MCP Apps Workspace – Build, Deploy, Preview & Analyze MCP Apps

These are the privacy policy provisions of

Ippen Digital GmbH & Co. KG
Paul-Heyse-Straße 2–4
80336 Munich
Tel: +49 89 5306-0
Fax: +49 89 5306-685
E-mail: info@ippen-digital.de

Below, we inform you in detail which personal data we collect on our websites and in connection with the services and offerings mentioned in this privacy policy, for what purpose we collect them, and how long these data are stored. We then inform you about the rights you have in relation to data processing and how you can exercise these rights.

If you have any questions or comments about data protection on our website, you are welcome to contact us at any time. You can contact us, for example, by e-mail atdatenschutz@ippen-digital.de.

This privacy policy applies to the collection, processing and use ("use") of your personal data when using our online services as well as to all other supplies and services that you wish to obtain from us.

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is

Ippen Digital GmbH & Co. KG
Data Protection Officer
Paul-Heyse-Str. 2–4
80336 Munich
Tel: +49 89 5306-0
Fax: +49 89 5306-685
E-mail: info@ippen-digital.de

Insofar as your data are processed by the controller on the basis of an agreement pursuant to Art. 26 (1) GDPR in joint controllership with third parties (so-called "joint controllership"), you will be informed of this in the following descriptions of the individual data processing operations.

II. Data Protection Officer

You can reach our Data Protection Officer at:

Ippen Digital GmbH & Co. KG
Data Protection Officer
Paul-Heyse-Str. 2–4
80336 Munich
E-mail: datenschutz@ippen-digital.de

III. General Information on Data Processing

1. Legal Basis for the Processing of Personal Data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. For the processing of personal data that is necessary for the performance of a contract to which the data subject is party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract. Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or of another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis. If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

2. Erasure of Data and Storage Period

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or erased when a storage period prescribed by the aforementioned provisions expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

IV. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data are collected:

Information about the browser type and version used
The user's operating system
The user's internet service provider
The user's IP address
Date and time of access
Websites from which the user's system reaches our website
Websites that are accessed by the user's system via our website

These data are also stored in the log files of our system. The IP addresses of the user or other data that enable the data to be associated with a user are not affected by this. These data are not stored together with other personal data of the user.

2. Legal Basis for Data Processing

The legal basis for the temporary storage of the data is Art. 6 (1) (f) GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR.

4. Duration of Storage

The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

5. Joint Controllership

The data processing described in this section is carried out under joint controllership ("joint controllership") with Ippen Digital GmbH & Co. KG, whose privacy policy can be accessed here:https://www.ippen-digital.de/ueber-uns/datenschutz/

V. Use of Cookies

1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can also be identified after a page change.

With the help of these cookies, our digital offering can be used more easily and efficiently, and user usage patterns can be analyzed for the purpose of continuously improving our products. In addition, cookies can be used to tailor advertising to the individual interests and usage patterns of users.

2. Joint Controllership

VI. Contact Form and E-mail Contact

1. Description and Scope of Data Processing

A contact form is available on our website which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask are transmitted to us and stored. These data are:

Company
First name
Last name
Address
Telephone
E-mail
Your message

At the time the message is sent, the following data are also stored:

The user's IP address
Date and time of entry

Alternatively, contact can be made via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

In this context, there is no disclosure of the data to third parties. The data are used exclusively for processing the conversation.

2. Legal Basis for Data Processing

The legal basis for the processing of the data transmitted in the course of making contact is Art. 6 (1) (f) GDPR. If the aim of the e-mail contact is the conclusion of a contract, then an additional legal basis for the processing is Art. 6 (1) (b) GDPR.

3. Purpose of Data Processing

The processing of personal data from the input mask serves solely to process the contact request.

The other personal data processed during the submission process via the contact form serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of Storage

The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

If statutory provisions prescribe retention obligations (e.g. six years for received commercial letters, Sec. 257 (4) German Commercial Code (HGB)), erasure will take place after expiry of the respective period.

VII. Data Provided by You When Concluding Legal Transactions and Using Services

1. Description and Scope of Data Processing

In some areas you may be asked to provide personal data in order to use the chargeable offerings or free functions described or to participate in special promotions (e.g. subscription order, placement of advertisements, order of other goods and services, creation of a personal user profile, ordering editorial and/or advertising newsletters, participation in competitions or other promotional activities). You will be informed which information you must provide mandatorily for these offerings and which data you may provide voluntarily.

In particular, the following data may be collected: name, address, bank details, password, date of birth, e-mail address, declarations of consent, information on the legal transaction concluded.

In the context of data processing, we will also pass on your personal data to third parties – but only where and to the extent that this is necessary for the respective processing of the contract (see also section 5 below).

2. Legal Basis for Data Processing

If data collection aims at the conclusion of a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR. In addition, data are processed on the basis of consent given by you (Art. 6 (1) (a) GDPR).

3. Purpose of Data Processing

Data processing is carried out for the purpose of enabling the use of the respective offerings and functions. If you provide further data voluntarily, we use these for the needs-based design of our services.

4. Duration of Storage

The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected. As a rule, this is the case if the service used by you (e.g. newsletter subscription, creation of a personal user profile) is cancelled.

5. Data Transfer to Creditreform Boniversum GmbH

Our company regularly checks your creditworthiness when contracts are concluded and, in certain cases where there is a legitimate interest, also for existing customers. For this purpose, we cooperate with Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, from whom we receive the data required for this. On behalf of Creditreform Boniversum, we already provide you with the following information pursuant to Art. 14 EU-GDPR:

Creditreform Boniversum GmbH is a consumer credit agency. It operates a database in which creditworthiness information about private individuals is stored. On this basis, Creditreform Boniversum provides its customers with creditworthiness information. Customers include credit institutions, leasing companies, insurance companies, telecommunications companies, debt collection companies, mail-order, wholesale and retail companies and other companies that supply or provide goods or services. Within the framework of the statutory provisions, part of the data available in the information database is also used for the supply of other company databases, including for use for address trading purposes. The database of Creditreform Boniversum contains, in particular, information about a person's name, address, date of birth, where applicable e-mail address, payment behaviour and ownership structure. The purpose of the processing of the stored data is to provide information on the creditworthiness of the person inquired about. The legal basis for processing is Art. 6 (1) (f) EU-GDPR. According to this, information on this data may only be provided if a customer credibly establishes a legitimate interest in the knowledge of this information. If data are transferred to countries outside the EU, this is done on the basis of the so-called "Standard Contractual Clauses", which you can view under the following link:

http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32001D0497&from=DE

or have sent to you from there.

The data are stored as long as knowledge of them is necessary for the fulfilment of the purpose of storage. Necessity for permanent storage is regularly given for an initial period of three years. After expiry, it is checked whether storage is still necessary; otherwise, the data are erased to the day. In the event of settlement of a matter, the data are erased three years to the day after settlement. Entries in the debtor register are erased to the day in accordance with Sec. 882e of the German Code of Civil Procedure (ZPO) after three years have elapsed since the date of the registration order.

Legitimate interests within the meaning of Art. 6 (1) (f) EU-GDPR can be: credit decision, business initiation, ownership structures, claim, credit check, insurance contract, enforcement information.

You have the right vis-à-vis Creditreform Boniversum GmbH to obtain information about the data stored there about you. If the data stored about you are incorrect, you have a right to rectification or erasure. If it cannot be determined immediately whether the data are correct or incorrect, you have the right to restriction of processing of the respective data until the matter has been clarified. If your data are incomplete, you can request that they be completed.

If you have given your consent to the processing of the data stored by Creditreform Boniversum, you have the right to withdraw this consent at any time.

Withdrawal of consent does not affect the lawfulness of processing of your data based on your consent before its withdrawal.

If you have any objections, wishes or complaints regarding data protection, you can contact the Data Protection Officer of Creditreform Boniversum at any time. This person will assist you quickly and in confidence in all matters relating to data protection. You can also lodge a complaint with the data protection supervisory authority responsible for your federal state about the processing of the data by Boniversum.

The data that Creditreform Boniversum has stored about you originate from publicly accessible sources, from debt collection companies and from their customers. In order to describe your creditworthiness, Creditreform Boniversum forms a score value for your data. The score value includes data on age and gender, address data and, in part, payment experience data. These data are included in the score value calculation with different weightings. Creditreform Boniversum customers use the score values as an aid in making their own credit decisions.

Right to object:

The processing of the data stored by us is carried out for compelling legitimate reasons of creditor and credit protection which regularly outweigh your interests, rights and freedoms or serves the establishment, exercise or defence of legal claims. Only for reasons arising from your particular situation, which must be proven, can you object to the processing of your data. If such particular reasons are proven to exist, the data will no longer be processed.

The controller within the meaning of Art. 4 (7) EU-GDPR is Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss. Your contact is the Consumer Service, Tel.: 02131 36845560, Fax: 02131 36845570, e-mail:selbstauskunft@boniversum.de.

You can reach the Data Protection Officer at the following contact details: Creditreform Boniversum GmbH, Data Protection Officer, Hellersbergstr. 11, 41460 Neuss, e-mail:datenschutz@boniversum.de.

VIII. Data Processing for Advertising Purposes Without Consent

1. Description and Scope of Data Processing

If you have concluded a contract with us for the purchase of goods or services, we treat you as an existing customer on the basis of the data collected for this primary purpose. In this case, we also process your postal contact data (name and address) without having a specific consent in order to send you information about new products and services by post. If we have obtained your e-mail address in connection with the sale of a good or service, we process the e-mail address to send you information about our own similar goods or services without having a specific consent. Additionally provided voluntary information is used by us to select and design any advertising based on the target group.

2. Legal Basis for Data Processing

The legal basis for the processing of the data is Art. 6 (1) (f) GDPR.

3. Purpose of Data Processing

Data processing is carried out for the purpose of advertising our own similar goods or services.

4. Duration of Storage

The duration of storage is determined by the primary purpose of collection (section VII.4).

IX. Disqus Comment Function

The comment function is an offering of the site disqus.com that is independent of the portal, operated by Big Head Labs, Inc., San Francisco/USA (hereinafter referred to as "disqus.com"). Disqus is an interactive comment system with which comments can be posted on all online offerings that use Disqus as a comment system with just one registration. Login is possible via disqus.com as well as via existing accounts with Facebook (via Facebook Connect), Google and Twitter. Further information on Disqus and its functions can be found atwww.disqus.com.

The controller is Big Head Labs, Inc., which collects and processes your personal data that you may provide in the course of commenting, including when you use the comment function as a "guest" without a Disqus account.

With regard to the collection, processing and use of the relevant data, the terms of use and privacy notices of disqus.com apply, which you can find athttp://docs.disqus.com/help/30/ andhttp://docs.disqus.com/help/29/. If you log in using your Google, Facebook or Twitter account, these providers may also collect, store and use data. Details can be found in the respective provider's privacy policies.

In order for the comments to be published on the portal, disqus.com transmits to our portal, in addition to the comment text, the user name you have chosen, which is published with the comment on the portal.

X. Use of Social Media Plugins

1. General

We have integrated buttons ("plugins") from various social networks into our websites so that you can use the interactive options of the social networks you use on our websites as well. These plugins provide different functions, the subject matter and scope of which are determined by the operators of the social networks. Please note that we are not providers of the social networks and have no influence on data processing by the respective service providers.

You can find more details about the individual plugins in the following information:

2. Facebook

In individual editorial articles, the "Embedded Posts" pluginhttps://developers.facebook.com/docs/plugins/embedded-posts/ of the social network "Facebook", 1601 South California Avenue, Palo Alto, CA 94304, USA, may be embedded.

If you access pages on which this plugin is embedded and you are logged into your Facebook account, a direct connection between your browser and the Facebook server is established via the plugin.

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or of their use by Facebook and that we are not responsible for Facebook's data processing. Further information can be found in Facebook's privacy policy athttp://de-de.facebook.com/policy.php.

We use the "Software Developer KIT" (SDK) of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, in our apps. So-called tracking pixels are integrated into the apps. When you use our apps, a direct connection is established between your mobile device and the Facebook server via the SDK. Facebook then receives the information that our app was used from your device. If you are a Facebook user, Facebook can assign use of our apps to your user account. We would like to point out that, as the provider of the apps, we have no knowledge of the content of the data transmitted or of their use by Facebook. Further information can be found in Facebook's privacy policy athttps://www.facebook.com/about/privacy/.

3. X

Functions of the social network "X" are integrated into our pages. These functions are offered by X Corp., X Internet Unlimited Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. By using X and the "Re-Tweet" function, the websites you visit are linked to your X account and made known to other users. Data are also transferred to X in this process. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or of their use by X. Further information can be found in the privacy policy of X athttps://x.com/de/privacy.

4. Reddit

Plugins of the social network Reddit (Reddit Inc., 520 Third Street, Suite 305, San Francisco, CA 94107, USA) are integrated into our pages. The Reddit plugins can be recognized by the orange Reddit smiley logo on our site.

If you click the Reddit share button while you are logged into your Reddit account, you can link the content of our pages to your Reddit profile. This allows Reddit to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or of their use by Reddit. Further information can be found in Reddit's privacy policy at:https://www.reddit.com/help/privacypolicy.

If you do not want Reddit to be able to associate your visit to our pages with your Reddit user account, please log out of your Reddit user account beforehand.

5. Twitch

Our website uses plugins of the online service Twitch. The provider is Twitch Interactive, Inc., 225 Bush Street, 6th Floor, San Francisco, CA 94104, USA.

When you visit one of our pages equipped with a Twitch plugin, a connection to the Twitch servers is established. The Twitch server is informed which of our pages you have visited. Twitch also obtains your IP address. This also applies if you are not logged into Twitch or do not have a Twitch account. The information collected by Twitch is transmitted to the Twitch server in the USA.

If you are logged into your Twitch account, you enable Twitch to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Twitch account.

Further information on how user data are handled can be found in Twitch's privacy policy at:https://www.twitch.tv/p/legal/privacy-policy/.

XI. Sending Push Notifications in the App and via the Website

We use the service CleverPush of CleverPush GmbH, Brauhausstraße 15A, 22041 Hamburg, to send push notifications in the app (Android and iOS) and via the website. CleverPush processes anonymised data but does not store any personal data.

Right to object:

App: If you no longer wish to receive push notifications in the Android or iOS app, you can block notifications in your smartphone settings or disable notifications in the app settings.
Website: You can withdraw your consent to receive notifications at any time through your browser settings. If you no longer wish to receive push notifications in the future, follow the specific instructions for your browser to unsubscribe. Detailed instructions can be found here: Chrome, Mozilla Firefox, Safari.

XII. Our Use of Utiq Technology

The Utiq technology is provided by Utiq SA/NV. Utiq is a European company. The Utiq technology is designed with privacy in mind by providing you with choices and control. At the same time, it enables responsible digital marketing by websites like ours.

Utiq cooperates with various participating telecommunications providers (see the list here) to operate the technology.

The Utiq technology can only be activated and used if you are using an internet connection supported by Utiq* and provided by one of the participating telecommunications providers listed below in the countries where the Utiq technology is available.

On supported internet connections: In some of the countries in which we operate, the Utiq technology is only available when a mobile connection is used, while in other countries it is also applicable to broadband connections (i.e. Wi-Fi).

A list of supported internet connections, sorted by country and telecommunications provider, can be found here.

The Utiq technology is deactivated by default. It can only be activated if you give your consent while using a supported internet connection provided by one of the participating telecommunications providers.

We use the Utiq technology on our website(s). If you consent to the activation of this technology, Utiq will provide us, Ippen Digital (data controller), with so-called marketing identifiers. These help us to understand your browsing behaviour and to link visits to our website(s) (but only if you consent to the activation of the Utiq technology on each individual website). We use the identifiers for activities such as the personalisation of advertising and content as well as for analytics on this and other websites that use the Utiq technology, depending on which consents you have given. The identifiers are also shared with partner advertising platforms where this is necessary for the performance of the specific marketing or analytics activities.

If you activate the Utiq technology on one of our other websites (see the list on the "Manage Utiq" page available at the end of each individual website), we may use the Utiq technology to gain insights into your browsing activities across those websites (provided that you consent to the activation of the Utiq technology on each of these websites).

The Utiq technology is tied to the internet connection. This means that all persons who use the same connection on their devices and consent to the Utiq technology receive the same identifier. Typically:

With a broadband connection (e.g. Wi-Fi), marketing or analytics will be performed based on the browsing activities of all consenting household members;
With a mobile connection, marketing is more personalised because it is based only on the browsing behaviour of the individual mobile user.

We, Ippen Digital GmbH & Co. KG, act together with Utiq as joint controllers (so-called "joint controllership") for certain phases of processing. As part of this arrangement:

We obtain consent with regard to the Utiq technology, including for processing by Utiq and your telecommunications provider;
We provide you with a dedicated link at the end of our website ("Manage Utiq") through which you can obtain information about the technology and how to manage it;
Utiq provides you with a privacy portal ("consenthub") to facilitate the exercise of your privacy rights and to enable you to easily manage your Utiq consents at any time and in one place;
You can exercise your rights against any of the controllers; however, Utiq acts as the single point of contact for all questions or requests you may have in relation to the Utiq technology.

You can withdraw your consent for Utiq* in the following ways:

Via consenthub: By accessing the Utiq privacy portal ("consenthub") you can withdraw all Utiq consents you have given on websites that use the Utiq technology.
On participating websites: You can also withdraw your consent to the activation and use of the Utiq technology for individual websites by accessing the "Manage Utiq" page, which is available at the end of each website that uses the Utiq technology.

The Utiq technology operates via your internet connection. If you use other connections, you must therefore manage consents separately for each connection.

Alternatively, you can delete your history and website data at any time via your browser settings. This will erase all Utiq consents from your browser. All data on the Utiq platform will also be erased within the time periods specified in Utiq's privacy policy.

Further information about the Utiq technology can be found in Utiq's privacy policy.

This applies to Utiq consents given by you or, if you use a shared internet connection, by a member of your household.

XIII. ID5

We use services of the digital advertising platform ID5, headquartered at 199 Bishopsgate, London EC2M 3TY, United Kingdom. ID5 sets a unique ID for each visitor that enables third-party advertisers to target the visitor with relevant ads and to place real-time bids. ID5 collects information such as e-mail address (in pseudonymised form), IP address and/or information about the browser or operating system and uses this to create an ID that can be used to recognise users on their devices. This ID does not contain any identifiable personal data. We can place this ID in our first-party cookie or use an ID5 cookie and allow it to be used for online advertising. This ID may be shared by us or on our behalf with our advertising partners and other third parties worldwide to enable interest-based content and/or targeted advertising (e.g. web, e-mail, connected devices, in-app advertising, etc.).

Data processing is based on your consent (Art. 6 (1) sentence 1 (a) GDPR), which can be withdrawn at any time. There is also the possibility to object if data are processed on the basis of a legitimate interest (Art. 6 (1) sentence 1 (f) GDPR). A valid objection and a withdrawal do not affect data processing operations that have already taken place.

If you do not want tracking via the ID5 ID, please use the provider's opt-out option at the following website:https://id5-sync.com/privacy.

The data are processed by ID5, among others, in the United Kingdom. However, an adequacy decision of the European Commission pursuant to Art. 45 GDPR exists for such data transfer, so that a comparable level of data protection is ensured. An adequate level of data protection for transfers to partners of ID5 is also safeguarded by the conclusion of the EU Standard Contractual Clauses.

Further information about ID5 and the technologies and partners used can be found in the provider's privacy policy:https://www.id5.io/privacy-policy.

XIV. Rights of the Data Subject

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right of Access

You may request confirmation from the controller as to whether personal data concerning you are being processed by us.

If such processing is taking place, you can request information from the controller about the following:

The purposes for which the personal data are processed;
The categories of personal data which are processed;
The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
The envisaged period for which the personal data concerning you will be stored or, if specific information on this is not possible, the criteria used to determine that period;
The existence of the right to request from the controller rectification or erasure of personal data concerning you or restriction of processing by the controller or to object to such processing;
The existence of a right to lodge a complaint with a supervisory authority;
Any available information as to the source of the data if the personal data are not collected from the data subject;
The existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to Rectification

You have the right to obtain from the controller the rectification and/or completion of personal data concerning you if the processed personal data are inaccurate or incomplete. The controller must carry out the rectification without undue delay.

3. Right to Restriction of Processing

You may request the restriction of processing of personal data concerning you under the following conditions:

If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
The controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
You have objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been obtained under the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to Erasure

a) Obligation to Erase

You may request from the controller that the personal data concerning you be erased without undue delay, and the controller is obliged to erase these data without undue delay where one of the following grounds applies:

The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
You withdraw consent on which the processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and where there is no other legal ground for the processing.
You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
The personal data concerning you have been unlawfully processed.
The erasure of personal data concerning you is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

b) Information to Third Parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to these personal data or copies or replications of these personal data.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary:

For exercising the right of freedom of expression and information;
For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
For reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
For the establishment, exercise or defence of legal claims.

5. Right to Notification

If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about these recipients.

6. Right to Data Portability

You have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

The processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR; and
The processing is carried out by automated means.

In exercising this right, you shall also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others shall not be adversely affected thereby.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object

You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

You have the option, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

8. Right to Withdraw Consent under Data Protection Law

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

Is necessary for entering into, or performance of, a contract between you and the controller;
Is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
Is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the controller shall take suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

XV. USER.ID Login Service

The privacy policy for our login service can be found here:https://user.id/public/datenschutz.

XVI. Finanztip Verbraucherinformation GmbH

We have integrated iFrames of Finanztip Verbraucherinformation GmbH, Hasenheide 54, 10967 Berlin (operator of the online financial guide Finanztip, hereinafter referred to as "Finanztip") into this website. Finanztip uses affiliate links in these iFrames. When clicking on an affiliate link, cookies may be set. The cookies do not store any personal data, but only the Finanztip ID as well as the reference number of the clicked link. It is also possible to store information such as originating website, time of the click, recommendation website and an online identifier of the user (FT UUID). Details of the data processing carried out in this context can be found in Finanztip's privacy policy. The legal basis for the integration of the iFrames is Art. 6 (1) (f) GDPR. Our legitimate interest lies in optimising the user-friendliness of the website and enabling a user-friendly link between our website and the Finanztip calculators.

Status: October 2025