unlimited Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND. Information about "X" privacy practices can be found here: https://twitter.com/de/privacy

- LinkedIn, a service provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; URL:,https://de.linkedin.com/legal/privacy-policy

2. Embedding YouTube Videos

(1) We have embedded YouTube videos in our online offering, which are stored on YouTube.com and can be played directly from our website. These are all embedded in "extended privacy mode," meaning that no data about you as a user will be transmitted to YouTube unless you play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transferred. We have no influence on this data transfer. The legal basis for displaying the videos is Art. 6(1) S. 1 lit. a DS-GVO, meaning that the embedding only occurs with your consent.

(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the basic data mentioned above, such as IP address and timestamp, are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in with Google, your data will be directly associated with your account. If you do not wish for this association with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for advertising, market research, and/or tailoring its website to user needs. Such evaluation is carried out, in particular (even for users not logged in), for the purpose of providing tailored advertising and informing other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and to exercise this right, you must contact YouTube.

(3) The collected information is stored on Google's servers, including in the USA. In these cases, the provider has, according to its own statements, set a standard equivalent to the former EU-US Privacy Shield and has pledged to comply with applicable data protection laws for international data transfers. We have also agreed on so-called standard data protection clauses with Google, the purpose of which is to ensure an adequate level of data protection in the third country.

(4) For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There, you will also find further information on your rights and privacy settings: www.google.de/intl/en/policies/privacy.

3. Integration of Google Maps

(1) On this website, we use the services of Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. The legal basis for using the maps is Art. 6(1) sentence 1 lit. a DS-GVO, meaning the integration only occurs with your consent.

(2) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the basic data mentioned above, such as IP address and timestamp, is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in with Google, your data will be directly assigned to your account. If you do not wish for this assignment to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research, and/or the design of its website to meet needs. Such an evaluation takes place, especially for users who are not logged in, to provide tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

(3) The collected information is stored on servers of Google, including in the USA. For these cases, the provider has set a standard that corresponds to the former EU-US Privacy Shield and has committed to complying with applicable data protection laws for international data transfers. We have also agreed on so-called standard data protection clauses with Google, the purpose of which is to maintain an adequate level of data protection in third countries.

(4) Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the provider's privacy policies. There, you will also find additional information on your relevant rights and options for protecting your privacy: www.google.de/intl/en/policies/privacy.

4. Our Presence on Social Networks

(1) We have various profiles on so-called social media platforms. We operate profiles on the following providers:

Instagram and Facebook are offerings of Meta Platforms Ireland Limited, 4 Merrion Road, Dublin 4, D04 X2K5, Ireland. Information about privacy at Meta can be found here: https://www.facebook.com/privacy/center/

TikTok is an offering from the company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Information about privacy at TikTok can be found here: https://www.tiktok.com/legal/page/row/privacy-policy/en

LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; URL: https://www.linkedin.com/in/darja-enkova-ll-m-49080193/ ;  Here you can find information on privacy at LinkedIn. https://de.linkedin.com/legal/privacy-policy

Twitter / „X are services provided by Twitter International Unlimited Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, IRELAND. Information on data protection for "X" can be found here: https://twitter.com/de/privacy

(2) We use the technical platform and services of the providers for these information services. We would like to inform you that you use our profiles on social media platforms and their functions at your own responsibility. This applies especially to the use of interactive functions (e.g., commenting, sharing, rating). When you visit our profiles, the providers of the social media platforms collect, among other things, your IP address and further information that is stored on your device in the form of cookies. This information is used to provide us as the operator of the profiles with statistical information about interactions.

(3) The collected information is stored on the servers of the providers, and for international providers, this may include locations outside of Europe. According to the Data Privacy Framework for secure data transfer from the EU to the USA, the use of all US service providers is legally secure if they are certified under the DPF (Data Privacy Framework) (here is the official DPF list). As of the current status, Meta is DPF certified, thus officially adhering to applicable data protection laws for international data transfer. We have also agreed on so-called standard data protection clauses with the providers, aiming to ensure an adequate level of data protection in third countries. We are not aware of how social media platforms use the data from your visits to our account and interactions with our posts for their own purposes, how long they store this data, and whether they share data with third parties. The data processing may differ depending on whether you are registered and logged in on the social network or whether you visit the page as an unregistered and/or non-logged-in user. When accessing a post or the account, the IP address assigned to your device is transmitted to the provider of the social media platform. If you are currently logged in as a user, your movements on the internet can be tracked through a cookie on your device. Through buttons embedded in websites, platforms can track your visits to these pages and associate them with your respective profile. Based on this data, content or advertisements tailored to you can be offered. If you want to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies on your device, and restart your browser.

(4) As the provider of the information service, we only process the data from your use of our service that you provide to us and that require interaction. For example, if you ask a question that we can only answer via email, we will store your information in accordance with the general principles of our data processing, as described in this privacy policy. The legal basis for processing your data on the social media platform is Art. 6 Abs. 1 S. 1 lit. f DS-GVO.

(5) To exercise your data subject rights, you can contact either us or the provider of the social media platform. If one party is not responsible for responding or needs to receive information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profile creation and data processing when using the website. For questions about the processing of your interaction with us on our page, please write to the contact details provided by us above.

(6) The information that the social media platform receives and how it is used is described by the providers in their privacy policies (see link in the table above). There, you will also find information about contact options and settings for advertisements. For additional information on social networks and how to protect your data, you can also visit www.youngdata.de

G. Online Advertising - Use of Google Ads

(1) We use the Google Ads service to draw attention to our offers through advertisements. If you reach our website through a Google ad, Google Ads stores a cookie on your device. The legal basis for processing your data is Art. 6(1) lit. a GDPR, meaning the integration occurs only with your consent.

(2) The advertisements are delivered by Google through so-called "Ad Servers." We and other websites use Ad Server cookies to measure certain parameters for performance tracking, such as ad impressions or user clicks. We can receive information about the success of our advertising campaigns through Google Ads cookies stored on our website. These cookies are not intended to personally identify you. Typically, the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions), and opt-out information (indicating that a user no longer wishes to be addressed) are stored as analytical values.

(3) Google's set cookies allow Google to recognize your internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. Each Ads customer is assigned a different cookie, so the cookies cannot be tracked across the websites of other Ads customers. By integrating Google Ads, Google receives information that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or not logged in, there is a possibility that the provider will obtain and store your IP address.

(4) Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We do not independently collect personally identifiable information in the mentioned advertising measures but solely provide the opportunity for Google to collect the data. We receive only statistical evaluations from Google, which provide information about which ads were clicked on how often at what prices. We do not receive any further data from the use of advertising materials, and in particular, we cannot identify users based on this information.

(5) You can revoke your consent at any time without affecting the lawfulness of processing until the revocation. You can easily revoke your consent through our Consent Manager or through the following methods: a) by adjusting your browser software accordingly, in particular by suppressing third-party cookies, which will prevent you from receiving third-party ads; b) by setting your browser to block cookies from the domain "www.googleadservices.com," www.google.de/settings/ads, with this setting being deleted when you delete your cookies; c) by disabling interest-based ads from providers that are part of the "About Ads" self-regulation campaign via the link www.aboutads.info/choices, with this setting being deleted when you delete your cookies; d) by permanently deactivating it in your browsers Firefox, Internet Explorer, or Google Chrome at the link www.google.com/settings/ads/plugin. Please note that in this case, you may not be able to use all the functions of this offer to their full extent.

(6) Further information on data protection at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found here: www.google.com/intl/de/policies/privacy and services.google.com/sitestats/de.html.

H. Messaging Service - WhatsApp

We use the instant messaging service WhatsApp. The service provider is the American company WhatsApp Inc., a subsidiary of Meta Platforms Inc. For the European region, the responsible company is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

WhatsApp processes your data, including in the USA. According to the Data Privacy Framework for secure data transfer from the EU to the USA, the use of all US service providers certified under the DPF is legally secure (here is the official DPF list). As of the current status, WhatsApp LLC is DPF certified, ensuring compliance with applicable data protection laws for international data transfer.

We only include you in WhatsApp communication if you consent to it. If you contact us via WhatsApp, this contact is considered consent for communication via WhatsApp.

WhatsApp uses Standard Contractual Clauses as the legal basis for processing data in third countries. Standard Contractual Clauses are template agreements provided by the European Commission, setting the EU standard for data security in the context of transfers to third countries. This obliges WhatsApp to adhere to the European data protection level when processing personal data. More information can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927.

For information about data processing on WhatsApp, please refer to: https://www.whatsapp.com/privacy

ENGLISH DEUTSCH